Portal Login Issues

About

The portal is where you configure your OP5 Appliance System. This includes configuring its IP address, NTP server, email relay, and other values.

Sometimes the login can fail, for a multitude of reasons. In this section we will show you some of the problems we have encountered during the lifetime of the application.

Known issues

The Configure System feature in the Portal requires the user to login using the root password. This login might stop working, although the password seems right. Please follow the steps below to troubleshoot this problem:

  1. Is the config daemon running?
  2. # ps -eo user,cmd | grep op5config
    root /usr/bin/php -q /opt/op5sys/bin/config-daemon.php -p /var/run/op5config.pid -d
  3. Is your system set up with a locale other than C, or not even an English locale? Running the following from the shell:
  4. # xargs -0n1 < "/proc/$(</var/run/op5config.pid)/environ" | grep -e ^LANG= -e ^LC_

    Should lead to one of the following outputs:

    LANG=CLANG=en_US.UTF-8

    Simply running the 'locale' command will also show a value. However that value may differ from the environment of the op5config process if the values had changed after bootup. The running process would have inherited the environment set in '/etc/sysconfig/i18n'.

    LANG values other than English, such as 'de_DE.utf8' or 'sv_SE.utf8', need to be changed. One solution is to make sure LANG is set to C in '/etc/sysconfig/i18n' and reboot the server. Red Hat provides full details on setting the value successfully.

  5. Is the Unix socket configured with the correct permissions?
  6. # ls -l /tmp/op5daemon
    srw-rw---- 1 root apache 0 Feb 7 15:00 /tmp/op5daemon
  7. Is the Apache user able to talk to the Unix socket?
  8. # echo a | sudo -u apache unixcat /tmp/op5daemon
    127|Unknown command.
    (Ctrl+C)
  9. Does the op5config authentication module accept the root password?
  10. # read -r -p 'Enter root password (no echo): ' -s password; echo
    # password="$(printf '%s' "$password" | base64 | tr -d '\n')"
    # printf 'read login/password verify root "%s"\n' "$password" | unixcat /tmp/op5daemon
    0|OK
    (Ctrl+C)

    These commands can help in cases where the wrong password is entered or the password fails for some other reason:

    # read -r -p 'Enter root password (no echo): ' -s password; echo
    # password="$(printf '%s' "$password" | base64 | tr -d '\n')"
    # printf 'read login/password verify root "%s"\n' "$password" | unixcat /tmp/op5daemon
    1|read failed.
    Invalid user or password
    (Hit 'ctrl+c'. This fail response is delayed a few seconds.)
  11. The op5config authentication module, which runs as root, drops to the Apache user and tries to su to root using the supplied password. Is this procedure working?
  12. # sudo -u apache su - -c id
    Password: (Enter root password, as supplied in the Portal)
    uid=0(root) gid=0(root) groups=0(root)

    Some users have previously changed the system's PAM configuration, which prohibits this user change from Apache to root. To check the PAM configuration, you can verify the files located in 'etc/pam.d/':

    command-line syntax and result

    # rpm -qf /etc/pam.d/* | sort -n | uniq | xargs rpm -Vv | fgrep ' /etc/pam.d' | egrep -v '^\.{9} ' | sort -k3
    ....L.... c /etc/pam.d/fingerprint-auth
    ....L.... c /etc/pam.d/password-auth
    ....L.... c /etc/pam.d/smartcard-auth
    ....L.... c /etc/pam.d/system-authpackage
    /etc/pam.d/totally-new-file-not-belonging-to-any-rpm-package is not installed

    This output will only include PAM authentication files with anomalies. In case a file in the directory does not belong to any installed RPM package, a line similar to the last line above will be displayed. The verification codes, found in man 8 rpm, show that the valid auth files above each have a symlink that fails to resolve. This is actually normal:

    S file Size differs
    M Mode differs (includes permissions and file type)
    5 digest (formerly MD5 sum) differs
    D Device major/minor number mismatch
    L readLink(2) path mismatch
    U User ownership differs
    G Group ownership differs
    T mTime differs
    P caPabilities differ