HW 1.6 testsaslauthd failed at earlier step

Hi,

I ran into a problem to run testsaslauthd and got an error below following the step after “sudo chmod 755 the saslauthd folder” as in the lecture :-

0: No “authentication failed”

In fact, when i tried to start saslauthd start server after I modified the saslauthd.conf, I got a message below and it doesn’t say “SASL Authentication Daemon saslauthd done”:-

Redirecting to /bin/systemctl start saslauthd.service

But when i tried to run “ps wax | grep saslauthd” to see if there are any saslauthd running and seems like I got 5 running

Wonder if my saslauthd.conf is not correct. For the ldap_servers, I used infrastructure.m310.mongodb.university as stated in the homework.

Do I need to add ldap:// in front and as well the port no 389 to the end? (Well I tried but still not getting OK: success for testsaslauthd)
or
Was I too early to run the testsaslauthd?

But I did ignore the testsaslauth authentication failed and continued the exercise and created the first user but I couldn’t authenticate the user afterwards.

Would like to see if the reason why I couldn’t authenticate the first user was due to the fact that the testsaslauthd step failed at the beginning.

Thanks
Winnie

Hi wini_mongo,

You do need to use the ldap protocol in the saslauthd.conf file.

I would double check all the steps.

  • On infrastructure go ahead and configure OpenLDAP by running: $ ./setup-hw-1.6.sh

  • On database

    • Configure saslauthd to automatically start and use LDAP as its mechanism.
    • Configure saslauthd to talk to the LDAP server.
      • use the correct protocol for the ldap servers.
    • Start the saslauthd service.
    • Fix the permissions on the saslauthd socket directory.

At this point you should be able to successfully test the connection

Then if still not successful a couple of things to check for:

  • valid configuration

  • invalid password

  • sasl service not running

  • ldap connectivity issue ( can you ping each server )

  • ldap not running

  • permission not correctly set on sasl directory

If the following executes successfully

> sudo testsaslauthd -u adam -p password -f /var/run/saslauthd/mux

that eliminates most of the above except for the last item on the list.

Executing without sudo should tell us whether the permission are set correctly

> testsaslauthd -u adam -p password -f /var/run/saslauthd/mux

Note: in our VM environment; every time you start the saslauthd service you’ll need to reset the permission. Also it’s a good idea to start and stop service between configuration changes.

Hope this helps,

David

1 Like

Hi David,

Thanks for the detailed steps.

Think I configured it on the infrastructure earlier. Now I configured it on the database and when I started the saslauthd service, it did give me what I expected: Starting SASL Authentication Daemon default…done

But after I changed the permissions on the saslauthd socket directory and tested using testsasauthd (with or without sudo), it still gives me the NO authentication failed.

I spun up the 3 mongod instances despite testsaslauthd failed authentication.
But after I created the first user and it failed authentication as well.

I can’t ping the database server from the infrastructure even though I have my replica set running on database. But I can ping infrastructure from database server.

I did run the setup-hw.1.6.sh but since I ran this before and it just gave me everything already existed.

Not sure what went wrong.

Thanks
Winnie

Thanks

Hi Winnie,

I can’t ping the database server from the infrastructure

So this fails ?

[vagrant@infrastructure ~]$ ping database

What is the output of

vagrant@database:~$ ifconfig

and

vagrant@infrastructure:~$ ifconfig

David

Oh when i ping database, it works, and I got database.m310.mongod.university back.
Previously, I used ping database.m310.mongodb.university and it says name or service not known.

When i pinged infrastructure earlier, I used ping infrastructure.m310.mongodb.university and it worked.

Seems like they both can talk, not sure what would be the problem then.

Thanks

Then I would look closely at the saslauthd.conf - make sure you still using the ldap protocol and no typos ?

Hi David,
Thanks for the hint, I made changes to the saslauthd.conf and testsaslauthd tested successfully now.
Thanks again!