Login nach Installation nicht möglich

Antworten
corin.corvus
Beiträge: 4
Registriert: 03 Dez 2020, 12:12

Login nach Installation nicht möglich

Beitrag von corin.corvus »

Hallo,

ich habe vor 2 Tage Opsi auf meinem UCS System installiert. Die Installation lief auf der neusten Version 4.4.7 durch inkl. Domainbeitritt.
Bild

Bei UCS muss man die User, die sich einloggen können sollen, in die Gruppe "Opsiadmin" packen. Das habe ich getan. Der Administrator ist schon in der Gruppe gewesen.

Wenn ich nun versuche mich einzuloggen, laufe ich auf einen Timeout.
Bild

Habe nun schon ein paar Dateien geprüft, die ich aus anderen Beiträgen gefunden hatte:
acl.conf

Code: Alles auswählen

backend_deleteBase     : sys_group(opsiadmin)
backend_.*             : all
hostControl.*          : sys_group(opsiadmin); opsi_depotserver
host_get.*             : sys_group(opsiadmin); opsi_depotserver; self; opsi_client(attributes(!opsiHostKey,!description,!lastSeen,!notes,!hardwareAddress,!inventoryNumber))
auditSoftware_delete.* : sys_group(opsiadmin); opsi_depotserver
auditSoftware_.*       : sys_group(opsiadmin); opsi_depotserver; opsi_client
auditHardware_delete.* : sys_group(opsiadmin); opsi_depotserver
auditHardware_.*       : sys_group(opsiadmin); opsi_depotserver; opsi_client
user_setCredentials    : sys_group(opsiadmin); opsi_depotserver
user_getCredentials    : opsi_depotserver; opsi_client
.*_get.*               : sys_group(opsiadmin); opsi_depotserver; opsi_client
get(Raw){0,1}Data      : sys_group(opsiadmin); opsi_depotserver
.*                     : sys_group(opsiadmin); opsi_depotserver; self
opsi.conf

Code: Alles auswählen

[groups]
fileadmingroup = opsifileadmins

[packages]
use_pigz = True

opsiconfd.conf

Code: Alles auswählen

; = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
; =     configuration file for opsiconfd                                =
; = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; -     global settings                                                 -
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[global]

        # Location of the backend config dir.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   backend config dir = /etc/opsi/backends

        backend config dir = /etc/opsi/backends

        # Location of the backend dispatcher config file.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   dispatch config file = /etc/opsi/backendManager/dispatch.conf

        dispatch config file = /etc/opsi/backendManager/dispatch.conf

        # Location of the backend extender config dir.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   extension config dir = /etc/opsi/backendManager/extend.d

        extension config dir = /etc/opsi/backendManager/extend.d

        # Location of the acl file.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   acl file = /etc/opsi/backendManager/acl.conf

        acl file = /etc/opsi/backendManager/acl.conf

        # Admin networks.
        # Comma separated list of network addresses from
        # which administrative connections are allowed.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   admin networks = 0.0.0.0/0

        admin networks = 0.0.0.0/0

        # Location of the pid file.
        # Opsiconfd needs to be restarted for changes to take effect.
        #
        # Default:
        #   pid file = /var/run/opsiconfd/opsiconfd.pid

        pid file = /var/run/opsiconfd/opsiconfd.pid

        # Location of the log file.
        # The macro %m can be used to create use a separate log file for
        # each client. %m will be replaced by <client-ip>
        # Leave empty to use syslog.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   log file =

        log file = /var/log/opsi/opsiconfd/%m.log

        # If separate log files are used and this option is enabled
        # opsiconfd will create a symlink in the log dir which points
        # to the clients log file. The name of the symlink will be the same
        # as the log files but %m will be replaced by <client-fqdn>.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   symlink logs = yes

        symlink logs = yes

        # Set the log (verbosity) level
        # (0 <= log level <= 9)
        # 0: nothing, 1: essential, 2: critical, 3: errors, 4: warnings, 5: notices
        # 6: infos, 7: debug messages, 8: more debug messages, 9: passwords
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   log level = 5

        log level = 5

        # Set the log format
        # Macros:
        # %D: current time
        # %T: thread id
        # %l: log level (0..9)
        # %L: log level (name)
        # %M: the message
        # %F: filename
        # %N: linenumber
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   log format = [%l] [%D] %M (%F|%N)

        log format = [%l] [%D] %M (%F|%N)

        # Limit the size of logfiles that are either read or written through
        # an opsi backend.
        # Setting this to 0 will disable any limiting.
        # If you set this to 0 we recommend using a proper logrotate configuration
        # so that your disk does not get filled by the logs.
        max log size = 5MB

        # Maximum number of execution statistics to store in memory.
        # Execution statistics can be written to the log file by sending
        # a SIGHUP to opsiconfd.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   max execution statistics = 250

        max execution statistics = 250

        # The User for opsi-Nagios-Connetor.
        #
        # Default:
        #   monitoring user = monitoring

        monitoring user = monitoring

        # Monitoring Debug switch. If switch is not true, monitoring
        # will not be logged.
        # If the switch is true, the global loglevel from opsiconfd is
        # used for logging monitoring
        #
        # Default:
        #   monitoring debug = false

         monitoring debug = false

; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; -     service settings                                                -
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[service]

        # The network interfaces to bind to.
        # This must be the IP address of an network interface.
        # Use 0.0.0.0 to listen to all interfaces
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   interface = 0.0.0.0

        interface = 0.0.0.0

        # The port where opsiconfd will listen for HTTP requests.
        # Use 0 to disable HTTP protocol
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   http port = 0

        http port = 0

        # The port where opsiconfd will listen for HTTPS requests.
        # Use 0 to disable HTTPS protocol
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   https port = 4447

        https port = 4447

        # The location of the server certificate.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   ssl server cert = /etc/opsi/opsiconfd.pem

        ssl server cert = /etc/opsi/opsiconfd.pem

        # The location of the server private key
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   ssl server key = /etc/opsi/opsiconfd.pem

        ssl server key = /etc/opsi/opsiconfd.pem

        # Ciphers that are accepted by the service when creating an
        # encrypted connection.
        #
        # Please refer to the OpenSSL manual for more information about
        # ciphers.
        #
        # Default:
        #   accepted ciphers =

        accepted ciphers =

; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; -     session settings                                                -
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[session]

        # Session name used in the session cookie.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   session name = OPSISID

        session name = OPSISID

        # If a client uses its fqdn and opsi-host-key for authentication,
        # opsiconfd will try to resolve the fqdn (username) by a system call.
        # If there is no result or the resulting IP address does not match
        # the client's address, the access will be denied.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   verify ip = no

        verify ip = no

        # If set to yes a client's ip address will be updated in the opsi database,
        # when the client connects to the service and authentication is successful.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   update ip = yes

        update ip = yes

        # The interval in seconds after an inactive session expires.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   max inactive interval = 120

        max inactive interval = 120

        # The maximum number of authentication failures before a client ip
        # is blocked for an amount of time.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.
        #
        # Default:
        #   max authentication failures = 5

        max authentication failures = 5

        # The maximum number of sessions that can be opened through one IP.
        #
        # Default:
        #   max sessions per ip = 25
        max sessions per ip = 25

; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; -     static directories                                              -
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[directories]

        # Every option value pair (<resourcename> = <path> [(options)]) has to consist
        # of a resourcename and a path to a local directory.
        # The URL http(s)://<server>:<port>/<resourcename> will give
        # access to the content of <path>.
        # Opsiconfd needs to be reloaded (SIGHUP) for changes to take effect.

        / = /usr/share/opsiconfd/static (noauth)
        configed = /usr/lib/configed (noauth)

Kann mir da jemand weiterhelfen?

Grüße
Benutzeravatar
ThomasT
uib-Team
Beiträge: 529
Registriert: 26 Jun 2013, 12:26

Re: Login nach Installation nicht möglich

Beitrag von ThomasT »

Woher kommt denn das https in der Adresszeile des configed?
Da sollte eigentlich die IP-Adresse bzw. der FQDN uU mit Portangabe reichen...
Kein Support per DM!
_________________________
opsi support - https://www.uib.de/
For productive opsi installations we recommend support contracts.
corin.corvus
Beiträge: 4
Registriert: 03 Dez 2020, 12:12

Re: Login nach Installation nicht möglich

Beitrag von corin.corvus »

Gute Frage. Das hat er da selbst reingepackt.

Ich habs hier noch mal ohne probiert. Auf meinem PC und auf 2 weiteren Clients das Gleiche. Installiert immer mit Administrationsrechten.
Bild
Benutzeravatar
ThomasT
uib-Team
Beiträge: 529
Registriert: 26 Jun 2013, 12:26

Re: Login nach Installation nicht möglich

Beitrag von ThomasT »

Kannst du dich denn mit den Credentials auf der Webseite https://10.0.0.22:4447 anmelden? Klick da doch mal auf opsi_config_interface und melde dich da an.
Du kannst dann auch auf dem OPSI-Server unter /var/log/opsi/opsiconfd/DEINE_IP.log nachschauen, was da passiert...
Kein Support per DM!
_________________________
opsi support - https://www.uib.de/
For productive opsi installations we recommend support contracts.
corin.corvus
Beiträge: 4
Registriert: 03 Dez 2020, 12:12

Re: Login nach Installation nicht möglich

Beitrag von corin.corvus »

Da kommt dann das hier. Scheint wohl nicht korrekt konfiguriert zu sein oder?
Bisher habe ich es nur installiert. Sollte bei UCS ja eigentlich direkt lauffähig sein.

Code: Alles auswählen

[5] [Dec 12 13:13:16] Session 'y4un78jcGT7dFamLxy2OhkImiWOpBfMl' from ip '10.0.0.10', application 'opsiclientd/4.2.0.47' deleted (Session.py|234)
[5] [Dec 12 20:08:52] New session created (session.py|77)
[5] [Dec 12 20:08:52] Application 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0' on client '10.0.0.10' supplied non existing session id: qcjPXMjc9YfZM1ZXEmgeRloVpdrbAace (Worker.py|396)
[4] [Dec 12 20:08:52] No username from 10.0.0.10 (application: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0) (workers.py|141)
[5] [Dec 12 20:08:52] Session 'DaWM9D2I129AiARTaJMmUqXXKIiKc9IE' from ip '10.0.0.10', application 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0' deleted (Session.py|234)
[2] [Dec 12 20:08:52] Traceback: (Logger.py|798)
[2] [Dec 12 20:08:52]   File "/usr/lib/python2.7/dist-packages/OPSI/Service/Worker.py", line 289, in _errback
    failure.raiseException()
 (Logger.py|798)
[2] [Dec 12 20:08:52]   File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 651, in _runCallbacks
    current.result = callback(current.result, *args, **kw)
 (Logger.py|798)
[2] [Dec 12 20:08:52]   File "/usr/lib/python2.7/dist-packages/opsiconfd/workers.py", line 294, in _authenticate
    raise OpsiAuthenticationError(errorMessage)
 (Logger.py|798)
[2] [Dec 12 20:08:52]      ==>>> Opsi authentication error: Authentication failure for '' from '10.0.0.10': No username given and resolve failed: [Errno 0] Resolver Error 0 (no error) (Worker.py|291)
[5] [Dec 12 20:09:13] New session created (session.py|77)
[5] [Dec 12 20:09:13] Application 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0' on client '10.0.0.10' supplied non existing session id: DaWM9D2I129AiARTaJMmUqXXKIiKc9IE (Worker.py|396)
[5] [Dec 12 20:09:13] Authorization request from corin.corvus@10.0.0.10 (application: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0) (workers.py|217)
[5] [Dec 12 20:09:15] Session 'ZCM0YVMuVNKP1Hhgl3GOV73jjzOKuKQu' from ip '10.0.0.10', application 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0' deleted (Session.py|234)
[2] [Dec 12 20:09:15] Traceback: (Logger.py|798)
[2] [Dec 12 20:09:15]   File "/usr/lib/python2.7/dist-packages/OPSI/Service/Worker.py", line 289, in _errback
    failure.raiseException()
 (Logger.py|798)
[2] [Dec 12 20:09:15]   File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 651, in _runCallbacks
    current.result = callback(current.result, *args, **kw)
 (Logger.py|798)
[2] [Dec 12 20:09:15]   File "/usr/lib/python2.7/dist-packages/opsiconfd/workers.py", line 294, in _authenticate
    raise OpsiAuthenticationError(errorMessage)
 (Logger.py|798)
[2] [Dec 12 20:09:15]      ==>>> Opsi authentication error: Authentication failure for 'corin.corvus' from '10.0.0.10': Backend authentication error: Backend authentication error: PAM authentication failed for user 'corin.corvus': ('User not known to the underlying authentication module', 10) (Worker.py|291)
Benutzeravatar
SisterOfMercy
Beiträge: 1522
Registriert: 22 Jun 2012, 19:18

Re: Login nach Installation nicht möglich

Beitrag von SisterOfMercy »

corin.corvus hat geschrieben:Da kommt dann das hier. Scheint wohl nicht korrekt konfiguriert zu sein oder?
Why are you trying to login with your own username? And are you sure you created administrator and not used the default as used in the docs, adminuser?
Bitte schreiben Sie Deutsch, when I'm responding in the German-speaking part of the forum!
corin.corvus
Beiträge: 4
Registriert: 03 Dez 2020, 12:12

Re: Login nach Installation nicht möglich

Beitrag von corin.corvus »

For test i add me in the opsiadmin group.
Administrator i have the same Issue.
Antworten