Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the passwords
in the pgsql database then I’m not too worried about loosing the
passwords, but what encoding method do I need to use to reset them with.
Could this be an ldap problem? I tried looking through the logs but none
are being generated in /opt/rt4/var/log
Gino Lisignoli
System Administrator
Opus International Consultants Ltd
Gino.Lisignoli@opus.co.nz
Tel +64 4 471 7209, Mobile +64 21 982 112 Ext 8209
http://www.opus.co.nz
Level 9 Majestic Centre, 100 Willis Street, PO Box 12343, Wellington, New Zealand
Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the
passwords in the pgsql database then I’m not too worried about
loosing the passwords, but what encoding method do I need to use to
reset them with.
Could this be an ldap problem? I tried looking through the logs but
none are being generated in /opt/rt4/var/log
What are you using to do ldap?
Unless you’ve configured it, RT doesn’t log to /opt/rt4/var/log by
default.
-kevin
I’m now logging to /opt/rt4/log but the only error message I get (debug) is:
[Mon Oct 3 21:02:48 2011] [error]: FAILED LOGIN for
gino.lisignoli@foo.co.nz from xx.xx.xx.xx
(/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:655)
I’ve tried commenting out our ldap authentication method but that hasn’t
helped.
What method can I use to set the root password for rt4 in mysql?On 04/10/11 03:12, Kevin Falcone wrote:
On Mon, Oct 03, 2011 at 10:29:39AM +1300, Gino Lisignoli wrote:
Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the
passwords in the pgsql database then I’m not too worried about
loosing the passwords, but what encoding method do I need to use to
reset them with.
Could this be an ldap problem? I tried looking through the logs but
none are being generated in /opt/rt4/var/log
What are you using to do ldap?
Unless you’ve configured it, RT doesn’t log to /opt/rt4/var/log by
default.
-kevin
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Melbourne VIC, Australia — November 28& 29, 2011
- Barcelona, Spain — November 28& 29, 2011
I’m now logging to /opt/rt4/log but the only error message I get (debug) is:
[Mon Oct 3 21:02:48 2011] [error]: FAILED LOGIN for [1]gino.lisignoli@foo.co.nz from
xx.xx.xx.xx (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:655)
I’ve tried commenting out our ldap authentication method but that hasn’t helped.
What are you using to do ldap authentication?
You should be using the current version of RT-Authen-ExternalAuth
available on CPAN.
What method can I use to set the root password for rt4 in mysql?
http://requesttracker.wikia.com/wiki/RecoverRootPassword
-kevin> On 04/10/11 03:12, Kevin Falcone wrote:
On Mon, Oct 03, 2011 at 10:29:39AM +1300, Gino Lisignoli wrote:
Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the
passwords in the pgsql database then I’m not too worried about
loosing the passwords, but what encoding method do I need to use to
reset them with.
Could this be an ldap problem? I tried looking through the logs but
none are being generated in /opt/rt4/var/log
What are you using to do ldap?
Unless you’ve configured it, RT doesn’t log to /opt/rt4/var/log by
default.
-kevin
RT Training Sessions ([2]http://bestpractical.com/services/training.html)
- San Francisco, CA, USA – October 18 & 19, 2011
- Washington DC, USA – October 31 & November 1, 2011
- Melbourne VIC, Australia – November 28 & 29, 2011
- Barcelona, Spain – November 28 & 29, 2011
References
Visible links
- mailto:gino.lisignoli@foo.co.nz
- http://bestpractical.com/services/training.html
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA ? October 18 & 19, 2011
- Washington DC, USA ? October 31 & November 1, 2011
- Barcelona, Spain ? November 28 & 29, 2011
Ah, Turns out our previous administrator isn’t using ldap for login
authentication. I’ve disabled it for now but it hasn’t had any effect.
I’ve reset the root password and managed to login successfully. So no
issues there. Then reset my user password and logged in, no problems.
Then I tried the upgrade steps again with a fresh copy of the old database
#make upgrade
#/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
#etc/upgrade/vulnerable-passwords
But the same problem happens when I try and login.On 05/10/11 08:45, Kevin Falcone wrote:
On Wed, Oct 05, 2011 at 08:18:12AM +1300, Gino Lisignoli wrote:
I'm now logging to /opt/rt4/log but the only error message I get (debug) is:
[Mon Oct 3 21:02:48 2011] [error]: FAILED LOGIN for [1]gino.lisignoli@foo.co.nz from
xx.xx.xx.xx (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
I've tried commenting out our ldap authentication method but that hasn't helped.
What are you using to do ldap authentication?
You should be using the current version of RT-Authen-ExternalAuth
available on CPAN.
What method can I use to set the root password for rt4 in mysql?
http://requesttracker.wikia.com/wiki/RecoverRootPassword
-kevin
On 04/10/11 03:12, Kevin Falcone wrote:
On Mon, Oct 03, 2011 at 10:29:39AM +1300, Gino Lisignoli wrote:
Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the
passwords in the pgsql database then I’m not too worried about
loosing the passwords, but what encoding method do I need to use to
reset them with.
Could this be an ldap problem? I tried looking through the logs but
none are being generated in /opt/rt4/var/log
What are you using to do ldap?
Unless you’ve configured it, RT doesn’t log to /opt/rt4/var/log by
default.
-kevin
RT Training Sessions ([2]http://bestpractical.com/services/training.html)
- San Francisco, CA, USA – October 18& 19, 2011
- Washington DC, USA – October 31& November 1, 2011
- Melbourne VIC, Australia – November 28& 29, 2011
- Barcelona, Spain – November 28& 29, 2011
References
Visible links
1. mailto:gino.lisignoli@foo.co.nz
2. http://bestpractical.com/services/training.html
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA ? October 18& 19, 2011
- Washington DC, USA ? October 31& November 1, 2011
- Barcelona, Spain ? November 28& 29, 2011
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Barcelona, Spain — November 28& 29, 2011
Ah, Turns out our previous administrator isn’t using ldap for login
authentication. I’ve disabled it for now but it hasn’t had any
effect.
I’ve reset the root password and managed to login successfully. So
no issues there. Then reset my user password and logged in, no
problems.
Then I tried the upgrade steps again with a fresh copy of the old database
#make upgrade
#/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
#etc/upgrade/vulnerable-passwords
But the same problem happens when I try and login.
Check for any local overrides of User* and anything else in local/
But really, to debug this would require seeing what one of your
password hashes looks like and the schema of your Users table.
Keep in mind that the hashing scheme before 3.8.10 had weaknesses so
you may not wish to post a hash publicly if your RT is accessible from
the public internet.
-kevin> On 05/10/11 08:45, Kevin Falcone wrote:
On Wed, Oct 05, 2011 at 08:18:12AM +1300, Gino Lisignoli wrote:
I’m now logging to /opt/rt4/log but the only error message I get (debug) is:
[Mon Oct 3 21:02:48 2011] [error]: FAILED LOGIN for [1]gino.lisignoli@foo.co.nz from
xx.xx.xx.xx (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:655)
I’ve tried commenting out our ldap authentication method but that hasn’t helped.
What are you using to do ldap authentication?
You should be using the current version of RT-Authen-ExternalAuth
available on CPAN.
What method can I use to set the root password for rt4 in mysql?
http://requesttracker.wikia.com/wiki/RecoverRootPassword
-kevin
On 04/10/11 03:12, Kevin Falcone wrote:
On Mon, Oct 03, 2011 at 10:29:39AM +1300, Gino Lisignoli wrote:
Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the
passwords in the pgsql database then I’m not too worried about
loosing the passwords, but what encoding method do I need to use to
reset them with.
Could this be an ldap problem? I tried looking through the logs but
none are being generated in /opt/rt4/var/log
What are you using to do ldap?
Unless you’ve configured it, RT doesn’t log to /opt/rt4/var/log by
default.
-kevin
RT Training Sessions ([2]http://bestpractical.com/services/training.html)
- San Francisco, CA, USA – October 18& 19, 2011
- Washington DC, USA – October 31& November 1, 2011
- Melbourne VIC, Australia – November 28& 29, 2011
- Barcelona, Spain – November 28& 29, 2011
References
Visible links
- mailto:gino.lisignoli@foo.co.nz
- http://bestpractical.com/services/training.html
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA ? October 18& 19, 2011
- Washington DC, USA ? October 31& November 1, 2011
- Barcelona, Spain ? November 28& 29, 2011
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Barcelona, Spain — November 28& 29, 2011
It double turns out that we do use LDAP for authentication and that I
didn’t really look hard enough.
Added Set( @Plugins, qw(RT::Authen::ExternalAuth) );
And now I get:
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t bind:
LDAP_INVALID_DN_SYNTAX 34
(/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
So I’m pretty sure my ldap isn’t setup correctly in RT_SiteConfig.pm. SIGH
Best examples to look for ldap authentication in 4.0.2?On 05/10/11 09:35, Kevin Falcone wrote:
On Wed, Oct 05, 2011 at 08:56:57AM +1300, Gino Lisignoli wrote:
Ah, Turns out our previous administrator isn’t using ldap for login
authentication. I’ve disabled it for now but it hasn’t had any
effect.
I’ve reset the root password and managed to login successfully. So
no issues there. Then reset my user password and logged in, no
problems.
Then I tried the upgrade steps again with a fresh copy of the old database
#make upgrade
#/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
#etc/upgrade/vulnerable-passwords
But the same problem happens when I try and login.
Check for any local overrides of User* and anything else in local/
But really, to debug this would require seeing what one of your
password hashes looks like and the schema of your Users table.
Keep in mind that the hashing scheme before 3.8.10 had weaknesses so
you may not wish to post a hash publicly if your RT is accessible from
the public internet.
-kevin
On 05/10/11 08:45, Kevin Falcone wrote:
On Wed, Oct 05, 2011 at 08:18:12AM +1300, Gino Lisignoli wrote:
I'm now logging to /opt/rt4/log but the only error message I get (debug) is:
[Mon Oct 3 21:02:48 2011] [error]: FAILED LOGIN for [1]gino.lisignoli@foo.co.nz from
xx.xx.xx.xx (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655)
I've tried commenting out our ldap authentication method but that hasn't helped.
What are you using to do ldap authentication?
You should be using the current version of RT-Authen-ExternalAuth
available on CPAN.
What method can I use to set the root password for rt4 in mysql?
http://requesttracker.wikia.com/wiki/RecoverRootPassword
-kevin
On 04/10/11 03:12, Kevin Falcone wrote:
On Mon, Oct 03, 2011 at 10:29:39AM +1300, Gino Lisignoli wrote:
Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the
passwords in the pgsql database then I’m not too worried about
loosing the passwords, but what encoding method do I need to use to
reset them with.
Could this be an ldap problem? I tried looking through the logs but
none are being generated in /opt/rt4/var/log
What are you using to do ldap?
Unless you’ve configured it, RT doesn’t log to /opt/rt4/var/log by
default.
-kevin
RT Training Sessions ([2]http://bestpractical.com/services/training.html)
- San Francisco, CA, USA – October 18& 19, 2011
- Washington DC, USA – October 31& November 1, 2011
- Melbourne VIC, Australia – November 28& 29, 2011
- Barcelona, Spain – November 28& 29, 2011
References
Visible links
1. mailto:gino.lisignoli@foo.co.nz
2. http://bestpractical.com/services/training.html
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA ? October 18& 19, 2011
- Washington DC, USA ? October 31& November 1, 2011
- Barcelona, Spain ? November 28& 29, 2011
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Barcelona, Spain — November 28& 29, 2011
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Barcelona, Spain — November 28& 29, 2011
It double turns out that we do use LDAP for authentication and that
I didn’t really look hard enough.
Added Set( @Plugins, qw(RT::Authen::ExternalAuth) );
And now I get:
[critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can’t
bind: LDAP_INVALID_DN_SYNTAX 34 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467)
So I’m pretty sure my ldap isn’t setup correctly in RT_SiteConfig.pm. SIGH
Best examples to look for ldap authentication in 4.0.2?
The documentation that accompanies RT-Authen-ExternalAuth 0.09
-kevin> On 05/10/11 09:35, Kevin Falcone wrote:
On Wed, Oct 05, 2011 at 08:56:57AM +1300, Gino Lisignoli wrote:
Ah, Turns out our previous administrator isn’t using ldap for login
authentication. I’ve disabled it for now but it hasn’t had any
effect.
I’ve reset the root password and managed to login successfully. So
no issues there. Then reset my user password and logged in, no
problems.
Then I tried the upgrade steps again with a fresh copy of the old database
#make upgrade
#/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
#etc/upgrade/vulnerable-passwords
But the same problem happens when I try and login.
Check for any local overrides of User* and anything else in local/
But really, to debug this would require seeing what one of your
password hashes looks like and the schema of your Users table.
Keep in mind that the hashing scheme before 3.8.10 had weaknesses so
you may not wish to post a hash publicly if your RT is accessible from
the public internet.
-kevin
On 05/10/11 08:45, Kevin Falcone wrote:
On Wed, Oct 05, 2011 at 08:18:12AM +1300, Gino Lisignoli wrote:
I’m now logging to /opt/rt4/log but the only error message I get (debug) is:
[Mon Oct 3 21:02:48 2011] [error]: FAILED LOGIN for [1]gino.lisignoli@foo.co.nz from
xx.xx.xx.xx (/opt/rt4/sbin/…/lib/RT/Interface/Web.pm:655)
I’ve tried commenting out our ldap authentication method but that hasn’t helped.
What are you using to do ldap authentication?
You should be using the current version of RT-Authen-ExternalAuth
available on CPAN.
What method can I use to set the root password for rt4 in mysql?
http://requesttracker.wikia.com/wiki/RecoverRootPassword
-kevin
On 04/10/11 03:12, Kevin Falcone wrote:
On Mon, Oct 03, 2011 at 10:29:39AM +1300, Gino Lisignoli wrote:
Hello
I’m having login problems with my upgrade from 3.8.1 to 4.0.2.
I have followed the installation instructions, gotten all the cpan
packages, configured and built 4.0.2 successfully.
Then I have run the upgrade,
/opt/rt4/sbin/rt-setup-database --prompt-for-dba-password --action upgrade
Cleared the mason cache dir
etc/upgrade/vulnerable-passwords
But no existing users can login. If I can manually reset the
passwords in the pgsql database then I’m not too worried about
loosing the passwords, but what encoding method do I need to use to
reset them with.
Could this be an ldap problem? I tried looking through the logs but
none are being generated in /opt/rt4/var/log
What are you using to do ldap?
Unless you’ve configured it, RT doesn’t log to /opt/rt4/var/log by
default.
-kevin
RT Training Sessions ([2]http://bestpractical.com/services/training.html)
- San Francisco, CA, USA – October 18& 19, 2011
- Washington DC, USA – October 31& November 1, 2011
- Melbourne VIC, Australia – November 28& 29, 2011
- Barcelona, Spain – November 28& 29, 2011
References
Visible links
- mailto:gino.lisignoli@foo.co.nz
- http://bestpractical.com/services/training.html
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA ? October 18& 19, 2011
- Washington DC, USA ? October 31& November 1, 2011
- Barcelona, Spain ? November 28& 29, 2011
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Barcelona, Spain — November 28& 29, 2011
RT Training Sessions (http://bestpractical.com/services/training.html)
- San Francisco, CA, USA — October 18& 19, 2011
- Washington DC, USA — October 31& November 1, 2011
- Barcelona, Spain — November 28& 29, 2011