BadUserAccessDenied when connecting to the server in the implementation of the examples of PubSub SKS #6476
Comments
aitor-garmen
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I get the following messages:
aitor@aitor:~/opcpublisher/src$ ./publisher
[2024-05-14 11:30:30.735 (UTC+0200)] info/eventloop Starting the EventLoop
[2024-05-14 11:30:30.735 (UTC+0200)] warn/server AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-05-14 11:30:30.735 (UTC+0200)] info/server AccessControl: Anonymous login is enabled
[2024-05-14 11:30:30.735 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/userland ServerUrls already set. Overriding.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server AccessControl: Unconfigured AccessControl. Users have all permissions.
[2024-05-14 11:30:30.821 (UTC+0200)] info/server AccessControl: Anonymous login is enabled
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] warn/server x509 Certificate Authentication configured, but no encrypting SecurityPolicy. This can leak credentials on the network.
[2024-05-14 11:30:30.821 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | Connection created
[2024-05-14 11:30:30.821 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No ReaderGroups configured. Only validate the connection parameters instead of opening a receiving channel.
[2024-05-14 11:30:30.821 (UTC+0200)] info/network UDP 6 | New listen socket for "224.0.0.22" on port 4840
[2024-05-14 11:30:30.821 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No WriterGroups configured. Only validate the connection parameters instead of opening a channel for sending.
[2024-05-14 11:30:30.822 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.822 (UTC+0200)] info/network UDP 6 | Connection validated to "224.0.0.22" on port 4840
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.822 (UTC+0200)] info/pubsub PublishedDataset ns=1;i=54666 | DataSet created
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | WriterGroup created
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | No ReaderGroups configured. Only validate the connection parameters instead of opening a receiving channel.
[2024-05-14 11:30:30.823 (UTC+0200)] info/network UDP 6 | New listen socket for "224.0.0.22" on port 4840
[2024-05-14 11:30:30.823 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.823 (UTC+0200)] warn/network UDP 6 | No network interface defined for multicast. That means the first suitable network interface is used.
[2024-05-14 11:30:30.823 (UTC+0200)] info/network UDP 6 | New connection to "224.0.0.22" on port 4840
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | State change: PreOperational -> Operational
[2024-05-14 11:30:30.823 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.823 (UTC+0200)] warn/client skip verifying ApplicationURI for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2024-05-14 11:30:30.824 (UTC+0200)] info/network TCP 7 | Opening a connection to "localhost" on port 4840
[2024-05-14 11:30:30.824 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | DataSetWriter ns=1;i=54687 | Writer created
[2024-05-14 11:30:30.824 (UTC+0200)] info/pubsub PubSubConnection ns=1;i=58192 | WriterGroup ns=1;i=54670 | DataSetWriter ns=1;i=54687 | State change: Disabled -> PreOperational
[2024-05-14 11:30:30.824 (UTC+0200)] warn/server Maximum SecureChannels count not enough for the maximum Sessions count
[2024-05-14 11:30:30.824 (UTC+0200)] info/network TCP | Listening on all interfaces
[2024-05-14 11:30:30.825 (UTC+0200)] info/network TCP 8 | Creating listen socket for "0.0.0.0" (with local hostname "aitor") on port 4841
[2024-05-14 11:30:30.825 (UTC+0200)] info/server New DiscoveryUrl added: opc.tcp://aitor:4841
[2024-05-14 11:30:30.825 (UTC+0200)] info/network TCP 9 | Creating listen socket for "::" (with local hostname "aitor") on port 4841
[2024-05-14 11:30:30.826 (UTC+0200)] info/channel TCP 7 | SC 6 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 300.00s
[2024-05-14 11:30:30.826 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2024-05-14 11:30:30.826 (UTC+0200)] info/client The initially defined EndpointURL opc.tcp://localhost:4840 is valid for the server
[2024-05-14 11:30:30.828 (UTC+0200)] warn/client The server returned Endpoints with a different EndpointUrl opc.tcp://aitor:4840 than was used to initialize the connection: opc.tcp://localhost:4840. Some servers require a complete match of the EndpointUrl/DiscoveryUrl (including the path) to return all endpoints.
[2024-05-14 11:30:30.828 (UTC+0200)] info/client Rejecting endpoint 0: security mode doesn't match
UserTokenPolicy 0 en endpoint 1
tokenPolicy->tokenType: 1
tokenType actual: 0x5ca14d088910
tokenType esperado para ANONYMOUS: 0x5ca14d0888c8
tokenType esperado para USERNAME: 0x5ca14d088910
tokenType esperado para CERTIFICATE: 0x5ca14d088958
[2024-05-14 11:30:30.829 (UTC+0200)] info/client SecurityPolicy URI: http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 2: security mode doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 3: security policy doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 4: security mode doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Rejecting endpoint 5: security policy doesn't match
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Selected endpoint 1 in URL opc.tcp://localhost:4840 with SecurityMode SignAndEncrypt and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.829 (UTC+0200)] info/client Selected UserTokenPolicy open62541-username-policy-sign+encrypt#Basic256Sha256 with UserTokenType UserName and SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2024-05-14 11:30:30.830 (UTC+0200)] info/channel TCP 7 | SC 6 | SecureChannel closed
[2024-05-14 11:30:30.830 (UTC+0200)] warn/client skip verifying ApplicationURI for the SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
[2024-05-14 11:30:30.830 (UTC+0200)] info/network TCP 10 | Opening a connection to "localhost" on port 4840
[2024-05-14 11:30:30.830 (UTC+0200)] info/network TCP 7 | Socket closed
[2024-05-14 11:30:30.940 (UTC+0200)] warn/userland No certificate store configured. Accepting the certificate.
[2024-05-14 11:30:30.985 (UTC+0200)] info/channel TCP 10 | SC 7 | SecureChannel opened with SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256 and a revised lifetime of 300.00s
[2024-05-14 11:30:31.000 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2024-05-14 11:30:31.057 (UTC+0200)] info/client Client Status: ChannelState: Open, SessionState: Created, ConnectStatus: Good
[2024-05-14 11:30:31.081 (UTC+0200)] info/client Received a ServiceFault response
[2024-05-14 11:30:31.081 (UTC+0200)] error/client Session cannot be activated with StatusCode BadUserAccessDenied. The client cannot recover from this, closing the connection.
[2024-05-14 11:30:31.081 (UTC+0200)] info/client Client Status: ChannelState: Closing, SessionState: Closed, ConnectStatus: BadUserAccessDenied
[2024-05-14 11:30:31.081 (UTC+0200)] error/client SKS Client: Failed to connect SKS server with error: BadUserAccessDenied
I can see that there is not defined a way to control if the username and password are the correct ones, since there isn't anything mentioning any kind of password in the server_pubsub_central_sks.c
I get the error that the user cannot access, and it is supposed that the example code should have worked.
Which could be the problem?
Description
Background Information / Reproduction Steps
Used CMake options:
Checklist
Please provide the following information:
UA_LOGLEVELset as low as necessary) attachedThe text was updated successfully, but these errors were encountered: