NetXMS Support Forum

Hello Team,

We have a serious problem with the console. I cannot reach it using the web console or the console application.

We had a problem with disk space and we were forced to create new partition, move the database (not very gracefully) and run again the services. Everything ended well with working database and services, but the console is giving "access denied". I tried everything as far as my knowledge goes, unfortunately i couldn't make it work. I even replaced the old nxmc.war file newly downloaded (version 2.0.6, same as my server version). Anyway the console is still giving me access denied with any user i try to log in (even usr: admin pass: netxms).

Any help will be appreciated

Best regards,
Adrian

Hi,

you can try to reset admin password first (with netxmsd stopped) using nxdbmgr resetadmin command, and then try to login with admin/netxms.

Best regards,
Victor

Hello Victor,

Thanks for the fast response.

I never changed the admin password, but anyway i did the nxdbmgr resetadmin, now i have "connection refused: connect" (check attached). One thing i lied (or just forgot), we already updated to 2.0.7 server. I replaced nxmc.war file with new one freshly downloaded from the site, but still got the error.

Everything else seems to be working fine, we are getting the email notifications and everything.

Best regards,
Adrian

I am now in with the admin account, but other accounts still get refused.

Best regards,
Adrian

Try to set server debug level to at least 5 and check what is going on during login.

Best regards,
Victor

Hello Victor,

I am not sure where to look for the login i tried to grep from /var/log/netxms login:

root@nms3:~# tail -f /var/log/netxms | grep login
[06-Dec-2016 15:32:03.151] [DEBUG] SQL request queued: INSERT INTO audit_log (record_id,timestamp,subsystem,success,user_id,workstation,session_id,object_id,message) VALUES(108771,1481031123,'SECURITY',0,111,'10.11.10.158',0,0,'User "adrian.dimitrov" login failed with error code 2 (client info: nxmc/2.0.7 (Windows 10 10.0; libnxcl 2.0.7))')
[06-Dec-2016 15:32:03.154] [DEBUG] Successful sync query: "INSERT INTO audit_log (record_id,timestamp,subsystem,success,user_id,workstation,session_id,object_id,message) VALUES(108771,1481031123,'SECURITY',0,111,'10.11.10.158',0,0,'User "adrian.dimitrov" login failed with error code 2 (client info: nxmc/2.0.7 (Windows 10 10.0; libnxcl 2.0.7))')" [3 ms]

Anyway i found that the authentication is working for the local database, but not for radius:

[06-Dec-2016 16:37:32.136] [DEBUG] RADIUS: authenticating user adrian.dimitrov on server 10.10.10.100 using CHAP
[06-Dec-2016 16:37:32.138] [DEBUG] RADIUS: Packet from host 10.10.10.100 code=3, id=212, length=20
[06-Dec-2016 16:37:32.139] [DEBUG] RADIUS: DoRadiusAuth returned 1 for user adrian.dimitrov
[06-Dec-2016 16:37:32.139] [INFO ] Authentication request for user adrian.dimitrov was rejected by RADIUS server

I tested this with my user, but really can't find a reason why RADIUS authentication is not working. There is nothing changed on both sides (radius or netxms). The port is specified as it should be 1645.

I found this  https://dev.raden.solutions/issues/1297 and i am thinking if this is really some kind of bug, and if so should we use the local database till it is resolved or there is a workaround.
fri
Another thing i googled for error code 2 ( the error from the log above) is jdk issue, could this be the case here ? we did not have any issues authenticating via RADIUS last week with the exactly the same configuration. I am getting really confused here.

Thanks for your time i appreciate it.

Best regards,
Adrian

Hello Victor,

Issue solved the authentication protocol was changed to CHAP. We don't really know how, when and why.

We added a variable in the server configuration so netxms to use again PAP and everything is back to normal now. Seems that everything is working properly at the moment.

Thanks a lot of for the help and any information on how the protocol could change by itself will be helpful.

Best regards,
Adrian

Hi,

before 2.0.7/2.1-M2 NetXMS only supported PAP for RADIUS authentication. As we added support for other authentication methods default was set to CHAP, which is probably wrong because it breaks backward compatibility.

Best regards,
Victor