I haven’t had any new updates to my Nethserver to apply in a while but this morning I started to receive the following error when logging into my webtop mail from multiple computers in my office:
mail account authentication error. not connected.
Any idea why I would be receiving this error suddenly? Like I said nothing has changed on my Nethserver in a few weeks. I’m not out of space and I can login to any server using my same nethserver domain name.
It appears this error is only occurring with my nethserver ID. all other ID’s are working without problem.
I’ve rebooted my server and it appears my account is now working correctly again. I’m a little concerned that this happened in the first place. Can you provide suggestions on why this happened and if this is a sign that I have an error with my account?
And says Authenticated. The admin for webtop is fine, just any normal user gets rejected. If I reset the user password no change, if I alter the users name it is seen in the webtop user list.
Actions to date
uninstalled the rh-php7xx series, tomcat8 and of coarse webtop5. Nothing has changed the behaviour. Before the re-installations the log had a line that indicated the user had been logged out, before the Webtop screen had loaded.
java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired=“true” but the secret attribute is either null or “”. This combination is not valid.
But there is no Connector defined as AJP. Should there be an entry?
Reason for the Error:
This behavior is a security enhancement introduced in Apache Tomcat versions 8.5.51 and newer, specifically in response to CVE-2020-1938 (Ghostcat). To mitigate potential vulnerabilities, the AJP Connector now requires a secret when secretRequired is set to “true”.
Resolution:
There are two primary ways to resolve this error:
Configure a secret for the AJP Connector:
Locate the server.xml file in your Tomcat installation directory (typically conf/server.xml).
Find the AJP Connector element, which usually looks something like this:
There is no secret recorded for catalina in secrets. This may only be applicable to ver 8
We are on
tomcat version
Server version: Apache Tomcat/7.0.76
Server built: Nov 16 2020 16:51:26 UTC
Server number: 7.0.76.0
OS Name: Linux
OS Version: 3.10.0-1160.119.1.el7.x86_64
Architecture: amd64
JVM Version: 1.8.0_412-b08
JVM Vendor: Red Hat, Inc.
Found the AJL connector. There are 2 sever.xml files 1 in /etc/tomcat and the 2nd in /opt/tomcat8/conf/server.xml has an AJL connector drfined. The adding of secretRequired="false" took the noise out of the log but did not solve the login issue.
Yes many times and no change to the result. I have dropped the DB and reinstalled. Next I will check if the DB table users is populated, but do expect it will be OK as Name changes do appear in webtop.
I check the core.users table and the users are listed. I tried changing the password stored for my account within the DB. It was stored as plain text. It changed and threw tomcat errors when trying to log in. Then reset the password in the cockpit control to the same password, the DB did not get the update.
The signal-event nethserver webtop5-update also failed to resync the DB. Could this be the issue that the DB has non matching data?
The catalina log still has this but there is no secretRequired or secret in either server.xml file. It must be defined elsewhere. Any idea what this is “Smack DefaultReactor Thread #0] org.jivesoftware.smackx.ping.PingManager.pingServerIfNecessary XMPPTCPConnection[not-authenticated] (0) was not authenticated”
tailf /var/lib/tomcats/webtop/logs/catalina.log
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)
Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired=“true” but the secret attribute is either null or “”. This combination is not valid.
at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:274)
at org.apache.catalina.connector.Connector.startInternal(Connector.java:1100)
… 12 more
25-Aug-2025 17:34:02.607 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 14152 ms
25-Aug-2025 18:04:08.333 WARNING [Smack DefaultReactor Thread #0] org.jivesoftware.smackx.ping.PingManager.pingServerIfNecessary XMPPTCPConnection[not-authenticated] (0) was not authenticated
Yes that is my impression too. So as a test I changed a name on an account and it was updated in Webtop. So the flow appears to be working in 1 direction.
I created a new “Test” user, in Webtop the new account appeared after refreshing the users screen. This user still failed to be able to login. Time to turn on a debug log.
Yes exactly the same and some accounts are greyed out until you tick the enable button in properties.
The authentication log says all is good so I am thinking it is a webtop acceptance of the login that has failed. Will keep working my way down the Webtop logs with debug set. Hopefully hit gold in the logs soon!!
