users@glassfish.java.net

Re: asadmin troubles

From: <glassfish_at_javadesktop.org>
Date: Sat, 26 Sep 2009 01:50:04 PDT

Sorry for the paths confusion. That was because I have two different installations on two different systems that I mixed in the post somehow but the results are the same on both systems.

The system setup (the one I want to talk about) is an Ubuntu Server 8.04, using glassfish v3 b64 with Sun JDK 1.6.0 update 16. The glassfish installation is installed in "/opt/glassfishv3/".

The user "glassfish" is a system account on that machine, so no remote login is permitted and only root can "su - " into it. The users home directory is set to "/opt/glassfishv3/". Actually when performing multiple operations I don't use "su - glassfish -c '...'" but rather su into glassfish and then working in the shell of that user.

Actually if it is a problem of the .asadminpass file location the paths shown during authentication are correct (a small session here):

[pre]
root_at_bitch:~# su - glassfish
$ bash
glassfish_at_bitch:~$ pwd
/opt/glassfishv3
glassfish_at_bitch:~$ ls -la
total 60
drwxr-xr-x 11 glassfish adm 4096 2009-09-19 13:44 .
drwxr-xr-x 11 root root 4096 2009-09-18 23:45 ..
-rw------- 1 glassfish glassfish 123 2009-09-19 15:04 .asadminpass
-rw------- 1 glassfish glassfish 5240 2009-09-24 14:53 .bash_history
drwxr-x--- 3 glassfish glassfish 4096 2009-09-19 00:36 bin
-rw-r----- 1 glassfish glassfish 133 2009-09-19 10:52 dom2-pwd.txt
drwxr-x--- 9 glassfish glassfish 4096 2009-09-03 13:22 glassfish
drwxr-x--- 3 glassfish glassfish 4096 2009-09-19 10:14 .java
drwxr-x--- 4 glassfish glassfish 4096 2009-09-03 13:34 javadb
drwxr-x--- 2 glassfish glassfish 4096 2009-09-19 11:12 logs
drwxr-x--- 7 glassfish glassfish 4096 2009-09-03 13:36 mq
drwxr-x--- 9 glassfish glassfish 4096 2009-09-19 00:39 .org.opensolaris,pkg
drwxr-x--- 8 glassfish glassfish 4096 2009-09-19 00:36 pkg
drwxr-x--- 2 glassfish glassfish 4096 2009-09-19 10:13 .updatetool
glassfish_at_bitch:~$ ./bin/asadmin --port 9048 get *.admin-listener
Authentication failed with password from login store: /opt/glassfishv3/.asadminpass
Enter admin password>
Authentication failed for user: MyRoot
(Usually, this means invalid user name and/or password)
Command get failed.
glassfish_at_bitch:~$
[/pre]

So the problem is that the password hash doesn't match with the stored one, neither from .asadminpass nor directly given through the console (of course I checked that the base64 encoded one in .asadminpass is really correct).

But nevertheless I tried your suggestion to work without --savelogin:

[pre]
glassfish_at_bitch:~$ ./bin/asadmin --passwordfile dom2-pwd.txt --user MyRoot create-domain --portbase 6000 --savemasterpassword=true dom3
Using port 6048 for Admin.
Using port 6080 for HTTP Instance.
Using port 6076 for JMS.
Using port 6037 for IIOP.
Using port 6081 for HTTP_SSL.
Using port 6038 for IIOP_SSL.
Using port 6039 for IIOP_MUTUALAUTH.
Using port 6086 for JMX_ADMIN.
The file in given locale [de_DE] at: [/opt/glassfishv3/glassfish/lib/templates/locales/de_DE/index.html] could not be found. Using default (en_US) index.html instead.
Distinguished Name of the self-signed X.509 Server Certificate is:
[CN=bitch.***********.net,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US]
Domain dom3 created.
Domain dom3 admin port is 6048.
Domain dom3 admin user is "MyRoot".
Command create-domain executed successfully.
glassfish_at_bitch:~$ ./bin/asadmin --passwordfile dom2-pwd.txt --user MyRoot start-domain dom3

Waiting for DAS to start.
Name of the domain started: [dom3] and its location:
[/opt/glassfishv3/glassfish/domains/dom3].
Admin port for the domain: [6048].
Command start-domain executed successfully.
glassfish_at_bitch:~$ ./bin/asadmin --passwordfile dom2-pwd.txt --user MyRoot --port 6048 get *.admin-listener
Authentication failed with password from file: dom2-pwd.txt
Enter admin password>
Authentication failed for user: MyRoot
(Usually, this means invalid user name and/or password)
Command get failed.
glassfish_at_bitch:~$
[/pre]

So you see the problem is exactly the same on a completely new fresh domain. Login via web admin GUI works as expected. So this is really confusing me.

But wait... I just tried using another (much less secure) password for the admin user and now it works:

[pre]glassfish_at_bitch:~$ ./bin/asadmin --passwordfile dom3-pwd.txt --user MyRoot create-domain --portbase 6000 --savemasterpassword=true dom3
Using port 6048 for Admin.
Using port 6080 for HTTP Instance.
Using port 6076 for JMS.
Using port 6037 for IIOP.
Using port 6081 for HTTP_SSL.
Using port 6038 for IIOP_SSL.
Using port 6039 for IIOP_MUTUALAUTH.
Using port 6086 for JMX_ADMIN.
The file in given locale [de_DE] at: [/opt/glassfishv3/glassfish/lib/templates/locales/de_DE/index.html] could not be found. Using default (en_US) index.html instead.
Distinguished Name of the self-signed X.509 Server Certificate is:
[CN=bitch.**********.net,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US]
Domain dom3 created.
Domain dom3 admin port is 6048.
Domain dom3 admin user is "MyRoot".
Command create-domain executed successfully.
glassfish_at_bitch:~$ ./bin/asadmin --passwordfile dom3-pwd.txt --user MyRoot start-domain dom3

Waiting for DAS to start.
Name of the domain started: [dom3] and its location:
[/opt/glassfishv3/glassfish/domains/dom3].
Admin port for the domain: [6048].
Command start-domain executed successfully.
glassfish_at_bitch:~$ ./bin/asadmin --passwordfile dom3-pwd.txt --user MyRoot --port 6048 get *.admin-listener
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.address=0.0.0.0
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.enabled=true
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.jk-enabled=false
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.name=admin-listener
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.port=6048
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.protocol=admin-listener
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.thread-pool=http-thread-pool
configs.config.server-config.network-config.network-listeners.network-listener.admin-listener.transport=tcp
configs.config.server-config.network-config.protocols.protocol.admin-listener.name=admin-listener
configs.config.server-config.network-config.protocols.protocol.admin-listener.security-enabled=false

Command get executed successfully.
glassfish_at_bitch:~$
[/pre]

So the real problem with asadmin seems to be that I am using some special characters for my passwords (some colons) so this test password works:
[pre]321test123[/pre]
But this doesn't:
[pre]321:test:123[/pre]

Curious but true somehow. Can this be a file encoding issue (although I doubt that since ASCII characters should be the same)?
[Message sent by forum member 'chaoslayer' (postmaster_at_chaoslayer.de)]

http://forums.java.net/jive/thread.jspa?messageID=365856