Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Systems Administration
lsf 9.0.0 to 9.0.1 upgrade authentication issues
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
TomV
Past 24 Hours:
1
Prev. 24 Hours:
2
Overall:
5186
People Online:
Visitors:
219
Members:
0
Total:
219
Online Now:
New Topics
Lawson Landmark
LPL INSTR Functions
4/5/2024 8:32 PM
I'm writing a simple report using the Create R
Infor SCM
Translating 856 to get the ~ REF^CN^ field
4/3/2024 8:24 PM
We are trying to get the tracking number which is
IPA/ProcessFlow
Sample XML file create Flow
4/3/2024 3:43 PM
Hello everyone, I am new to creating XML files
Lawson S3 HR/Payroll/Benefits
bn105 error message
3/26/2024 6:40 PM
I need to change some of the set ups in our Life I
IPA/ProcessFlow
IPA executing Job
3/13/2024 7:08 PM
New to the IPA world and was wondering, can an IPA
Lawson S3 HR/Payroll/Benefits
Life Age Reduction on benefits plans
3/12/2024 7:15 PM
For our optional life we have an age based coverag
Lawson S3 HR/Payroll/Benefits
BN53.1 Add-In
3/7/2024 3:31 PM
We are migrating to Solstice. They require a
Lawson Business Intelligence/Reporting/Crystal
Domain Name Change
3/5/2024 7:45 PM
Our domain name needs to change and was hoping I c
S3 Customization/Development
Cobol calling Shell Script
2/29/2024 1:27 PM
Has anyone created or modified a Lawson Cobol prog
Infor ION
ION vs IPA
2/29/2024 1:24 AM
We had a person new to Lawson and Infor go to Info
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3288
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1348
Roger French
1311
mark.cook
1244
Forums
Unanswered
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
S3 Systems Administration
lsf 9.0.0 to 9.0.1 upgrade authentication issues
Sort:
Oldest First
Most Recent First
You are not authorized to post a reply.
Author
Messages
John Hosanna
Basic Member
Posts: 11
4/12/2010 12:50 PM
upgraded my hpu-ux lsf 9.0.0 environment to lsf 9.0.1. no errors during upgrade process.
portal & sec admin authentication is now broke. came accross some errors in security_authen.log.
1) from startup
Security factory was unable to find class com.lawson.security.authen.ManagerFactoryLMImpl
2) from authentication
26965103: >> processLoginAction More info: none.
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: Authenticating...
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: searchBase: 'DC=kindermorgan,DC=com'
26965103: searchFilter: '(&(sAMAccountName=tstuser)(objectclass=user))'
26965103: unknown
26965103: Exception while looping through found entries.
26965103: Invalid authentication. Sending to login page again.
EricS
Veteran Member
Posts: 80
4/12/2010 1:06 PM
I upgraded my AIX environment form 9.0.0.4 to 9.0.1. Incuded in the upgrade process installing DB2 9.5, TDS 6.2. Had more problems than I could count, some of them self induced. I did find out, from the Lawson Consultant we had to hire to straighten out the mess, that installing Tivoli Directory Intgrator is incompatible with Lawson, and that using the Tiviol Migration tools is not recomended. It is better to export an LDIF file, install TDS, and import the LDIF file. If you have upgraded TDS, that might be the cause?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:20 PM
ldap is using microsoft ADAM
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 1:30 PM
Can you login thru LID?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:33 PM
LID works fine
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 1:49 PM
Are you on LAUA security or LS security?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:52 PM
LS
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 2:03 PM
Have you redeployed the your Lawsec, BPM, IOS websphere modules after the upgrade? (You probably did) Just double checking.
Next:
Check your default ldap login account against your ADAM. The account should be valid admin account in ADAM. You can find the account in your %LAWDIR%\system\authen.dat in the RMCONFIG <PRIVUSER> tag. (DO NOT CHANGE THiS FILE)
You should be able to use a ldap broweser and connect with this ADAM admin account. Verify the password to see if it has been changed.
Check your LDAPBIND settings, if you are binding it to AD, the account(most likely not your ADAM Admin account) should have access to browse the user tree.
Next:
Check for corrupted user entry. tstusr is a good start.
John Hosanna
Basic Member
Posts: 11
4/12/2010 2:40 PM
ears have been redeployed
i can connect to adam with the the default ldap login acct. (password has not changed)
the search user is valid
fyi....this environment worked just fine prior to the upgrade
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 4:23 PM
Did you upgrade your portal to 9.0.1.x also? And which version of hp-ux are you running? which verison of 9.0.1.x you upgraded to? what's your websphere version?
hsuhsen
Basic Member
Posts: 23
4/12/2010 5:23 PM
Josh, can you get to the Portal page or to the sec admin page, or do you get the error before you get to the login screen?
Brian Allen
Veteran Member
Posts: 104
4/12/2010 5:50 PM
Was there an LDIF update required for 9.0.1 (you would have been prompted to apply the update)? If so, did you apply it? Do all of the smoke tests from the install guide pass?
hsuhsen
Basic Member
Posts: 23
4/12/2010 6:04 PM
There is a valuable tool you can use to troubleshoot SSO log in errors. Go to LAWDIR/system/sso_tracing.properties. Set the TRACING_ON value to true. Re-start the application server for this change to be effective. Run the following smoketests:
Portal URL:
http://server:port/sso/SSOServlet
http://server:port/ssoconfig/SSOCfgInfoServlet
Lawson Insight Desktop (LID) Command Prompt:
lsconfig -l
ssosmoketest
ssoconfig -c
lase
The results will be in SSO_*.log files in LAWDIR/system. I have found these logs to be very helpful in troubleshooting errors that are specific to ldap, lawson security, and SSO problems.
John Hosanna
Basic Member
Posts: 11
4/12/2010 6:18 PM
hpux 11.23
lsf 9.0.1.5
portal 9.0.1.5
websphere 6.1.0.29 (i upgrade websphere from 6.0.0.27 to 6.1.0.29 before the lsf upgrade....lawson worked fine)
there were no ldif updates
portal login screen comes up...if i enter valid userid/password screen comes back with password blanked out in white and no message
sec admin...authentication fails
any portal smoketest that requires authentication....fails
lid...lsconfig & ssosmoketest work just fine
John Hosanna
Basic Member
Posts: 11
4/12/2010 6:52 PM
Apr 12, 2010 2:32:05 PM com.lawson.lawsec.authen.FormLoginScheme ldapBindSearch
WARNING: LDAP authentication failed for user with dn 'CN=lawson,OU=SystemAccount
s,DC=kindermorgan,DC=com'. Message: javax.naming.AuthenticationException: [LDAP
: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityConte
xt error, data 52e, vece]
Stack Trace : javax.naming.AuthenticationException: [LDAP: error code 49 - 80090
308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vec
e]
is this a websphere/bouncycastle issue since lid ssosmoketest works?
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 6:57 PM
error 49/52e is indication of invalid credential. Did you reapply bouncycastle to the websphere 6.1.0.29 upgrade?
John Hosanna
Basic Member
Posts: 11
4/12/2010 7:03 PM
yes bouncy was reapplied.
$JAVA_HOME/bin/java -version...1.5.0.07 $WAS_HOME/java/bin/java -version...1.5.0.03
is the java version mismatch an issue?
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 7:11 PM
I would redo your LDAPBIND, point it to a GC via port 3268, verify lawson account and password.
Brian Allen
Veteran Member
Posts: 104
4/12/2010 7:22 PM
Having a different Java version between JAVA_HOME and WAS_HOME should be fine. We have different versions currently after a recent Websphere update (under 9.0.0.x).
John Hosanna
Basic Member
Posts: 11
4/12/2010 7:39 PM
ssosmoketest from lid verifies that ldap & dc are talking...correct?
houux66: >ssosmoketest -u lawson -w K1nder123!
tracing log is /lsfp1/law/system/SSO_31782850.log
......
......
Testing completed!
Jimmy Chiu
Veteran Member
Posts: 641
4/13/2010 12:42 PM
Redo your LDAPBIND to one of your global catalog domain controller via 3268.
The binding account probably will need to be accountname@domain.com instead of DOMAIN\accountname. Make this account a domain admin/service account only just for testing. Ii ran into the same issue about a year ago when I did the upgrade to 9.0.1.x from 9.0.0.4 . Only portal wouldn't recognize any valid password but I was able to connect via LID.
John Hosanna
Basic Member
Posts: 11
4/13/2010 12:52 PM
changing the ldapbind port to 3268 WORKED!!!!!!!!!!!
why?
Bart Conger
Advanced Member
Posts: 18
4/13/2010 1:09 PM
Microsoft has some good documentation regarding 389 vs 3268.
http://technet.microsoft....ers-work(WS.10).aspx
You are not authorized to post a reply.