RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match

RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match

by Andrew Wonson -
Number of replies: 4

Hi,

We have set up MNet between two Moodles running on the one server. The Moodles are running on a CentOS server. Here are the details of the two moodles:

Moodle A: used by staff and students with integration with Mahara and Google Apps. Google Authentication and LDAP turned on. Authenticated users been given the permission to roam to other Moodles - this allows staff and students to go into Mahara.

Moodle B: staff only intranet. LDAP turned on. Authenticated users been given the permission to roam to other Moodles. No Google authentication turned on here.

We have setup each as a network peer to one another and turned on the relevant services - publish and subscribe for each of the two moodles. Auto Add remote users is turned on.

When we select the Moodle A network service from Moodle B, we get this error: "RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match"

We have deleted and recreated the keys in the Moodles. Now we are at a loss to get this working.

Another question, in Moodle A, authenticated users are given permission to roam to other Moodle sites. This allows all users on Moodle A to roam to Mahara. What will prevent students from clicking on Moodle B in network services and going into Moodle B (staff only)? LDAP on Moodle B is restricted to the staff container. Will this LDAP setting prevent students from going into the staff intranet?

Would appreciate any advice.

Thanks,

Andrew

 

Average of ratings: -
In reply to Andrew Wonson

Re: RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match

by David Mudrák -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators
Why is your Moodle B (the Intranet one) a member of the MNet network? If I get it right, your staff authenticates there aginst LDAP, right?

Sorry, I did not get you first problem - after you have recreated the keys, what happens?

Ano no, that LDAP will not prevent your students from roaming. You would have to use MNet access control list for that.
Average of ratings: -
In reply to David Mudrák

Re: RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match

by Andrew Wonson -

David,

Thanks for replying. I was hoping that when a staff member logs into the staff-only moodle, they could click on a link and enter the student/staff Moodle without logging into that moodle. We want staff to be able to freely log into either of the Moodles - I was hoping for a link from the staff-only to the staff/student learning moodle. I thought both Moodles would have to be a member of the MNet network. I followed the instructions from this page: http://docs.moodle.org/en/MNet

When we recreated the keys, we keep getting  the error that I reported above.

With regards to the MNet access control, does that mean I have to enter every staff username and give them the 'Allow' permission in the SSO access control list in the networking section of the staff/student Moodle?

Average of ratings: -
In reply to Andrew Wonson

Re: RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match

by Andrew Wonson -

After recreating the keys another couple of times, I have got the staff-only Moodle to link to the staff/student Moodle. However, the result is not what I expected. I was hoping that when TeacherA logs into the staff-only Moodle and then remotes into the staff-student Moodle, they would have access to the same courses that TeacherA has in the staff-student Moodle. So, there are now two TeacherA user accounts - the newly created remote user and the original account both with the same username and email address.

I was hoping that when a teacher remoted to the other Moodle, they would have access to all their courses in the other Moodle.

 

Average of ratings: -
In reply to Andrew Wonson

Re: RPC auth/mnet/user_authorise:No key matchERROR 3:3:No key match

by David Mudrák -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers Picture of Translators
No, this is not how SSO via MNet works. Every user in MNet network must have a single server where they log in (and are authenticated, for example against LDAP in your case). From this single entry point, they can roam to other servers. But they can't log-in at another host and roam back. They would be considered as different users and two user records would get created.

Example: imagine three MNet servers M1, M2, M3 (either Moodle or Mahara). M1 can be set up as a main entry portal where users log in against LDAP. Then all users are "local" users at M1 and they are "remote" users at M2 and M3. But if you enable LDAP authentication at M2 too, you get into trouble. The record for user who authenticates at M1 and comes as remote user to M2 is different from the record for the same user who authenticates locally against LDAP.
Average of ratings: -