Univention Bugzilla – Full Text Bug Listing |
Summary: | OperationalError: FATAL: Passwort-Authentifizierung für Benutzer »selfservice« fehlgeschlagen | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | Self Service | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Erik Damrose <damrose> |
Severity: | normal | ||
Priority: | P5 | CC: | botner, keiser, scheinig, troeder |
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=44383 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 6: Setup Problem: Issue for the setup process |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | 0.343 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Yes | Flags outvoted (downgraded) after PO Review: | |
Ticket number: | 2018102021000255, 2018041621000355, 2018041121000168, 2017120121000299, 2017100621000721, 2017111321000518, 2018080821000354 | Bug group (optional): | Error handling, External feedback |
Max CVSS v3 score: |
Description
Florian Best
2017-10-13 12:17:38 CEST
Reported again, 4.2-2 errata219 (Lesum) Reported again: Version: 4.2-3 errata231 (Lesum) OperationalError: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432? As with https://forge.univention.org/bugzilla/show_bug.cgi?id=45719#c2 : Should a message be created that tells the user to tell his admin to (re)start the service? Reported again: Version: 4.3-0 errata11 (Neustadt) Remark: Problem besteht leider auch nach Re-Install der App noch univention-app remove self-service apt-get purge univention-self-service univention-self-service-passwordreset-umc univention-app install self-service Reported again: Version: 4.3-0 errata12 (Neustadt) Was now reported within a support ticket (2018080821000354). I will inform the customer and set the ticket in waiting for this fix or do we have a workaround, yet? > OperationalError: FATAL: Passwort-Authentifizierung für Benutzer
> »selfservice« fehlgeschlagen
> FATAL: Passwort-Authentifizierung für Benutzer »selfservice« fehlgeschlagen
Dies ist ein Verbindungsfehler vom Webserver zum PostgreSQL-Server.
D.h. das Passwort aus /etc/self-service-db.secret stimmt nicht mit dem Passwort überein, dass PostgreSQL für den Datenbank-User "selfservice" gespeichert hat.
Das Problem lässt sich lösen, indem man das Passwort für den Datenbank-User erneut setzt:
Ungetestet, aber sollte in etwas so funktionieren:
$ selfservice_pwd="$(</etc/self-service-db.secret)"
$ su - postgres -c "echo \"ALTER ROLE selfservice WITH ENCRYPTED PASSWORD '$selfservice_pwd';\" | psql" || die "Could not set selfservice database password."
Alternativ einfach /etc/self-service-db.secret löschen und das join script 35univention-self-service-passwordreset-umc.inst laufen lassen:
$ mv /etc/self-service-db.secret /etc/self-service-db.secret.old
$ univention-run-join-scripts --run-scripts --force 35univention-self-service-passwordreset-umc.inst
Both workarounds are not working in the customer environment. (In reply to Christina Scheinig from comment #8) > Both workarounds are not working in the customer environment. Why, there is no information about the actual problem here, just an error message. For example one could test the psql connection as selfservice user psql -U selfservice -h localhost selfservice with the password from /etc/self-service-db.secret. By the way, this has nothing to do with password policies as this "selfservice" account is an account in postgres, not in the IDM oder the local system. e1116dbf7848b8f029e877ef99509bc7881f8c07 - univention-self-service ee0b0abe99a3a30f12cf48e215d52f79422c31ac - yaml Just changed the join script to always update the selfservice database user password. OK: always set postgresql userpassword for selfservice when executing the joinscript OK:~ Only re-executing the joinscript will fix the issue. Why the issue appeared at all is not clear OK: yaml Reported again: Version: 4.3-2 errata287 (Neustadt) Interner Server-Fehler in "passwordreset/get_contact". Request: passwordreset/get_contact Traceback (most recent call last): File "%PY2.7%/univention/management/console/protocol/modserver.py", line 186, in _recv self.handle(msg) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 296, in handle self.__handler.init() File "%PY2.7%/univention/management/console/modules/passwordreset/__init__.py", line 214, in init self.db = TokenDB(MODULE) File "%PY2.7%/univention/management/console/modules/passwordreset/tokendb.py", line 53, in __init__ self.conn = self.open_db() File "%PY2.7%/univention/management/console/modules/passwordreset/tokendb.py", line 120, in open_db db_name=DB_NAME, db_user=DB_USER, db_pw=password)) File "/usr/lib/python2.7/dist-packages/psycopg2/__init__.py", line 164, in connect conn = _connect(dsn, connection_factory=connection_factory, async=async) OperationalError: FATAL: Passwort-Authentifizierung für Benutzer »selfservice« fehlgeschlagen FATAL: Passwort-Authentifizierung für Benutzer »selfservice« fehlgeschlagen Role: domaincontroller_master |