User couldn't be authenticated, aborting call. GUI says invalid username or password

all “one” commands failing with “User couldn’t be authenticated, aborting call”

It was working fine earlier and suddenly the GUI had no access of login.

Tried changing password for one admin user, auth files and DB in the process of fixing opennebula service failed to start

FE
CentOS 7.4
Opennebula 5.6.1

No helpful traces in logs…

Thanks in advance.
Vasanth

Hi @vasanthsg

Make sure you change the password correctly, in your version passwords are hashed using SHA1, so if you change user password directly in the database you have to input the correct SHA1 of your password.

Also your database might be corrupted, so please try to restore a backup (if you have it) if not, try to restore the password.

Hi Alejandro Huertas,
Thanks for the quick response .

I did try changing them correctly. But I used the plain password in DB.

However, when I attempted to hash it, I am thrown with more errors

onevm list

[one.vmpool.info] User couldn’t be authenticated, aborting call.

Could you pls advice on the steps to change it in all required places ?

Of course!

First of all you calculate the sha1 of your password, you can use http://www.sha1-online.com/

Then you go inside the database if it’s mysql you just log in, if it’s sqlite you just sqlite3 /var/lib/one/one.db.

Inside of the database you execute select body from user_pool where oid=<USER_ID>;, you copy that content to an editor, for example vim. You go to the <PASSWORD> field and change the content of CDATA with the new hash. Finally you copy the result.

So back again to the database you execute: update user_pool set body='<PASTE HERE>' where oid= <USER_ID>;. Now you log out and try again using CLI or Sunstone.

Thanks again Alejandro.

I am using mysql. and I used
GRANT ALL PRIVILEGES ON opennebula.* TO ‘oneadmin’ IDENTIFIED BY ‘StrongPassword’;

to set the password. So, should i replace the “StrongPassword” hash within this or should use the “select body…” ?

Nono, don’t change your mysql password, just execute the queries I told you, this is a change in the opennebula database, not in the database server.

MariaDB [opennebula]> select body from user_pool where oid=<oneadmin>;

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘<oneadmin>’ at line 1

The oid is the ID of the user, so you have to put 0 because it’s oneadmin so the query is select body from user_pool where oid=0;

Great. Yes, Got the DB is updated with the new hash.

But the onevm list is failing with
Address family not supported by protocol - socket(2)

May be another issue somewhere :frowning_face:

Please make oneuser show, does it work?

$oneuser show

Address family not supported by protocol - socket(2)

But the oned is not started. when I start, the oned.logs shows as

Error creating oneadmin user: NAME is already taken by USER 0.

Password file /var/lib/one//.one/sunstone_auth already exists but OpenNebula is boostraping the database. Check your database configuration in oned.conf.

one start
oned failed to start
/bin/one: line 117: 18047 Terminated $ONE_SCHEDULER

Your OpenNebula is trying to boostrap the database, maybe there is something wrong. So backup your files in /var/lib/one/.one , remove all the contents inside /var/lib/one/.one except the one_auth, then try again.

Yes, tried that and all *_auth files got created but opennebula.service is in failed state. opennebula.sunstone is running.

$ oneuser show is throwing an error as below

Address family not supported by protocol - socket(2)

Should I drop the database and recreate fresh?

I think is the best option, so save a backup of the database, then drop it, create a new one and start OpenNebula again.

Dropped the DB, recreated it and $one start started without errors

But opennebula.service is still falling to start.

The oned.log shows up as follows
Thu Mar 14 17:54:08 2019 [Z0][MAD][E]: MAD did not answer INIT command

Thu Mar 14 17:54:08 2019 [Z0][ONE][E]: Could not load driver

Thu Mar 14 17:54:28 2019 [Z0][AuM][D]: Message received: LOG I 1 Command execution failed (exit code: 255): /var/lib/one/remotes/auth/server_cipher/authenticate

Thu Mar 14 17:54:28 2019 [Z0][AuM][I]: Command execution failed (exit code: 255): /var/lib/one/remotes/auth/server_cipher/authenticate

Thu Mar 14 17:54:28 2019 [Z0][AuM][D]: Message received: LOG E 1 bad decrypt

Thu Mar 14 17:54:28 2019 [Z0][AuM][I]: bad decrypt

Thu Mar 14 17:54:28 2019 [Z0][AuM][D]: Message received: AUTHENTICATE FAILURE 1 bad decrypt

Thu Mar 14 17:54:28 2019 [Z0][AuM][E]: Auth Error: bad decrypt

Thu Mar 14 17:54:28 2019 [Z0][ReM][D]: Req:5120 UID:-1 one.documentpool.info invoked , -2, -1, -1, 100

Thu Mar 14 17:54:28 2019 [Z0][ReM][E]: Req:5120 UID:- one.documentpool.info result FAILURE [one.documentpool.info] User couldn’t be authenticated, aborting call.

Thu Mar 14 17:54:35 2019 [Z0][ReM][D]: Req:5392 UID:0 one.zone.raftstatus invoked

Thu Mar 14 17:54:35 2019 [Z0][ReM][D]: Req:5392 UID:0 one.zone.raftstatus result SUCCESS, “<RAFT><SERVER_ID>-1<…”

Thu Mar 14 17:54:35 2019 [Z0][ReM][D]: Req:9552 UID:0 one.vmpool.info invoked , -2, -1, -1, -1

Thu Mar 14 17:54:35 2019 [Z0][ReM][D]: Req:9552 UID:0 one.vmpool.info result SUCCESS, “<VM_POOL></VM_POOL>”

Thu Mar 14 17:54:35 2019 [Z0][ReM][D]: Req:768 UID:0 one.vmpool.info invoked , -2, -1, -1, -1

Thu Mar 14 17:54:35 2019 [Z0][ReM][D]: Req:768 UID:0 one.vmpool.info result SUCCESS, “<VM_POOL></VM_POOL>”

Thu Mar 14 17:54:37 2019 [Z0][ReM][D]: Req:1616 UID:0 one.zone.raftstatus invoked

Thu Mar 14 17:54:37 2019 [Z0][ReM][D]: Req:1616 UID:0 one.zone.raftstatus result SUCCESS, “<RAFT><SERVER_ID>-1<…”

Thu Mar 14 17:54:37 2019 [Z0][ReM][D]: Req:9552 UID:0 one.vmpool.info invoked , -2, -1, -1, -1

Thu Mar 14 17:54:37 2019 [Z0][ReM][D]: Req:9552 UID:0 one.vmpool.info result SUCCESS, “<VM_POOL></VM_POOL>”

Thu Mar 14 17:54:37 2019 [Z0][ReM][D]: Req:7472 UID:0 one.vmpool.info invoked , -2, -1, -1, -1

Thu Mar 14 17:54:37 2019 [Z0][ReM][D]: Req:7472 UID:0 one.vmpool.info result SUCCESS, “<VM_POOL></VM_POOL>”

But the good news is $oneuser show throws results now

That are good news! Can you login into Sunstone?