can't run ssoconfig -c as lawson user

Sounds like permissions, does the Lawson user have rights to read $LAWDIR\system\install.cfg file?

it does

-rwx------ 1 lawson lawson 4810 Feb 11 13:39 install.cfg

if you chmod'ed 777 then it should have looked more like
-rwxrwxrwx.

That's a 700 that you are showing there.

You might want to try: chmod 644 install.cfg.

That's read/write privileges for the Lawson user (6), read only privileges for the Lawson group (4), and read only privileges for the rest of the world (4). 

Actually, don't do the perms change on 'LAWDIR/system/install.cfg', especially not to 644. It is not being read during an 'ssoconfig -c'
(NOTE: Leave that last digit at ZERO, since sensitive passwords are in that file. You can safely use '400', '600', or '?40', and changing the group to something secure, that is NOT 'lawson'. )

Check the following:
1) lsconfig -l
...if you get a java error, then you may have issues with security. In that case, do the following:
1) cd LAWDIR/system
2) rm lase_server_[1-9]*.log.lck

then try the 'lsconfig -l' again

If you STILL get an error, check the following files:
1) LAWDIR/system/authen.dat (make sure it's not empty, and DO NOT MANUALLY EDIT)
2) LAWDIR/system/.sso*store (make sure not empty. These are binary)

if 'lsconfig -l' gives you an error about setup hasn't been done, then check the following:
1) is the Lawson LDAP running?
2) can you connect to it (use something like ldapsearch against both the RootDSE and the Lawson naming context)

Let us know what you find, and I'll see if I have other ideas.

Kwane

Oh yeah, one more thing... if you enabled 'lawson' use for New Lawson Security (aka CheckLS = YES), then you'll need to check a few more things:
1) is 'ssoconfig' defined in tokendef
2) is it in the security class for the ENV profile.

Depending on when your initial install as performed, you may not have 'ssoconfig' correctly defined in either 'tokendef' and/or attached to the security class for AllAdminAccess.

Kwane

Kwane and SAM. Thanks a lot for your replies

in the log it said failed initiailized ldap.
1. lsconfig -l said "Initial configuration seems to be missing..." However, I can login to portal use Lawson user. ALso I can login to security administrator.
2. 1) LAWDIR/system/authen.dat (make sure it's not empty, and DO NOT MANUALLY EDIT)
2) LAWDIR/system/.sso*store (make sure not empty. These are binary)

they are not empty.
3. I can connect LDAP using Jxplorer.

4. still use LAUA.

Error in the log
"14-02-11 13:53:54:382 1 default.SEVERE api.LawsonSecurity.getConfig(): com.lawso
n.lawsec.authen.LSFSecurityAuthenException:Failed to initialize LDAP. Detailed M
essage is javax.naming.CommunicationException: ldaplmk.bhcs.pvt:1386 [Root excep
tion is java.net.UnknownHostException: ldaplmk.bhcs.pvt]
Stack Trace : javax.naming.CommunicationException: ldaplmk.bhcs.pvt:1386 [Root e
xception is java.net.UnknownHostException: ldaplmk.bhcs.pvt]"

It said my ldap host in unknown. strange. LASE is running. I can run ssoconfig -c as root.

one more error in the log
"14-02-11 23:13:47:305 1 default.SEVERE api.LawsonSecurity.initialize(): Failed t
o initialize Ldap'"

Problem solved. I need to define GEN product line and assigned it to security class which lawson has.