Serveradmin bad decrypt

I’m constantly getting this error message in the /var/log/one/oned.log log:

Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: LOG I 216 Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin 6866f44bb4c01f72b865fd2bd799738dbd42b539 **** Fri Jul 29 17:16:09 2016 [Z0][AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin 6866f44bb4c01f72b865fd2bd799738dbd42b539 **** Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: LOG E 216 bad decrypt Fri Jul 29 17:16:09 2016 [Z0][AuM][I]: bad decrypt Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: LOG I 216 ExitCode: 255 Fri Jul 29 17:16:09 2016 [Z0][AuM][I]: ExitCode: 255 Fri Jul 29 17:16:09 2016 [Z0][AuM][D]: Message received: AUTHENTICATE FAILURE 216 bad decrypt Fri Jul 29 17:16:09 2016 [Z0][AuM][E]: Auth Error: bad decrypt

The password for the serveradmin user should be correct, since when I type:

oneuser show serveradmin USER 1 INFORMATION ID : 1 NAME : serveradmin GROUP : oneadmin PASSWORD : 6866f44bb4c01f72b865fd2bd799738dbd42b539 AUTH_DRIVER : server_cipher ENABLED : Yes

As you can see the password hash printed by oneuser command is the same as the one in the log, so I’m not sure what could be the problem. Any ideas?

Please check the serveradmin entries in /var/lib/one/.one/*. The hash written there must be the same as in the database.

grep serveradmin /var/lib/one/.one/*

Kind Regards,
Anton Todorov

In /var/lib/one/.one/* files I have a password, I don’t have a hash there. As I understand the hash is in the DB, but in the files it should be the password.

You are right. The default passwords are like long hashes but strings indeed.
So check is the pasword same as in the database. To get the hash

echo -n ThePassword | openssl sha1

The resulting hash should mach the one in the database.

Kind Regards,
Anton Todorov

The password does match the hash. I just found out which service is generating this error and it’s opennebula-flow. As soon as I disabled it, the errors stopped. Where is one flow reading this password? If it’s from /var/lib/one/.one/oneflow_auth, because that file has the exact same password as other *_auth files and it’s not working for it.

After I restarted all the services, since some of them weren’t running, these errors stopped happening. Do you happen to know when do the OpenNebula services read the /var/lib/one/.one/*_auth files? Do they read them on startup, or every time user/pass is needed?

The auth files are read once when the service starts.