Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Systems Administration
lsf 9.0.0 to 9.0.1 upgrade authentication issues
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
Saef
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5226
People Online:
Visitors:
284
Members:
0
Total:
284
Online Now:
New Topics
User Group Announcements
Carolina User Group Meeting
12/20/2024 3:15 PM
Date & Time: February 6, 2025, 8:30am - 4:00pm
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Lawson S3 Procurement
ED501 Error: Map 850 not supported by /law/c15vda/lawson/test10/edi/bin/laws_out_91
11/12/2024 3:47 PM
Tried runnning ED501 and getting the atathced erro
Lawson S3 HR/Payroll/Benefits
Error
11/6/2024 9:54 PM
When I try to enroll a retiree in 72.1 health plan
Infor ERP (Syteline)
Syteline: New Data Maintenance Wizard (Error) Need help
11/1/2024 4:24 PM
Hi, I need help with an error on syteline while us
Dealing with Lawson / Infor
Implementing Lawson v10 with Cerner Surginet, Case Cart Picking, and Quick Adds for the OR
10/29/2024 4:20 PM
Hi Everyone, I am wondering if there is any org
Lawson S3 HR/Payroll/Benefits
Canada Tax Calculation (Federal and Provincial) Issue
10/23/2024 5:00 AM
Initially, we had problem with CPP2 calculation is
Lawson S3 HR/Payroll/Benefits
CA Section 125 401k Plan
10/22/2024 10:13 PM
Does anyone have any recommendations on how to fac
S3 Systems Administration
Running AC120 deleted records from ACMASTER table
10/22/2024 3:40 PM
We recently ran the AC120 as normal and somehow it
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1372
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Infor / Lawson Platforms
S3 Systems Administration
lsf 9.0.0 to 9.0.1 upgrade authentication issues
Please
login
to post a reply.
22 Replies
0
Subscribed to this topic
27 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
John Hosanna
Basic Member
Posts: 11
4/12/2010 12:50 PM
upgraded my hpu-ux lsf 9.0.0 environment to lsf 9.0.1. no errors during upgrade process.
portal & sec admin authentication is now broke. came accross some errors in security_authen.log.
1) from startup
Security factory was unable to find class com.lawson.security.authen.ManagerFactoryLMImpl
2) from authentication
26965103: >> processLoginAction More info: none.
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: Authenticating...
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: searchBase: 'DC=kindermorgan,DC=com'
26965103: searchFilter: '(&(sAMAccountName=tstuser)(objectclass=user))'
26965103: unknown
26965103: Exception while looping through found entries.
26965103: Invalid authentication. Sending to login page again.
EricS
Veteran Member
Posts: 80
4/12/2010 1:06 PM
I upgraded my AIX environment form 9.0.0.4 to 9.0.1. Incuded in the upgrade process installing DB2 9.5, TDS 6.2. Had more problems than I could count, some of them self induced. I did find out, from the Lawson Consultant we had to hire to straighten out the mess, that installing Tivoli Directory Intgrator is incompatible with Lawson, and that using the Tiviol Migration tools is not recomended. It is better to export an LDIF file, install TDS, and import the LDIF file. If you have upgraded TDS, that might be the cause?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:20 PM
ldap is using microsoft ADAM
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 1:30 PM
Can you login thru LID?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:33 PM
LID works fine
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 1:49 PM
Are you on LAUA security or LS security?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:52 PM
LS
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 2:03 PM
Have you redeployed the your Lawsec, BPM, IOS websphere modules after the upgrade? (You probably did) Just double checking.
Next:
Check your default ldap login account against your ADAM. The account should be valid admin account in ADAM. You can find the account in your %LAWDIR%\system\authen.dat in the RMCONFIG
tag. (DO NOT CHANGE THiS FILE)
You should be able to use a ldap broweser and connect with this ADAM admin account. Verify the password to see if it has been changed.
Check your LDAPBIND settings, if you are binding it to AD, the account(most likely not your ADAM Admin account) should have access to browse the user tree.
Next:
Check for corrupted user entry. tstusr is a good start.
John Hosanna
Basic Member
Posts: 11
4/12/2010 2:40 PM
ears have been redeployed
i can connect to adam with the the default ldap login acct. (password has not changed)
the search user is valid
fyi....this environment worked just fine prior to the upgrade
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 4:23 PM
Did you upgrade your portal to 9.0.1.x also? And which version of hp-ux are you running? which verison of 9.0.1.x you upgraded to? what's your websphere version?
hsuhsen
Basic Member
Posts: 23
4/12/2010 5:23 PM
Josh, can you get to the Portal page or to the sec admin page, or do you get the error before you get to the login screen?
Brian Allen
Veteran Member
Posts: 104
4/12/2010 5:50 PM
Was there an LDIF update required for 9.0.1 (you would have been prompted to apply the update)? If so, did you apply it? Do all of the smoke tests from the install guide pass?
hsuhsen
Basic Member
Posts: 23
4/12/2010 6:04 PM
There is a valuable tool you can use to troubleshoot SSO log in errors. Go to LAWDIR/system/sso_tracing.properties. Set the TRACING_ON value to true. Re-start the application server for this change to be effective. Run the following smoketests:
Portal URL:
http://server:port/sso/SSOServlet
http://server:port/ssoconfig/SSOCfgInfoServlet
Lawson Insight Desktop (LID) Command Prompt:
lsconfig -l
ssosmoketest
ssoconfig -c
lase
The results will be in SSO_*.log files in LAWDIR/system. I have found these logs to be very helpful in troubleshooting errors that are specific to ldap, lawson security, and SSO problems.
John Hosanna
Basic Member
Posts: 11
4/12/2010 6:18 PM
hpux 11.23
lsf 9.0.1.5
portal 9.0.1.5
websphere 6.1.0.29 (i upgrade websphere from 6.0.0.27 to 6.1.0.29 before the lsf upgrade....lawson worked fine)
there were no ldif updates
portal login screen comes up...if i enter valid userid/password screen comes back with password blanked out in white and no message
sec admin...authentication fails
any portal smoketest that requires authentication....fails
lid...lsconfig & ssosmoketest work just fine
John Hosanna
Basic Member
Posts: 11
4/12/2010 6:52 PM
Apr 12, 2010 2:32:05 PM com.lawson.lawsec.authen.FormLoginScheme ldapBindSearch
WARNING: LDAP authentication failed for user with dn 'CN=lawson,OU=SystemAccount
s,DC=kindermorgan,DC=com'. Message: javax.naming.AuthenticationException: [LDAP
: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityConte
xt error, data 52e, vece]
Stack Trace : javax.naming.AuthenticationException: [LDAP: error code 49 - 80090
308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vec
e]
is this a websphere/bouncycastle issue since lid ssosmoketest works?
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 6:57 PM
error 49/52e is indication of invalid credential. Did you reapply bouncycastle to the websphere 6.1.0.29 upgrade?
John Hosanna
Basic Member
Posts: 11
4/12/2010 7:03 PM
yes bouncy was reapplied.
$JAVA_HOME/bin/java -version...1.5.0.07 $WAS_HOME/java/bin/java -version...1.5.0.03
is the java version mismatch an issue?
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 7:11 PM
I would redo your LDAPBIND, point it to a GC via port 3268, verify lawson account and password.
Brian Allen
Veteran Member
Posts: 104
4/12/2010 7:22 PM
Having a different Java version between JAVA_HOME and WAS_HOME should be fine. We have different versions currently after a recent Websphere update (under 9.0.0.x).
John Hosanna
Basic Member
Posts: 11
4/12/2010 7:39 PM
ssosmoketest from lid verifies that ldap & dc are talking...correct?
houux66: >ssosmoketest -u lawson -w K1nder123!
tracing log is /lsfp1/law/system/SSO_31782850.log
......
......
Testing completed!
Jimmy Chiu
Veteran Member
Posts: 641
4/13/2010 12:42 PM
Redo your LDAPBIND to one of your global catalog domain controller via 3268.
The binding account probably will need to be accountname@domain.com instead of DOMAIN\accountname. Make this account a domain admin/service account only just for testing. Ii ran into the same issue about a year ago when I did the upgrade to 9.0.1.x from 9.0.0.4 . Only portal wouldn't recognize any valid password but I was able to connect via LID.
John Hosanna
Basic Member
Posts: 11
4/13/2010 12:52 PM
changing the ldapbind port to 3268 WORKED!!!!!!!!!!!
why?
Bart Conger
Advanced Member
Posts: 18
4/13/2010 1:09 PM
Microsoft has some good documentation regarding 389 vs 3268.
http://technet.microsoft....ers-work(WS.10).aspx
Please
login
to post a reply.