ChrisJenkins

Q: Wiki won't accept OD user logins after upgrading to server 3.1.1

I have an OS X server 3.x running on OS X 10.9.3. I have several WiKi users, most are OpenDirectory (neiwork) users and one is a 'local' user. Prior to the weekend I was running Server 3.0.3 and all was good. Since uograding to Server 3.1.1 none of the network/OD users can log in to their Wikis. The local user can log in just fine. The network users can log in to all their other servcies (Mail, Calendar,Contacts, SMB/AFP shares etc.) just fine. They can also log into my regular SSL web-site which requires passwords. Only the wiki login is broken.

 

In the collabd.dlog file I see:

 

May 21 19:28:20 anarion.home.thejenkinsfamily.org.uk collabd[3747] <Error>: [CSAuthService.m:316 5b04000 +0ms] Digest did not validate

May 21 19:28:20 anarion.home.thejenkinsfamily.org.uk collabd[3747] <Error>: [CSServiceDispatcher.m:260 5b04000 +0ms] Caught exception "Invalid Credentials" [CSAuthBadDigest] executing [http]Request{AuthService.validateUsernameAndPasswordDigest:remember:(<<scrubbe d>>)}:

 

followed by an exception stack trace.

 

But of course the credential are valid.

 

Anyone seen this? Any ideas on how to fix it? Might it be fixed in the 3.1.2 update that came out a few days ago (I have not updated to that as yet)?

 

 

Thanks,

 

Chris

Mac mini, OS X Mavericks (10.9.1), OS X Server 3.0.2

Posted on May 21, 2014 11:30 AM

Close

Q: Wiki won't accept OD user logins after upgrading to server 3.1.1

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis May 21, 2014 1:04 PM in response to ChrisJenkins
    Level 10 (207,963 points)
    Applications
    May 21, 2014 1:04 PM in response to ChrisJenkins

    If you create a new account, can it log in?

  • by ChrisJenkins,Solvedanswer

    ChrisJenkins ChrisJenkins May 21, 2014 2:24 PM in response to Linc Davis
    Level 1 (15 points)
    Apple Music
    May 21, 2014 2:24 PM in response to Linc Davis

    I took a chance and (after backing up) upgraded to Server 3.1.2. Problem is resolved. Don't know if it was a bug in 3.1.1 or if the upgrade to 3.1.1 hadn't gone properly for Wiki and Profile Manager (which also has the same issue). Both working okay now.

  • by ChrisJenkins,

    ChrisJenkins ChrisJenkins Jun 1, 2014 7:35 AM in response to ChrisJenkins
    Level 1 (15 points)
    Apple Music
    Jun 1, 2014 7:35 AM in response to ChrisJenkins

    Okay, this problem has re-surfaced (on server 3.1.2). Here are the symptoms:

     

    1.    It only affects network (Open Directory) users. It affects all network users.

     

    2.    It only affects the Wiki service; OD users can authenticate for all other services (Mail, Contacts, Calendar, VPN, Time Machine, OS X login on client machines) without problem.

     

    3.    Stopping and restarting the Wiki Servcie and the OD servcie does not fix the problem, but rebooting the server does. Things will then be fine for a while (I have not yet quantified how long 'a while' is) and then the problems occurs again.

     

    4.    When the problem is present, even a newly created user cannot login to the Wiki servcie.

     

    5.    When the login failure occurs, the collabd.log file contains the following:

     

    Jun  1 09:52:23 anarion.home.thejenkinsfamily.org.uk collabd[73366] <Info>: [CSServiceDispatcher.m:237 b904000 +10979ms] TIMER: 0ms ---> Executed [http]Request{SettingsService.authSettings()}

    Jun  1 09:52:23 anarion.home.thejenkinsfamily.org.uk collabd[73366] <Info>: [CSServiceDispatcher.m:237 b904000 +0ms] TIMER: 1ms ---> Executed [http]Request{AuthService.challengeForUsername:advanced:(newtesty,1)}

    Jun  1 09:52:23 anarion.home.thejenkinsfamily.org.uk collabd[73366] <Info>: [CSExecutionTimer.m:14 b904000 +0ms] TIMER: 2ms ---> Executed batch BatchRequest{(

                "[http]Request{AuthService.challengeForUsername:advanced:(newtesty,1)}"

            )}

    Jun  1 09:52:23 anarion.home.thejenkinsfamily.org.uk collabd[73366] <Info>: [CSServiceDispatcher.m:237 b904000 +119ms] TIMER: 0ms ---> Executed [http]Request{SettingsService.authSettings()}

    Jun  1 09:52:23 anarion.home.thejenkinsfamily.org.uk collabd[73366] <Error>: [CSAuthService.m:316 b904000 +0ms] Digest did not validate

    Jun  1 09:52:23 anarion.home.thejenkinsfamily.org.uk collabd[73366] <Error>: [CSServiceDispatcher.m:260 b904000 +0ms] Caught exception "Invalid Credentials" [CSAuthBadDigest] executing [http]Request{AuthService.validateUsernameAndPasswordDigest:remember:(<<scrubbe d>>)}:

            (

                    0   CoreFoundation                      0x00007fff920e325c __exceptionPreprocess + 172

                    1   libobjc.A.dylib                     0x00007fff95709e75 objc_exception_throw + 43

                    2   CSService                           0x000000010897ca2e -[CSAuthService sessionForDigest:remember:] + 1583

                    3   CSService                           0x000000010897c3a7 -[CSAuthService validateUsernameAndPasswordDigest:remember:] + 65

                    4   CoreFoundation                      0x00007fff91fcea5c __invoking___ + 140

                    5   CoreFoundation                      0x00007fff91fce8c4 -[NSInvocation invoke] + 308

                    6   CSService                           0x00000001088eba40 -[CSServiceDispatcher executeRequest:asPartOfBatch:usingServiceImpl:] + 4589

                    7   CSService                           0x00000001088ec4dc __43-[CSServiceDispatcher executeBatchRequest:]_block_invoke_3 + 83

                    8   CSService                           0x00000001088f1df0 -[NSArray(CollabBlockMethods) map:] + 233

                    9   CSService                           0x00000001088ec435 __43-[CSServiceDispatcher executeBatchRequest:]_block_invoke_2 + 160

                    10  CSService                           0x00000001088f2490 +[CSExecutionTimer recordTime:ofBlock:] + 78

                    11  CSService                           0x00000001088f22c2 +[CSExecutionTimer timerNamed:aroundBlock:] + 77

                    12  CSService                           0x00000001088ec1dd __43-[CSServiceDispatcher executeBatchRequest:]_block_invoke + 296

                    13  PostgreSQLClient                    0x0000000108855941 -[PGCConnection transactionInBlock:onError:] + 150

                    14  CSService                           0x00000001088ec03b -[CSServiceDispatcher executeBatchRequest:] + 285

                    15  CSService                           0x000000010896f748 +[CSServiceDispatchHTTPRouter routeServiceRequest:response:] + 999

                    16  CSService                           0x00000001088f2d1f __21-[CSServiceBase init]_block_invoke_6 + 48

                    17  CSService                           0x000000010896c81a __53-[CSRoutingHTTPConnection httpResponseForMethod:URI:]_block_invoke + 95

                    18  CSService                           0x000000010896fd6c -[CSHTTPBackgroundResponse bounce:] + 286

                    19  Foundation                          0x00007fff91a2276b __NSThread__main__ + 1318

                    20  libsystem_pthread.dylib             0x00007fff98b0f899 _pthread_body + 138

                    21  libsystem_pthread.dylib             0x00007fff98b0f72a _pthread_struct_init + 0

                    22  libsystem_pthread.dylib             0x00007fff98b13fc9 thread_start + 13

            )

    Jun  1 09:52:23 anarion.home.thejenkinsfamily.org.uk collabd[73366] <Info>: [CSExecutionTimer.m:14 b904000 +0ms] TIMER: 3ms ---> Executed batch BatchRequest{(

                "[http]Request{AuthService.validateUsernameAndPasswordDigest:remember:(<<scrubb ed>>)}"

            )}

     

    Anyone have any suggestions before I log a bug with Apple?

  • by dwbrecovery,

    dwbrecovery dwbrecovery Jun 3, 2014 8:46 AM in response to ChrisJenkins
    Level 3 (547 points)
    Servers Enterprise
    Jun 3, 2014 8:46 AM in response to ChrisJenkins

    These entries appeared in my collabd.log also.

    Users complained of slow performance during these entries.

     

    Mavs. 10.9.3 , Server 3.1.2 , users on iPads. via VPN

    OD network user credentials only with issue , local users ok.

    Trying to reproduce issue but no results yet.  Will post when I get something.

  • by chrisjackson1980,

    chrisjackson1980 chrisjackson1980 Jun 27, 2014 7:36 AM in response to ChrisJenkins
    Level 1 (0 points)
    Jun 27, 2014 7:36 AM in response to ChrisJenkins

    It appears that there is an issue authenticating with Open Directory passwords via the Wiki with Server 3.1.1 and Server 3.1.2. Apple will need to address with an update. In the mean time, I've got a workaround. Follow the steps below to enable plain text passwords. To avoid passwords being sent over the network in clear text, you should enable SSL encryption for the Wiki websites. Below is the link that gave me the idea to try it. Hope it works for you as well.

     

    For OS X Server (Mavericks) only, execute these Terminal commands:

    sudo serveradmin stop wiki

    sudo /usr/libexec/PlistBuddy -c 'set :Auth:Authenticator plaintext' /Library/Server/Wiki/Config/collabd.plist

    sudo serveradmin start wiki

     

    OS X Server: Using the Profile Manager or Wiki service with Active Directory or third-party LDAP services

  • by ChrisJenkins,

    ChrisJenkins ChrisJenkins Jun 27, 2014 10:49 AM in response to chrisjackson1980
    Level 1 (15 points)
    Apple Music
    Jun 27, 2014 10:49 AM in response to chrisjackson1980

    I don't think there can be a general issue with OD Passwords and Wiki in Server 3.1.1 / 3.1.2 since mine work most of the time without needing to enable plain text authentication; something I am not keen to do even though WiKi access is forced to use HTTPS in my setup.

     

    I have narrowed the trigger for this down to a procedure that runs once a week late at night on my server that:

     

    1.     Stops most services via 'serveradmin'

     

    2.     Runs a Carbon Copy Cloner 'clone' backup of the server system disk to a partition on an external drive.

     

    3.    Restarts the stopped services using 'serveradmin'

     

    After this procedure has completed I always see the authentication problem. A server reboot resolves the problem so I added a reboot step as step 4 above and now I no longer experience the issue. Not ideal so I have logged a bug with Apple and I have been contacted by the Server dev team who tell me they are investigating it...

     

    Chris

  • by daniel.lin,

    daniel.lin daniel.lin Jan 19, 2015 2:39 AM in response to ChrisJenkins
    Level 1 (0 points)
    Jan 19, 2015 2:39 AM in response to ChrisJenkins

    Yep, met with same problem. Totally no idea how to solve

     

    OSX 10.9.4 - mini - Server 3.13

  • by sebX2,

    sebX2 sebX2 Jan 20, 2015 4:14 AM in response to ChrisJenkins
    Level 1 (0 points)
    Jan 20, 2015 4:14 AM in response to ChrisJenkins

    I had a similar problem concerning the Profile Manager Login. I did not check if the Wiki was concerned as well, but there was the same Error in the log file.

    I assume the authentication has some issues with specific password characters. The affected account had a '§'-sign in its password. Removing it solved the problem. Reusing it recreated the problem again.

    Hope that helps.

  • by Celeblue,

    Celeblue Celeblue Feb 2, 2016 12:00 PM in response to chrisjackson1980
    Level 1 (4 points)
    Feb 2, 2016 12:00 PM in response to chrisjackson1980

    Hello colleagues,

     

    the bug described at this blog reappeared!

    My system parameters are:

    • Mac OS X - El Capitan: 10.11.3
    • OS X Server: 5.0.15

     

    Probably there is some little behaviour difference:

    • First login after system reboot is always successful.
    • Repeated logins of the same user without any other user interception still operate.
    • Login of a second user already fails.
    • Repeated login of the first user fails then, too.

     

    chrisjackson1980’s workaround above helps again!

    Afterwards all logins operate well.