Bug 175858
Summary: | HTTP 401error when trying to connect to management console from windows | ||
---|---|---|---|
Product: | [Retired] 389 | Reporter: | Michael Osganian <osganian> |
Component: | Admin | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 1.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | 1.0.2 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-12-07 17:06:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 152373, 183369, 240316 |
Description
Michael Osganian
2005-12-15 20:04:29 UTC
From my admin-serv logs: access.log: 172.16.33.230 - - [15/Dec/2005:15:50:08 -0500] "GET /admin-serv/authenticate HTT P/1.0" 401 480 error.log: [Thu Dec 15 15:50:08 2005] [notice] [client 172.16.33.230] admserv_host_ip_check : ap_get_remote_host could not resolve 172.16.33.230 [Thu Dec 15 15:50:08 2005] [warn] [client 172.16.33.230] admserv_host_ip_check: failed to get host by ip addr [172.16.33.230] - check your host and DNS configur ation [Thu Dec 15 15:50:08 2005] [notice] [client 172.16.33.230] admserv_host_ip_check : Unauthorized host ip=172.16.33.230, connection rejected You need to tell admin server to allow acccess from your IP address. First, look at http://www.redhat.com/docs/manuals/dir-server/pdf/console71.pdf Chapter 7. If you're sure you have your DNS and reverse DNS working, you should be able to use Host Names to allow. If you're not sure, use IP Addresses to allow. Use a pattern like 172.16.*.* or whatever you're comfortable with. You may have to restart-admin for the changes to take effect. Thanks, when I click the Open button on the Administration server in the Management console I get the following exception in my xterm and the management window for the Admin Server never opens. It works fine for the Directory Server however. http://myserver.mycompany.com:30000/[3:0] recv> Admin-Server: Fedora-Administrat or/1.0.1 HttpChannel.invoke: admin version = 1.0.1 http://myserver.mycompany.com:30000/[3:0] recv> Connection: close http://myserver.mycompany.com:30000/[3:0] recv> Content-Type: text/html http://myserver.mycompany.com:30000/[3:0] recv> http://myserver.mycompany.com:30000/[3:0] recv> Reading unknown length bytes... http://myserver.mycompany.com:30000/[3:0] recv> 19 bytes read http://myserver.mycompany.com:30000/[3:0] close> Closed Framework: location set: java.awt.Point[x=265,y=233] java.lang.IllegalArgumentException: Width (0) and height (0) cannot be <= 0 at java.awt.image.DirectColorModel.createCompatibleWritableRaster(Direct ColorModel.java:999) at sun.awt.X11.XFramePeer.setIconImage(XFramePeer.java:217) at sun.awt.X11.XFramePeer.postInit(XFramePeer.java:75) at sun.awt.X11.XBaseWindow.init(XBaseWindow.java:117) at sun.awt.X11.XBaseWindow.<init>(XBaseWindow.java:150) at sun.awt.X11.XWindow.<init>(XWindow.java:86) at sun.awt.X11.XComponentPeer.<init>(XComponentPeer.java:100) at sun.awt.X11.XCanvasPeer.<init>(XCanvasPeer.java:22) at sun.awt.X11.XPanelPeer.<init>(XPanelPeer.java:27) at sun.awt.X11.XWindowPeer.<init>(XWindowPeer.java:53) at sun.awt.X11.XDecoratedPeer.<init>(XDecoratedPeer.java:36) at sun.awt.X11.XFramePeer.<init>(XFramePeer.java:41) at sun.awt.X11.XToolkit.createFrame(XToolkit.java:349) at java.awt.Frame.addNotify(Frame.java:491) at java.awt.Window.show(Window.java:513) at com.netscape.management.client.Framework.<init>(Unknown Source) at com.netscape.management.admserv.AdminServer.createFramework(Unknown S ource) at com.netscape.management.admserv.AdminServer.run(Unknown Source) at com.netscape.management.admserv.AdminServer.run(Unknown Source) at com.netscape.management.client.topology.AbstractServerObject$ServerRu nThread.run(Unknown Source) AbstractServerObject.ServerRunThread java.lang.IllegalArgumentException: Width ( 0) and height (0) cannot be <= 0 Is there any way to edit the Connection Restrictions for the Admin Server without bringing up the management console? Not sure if this is the file that is modified by the management console but my admin-serv/config/local.conf file has the following section: configuration.objectClass: nsConfig configuration.objectClass: nsAdminConfig configuration.objectClass: nsAdminObject configuration.objectClass: nsDirectoryInfo configuration.objectClass: top configuration.nsServerPort: 30000 configuration.nsSuiteSpotUser: root configuration.nsAdminEnableEnduser: on configuration.nsAdminEnableDSGW: on configuration.nsDirectoryInfoRef: cn=Server Group, cn=myserver.mycompany.com, ou=mycompany.com, o=NetscapeRoot configuration.nsAdminUsers: admin-serv/config/admpw configuration.nsErrorLog: admin-serv/logs/error configuration.nsPidLog: admin-serv/logs/pid configuration.nsAccessLog: admin-serv/logs/access configuration.nsAdminCacheLifetime: 600 configuration.nsAdminAccessHosts: *.mycompany.com configuration.nsAdminAccessAddresses: * configuration.nsAdminOneACLDir: adminacl configuration.nsDefaultAcceptLanguage: en configuration.nsClassname: com.netscape.management.admserv.AdminServer@cn=admin-serv-myserver, cn=Fedora Administration Server, cn=Server Group, cn=myserver.mycompany.com, ou=mycompany.com, o=NetscapeRoot configuration.creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot configuration.modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot configuration.createTimestamp: 20051214210128Z configuration.modifyTimestamp: 20051214210128Z Ok, if I use JDK 1.4.2_08 then I don't get the IllegalArgumentException and the window comes up fine. Also, adding my specific IP address and restarting the admin server fixed everything. Thanks alot! The file local.conf is just a read-only cache of the actual configuration which is stored in the directory server under the o=netscaperoot suffix. 1) find the admin server configuration entry dn cd /opt/fedora-ds/shared/bin ./ldapsearch -b o=netscaperoot -D "cn=Directory Manager" -w password "objectclass=nsadminconfig" dn 2) Modify the attributes nsAdminAccessHosts and nsAdminAccessAddresses in that entry ldapmodify -D "cn=directory manager" -w password dn: dn of admin config entry changetype: modify replace: nsAdminAccessHosts nsAdminAccessAddresses nsAdminAccessHosts: * nsAdminAccessAddresses: * 3) restart the admin server Once you get your DNS and reverse DNS working, you can use access hosts to restrict admin server access to certain domains or hosts |