We hope you'll join us for our 4/23 webinar on using data tables to apply reference ranges and AE codes in OC4. For more information and to register, visit https://register.gotowebinar.com/register/2882170018956684555

New 2.5.5 install: authentication failure

We have tried three times now to install OC 2.5.5 and I cannot figure out what is wrong. Everything goes fine until we try to log into OC as root, when we get the error message:
Your Username and Password combination could not be found.
Please try again. If you continue to have trouble,
please click "Forgot Password" or contact the Administrator.
The Tomcat logs clearly show that OC is failing to authenticate to postgresql (see below), but we cannot work out why (the changed clinica password in OpenClinica.xml and context.xml is the same as the one we edited into create_db_role.sql at install time).
I have documented what we did: would someone experienced in OC be able to look through this and spot where we've gone wrong?
This is on RHEL5, running Apache httpd front-ending Tomcat5. We've been running Tomcat for years, serving Cocoon as the default application, so we are familiar with it, and it had given no trouble so far. The OC application needs its own virtual host, so this was added to our DNS and implemented in httpd.conf like all the others we serve. This means we can deploy .war files for any application under their own hostname.
We followed the supplied install.txt, which is perfectly clear:
* installed OC in /usr/local/oc/OpenClinica-2.5.5
* Java and Tomcat were of course already installed and running
as this is an existing Tomcat server
* installed postgresql and postgresql-server via yum. This created the
postgres account and the empty database directories in /var/lib/pgsql
* edited create_db_role.sql to change the password, then
-- started postgresql
-- invoked it from the postgres user to create the role 'clinica'
-- created the openclinica database
-- invoked the create_database_2.5.5_tables_with_data.sql script
to populate the database
[NB to maintainers: install.txt quotes the wrong filename here]
* checked the .jar files were in the right place
* created /var/lib/tomcat5/openclinica.data (RHEL's install location)
* copied the .war file to /var/lib/tomcat5/webapps and let it expand
* edited datainfo.properties to add our local info
* edited OpenClinica.xml to change the password to the one set above
in create_db_role.sql (two locations) and the location of the
propertiesDir
On a Red Hat install, all config files are kept in /etc, so this file needs to be in /etc/tomcat5/Catalina/openclinica.ucc.ie/OpenClinica.xml (the directory created as a result of using a virtual host).
For some odd reason the identical data also appears in the deployed webapp at META-INF/context.xml so we edited that to be the same.
Even odder, when Tomcat is restarted, an OpenClinica.xml file is created in the parallel directory belonging to the default (Cocoon) application:
/etc/tomcat5/Catalina/publish.ucc.ie/OpenClinica.xml, so I edited that as well.
* set the log file directory in logback.xml
Restarted Tomcat, brought up the OpenClinica home page OK and tried to log in as root/12345678, when it gives the error
Your Username and Password combination could not be found.
Please try again. If you continue to have trouble,
please click "Forgot Password" or contact the Administrator.
In the catalina log file it says:
> SEVERE: Exception performing authentication
> org.postgresql.util.PSQLException: FATAL: Ident authentication failed for user "clinica"
> at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:275)
This is a postgres error message. I get the same if I try to open the database from the command line as the postgres user:
> $ psql -U clinica -W -d openclinica
> Password for user clinica: psql: FATAL: Ident authentication failed for user "clinica"
(using the password previously configured in create_db_role.sql).
I'm not familiar with the operation of Postgres, but this would appear to be an error.
Having reinstalled this from scratch, I am now getting a 404 "requested resource (/OpenClinica/MainMenu) is not available." message.
///Peter

Comments

  • haenselhaensel Posts: 602 ✭✭✭
    Hi Peter
    I've never installed OC 2.5.5 so this is just a guess.
    Try to connect to postgres using the following command:
    psql -Uclinica -W -h127.0.0.1 -dopenclinica
    If this works, read on. If not, the next step won't help.
    Check if the connectionURL (in OpenClinica.xml) contains 'localhost' as hostname, instead of 127.0.0.1
    e.g. connectionURL="jdbc:postgresql://localhost:5432/openclinica"
    If so, replace localhost by 127.0.0.1
    e.g. connectionURL="jdbc:postgresql://127.0.0.1:5432/openclinica"
    That's all.
    Explanation:
    The default postgres installation (on ubuntu 9.10) allows only existing users to connect from socket (see [1]), but allows using a md5 password hash from 127.0.0.1 (see [2]). For more information see either [3] or [4].
    [1]
    # "local" is for Unix domain socket connections only
    local all all ident
    [2]
    # IPv4 local connections:
    host all all 127.0.0.1/32 md5
    [3]/etc/postgresql/8.4/main/pg_hba.conf (on Ubuntu 9.10 for postgres 8.4)
    [4] http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
    Please give me feedback, if this worked for you.
    Regards,
    Christian
    --
    Dipl.-Inf. Christian Hänsel
    Bereich IT / Software-Entwicklung
    Tel.: +49-(0)89-5526189-16
    Fax : +49-(0)89-5526189-55
    E-Mail: [email protected]
    RELIATEC GmbH
    Schleissheimer Str. 37
    85748 Garching Germany
    HRB 150060 / AG München
    Gf Thomas Herbig
    http://www.reliatec.de
  • uccepuuccepu Posts: 4
    Christian Hänsel wrote:
    > Hi Peter
    >
    > I've never installed OC 2.5.5 so this is just a guess.
    > Try to connect to postgres using the following command:
    > psql -Uclinica -W -h127.0.0.1 -dopenclinica
    No, that fails. I went into psql as the postgres user and did an
    ALTER USER clinica WITH PASSWORD 'xxxxx';
    (giving the password already used in create_db_role.sql) and then
    tried again. Still get the same error message.
    ///Peter
    > If this works, read on. If not, the next step won't help.
    > Check if the connectionURL (in OpenClinica.xml) contains 'localhost' as hostname, instead of 127.0.0.1
    > e.g. connectionURL="jdbc:postgresql://localhost:5432/openclinica"
    >
    > If so, replace localhost by 127.0.0.1
    > e.g. connectionURL="jdbc:postgresql://127.0.0.1:5432/openclinica"
    >
    > That's all.
    >
    > Explanation:
    > The default postgres installation (on ubuntu 9.10) allows only existing users to connect from socket (see [1]), but allows using a md5 password hash from 127.0.0.1 (see [2]). For more information see either [3] or [4].
    >
    > [1]
    > # "local" is for Unix domain socket connections only
    > local all all ident
    >
    > [2]
    > # IPv4 local connections:
    > host all all 127.0.0.1/32 md5
    >
    > [3]/etc/postgresql/8.4/main/pg_hba.conf (on Ubuntu 9.10 for postgres 8.4)
    >
    > [4] http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
    >
    > Please give me feedback, if this worked for you.
    >
    > Regards,
    > Christian
    >
  • haenselhaensel Posts: 602 ✭✭✭
    What looks the pg_hba.conf like? This should give the hint, who is allowed to connect.
    Christian
    --
    Dipl.-Inf. Christian Hänsel
    Bereich IT / Software-Entwicklung
    Tel.: +49-(0)89-5526189-16
    Fax : +49-(0)89-5526189-55
    E-Mail: [email protected]
    RELIATEC GmbH
    Schleissheimer Str. 37
    85748 Garching Germany
    HRB 150060 / AG München
    Gf Thomas Herbig
    http://www.reliatec.de
This discussion has been closed.