Hello,

I installed Baan IV c4 on a server with SLES 11.
I would like to connect to Baan through the Baan login daemon, but I get the message "user or password not correct". The connection through rexec works fine.
I started the blogind6.1 on the default port 7150 and can connect to this port through telnet.
If I start the blogind6.1 in debug mode, I get this message:

Daemon: Incoming connection, spawn child.
Child: handle BaanLogin request.
Child: received: user bsp, action 1
IBCmd /baan4/bse/bin/ipc_boot, bseVersion 6.1
Child: logon for bsp failed.
blogind6.1: Login failed for user bsp
Daemon: revert to listen-mode.

Any ideas ?

Thank you.

Start blogin with the -d (debug) flag and try connecting.

(blogin6.1 -h should give you the help for the setting, i think you can do -d -d -d for 3 levels of debugging.)

Are you doing anything out of the ordinary with your authentication? like using PAM to connect to active directory or kerberos or anything?

Also, blogin may need to be setuid root to work (not sure on that.. been a while since i set it up)

Dave

Hello Dave,

thanks for your advice.

If I start blogind with -d, I get this output:

Daemon: Incoming connection, spawn child.
Child: handle BaanLogin request.
Child: received: user bsp, action 1
IBCmd /baan4/bse/bin/ipc_boot, bseVersion 6.1
Child: logon for bsp failed.
blogind6.1: Login failed for user bsp
Daemon: revert to listen-mode.

We are not using PAM or kerberos, at least I dont need or want to use it. I am not experienced with Linux so I dont know how to check this.

My initial problem is that the connection through rexec takes 20-30 seconds for the first connect and that the IPs of the clients have to be in /etc/hosts ("Where are you?" problem). So I thought I will use blogind to avoid this and now I cant get blogind6.1 running :mad:

lebowski

Hello
To solve your issue using REXEC, you must disable the reverse resolution of that protocol.

I´m on RedHat and I solve doing this:
Go to the file: /etc/xinet.d/rexec and add the server_args=-D flag to the end.

By exmple:
{
disable = no
socket_type = stream
wait = no
user = root
log_on_success += USERID
log_on_failure += USERID
server = /usr/sbin/in.rexecd
server_args = -D
}

Stop and start the REXEC service.

The line server_arg = - D, disables the reverse resolution. By the way, with this option you can avoid to put all ip client's address on file hosts.


Hope this helps.

mig28mx's solution sounds right to fix the rexec problem.

you'd need to add more -d's to get better debug output if you care to get blogind running.

Have you run the setperm in $BSE/bin? i'm not sure if blogin needs to be setuid root or not to be able to access the password file.

Dave

Hello guys,

I appreciate your help very much !

@mig28mx:

I added the server_args argument so now it looks like this:
{
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
server = /usr/sbin/tcpd
server_args = /usr/sbin/in.rexecd
flags = NAMEINARGS
log_on_success += USERID
log_on_failure += USERID
server_args = -D
}

Then I restarted xinetd ("service xinetd restart"), but the situation didnt change. I guess it has something to do with PAM since there is another file named "rexec" under /etc/pam.d and if I rename it, xinetd starts but no rexec connections are possible.

@dave:
Adding more -d's doesnt give more information (blogind6.1 -d -d -d -d has the same output like blogind6.1 -d).
I executed binperm6.1 after the installation of the portingset. I guess the permissions of the binary are allright. If I start blogind6.1 with another user than root it says "You have to be root to run this program". So I started it as root.

I will google a bbit more to get this reverse lookup disabled and will let you know if I succeed.

Best regards,

lebowski

Hello,
Did you notice that you have server_args parameter duplicated?
And the server line it not pointing to /usr/sbin/in.rexecd?

As a suggestion, try to approach the more to the configuration file that I sent.
You can comment some lines and restart the service.

As a comment, when I migrate to RHES, my installation have the same symptoms that you mentioned, and one thing is sure, it is rexec reverse resolution related.

Good luck!

Hello,

the problem doesnt exist anymore. I didnt get rexec running satisfyingly, but after a portingset update the baan login daemon works now.
I doubt that it has to do with the portingset itself, but with some permissions in $BSE/lib or wherever.

Thanks for your support & have a nice weekend.

lebowski

Hi guys,

we do have exactly the same problem here. OS SLES-10 SP1, BaaN C4.

The -D option for REXEC doesn't solve the problem. RED HAT seems to compile the TCP stack in a different way than SUSE (Novell) does. So no changes at all.

We 're also stuck since we moved from True64 to SLES-10.

Where are the experts? ;-)

Best regards

Tom

Btw. We cannot use another porting set because of a lot of modifications we did.

Tom

Hi guys,

we do have exactly the same problem here. OS SLES-10 SP1, BaaN C4.

The -D option for REXEC doesn't solve the problem. RED HAT seems to compile the TCP stack in a different way than SUSE (Novell) does. So no changes at all.

We 're also stuck since we moved from True64 to SLES-10.

Where are the experts? ;-)

Best regards

Tom

it seems you can still disable reverse lookups with redhat:
see this link.
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-httpd-default-settings.html


Dave

Hi Tom,

are you able to start the baan login daemon ? It's only a workaround and not a solution for he rexec-problem. But it solved my problem.
As root: blogind6.1 and then change the connection method in your GUI from rexec to BanLogin.

Regards,

Lebowski

to solve the probelm with the rexec-deamon in SLES is easy :

set up an working and correct configured DNS and the problem does not exists.

Hi

We are also facing similar issue wehein users that are migrated to LDAP are not able to login in baan with baanlogind6.2 but same login works fine for rexec..

I searched posts regarding this but not sure what the solution is..

Any one here knows the solution?


Thanks and Regards

Hello Dave,

thanks for your advice.

If I start blogind with -d, I get this output:

Daemon: Incoming connection, spawn child.
Child: handle BaanLogin request.
Child: received: user bsp, action 1
IBCmd /baan4/bse/bin/ipc_boot, bseVersion 6.1
Child: logon for bsp failed.
blogind6.1: Login failed for user bsp
Daemon: revert to listen-mode.

We are not using PAM or kerberos, at least I dont need or want to use it. I am not experienced with Linux so I dont know how to check this.

My initial problem is that the connection through rexec takes 20-30 seconds for the first connect and that the IPs of the clients have to be in /etc/hosts ("Where are you?" problem). So I thought I will use blogind to avoid this and now I cant get blogind6.1 running :mad:

lebowski

Hi everybody,

I'm coming late and I don't know if my message will be helpful but I'm struggeling for many years with rexec and the 30 seconds I had to wait before my gui starts. I did also use blogin as a "workaround" but I was faced to the "password expire only with blogin" (http://www.baanboard.com/baanboard/showthread.php?t=39502&highlight=password+expire) issue. Now, I found the working solution to make rexec working without having to wait for more than 2 seconds :)

Simply replace USERID by HOST in /etc/xinetd.d/rexec file as shown below :

{
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
server = /usr/sbin/tcpd
server_args = /usr/sbin/in.rexecd
flags = NAMEINARGS
log_on_success += HOST
log_on_failure += HOST
}

You can forget the "-D" option which won't do anything more on SLES servers.

You will have the same output in log files (/var/log/message and /var/log/xinetd.log) and you won't have to wait that long to run the gui.

This is working with BaaN IVc4 sp19 with portingset 6.1c.07.09 on SLES 9 Ent. SP3.

I hope this will help some of you.

Best Regards

Thanks for sharing.