Login
Register
Search
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Forums
Infor / Lawson Platforms
S3 Systems Administration
lsf 9.0.0 to 9.0.1 upgrade authentication issues
Home
Forums
Jobs
LawsonGuru
LawsonGuru Letter
LawsonGuru Blog
Worthwhile Reading
Infor Lawson News Feed
Store
Store FAQs
About
Who's On?
Membership:
Latest:
HireIQ
Past 24 Hours:
0
Prev. 24 Hours:
0
Overall:
5264
People Online:
Visitors:
98
Members:
0
Total:
98
Online Now:
New Topics
Lawson S3 Procurement
Tolerance Settings
3/31/2025 2:01 PM
I've been trying to set a tolerance for some t
Dealing with Lawson / Infor
Printing Solutions other than MHC
3/27/2025 1:00 PM
What are others using for printing solutions besid
Lawson S3 Procurement
Green check marks in Lawson 9.0.1
3/20/2025 4:55 PM
Hi, How to remove green check mark on items when o
Lawson S3 HR/Payroll/Benefits
Pay Rate History to Show All Positions
2/26/2025 3:34 PM
Does anyone know how to modify payratehistory.htm
Infor CloudSuite
How to build a Pre-Prod tenant
2/7/2025 1:28 AM
After we finished our implementation and ended our
Lawson S3 Procurement
Browser issue with RQC Shopping
1/28/2025 5:49 PM
Since the recent Chrome/Edge updates, our RQC shop
Lawson S3 Procurement
S3-Procurement New Company
1/22/2025 10:38 PM
My Accounting Department has created a new Company
S3 Customization/Development
JUSTIFIED RIGHT
1/15/2025 7:41 PM
Is there a way in Lawson COBOL to make a character
S3 Systems Administration
ADFS certificate - new cert
12/3/2024 9:38 PM
The certificates on the windows boxes expired and
Lawson S3 HR/Payroll/Benefits
Post Tax Benefit Plan Table
11/14/2024 9:16 PM
Hi, totally new to Laswon. I have a repor
Top Forum Posters
Name
Points
Greg Moeller
4184
David Williams
3349
JonA
3291
Kat V
2984
Woozy
1973
Jimmy Chiu
1883
Kwane McNeal
1437
Ragu Raghavan
1375
Roger French
1315
mark.cook
1244
Forums
Filtered Topics
Unanswered
Unresolved
Announcements
Active Topics
Most Liked
Most Replies
Search Forums
Search
Advanced Search
Topics
Posts
Prev
Next
Forums
Infor / Lawson Platforms
S3 Systems Administration
lsf 9.0.0 to 9.0.1 upgrade authentication issues
Please
login
to post a reply.
22 Replies
0
Subscribed to this topic
27 Subscribed to this forum
Sort:
Oldest First
Most Recent First
Author
Messages
John Hosanna
Basic Member
Posts: 11
4/12/2010 12:50 PM
upgraded my hpu-ux lsf 9.0.0 environment to lsf 9.0.1. no errors during upgrade process.
portal & sec admin authentication is now broke. came accross some errors in security_authen.log.
1) from startup
Security factory was unable to find class com.lawson.security.authen.ManagerFactoryLMImpl
2) from authentication
26965103: >> processLoginAction More info: none.
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: Authenticating...
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: returning mgrFactory
26965103: searchBase: 'DC=kindermorgan,DC=com'
26965103: searchFilter: '(&(sAMAccountName=tstuser)(objectclass=user))'
26965103: unknown
26965103: Exception while looping through found entries.
26965103: Invalid authentication. Sending to login page again.
EricS
Veteran Member
Posts: 80
4/12/2010 1:06 PM
Split
I upgraded my AIX environment form 9.0.0.4 to 9.0.1. Incuded in the upgrade process installing DB2 9.5, TDS 6.2. Had more problems than I could count, some of them self induced. I did find out, from the Lawson Consultant we had to hire to straighten out the mess, that installing Tivoli Directory Intgrator is incompatible with Lawson, and that using the Tiviol Migration tools is not recomended. It is better to export an LDIF file, install TDS, and import the LDIF file. If you have upgraded TDS, that might be the cause?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:20 PM
Split
ldap is using microsoft ADAM
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 1:30 PM
Split
Can you login thru LID?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:33 PM
Split
LID works fine
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 1:49 PM
Split
Are you on LAUA security or LS security?
John Hosanna
Basic Member
Posts: 11
4/12/2010 1:52 PM
Split
LS
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 2:03 PM
Split
Have you redeployed the your Lawsec, BPM, IOS websphere modules after the upgrade? (You probably did) Just double checking.
Next:
Check your default ldap login account against your ADAM. The account should be valid admin account in ADAM. You can find the account in your %LAWDIR%\system\authen.dat in the RMCONFIG
tag. (DO NOT CHANGE THiS FILE)
You should be able to use a ldap broweser and connect with this ADAM admin account. Verify the password to see if it has been changed.
Check your LDAPBIND settings, if you are binding it to AD, the account(most likely not your ADAM Admin account) should have access to browse the user tree.
Next:
Check for corrupted user entry. tstusr is a good start.
John Hosanna
Basic Member
Posts: 11
4/12/2010 2:40 PM
Split
ears have been redeployed
i can connect to adam with the the default ldap login acct. (password has not changed)
the search user is valid
fyi....this environment worked just fine prior to the upgrade
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 4:23 PM
Split
Did you upgrade your portal to 9.0.1.x also? And which version of hp-ux are you running? which verison of 9.0.1.x you upgraded to? what's your websphere version?
hsuhsen
Basic Member
Posts: 23
4/12/2010 5:23 PM
Split
Josh, can you get to the Portal page or to the sec admin page, or do you get the error before you get to the login screen?
Brian Allen
Veteran Member
Posts: 104
4/12/2010 5:50 PM
Split
Was there an LDIF update required for 9.0.1 (you would have been prompted to apply the update)? If so, did you apply it? Do all of the smoke tests from the install guide pass?
hsuhsen
Basic Member
Posts: 23
4/12/2010 6:04 PM
Split
There is a valuable tool you can use to troubleshoot SSO log in errors. Go to LAWDIR/system/sso_tracing.properties. Set the TRACING_ON value to true. Re-start the application server for this change to be effective. Run the following smoketests:
Portal URL:
http://server:port/sso/SSOServlet
http://server:port/ssoconfig/SSOCfgInfoServlet
Lawson Insight Desktop (LID) Command Prompt:
lsconfig -l
ssosmoketest
ssoconfig -c
lase
The results will be in SSO_*.log files in LAWDIR/system. I have found these logs to be very helpful in troubleshooting errors that are specific to ldap, lawson security, and SSO problems.
John Hosanna
Basic Member
Posts: 11
4/12/2010 6:18 PM
Split
hpux 11.23
lsf 9.0.1.5
portal 9.0.1.5
websphere 6.1.0.29 (i upgrade websphere from 6.0.0.27 to 6.1.0.29 before the lsf upgrade....lawson worked fine)
there were no ldif updates
portal login screen comes up...if i enter valid userid/password screen comes back with password blanked out in white and no message
sec admin...authentication fails
any portal smoketest that requires authentication....fails
lid...lsconfig & ssosmoketest work just fine
John Hosanna
Basic Member
Posts: 11
4/12/2010 6:52 PM
Split
Apr 12, 2010 2:32:05 PM com.lawson.lawsec.authen.FormLoginScheme ldapBindSearch
WARNING: LDAP authentication failed for user with dn 'CN=lawson,OU=SystemAccount
s,DC=kindermorgan,DC=com'. Message: javax.naming.AuthenticationException: [LDAP
: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityConte
xt error, data 52e, vece]
Stack Trace : javax.naming.AuthenticationException: [LDAP: error code 49 - 80090
308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vec
e]
is this a websphere/bouncycastle issue since lid ssosmoketest works?
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 6:57 PM
Split
error 49/52e is indication of invalid credential. Did you reapply bouncycastle to the websphere 6.1.0.29 upgrade?
John Hosanna
Basic Member
Posts: 11
4/12/2010 7:03 PM
Split
yes bouncy was reapplied.
$JAVA_HOME/bin/java -version...1.5.0.07 $WAS_HOME/java/bin/java -version...1.5.0.03
is the java version mismatch an issue?
Jimmy Chiu
Veteran Member
Posts: 641
4/12/2010 7:11 PM
Split
I would redo your LDAPBIND, point it to a GC via port 3268, verify lawson account and password.
Brian Allen
Veteran Member
Posts: 104
4/12/2010 7:22 PM
Split
Having a different Java version between JAVA_HOME and WAS_HOME should be fine. We have different versions currently after a recent Websphere update (under 9.0.0.x).
John Hosanna
Basic Member
Posts: 11
4/12/2010 7:39 PM
Split
ssosmoketest from lid verifies that ldap & dc are talking...correct?
houux66: >ssosmoketest -u lawson -w K1nder123!
tracing log is /lsfp1/law/system/SSO_31782850.log
......
......
Testing completed!
Jimmy Chiu
Veteran Member
Posts: 641
4/13/2010 12:42 PM
Split
Redo your LDAPBIND to one of your global catalog domain controller via 3268.
The binding account probably will need to be accountname@domain.com instead of DOMAIN\accountname. Make this account a domain admin/service account only just for testing. Ii ran into the same issue about a year ago when I did the upgrade to 9.0.1.x from 9.0.0.4 . Only portal wouldn't recognize any valid password but I was able to connect via LID.
John Hosanna
Basic Member
Posts: 11
4/13/2010 12:52 PM
Split
changing the ldapbind port to 3268 WORKED!!!!!!!!!!!
why?
Bart Conger
Advanced Member
Posts: 18
4/13/2010 1:09 PM
Split
Microsoft has some good documentation regarding 389 vs 3268.
http://technet.microsoft....ers-work(WS.10).aspx
Please
login
to post a reply.