Can not access baan after enable the enhanced security (C2-Security)! [Archive]

Saravuth

10th July 2003, 13:47

Dear all,

This is my environment information:
DB : ISAM
Baan version: 4c2
OS: Digital UNIX V4.0G (Rev. 1530)

Currently I am using OS authentication to access Baan. After I issued secsetup command to enable enhanced security and reboot the server, all users could not logon to Baan application even if I tried to change the password to the user.
I still got these error "User name or password not correct!" from GUI client machine. I confirm that the user and password is correct because when I telnet to UNIX box , I can sign on the UNIX using this login and password. It seems that Baan does not know new format of /etc/passwd file ( please correct me if I'm wrong).
I decided to change the security mode back to normal (Base mode). After that all client can access Baan as normal. That's very strange!

Please advise,
Saravuth

Saravuth

10th July 2003, 14:21

Dear all,

These are error I got in log.bshell when I enable C2 security and tried to access baan application from client machine as below:

2003-07-10[17:13:22]:E:siausun: ******* S T A R T of Error message *******
2003-07-10[17:13:22]:E:siausun: Log message called from /port.6.1c.06.01/vobs/tt/lib/ds_1/ds_bcnct.c: #1
81 keyword: DsSendNAck
2003-07-10[17:13:22]:E:siausun: Pid 772 Uid 507 Euid 507 Gid 0 Egid 0
2003-07-10[17:13:22]:E:siausun: user_type S language 2 user_name siausun tty ote locale ISO88591/NULL
2003-07-10[17:13:22]:E:siausun: Errno 0 bdb_errno 0
2003-07-10[17:13:22]:E:siausun: Log_mesg: Not authorized to run as user 'siausun'
2003-07-10[17:13:22]:E:siausun: ******* E N D of Error message *******

Regards,
Saravuth

jclju1

10th July 2003, 17:59

Do you have client IP address in /etc/hosts? Maybe is this necessary in C2 security?

NPRao

10th July 2003, 20:08

Saravuth,

Please complete your user profile with regards to the Baan software version, Database software and OS version. This will help other members when diagnosing your problem.

1. Whats the type of User - Super/Normal ? If normal check the role authorization template.

2. check the log.blogind6.2 file or post its contents here.

NvanBeest

11th July 2003, 02:04

Maybe this error is the same as one we had on IBM's. Add the IP of the client to the /etc/hosts file, and create a .rhosts for the user, allowing full access from everywhere. It sounds like breaking the security again, but on that IBM it was the only workaround we could find!