Login to webconsole not possible after package based installation

[jan]

Hi,

I installed Zentyal on a hosted server using the package based install. It went through just fine without problems. Yet now I am not able to log into the webconsole and I can't figure out why.

Here's the setup:
I have a user 'zentyal' who's in the groups sudo and admin. An the zentyal user can issue commands as root using sudo without problems. Yet logging into the webconsole with that same user is not possible... I am sure the password is correct because I've tested it with the sudo commands.

Any ideas? Thanks a lot,
Jan

[christian]

what do you mean with "not possible" ?
- error message ?
- time-out ?

did you look at apache/nginx log and Zentyal logs too as you have SSH access ?

[jan]

Hi,

it says "Incorrect Password".

Here's the zentyal.log:
2014/02/17 10:14:34 WARN> Auth.pm:150 EBox::Auth::authen_cred - Failed login from: ***

and the error.log:
2014/02/14 17:25:54 [error] 1734#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: **, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:60080/", host: "collab", referrer: "https://collab/LOGIN"

One remark: I have a $ sign in the password. Could this be a problem?

Thanks,
Jan

[christian]

One remark: I have a $ sign in the password. Could this be a problem?

I don't know. It should not but you can eassily check it by changing your password for something "simpler".
One point that may matter: Kerberos

SSH doesn't use it (AFAIK in Zentyal design) while your browser may use it. If your workstation is out of time sync, it will not work.

[jan]

Is there a way I can check my Kerberos Password and possible change it? I am not aware that I picked one...

[christian]

hummm... how to say that... ?  there is no "Kerberos password" as such.
To make is very very high level view, you get "valid" ticket from Kerberos server, this requires authentication with your LDAP/Domain password(*), then this ticket is exposed to Kerberos aware applications and services.

(*) I write LDAP/domain password because as far as I understand this, there is no Kerberos implementation in Zentyal design without Samba (file sharing/domain) deployment.

[jan]

Ok. Could you give me a hint where I can check whether the authentication fails because of Kerberos?

So assuming that the password is correct but for some reason the authentication against Kerberos fails. So my question is how can I figure out why I can't authenticate against Kerbereros.

I am new to the topic so sorry for my newbie questions!

// Jan

[christian]

Looking again at your error message (now that we have one  ), it rather looks like there is something unexpected with the "Nginx to Zentyal" link.

2014/02/14 17:25:54 [error] 1734#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: **, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:60080/", host: "collab", referrer: "https://collab/LOGIN"

Opening SSH terminal, have a look at netstat:
 

Code: [Select]

sudo netstat -nalp | grep 60080what does it show ?

[jan]

Sorry to keep you waiting. Here's the output:
zentyal@collab:~$ sudo netstat -nalp | grep 60080
tcp        0      0 127.0.0.1:60080         0.0.0.0:*               LISTEN      1936/apache2

[christian]

So your Apache server is listening on this internal port (Apache being, if I understand well, behind Nginx).
What if you look at Apache log ?

[jan]

Ok so that does not look good:
[Mon Feb 17 13:24:58 2014] [error] [client ***] File does not exist: /var/www/pma
[Mon Feb 17 13:24:59 2014] [error] [client ***] File does not exist: /var/www/myadmin

[christian]

I don't think this is linked to Zentyal admin stuff.
Is it a problem ? Yes if you previously deployed something in these folders but this doesn't prevent access to Zentyal GUI AFAIK.
Is it a fresh Zentyal admin ? on fresh Ubuntu server ?

[jan]

The zentyal is a fresh install based on the packages for Ubuntu 12.04 LTS. This is installed in a VM image in a cloud. So maybe the provider did alter the machine a bit before we got it but I am not sure...

[christian]

I don't know but I wonder what /var/www/pma and /var/www/myadmin are and why these are missing.
Zentyal GUI is not looking at this as far as I know (but I don't now 3.x very well)

[jan]

I got it working!! I figured out that the permissions on the file /etc/shadow were not as expected. I found my way there through the /var/log/auth.log.