Authentication failure to /psmstatus page on iPrint Appliance after import wildcard certificate

  • 7017086
  • 15-Dec-2015
  • 15-Dec-2015

Environment

iPrint Appliance 1.1 patch 1,2,3 and 4

Situation

After import a wildcard certificate, set it as active, run the cert_patch.sh script and reboot the appliance, MC console and iManager are using the new wildcard certificate but trying to access the /psmstatus page fails, keep asking for user name and password.

Resolution

Change the AuthLDAPDNURL on the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf file from localhost to appliance ip address:

From AuthLDAPDNURL "ldaps://localhost/???(objectClass=user)"

To AuthLDAPDNURL "ldaps://ip address appliance/???(objectClass=user)"

Restart apache:

rcapache2 restart

Cause

For a wildcard certificate to properly work with the appliance, on the /etc/hosts file the first entry after the appliance ip address has to be the cn name of the wildcard certificate. For that reason when accessing the /psmstatus page, the ip address has to be used on iprint_ssl.conf file instead of the localhost.

Additional Information

Error_log file showed the following when using debug log level in apache and trying to authenticate using the admin user:

 14:11:29 2015] [info] Subsequent (No.2) HTTPS request received for child 1 (server iprint.appliance:443)

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(1000): [client 192.168.2.146] [651] authnz_ldapdn authenticate: user admin authentication; URI /psmstatus [checking check_password_function] 0

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(739): [client 192.168.2.146] [651] authnz_ldapdn authenticate: using URL ldaps://localhost/???(objectClass=user)

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(777): [client 192.168.2.146] [651] authnz_ldapdn authenticate: filter: (&(objectClass=user)(uid=admin))

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(844): [client 192.168.2.146] [651] authnz_ldapdn authenticate: checking checkUserID url:ldaps://localhost/???(objectClass=user) basedn:

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(853): [client 192.168.2.146] [651] authnz_ldapdn authenticate: returned checkUserID dn:null dn result: -1

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(275): [client 192.168.2.146] [651] authnz_filr_check_password: Py_Finalize() user admin

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(282): [client 192.168.2.146] [651] authnz_filr_check_password: returning user admin

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(910): [client 192.168.2.146] [651] authnz_ldapdn authenticate: returned filr_check_password dn:(null), result 0

[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(1007): [client 192.168.2.146] [651] authnz_ldapdn authenticate INFO:  result[0] fdnresult[0] AuthGranted[1] declined[-1] unauthorized[401]

[Mon Dec 14 14:11:29 2015] [error] [client 192.168.2.146] user admin: authentication failure for "/psmstatus": Password Mismatch

A ldap/nds trace showed:


 1257613056 LDAP: [2015/12/14 14:11:29.52] New TLS connection 0xdfcb500 from 127.0.0.1:36606, monitor = 0x356c5700, index = 11

896292608 LDAP: [2015/12/14 14:11:29.52] Monitor 0x356c5700 initiating TLS handshake on connection 0xdfcb500

904713984 LDAP: [2015/12/14 14:11:29.53] (127.0.0.1:36606)(0x0000:0x00) DoTLSHandshake on connection 0xdfcb500

904713984 LDAP: [2015/12/14 14:11:29.58] BIO ctrl called with unknown cmd 7

904713984 LDAP: [2015/12/14 14:11:29.58] (127.0.0.1:36606)(0x0000:0x00) Completed TLS handshake on connection 0xdfcb500

896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 found connection 0xdfcb500 ending TLS session

895239936 LDAP: [2015/12/14 14:11:29.65] (127.0.0.1:36606)(0x0000:0x00) DoTLSShutdown on connection 0xdfcb500

896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 found connection 0xdfcb500 socket closed, err = -5871, 0 of 0 bytes read

896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 initiating close for connection 0xdfcb500

1267087104 LDAP: [2015/12/14 14:11:29.65] Server closing connection 0xdfcb500, socket error = -5871

1267087104 LDAP: [2015/12/14 14:11:29.65] Connection 0xdfcb500 closed



Feedback service temporarily unavailable. For content questions or problems, please contact Support.