Error: User Name or Password is incorrect

General support regarding TimeTrex, such as
configuring policies/taxes or processing payroll.
Post Reply
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Error: User Name or Password is incorrect

Post by rjandreski »

When all users attempted to log in this morning they are getting an error saying User Name or Password is incorrect. We are using TimeTrex Community Edition On Site. I looks like it updated to the newest version on Saturday morning to v9.0.1-20151022-105806. Everything was working fine on Friday. Attached is the current log file. LDAP authentication is failing for some reason. Everything else on the network is working correctly and we are not having any other login issues anywhere else.
Attachments
timetrex.log
(8.99 KiB) Downloaded 313 times
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

According to the log, TimeTrex isn't able to connect to your LDAP server:
LDAP Connection Failed!: ldap error: [-1: Binding: Can't contact LDAP server] in CONNECT(192.168.1.6, 'timetrex@njpns.local', '****', OU=MyBusiness,DC=njpns,DC=local)
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

I am able to log into the server that is running the TimeTrex software with the "timetrex" user and password so that is connecting to the LDAP server properly. But for some reason the TimeTrex software doesn't. Is there anything else I can check to get this resolved?
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

I can ping 192.168.1.6 successfully from the TimeTrex server as well.
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

Still no luck with trying to get this resolved. Any suggestions?
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

Just because you can ping it doesn't mean TimeTrex can connect to your LDAP server. You may want to attempt a TELNET to the specified LDAP port as a starting point, but there isn't much we can help you with if TimeTrex can't even connect to your LDAP server, the issue isn't with TimeTrex.
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

Where can I look at my current LDAP setting in TimeTrex? I can't seem to locate it on any of the menus.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

Company -> Company Information, click on LDAP Authentication tab.
dkerley03
Posts: 7
Joined: Thu Nov 20, 2014 4:12 pm

Re: Error: User Name or Password is incorrect

Post by dkerley03 »

I am experiencing the exact same issue on my LAMP hosted timeclock. If anyone has a suggestion or idea on how to fix this please guide us. Thank you

Dennis
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

Dennis,
What version are you using?
Over the weekend our software automatically upgraded to v9.0.1-20151022-105806
I had this issue occur starting on Monday.
I believe that there is an LDAP issue in the coding with the newest version of TimeTrex.
I have contacted Microsoft Support and they said to contact TimeTrex regarding this.
They verified that everything is working correctly with our LDAP server.
Please give more information so the TimeTrex developers can further look into this as I believe we may be one of the first to run into the issue.
I'm not sure what to do in the meantime as no one at the office can clock in.
Luckily I can get in with a default password when I first initially logged in to TimeTrex which the program defaults to when LDAP fails.
If you remember that password, try that and it should let you in to the software in the meantime.
That is what I have been doing to put in people's edits into our system this week.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

Please post a screenshot of your LDAP settings in TimeTrex so we can see what you have specified there.
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

LPAD Settings.jpg
Attached is a screen shot of the current LDAP settings in TimeTrex. Also attached is the LDAP authentication Microsoft said to submit to you to show proof that the LDAP authenticated from the TimeTrex server to the LDAP server.
Attachments
ldap timetrex.txt
(2.84 KiB) Downloaded 314 times
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

It appears that you are wanting to use LDAP over SSL, so try changing your "Server" address to:

ldaps://192.168.1.6
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

I change the server address to ldaps://192.168.1.6 as suggested and hit save. When I go to look if it saved it that way it reverts back to 192.168.1.6 without the ldaps:// in the field. I have not made any changes to these LDAP settings and wasn't even aware of where these settings were up until this issue came up. Don't think the problem is here.
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

Have you brought this to the engineers/developers? Any new info? I'm not sure what else I can try.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

rjandreski wrote:I change the server address to ldaps://192.168.1.6 as suggested and hit save. When I go to look if it saved it that way it reverts back to 192.168.1.6 without the ldaps:// in the field. I have not made any changes to these LDAP settings and wasn't even aware of where these settings were up until this issue came up. Don't think the problem is here.
Could you try changing some other setting and see if that can be saved? If you aren't able to save any changes, that is likely a completely separate issue.

If your employees aren't able to punch in/out and you wish to get the issue resolved as soon as possible, we would recommend considering our Extended Support package so someone can assist you over the phone, usually such issues can be resolved in just a few minutes that way.
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

So I was able to change this to ldaps://192.168.1.6. If you paste into any of those fields and then hit save it does not save your changes. You have to actually type in the changes in the fields for it to save. Don't know why the software would do that. Weird.

Anyway, even with ldaps://192.168.1.6 entered it doesn't work. I'm still thinking there is something going on with the new version. Any other suggestions?
dkerley03
Posts: 7
Joined: Thu Nov 20, 2014 4:12 pm

Re: Error: User Name or Password is incorrect

Post by dkerley03 »

Hello all

I am using the new version 9.0.1 or something like this. I can not log into my system at all. I have verified my settings as well as i can without being able to log in. I can not provide any screen shots or details at this time I am sorry. I will keep following this string and hopefully find a solution.

If i discover anything i will post it here.

Thanks
Dennis
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

I would like to try and go back to the previous version and see if that would work. How would I go about obtaining a copy of that? If I go to the download page it only offers me the latest version.

Also if I go with the Extended Support package and they find it to be something that is wrong with the new version would they refund that amount since it's a software issue and not a configuration issue? We have been using this software for years and never had an issue like this.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

dkerley03 wrote: I am using the new version 9.0.1 or something like this. I can not log into my system at all. I have verified my settings as well as i can without being able to log in. I can not provide any screen shots or details at this time I am sorry. I will keep following this string and hopefully find a solution.

If i discover anything i will post it here.
Have you tried using the "Forgot Password" functionality to reset your fallback password?
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

I purchased the Extended Support package and dealt with someone yesterday to resolve this. It appears that the TimeTrex software was always incorrectly using port 389 even if you selected Port 636. They introduced the fix to this in version 9 of the software. If your SSL on port 636 is configured correctly on your network then everything will work fine. If it isn't then you will get the login errors like we were getting and you would need to set your LDAP settings in TimeTrex to use port 389. Since the older versions of the software was always using Port 389 anyway everything should work again as it used to. If you prefer using Port 636 then you would need to figure out what the issue is on your network that is causing the problem.
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

That is correct, prior to TimeTrex v9 there was a bug in the LDAP driver used by TimeTrex that actually forced the use of port 389 (non-SSL) even if a different port was specified. So if your LDAP authentication suddenly broke when upgrading to v9, the reason is likely that it is now attempting to use SSL like it originally should have, however your SSL certificate is likely self-signed and not purchased from a authorized certificate authority.

The issue is that when using SSL, PHP's LDAP extension by default requires that a valid certificate be installed and functioning on your LDAP server. This is actually extremely rare though, as very few companies go through the hassle and expense of purchasing a valid certificate from a certificate authority and renewing it on a regular basis.

You can test this by running the following ldapsearch command (assuming you have OpenLDAP installed)

Code: Select all

ldapsearch -d 5 -W -H "ldaps://192.168.1.1" -b "sAMAccountName=<username>,DC=MYCOMPANY,DC=local" -D "<username>"
It should output something like this:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.1.1:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 192.168.1.1:636
ldap_pvt_connect: fd: 4 tm: -1 async: 0
TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
The above shows that the certificate is untrusted or revoked, and therefore a connection to the server is rejected for security reasons.

However, if you want to allow untrusted certificates, you must first create C:\OpenLDAP\sysconf\ldap.conf (or /etc/ldap/ldap.conf on Linux) and add the following line to end of it:

Code: Select all

TLS_REQCERT ALLOW
Once that is done, you will need to restart your TimeTrex web service (Apache/PHP), then you should be able to connect to your LDAP server with "ldaps://" in front of the host name in the TimeTrex settings and using port 636. The certificate is still untrusted of course, but the communications should still be encrypted at least.
rjandreski
Posts: 23
Joined: Fri Oct 03, 2014 10:52 am

Re: Error: User Name or Password is incorrect

Post by rjandreski »

Here is what I get:

ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.1.6:636
ldap_new_socket: 396
ldap_prepare_socket: 396
ldap_connect_to_host: Trying 192.168.1.6:636
ldap_pvt_connect: fd: 396 tm: -1 async: 0
attempting to connect:
connect success
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 20, subject: /CN=mail.njpediatricne
urosurgery.com, issuer: /CN=njpns-NJSBS-CA
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:cert
ificate verify failed (unable to get local issuer certificate).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Any suggestions?
shaunw
Posts: 7839
Joined: Tue Sep 19, 2006 2:22 pm

Re: Error: User Name or Password is incorrect

Post by shaunw »

TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
So your certificate is definitely not correct, have you tried creating the ldap.conf file as described in the above post? That should allow any certificate to work, invalid or not.
Post Reply