UMC Administrator no login (solved)

Hi,
i have been searching for this everywhere, but none of the hints helped to fix the issue.
Since an update to 4.4.4 we can’t login to UMC as Administrator anymore.
Root can still login to ssh, so we tried quite a few things, including resetting the Administrator password

udm users/user modify --dn uid=Administrator,cn=users,"$(ucr get ldap/base)" \
  --set password=YourNewPassword \
  --set overridePWHistory=1 \
  --set pwdChangeNextLogin=0

or reissuing the complete Administrator account.

eval `univention-baseconfig shell ldap/base`
univention-admin users/user create --position cn=users,$ldap_base --set \
  username=Administrator --set lastname=Administrator --set password=univention \
  --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference \
  cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

We have also updated to 4.4-5 errata712 in the meantime, but we are still unable to log in.

After setting debug level to 4 we can see this in our management-console-web-server.log:

26.08.20 07:41:24.272  MAIN        ( INFO    ) : CPAuth/auth: got new auth request (78.94.179.71:50048 <=> )
26.08.20 07:41:24.272  MAIN        ( INFO    ) : auth: request: command=/auth
26.08.20 07:41:24.272  MAIN        ( INFO    ) : CPAuth (78.94.179.71:50048) pushed request(0x7fead1af6a10) to queue(0x7fead1af3950) - waiting for response
26.08.20 07:41:24.278  MAIN        ( INFO    ) : UMCP_Dispatcher: check_queue: new request: 0x7fead1af6a10
26.08.20 07:41:24.278  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): creating new session
26.08.20 07:41:24.279  MAIN        ( INFO    ) : Client.connect: SSL connection established
26.08.20 07:41:24.279  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): connected to UMC server
26.08.20 07:41:24.279  MAIN        ( INFO    ) : Sending authentication request for user u'Administrator'
26.08.20 07:41:24.279  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): sending request(159842048427241-0)
26.08.20 07:41:24.279  PROTOCOL    ( INFO    ) : Sending UMCP AUTH REQUEST 159842048427241-0
26.08.20 07:41:24.301  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate subject: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=ialMhEW5)/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate issuer: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=ialMhEW5)/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: errnum=0 depth=1 ok=1
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate subject: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=ucs-master.ucs.foo-bar.org/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate issuer: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=ialMhEW5)/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: errnum=0 depth=0 ok=1
26.08.20 07:41:26.517  PARSER      ( INFO    ) : UMCP RESPONSE 159842048427241-0 parsed successfully
26.08.20 07:41:26.517  PROTOCOL    ( INFO    ) : Received UMCP RESPONSE 159842048427241-0
26.08.20 07:41:26.517  MAIN        ( PROCESS ) : SessionClient(0x7fead1af6ad0): _authenticated: success=False  status=401  message=Authentisierung ist fehlgeschlagen. Bitte melden Sie sich erneut an. result={}
26.08.20 07:41:26.518  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): got response(159842048427241-0): status=401 queue=0x7fead1af3950
26.08.20 07:41:26.518  MAIN        ( INFO    ) : CPAuth (78.94.179.71:50048) got response(0x7fead1af6d50) from queue(0x7fead1af3950): status=401
26.08.20 07:41:26.518  MAIN        ( PROCESS ) : CPAuth (78.94.179.71:50048) response status code: 401
26.08.20 07:41:26.518  MAIN        ( PROCESS ) : CPAuth (78.94.179.71:50048) response message: Authentisierung ist fehlgeschlagen. Bitte melden Sie sich erneut an.
26.08.20 07:41:26.518  MAIN        ( PROCESS ) : CPAuth (78.94.179.71:50048) response result: {}

Certificates are all valid, as i thought that maybe this could be the problem.
So, we’re pretty clueless at the moment…
Anything else you might want to point us to, any logs we would also want to have a look at?
Thanks
Sascha

Hi,
we have been able to resolve the issue with Univention support.
The Administrator account was simply disabled due to too many wrong logins.
So we had to just reactivate it and voila…
I seem to have overlooked that in the logs. (management-console-server.log).

cheers and closed
Sascha

Hello - I seem to have this same issue - I am not able to change Administrator password with error:

udm users/user modify --dn uid=Administrator,cn=users,dc=bellxvv,dc=com --set password=password

err received:

root@ucs-bdc:~# udm users/user modify --dn uid=Administrator,cn=users,"$(ucr get ldap/base)" \

–set password=??11des**
–set overridePWHistory=1
–set pwdChangeNextLogin=0
Value may not change: key=pwdChangeNextLogin old=None new=0

Any advice? This is UCS 5 thank you

Hi,
not sure, if really same issue here and don’t have enough knowledge about UCS 5 yet.
What does management-console-server.log say, Administrator locked, deactivated, or anything like that?

cheers
Sascha

Thanks for response! Closest I could find was in management-console-server.log in /var/log/univention:
28.06.21 09:24:46.108 MAIN ( PROCESS ) : LDAP bind for user ‘uid=Administrator,cn=users,dc=belldesign,dc=com’.
28.06.21 09:24:46.154 LOCALE ( WARN ) : Could not find translation file: ‘udm.mo’
28.06.21 09:24:46.155 LOCALE ( WARN ) : Could not find translation file: ‘udm-saml.mo’
28.06.21 09:24:46.155 LOCALE ( WARN ) : Could not find translation file: ‘mrtg.mo’
28.06.21 09:24:46.155 LOCALE ( WARN ) : Could not find translation file: ‘appcenter.mo’
28.06.21 09:24:46.155 LOCALE ( WARN ) : Could not find translation file: ‘join.mo’
28.06.21 09:24:46.155 LOCALE ( WARN ) : Could not find translation file: ‘ucr.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘lib.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘top.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘apps.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘reboot.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘diagnostic.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘serveroverview.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘ipchange.mo’
28.06.21 09:24:46.156 LOCALE ( WARN ) : Could not find translation file: ‘updater.mo’
28.06.21 09:24:46.157 LOCALE ( WARN ) : Could not find translation file: ‘services.mo’
28.06.21 09:24:46.157 LOCALE ( WARN ) : Could not find translation file: ‘adconnector.mo’
28.06.21 09:24:46.157 LOCALE ( WARN ) : Could not find translation file: ‘sysinfo.mo’
28.06.21 09:24:46.157 LOCALE ( WARN ) : Could not find translation file: ‘setup.mo’
28.06.21 09:24:46.157 LOCALE ( WARN ) : Could not find translation file: ‘quota.mo’
28.06.21 09:24:47.379 MAIN ( PROCESS ) : LDAP bind for user ‘uid=Administrator,cn=users,dc=belldesign,dc=com’.
28.06.21 09:25:25.025 DEBUG_INIT
28.06.21 09:25:25.026 MAIN ( PROCESS ) : The UMC server is still running. Will wait for 5 seconds
28.06.21 09:25:25.026 MAIN ( WARN ) : Shutting down all open connections
28.06.21 09:25:25.026 MAIN ( WARN ) : Shutting down all open connections
28.06.21 09:28:26.082 DEBUG_INIT
28.06.21 09:29:18.142 MAIN ( PROCESS ) : Server started
28.06.21 09:37:12.629 LOCALE ( WARN ) : Could not find translation file: ‘umc-core.mo’
28.06.21 09:37:13.321 MODULE ( PROCESS ) : Setting auth type to None
28.06.21 09:37:13.644 LOCALE ( WARN ) : Could not find translation file: ‘umc-core.mo’
28.06.21 09:37:13.906 MAIN ( PROCESS ) : LDAP bind for user ‘uid=Administrator,cn=users,dc=belldesign,dc=com’.
28.06.21 09:37:13.946 LOCALE ( WARN ) : Could not find translation file: ‘udm.mo’
28.06.21 09:37:13.946 LOCALE ( WARN ) : Could not find translation file: ‘udm-saml.mo’
28.06.21 09:37:13.947 LOCALE ( WARN ) : Could not find translation file: ‘mrtg.mo’
28.06.21 09:37:13.947 LOCALE ( WARN ) : Could not find translation file: ‘appcenter.mo’
28.06.21 09:37:13.947 LOCALE ( WARN ) : Could not find translation file: ‘join.mo’
28.06.21 09:37:13.947 LOCALE ( WARN ) : Could not find translation file: ‘ucr.mo’
28.06.21 09:37:13.947 LOCALE ( WARN ) : Could not find translation file: ‘lib.mo’
28.06.21 09:37:13.947 LOCALE ( WARN ) : Could not find translation file: ‘top.mo’
28.06.21 09:37:13.947 LOCALE ( WARN ) : Could not find translation file: ‘apps.mo’
28.06.21 09:37:13.948 LOCALE ( WARN ) : Could not find translation file: ‘reboot.mo’
28.06.21 09:37:13.948 LOCALE ( WARN ) : Could not find translation file: ‘diagnostic.mo’
28.06.21 09:37:13.948 LOCALE ( WARN ) : Could not find translation file: ‘serveroverview.mo’
28.06.21 09:37:13.948 LOCALE ( WARN ) : Could not find translation file: ‘ipchange.mo’
28.06.21 09:37:13.948 LOCALE ( WARN ) : Could not find translation file: ‘updater.mo’
28.06.21 09:37:13.948 LOCALE ( WARN ) : Could not find translation file: ‘services.mo’
28.06.21 09:37:13.948 LOCALE ( WARN ) : Could not find translation file: ‘adconnector.mo’
28.06.21 09:37:13.949 LOCALE ( WARN ) : Could not find translation file: ‘sysinfo.mo’
28.06.21 09:37:13.949 LOCALE ( WARN ) : Could not find translation file: ‘setup.mo’
28.06.21 09:37:13.949 LOCALE ( WARN ) : Could not find translation file: ‘quota.mo’

Hi,

could you describe the steps you did to reactivate the user?

root@abcdef:~# udm users/user modify --dn uid=Administrator,cn=users,dc=ABC,dc=def --set disabled=0
No modification: uid=Administrator,cn=users,dc=ABC,dc=def

didn’t work for me.