Prev
Next
Forums S3 Systems Administration

can't run ssoconfig -c as lawson user

Sort:
You are not authorized to post a reply.
Author
Messages
Xin Li
Veteran Member
Posts: 133
Veteran Member
2/11/2014 8:41 PM
    Just installed lsf 9.0.1.11 and smoketest is cleared. I can ran ssoconfig -c as root. However, when ran ssoconfig -c as lawson and got whole bunch java error. I did changed all log files in $LAWDIR/system to owned by lawson and 777 permission.

    "

    Got exception: com.lawson.lawsec.util.LawsonConfigurationException:Could not get
     LSF configuration
    Stack Trace : com.lawson.lawsec.util.LawsonConfigurationException:Could not get
    LSF configuration
            at com.lawson.lawsec.util.Util.isERPSystemTypeInstalled(Util.java:1231)
            at com.lawson.lawsec.authen.SSOConfig.processInteractiveConfiguration(SS
    OConfig.java:724)
            at com.lawson.lawsec.authen.SSOConfig.processOptionConfigure(SSOConfig.j
    ava:543)
            at com.lawson.lawsec.authen.SSOConfig.main(SSOConfig.java:118)


    "


    any idea??
    troelofs
    Advanced Member
    Posts: 19
    Advanced Member
    2/11/2014 8:53 PM
      Sounds like permissions, does the Lawson user have rights to read $LAWDIR\system\install.cfg file?
      Xin Li
      Veteran Member
      Posts: 133
      Veteran Member
      2/11/2014 8:55 PM
        it does

        -rwx------ 1 lawson lawson 4810 Feb 11 13:39 install.cfg
        The.Sam.Groves
        Veteran Member
        Posts: 89
        Veteran Member
        2/11/2014 9:15 PM

          if you chmod'ed 777 then it should have looked more like
          -rwxrwxrwx.

          That's a 700 that you are showing there.

          You might want to try: chmod 644 install.cfg.

          That's read/write privileges for the Lawson user (6), read only privileges for the Lawson group (4), and read only privileges for the rest of the world (4). 

          Kwane McNeal
          Veteran Member
          Posts: 479
          Veteran Member
          2/11/2014 9:53 PM
            Actually, don't do the perms change on 'LAWDIR/system/install.cfg', especially not to 644. It is not being read during an 'ssoconfig -c'
            (NOTE: Leave that last digit at ZERO, since sensitive passwords are in that file. You can safely use '400', '600', or '?40', and changing the group to something secure, that is NOT 'lawson'. )

            Check the following:
            1) lsconfig -l
            ...if you get a java error, then you may have issues with security. In that case, do the following:
            1) cd LAWDIR/system
            2) rm lase_server_[1-9]*.log.lck

            then try the 'lsconfig -l' again

            If you STILL get an error, check the following files:
            1) LAWDIR/system/authen.dat (make sure it's not empty, and DO NOT MANUALLY EDIT)
            2) LAWDIR/system/.sso*store (make sure not empty. These are binary)

            if 'lsconfig -l' gives you an error about setup hasn't been done, then check the following:
            1) is the Lawson LDAP running?
            2) can you connect to it (use something like ldapsearch against both the RootDSE and the Lawson naming context)

            Let us know what you find, and I'll see if I have other ideas.

            Kwane
            Kwane McNeal
            Veteran Member
            Posts: 479
            Veteran Member
            2/11/2014 9:55 PM
              Oh yeah, one more thing... if you enabled 'lawson' use for New Lawson Security (aka CheckLS = YES), then you'll need to check a few more things:
              1) is 'ssoconfig' defined in tokendef
              2) is it in the security class for the ENV profile.

              Depending on when your initial install as performed, you may not have 'ssoconfig' correctly defined in either 'tokendef' and/or attached to the security class for AllAdminAccess.

              Kwane
              Xin Li
              Veteran Member
              Posts: 133
              Veteran Member
              2/12/2014 4:28 AM
                Kwane and SAM. Thanks a lot for your replies

                in the log it said failed initiailized ldap.
                1. lsconfig -l said "Initial configuration seems to be missing..." However, I can login to portal use Lawson user. ALso I can login to security administrator.
                2. 1) LAWDIR/system/authen.dat (make sure it's not empty, and DO NOT MANUALLY EDIT)
                2) LAWDIR/system/.sso*store (make sure not empty. These are binary)

                they are not empty.
                3. I can connect LDAP using Jxplorer.

                4. still use LAUA.

                Error in the log
                "14-02-11 13:53:54:382 1 default.SEVERE api.LawsonSecurity.getConfig(): com.lawso
                n.lawsec.authen.LSFSecurityAuthenException:Failed to initialize LDAP. Detailed M
                essage is javax.naming.CommunicationException: ldaplmk.bhcs.pvt:1386 [Root excep
                tion is java.net.UnknownHostException: ldaplmk.bhcs.pvt]
                Stack Trace : javax.naming.CommunicationException: ldaplmk.bhcs.pvt:1386 [Root e
                xception is java.net.UnknownHostException: ldaplmk.bhcs.pvt]"

                It said my ldap host in unknown. strange. LASE is running. I can run ssoconfig -c as root.
                Xin Li
                Veteran Member
                Posts: 133
                Veteran Member
                2/12/2014 4:33 AM
                  one more error in the log
                  "14-02-11 23:13:47:305 1 default.SEVERE api.LawsonSecurity.initialize(): Failed t
                  o initialize Ldap'"
                  Xin Li
                  Veteran Member
                  Posts: 133
                  Veteran Member
                  2/12/2014 3:19 PM
                    Problem solved. I need to define GEN product line and assigned it to security class which lawson has.
                    You are not authorized to post a reply.