Error while password reset

UCS - Univention Corporate Server
1

https://mail.mydomain.com/univention/self-service/#setcontactinformation

Execution of command ‘passwordreset/get_contact’ has failed:

Traceback (most recent call last):
File “/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py”, line 178, in _recv
self.handle(msg)
File “/usr/lib/pymodules/python2.7/univention/management/console/protocol/modserver.py”, line 287, in handle
self.__handler.init()
File “/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/init.py”, line 212, in init
self.db = TokenDB(MODULE)
File “/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/tokendb.py”, line 53, in init
self.conn = self.open_db()
File “/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/tokendb.py”, line 120, in open_db
db_name=DB_NAME, db_user=DB_USER, db_pw=password))
File “/usr/lib/python2.7/dist-packages/psycopg2/init.py”, line 164, in connect
conn = _connect(dsn, connection_factory=connection_factory, async=async)
OperationalError: FATALE: autenticazione con password fallita per l’utente “selfservice”
FATALE: autenticazione con password fallita per l’utente “selfservice”

UCS: 4.2-2

2

Is it reproducible?

The user selfservice doesn’t get access to the database selfservice with the password stored /etc/self-service-db.secret.

Any hints in syslog or postgres log?

3

yes, always.

2017-09-27 08:54:57 CEST [8615-1] selfservice @ selfservice FATAL: password authentication for the user “selfservice”
2017-09-27 08:54:57 CEST [8615-2] selfservice @ selfservice DETAILS: The connection matches with pg_hba.log line 103: “host all all: 1/128 md5”

postgres@posta:/var/log/postgresql$ psql -l
Lista dei database
Nome | Proprietario | Codifica | Ordinamento | Ctype | Privilegi di accesso
-----------±-------------±---------±------------±------------±----------------------
postgres | postgres | UTF8 | it_IT.UTF-8 | it_IT.UTF-8 |
template0 | postgres | UTF8 | it_IT.UTF-8 | it_IT.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | it_IT.UTF-8 | it_IT.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(3 righe)

cat /etc/self-service-db.secret

XXXXXXXXXXXXXXX
root@posta:/var/log/postgresql# psql -U selfservice -W
Inserisci la password per l’utente selfservice:
psql: FATAL: Peer authentication failed for user “selfservice”

4

To fix the database password run:

PASSWORD="$(cat /etc/self-service-db.secret)"
su - postgres -c "echo \"ALTER ROLE selfservice WITH ENCRYPTED PASSWORD '$PASSWORD';\" | psql"
systemctl restart univention-management-console-server.service
5

error: selfservice role does not exist

postgres=# \du
List of roles
Role name | Attributes | Member of
-----------±-----------------------------------------------±----------
postgres | Superuser, Create role, Create DB, Replication | {}

6

What server role is this installed on?

ucr get server/role

Was the package univention-self-service-passwordreset-umc properly installed?

dpkg -l univention-self-service-passwordreset-umc
7

root@posta:~# ucr get server/role
domaincontroller_master

root@posta:~# dpkg -l univention-self-service-passwordreset-umc

ii univention-sel 2.0.16-8A~4. all Password reset module for Univent

root@posta:~#

8

That’s weird… the installation procedure of the package should have created the DB user…

How was the self-service app installed? Directly from DVD, from the app center or manually via the package manager?

If you completely uninstall the package and reinstall it, the DB user will be created:

apt-get purge univention-self-service-passwordreset-umc
univention-install univention-self-service univention-self-service-master
9

I installed it via AppCenter.After purge & install the only thing changed is the user’s appearance of selfservice on psql roles

root@posta:/var/log/postgresql# cat /etc/self-service-db.secret
TuY…
root@posta:/var/log/postgresql# psql -U selfservice -W
Password for user selfservice:
psql: FATAL: Peer authentication failed for user “selfservice”

2017-09-27 15:30:35 CEST [23299-2] selfservice@selfservice FATAL: Peer authentication failed for user “selfservice”
2017-09-27 15:30:35 CEST [23299-3] selfservice@selfservice DETTAGLI: La connessione si abbina con la riga 100 di pg_hba.log: “local all all peer”

root@posta:/var/log/postgresql# su postgres
postgres@posta:/var/log/postgresql$ psql
psql (9.4.13)
Type “help” for help.

postgres=# \du
List of roles
Role name | Attributes | Member of
-------------±-----------------------------------------------±----------
postgres | Superuser, Create role, Create DB, Replication | {}
selfservice | | {}

postgres=# alter role selfservice with encrypted password ‘TuY…’;
ALTER ROLE
postgres=# \q
postgres@posta:/var/log/postgresql$ exit
root@posta:/var/log/postgresql# psql -U selfservice -W
Password for user selfservice:
psql: FATAL: Peer authentication failed for user “selfservice”

10

What was the output during the installation?