Serveradmin bad decrypt

kustodian · July 29, 2016, 3:23pm

I’m constantly getting this error message in the /var/log/one/oned.log log:

Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: LOG I 216 Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin 6866f44bb4c01f72b865fd2bd799738dbd42b539 **** Fri Jul 29 17:16:09 2016 [Z0][AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin 6866f44bb4c01f72b865fd2bd799738dbd42b539 **** Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: LOG E 216 bad decrypt Fri Jul 29 17:16:09 2016 [Z0][AuM][I]: bad decrypt Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: LOG I 216 ExitCode: 255 Fri Jul 29 17:16:09 2016 [Z0][AuM][I]: ExitCode: 255 Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: AUTHENTICATE FAILURE 216 bad decrypt Fri Jul 29 17:16:09 2016 [Z0][AuM][E]: Auth Error: bad decrypt

The password for the serveradmin user should be correct, since when I type:

oneuser show serveradmin USER 1 INFORMATION ID : 1 NAME : serveradmin GROUP : oneadmin PASSWORD : 6866f44bb4c01f72b865fd2bd799738dbd42b539 AUTH_DRIVER : server_cipher ENABLED : Yes

As you can see the password hash printed by oneuser command is the same as the one in the log, so I’m not sure what could be the problem. Any ideas?

atodorov_storpool · July 29, 2016, 3:33pm

Please check the serveradmin entries in /var/lib/one/.one/*. The hash written there must be the same as in the database.

grep serveradmin /var/lib/one/.one/*

Kind Regards,
Anton Todorov

kustodian · July 29, 2016, 3:50pm

In /var/lib/one/.one/* files I have a password, I don’t have a hash there. As I understand the hash is in the DB, but in the files it should be the password.

atodorov_storpool · July 29, 2016, 4:10pm

You are right. The default passwords are like long hashes but strings indeed.
So check is the pasword same as in the database. To get the hash

echo -n ThePassword | openssl sha1

The resulting hash should mach the one in the database.

Kind Regards,
Anton Todorov

kustodian · July 29, 2016, 4:15pm

The password does match the hash. I just found out which service is generating this error and it’s opennebula-flow. As soon as I disabled it, the errors stopped. Where is one flow reading this password? If it’s from /var/lib/one/.one/oneflow_auth, because that file has the exact same password as other *_auth files and it’s not working for it.

kustodian · August 1, 2016, 10:58am

After I restarted all the services, since some of them weren’t running, these errors stopped happening. Do you happen to know when do the OpenNebula services read the /var/lib/one/.one/*_auth files? Do they read them on startup, or every time user/pass is needed?

cmartin · August 16, 2016, 7:54am

The auth files are read once when the service starts.

Topic		Replies	Views
Message received: AUTHENTICATE FAILURE 3 bad decrypt Community Support	3	1785	December 10, 2018
Odd problems with 5.12 upgrade General	7	1209	September 24, 2020
[SOLVED] Upgraded to latest opennebula, now can't login to sunstone (Down) Community Support solved	5	2001	November 1, 2019
Lockout after update Community Support	0	217	April 29, 2021
Reg sunstone - auth error Community Support	1	1674	May 13, 2015

Serveradmin bad decrypt

Related topics