UMC Administrator no login (solved)

Hi,
i have been searching for this everywhere, but none of the hints helped to fix the issue.
Since an update to 4.4.4 we can’t login to UMC as Administrator anymore.
Root can still login to ssh, so we tried quite a few things, including resetting the Administrator password

udm users/user modify --dn uid=Administrator,cn=users,"$(ucr get ldap/base)" \
  --set password=YourNewPassword \
  --set overridePWHistory=1 \
  --set pwdChangeNextLogin=0

or reissuing the complete Administrator account.

eval `univention-baseconfig shell ldap/base`
univention-admin users/user create --position cn=users,$ldap_base --set \
  username=Administrator --set lastname=Administrator --set password=univention \
  --set groups="cn=Domain Admins,cn=groups,$ldap_base" --policy-reference \
  cn=default-admins,cn=admin-settings,cn=users,cn=policies,$ldap_base

We have also updated to 4.4-5 errata712 in the meantime, but we are still unable to log in.

After setting debug level to 4 we can see this in our management-console-web-server.log:


26.08.20 07:41:24.272  MAIN        ( INFO    ) : CPAuth/auth: got new auth request (78.94.179.71:50048 <=> )
26.08.20 07:41:24.272  MAIN        ( INFO    ) : auth: request: command=/auth
26.08.20 07:41:24.272  MAIN        ( INFO    ) : CPAuth (78.94.179.71:50048) pushed request(0x7fead1af6a10) to queue(0x7fead1af3950) - waiting for response
26.08.20 07:41:24.278  MAIN        ( INFO    ) : UMCP_Dispatcher: check_queue: new request: 0x7fead1af6a10
26.08.20 07:41:24.278  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): creating new session
26.08.20 07:41:24.279  MAIN        ( INFO    ) : Client.connect: SSL connection established
26.08.20 07:41:24.279  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): connected to UMC server
26.08.20 07:41:24.279  MAIN        ( INFO    ) : Sending authentication request for user u'Administrator'
26.08.20 07:41:24.279  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): sending request(159842048427241-0)
26.08.20 07:41:24.279  PROTOCOL    ( INFO    ) : Sending UMCP AUTH REQUEST 159842048427241-0
26.08.20 07:41:24.301  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate subject: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=ialMhEW5)/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate issuer: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=ialMhEW5)/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: errnum=0 depth=1 ok=1
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate subject: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=ucs-master.ucs.foo-bar.org/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: Got certificate issuer: <X509Name object '/C=DE/ST=DE/L=DE/O=foo-bar.org/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=ialMhEW5)/emailAddress=ssl@ucs.foo-bar.org'>
26.08.20 07:41:24.302  MAIN        ( INFO    ) : __verify_cert_cb: errnum=0 depth=0 ok=1
26.08.20 07:41:26.517  PARSER      ( INFO    ) : UMCP RESPONSE 159842048427241-0 parsed successfully
26.08.20 07:41:26.517  PROTOCOL    ( INFO    ) : Received UMCP RESPONSE 159842048427241-0
26.08.20 07:41:26.517  MAIN        ( PROCESS ) : SessionClient(0x7fead1af6ad0): _authenticated: success=False  status=401  message=Authentisierung ist fehlgeschlagen. Bitte melden Sie sich erneut an. result={}
26.08.20 07:41:26.518  MAIN        ( INFO    ) : SessionClient(0x7fead1af6ad0): got response(159842048427241-0): status=401 queue=0x7fead1af3950
26.08.20 07:41:26.518  MAIN        ( INFO    ) : CPAuth (78.94.179.71:50048) got response(0x7fead1af6d50) from queue(0x7fead1af3950): status=401
26.08.20 07:41:26.518  MAIN        ( PROCESS ) : CPAuth (78.94.179.71:50048) response status code: 401
26.08.20 07:41:26.518  MAIN        ( PROCESS ) : CPAuth (78.94.179.71:50048) response message: Authentisierung ist fehlgeschlagen. Bitte melden Sie sich erneut an.
26.08.20 07:41:26.518  MAIN        ( PROCESS ) : CPAuth (78.94.179.71:50048) response result: {}

Certificates are all valid, as i thought that maybe this could be the problem.
So, we’re pretty clueless at the moment…
Anything else you might want to point us to, any logs we would also want to have a look at?
Thanks
Sascha

Hi,
we have been able to resolve the issue with Univention support.
The Administrator account was simply disabled due to too many wrong logins.
So we had to just reactivate it and voila…
I seem to have overlooked that in the logs. (management-console-server.log).

cheers and closed
Sascha

2 Likes