Unable to authenticate after changing group membership
Verfasst: 05 Okt 2017, 22:13
Hello,
I was trying to configure a wsusoffline setup, so I added the 'wsusoffline' opsiadmin user to the wsusoffline group.
After that I got a' BackendPermissionDeniedError' every time I tried to log in to the GUI configd:
Then, I tried to put the adminuser back to the way it was, like so:
And I also typed:
Now I am getting 'No Connection Unauthorized', even though I am putting in the right password:
Does anyone know how I can configure this so I can log in again?
I was trying to configure a wsusoffline setup, so I added the 'wsusoffline' opsiadmin user to the wsusoffline group.
After that I got a' BackendPermissionDeniedError' every time I tried to log in to the GUI configd:
Code: Alles auswählen
from /var/log/opsi/opsiconfigd/
[5] [Oct 05 18:52:36] Application 'opsi config editor 4.0.7.5.22' on client '10.0.1.124' did not send cookie (workers.py|183)
[5] [Oct 05 18:52:36] New session created (session.py|77)
[5] [Oct 05 18:52:36] Authorization request from adminuser@10.0.1.124 (application: opsi config editor 4.0.7.5.22) (workers.py|213)
[5] [Oct 05 18:52:36] Modules file signature verified (customer: opsivm basic license) (MySQL.py|523)
[5] [Oct 05 18:52:36] -----> Executing: authenticated() (JsonRpc.py|134)
[5] [Oct 05 18:52:36] -----> Executing: getRawData(u'select * from SOFTWARE_CONFIG LIMIT 1 ') (JsonRpc.py|134)
[3] [Oct 05 18:52:36] Execution error: Backend configuration error: You have tried to execute a method, that will not work with filebackend. (JsonRpc.py|146)
[4] [Oct 05 18:52:36] Failed RPC on u'getRawData' with params [u'select * from SOFTWARE_CONFIG LIMIT 1 ']: <BackendConfigurationError(u'You have tried to execute a method, that will not work with filebackend.
')> (statistics.py|419)
[5] [Oct 05 18:52:36] Application 'opsi config editor 4.0.7.5.22' on client '10.0.1.124' did not send cookie (workers.py|183)
[5] [Oct 05 18:52:36] New session created (session.py|77)
[5] [Oct 05 18:52:36] Authorization request from adminuser@10.0.1.124 (application: opsi config editor 4.0.7.5.22) (workers.py|213)
[5] [Oct 05 18:52:36] Modules file signature verified (customer: opsivm basic license) (MySQL.py|523)
[5] [Oct 05 18:52:37] -----> Executing: getPossibleMethods_listOfHashes() (JsonRpc.py|134)
[5] [Oct 05 18:52:37] -----> Executing: getOpsiInformation_hash() (JsonRpc.py|134)
[5] [Oct 05 18:52:37] -----> Executing: host_getObjects([]) (JsonRpc.py|134)
[4] [Oct 05 18:52:37] 14 objects removed by acl, 0 objects left (BackendManager.py|1042)
[5] [Oct 05 18:52:37] -----> Executing: authenticated() (JsonRpc.py|134)
[5] [Oct 05 18:52:37] -----> Executing: config_getObjects([]) (JsonRpc.py|134)
[3] [Oct 05 18:52:37] Execution error: Backend permission denied error: Access to method 'config_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[5] [Oct 05 18:52:37] -----> Executing: accessControl_userIsReadOnlyUser() (JsonRpc.py|134)
[4] [Oct 05 18:52:37] 1 objects removed by acl, 0 objects left (BackendManager.py|1042)
[3] [Oct 05 18:52:37] Execution error: Backend permission denied error: Access to method 'config_updateObjects' denied for user 'adminuser': Backend permission denied error: Access denied (JsonRpc.py|146)
[5] [Oct 05 18:52:37] -----> Executing: config_updateObjects([<UnicodeConfig(id=u'product_sort_algorithm', description=u'', possibleValues=[u'algorithm1', u'algorithm2'], defaultValues=[], editable=False, multiValue=False)>, <UnicodeConfig(id=u'configed.license...) (JsonRpc.py|134)
[4] [Oct 05 18:52:37] 24 objects removed by acl, 0 objects left (BackendManager.py|1042)
[3] [Oct 05 18:52:37] Execution error: Backend permission denied error: Access to method 'config_updateObjects' denied for user 'adminuser': Backend permission denied error: Access denied (JsonRpc.py|146)
[5] [Oct 05 18:52:37] -----> Executing: config_updateObjects(<UnicodeConfig(id=u'configed.productonclient_displayfields_localboot', description=u'', possibleValues=[u'actionRequest', u'installationInfo', u'installationStatus', u'position', u'priority', u'produc...) (JsonRpc.py|134)
[4] [Oct 05 18:52:37] 1 objects removed by acl, 0 objects left (BackendManager.py|1042)
[3] [Oct 05 18:52:37] Execution error: Backend permission denied error: Access to method 'config_updateObjects' denied for user 'adminuser': Backend permission denied error: Access denied (JsonRpc.py|146)
[5] [Oct 05 18:52:37] -----> Executing: config_updateObjects(<UnicodeConfig(id=u'configed.productonclient_displayfields_netboot', description=u'', possibleValues=[u'actionRequest', u'installationInfo', u'installationStatus', u'position', u'priority', u'productI...) (JsonRpc.py|134)
[4] [Oct 05 18:52:37] 1 objects removed by acl, 0 objects left (BackendManager.py|1042)
[3] [Oct 05 18:52:37] Execution error: Backend permission denied error: Access to method 'config_updateObjects' denied for user 'adminuser': Backend permission denied error: Access denied (JsonRpc.py|146)
[3] [Oct 05 18:52:37] Execution error: Backend permission denied error: Access to method 'group_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[5] [Oct 05 18:52:38] -----> Executing: group_createHostGroup(u'clientdirectory', u'root of directory', u'', None) (JsonRpc.py|134)
[5] [Oct 05 18:52:38] -----> Executing: objectToGroup_getObjects() (JsonRpc.py|134)
[3] [Oct 05 18:52:38] Execution error: Backend permission denied error: Access to method 'objectToGroup_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[4] [Oct 05 18:52:38] Failed RPC on u'objectToGroup_getObjects' with params []: <BackendPermissionDeniedError(u"Access to method 'objectToGroup_getObjects' denied for user 'adminuser'")> (statistics.py|419)
[5] [Oct 05 18:52:38] -----> Executing: config_updateObjects(<UnicodeConfig(id=u'configed.host_displayfields', description=u'', possibleValues=[u'UEFIboot', u'WANmode', u'clientConnected', u'clientCreated', u'clientDescription', u'clientHardwareAddress', u'clie...) (JsonRpc.py|134)
[4] [Oct 05 18:52:38] 1 objects removed by acl, 0 objects left (BackendManager.py|1042)
[3] [Oct 05 18:52:38] Execution error: Backend permission denied error: Access to method 'config_updateObjects' denied for user 'adminuser': Backend permission denied error: Access denied (JsonRpc.py|146)
[5] [Oct 05 18:52:55] -----> Executing: configState_getObjects([]) (JsonRpc.py|134)
[3] [Oct 05 18:52:55] Execution error: Backend permission denied error: Access to method 'configState_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[5] [Oct 05 18:52:55] -----> Executing: SSHCommand_getObjects() (JsonRpc.py|134)
[5] [Oct 05 18:52:55] Exception with file /var/lib/opsi/server_commands_custom.conf (30_sshcommands.conf|54)
[2] [Oct 05 18:52:55] Traceback: (Logger.py|757)
[2] [Oct 05 18:52:55] File "/etc/opsi/backendManager/extend.d/30_sshcommands.conf", line 31, in readFilecontent
if os.path.getsize(filename) <= 0:
(Logger.py|757)
[2] [Oct 05 18:52:55] ==>>> [Errno 2] No such file or directory: '/var/lib/opsi/server_commands_custom.conf' (30_sshcommands.conf|55)
[5] [Oct 05 18:52:55] -----> Executing: accessControl_userIsReadOnlyUser() (JsonRpc.py|134)
[4] [Oct 05 18:52:55] 1 objects removed by acl, 0 objects left (BackendManager.py|1042)
[3] [Oct 05 18:52:55] Execution error: Backend permission denied error: Access to method 'config_updateObjects' denied for user 'adminuser': Backend permission denied error: Access denied (JsonRpc.py|146)
[5] [Oct 05 18:52:55] -----> Executing: config_updateObjects([<UnicodeConfig(id=u'product_sort_algorithm', description=u'', possibleValues=[u'algorithm1', u'algorithm2'], defaultValues=[], editable=False, multiValue=False)>, <UnicodeConfig(id=u'configed.license...) (JsonRpc.py|134)
[4] [Oct 05 18:52:55] 23 objects removed by acl, 0 objects left (BackendManager.py|1042)
[3] [Oct 05 18:52:55] Execution error: Backend permission denied error: Access to method 'config_updateObjects' denied for user 'adminuser': Backend permission denied error: Access denied (JsonRpc.py|146)
[5] [Oct 05 18:52:55] -----> Executing: product_getObjects([u'id', u'productVersion', u'packageVersion', u'setupScript', u'updateScript', u'uninstallScript', u'alwaysScript', u'onceScript', u'customScript', u'userLoginScript', u'priority', u'advice', u'name',...) (JsonRpc.py|134)
[3] [Oct 05 18:52:55] Execution error: Backend permission denied error: Access to method 'product_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[5] [Oct 05 18:52:55] -----> Executing: productOnDepot_getObjects([]) (JsonRpc.py|134)
[3] [Oct 05 18:52:55] Execution error: Backend permission denied error: Access to method 'productOnDepot_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[5] [Oct 05 18:52:55] -----> Executing: getProductOrdering(u'') (JsonRpc.py|134)
[3] [Oct 05 18:52:55] Execution error: Backend permission denied error: Access to method 'config_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[4] [Oct 05 18:52:55] Failed RPC on u'getProductOrdering' with params [u'']: <BackendPermissionDeniedError(u"Access to method 'config_getObjects' denied for user 'adminuser'")> (statistics.py|419)
[5] [Oct 05 18:52:55] -----> Executing: productProperty_getObjects([]) (JsonRpc.py|134)
[3] [Oct 05 18:52:55] Execution error: Backend permission denied error: Access to method 'productProperty_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[5] [Oct 05 18:52:56] -----> Executing: getProductOrdering(None) (JsonRpc.py|134)
[3] [Oct 05 18:52:56] Execution error: Backend permission denied error: Access to method 'config_getObjects' denied for user 'adminuser' (JsonRpc.py|146)
[4] [Oct 05 18:52:56] Failed RPC on u'getProductOrdering' with params [None]: <BackendPermissionDeniedError(u"Access to method 'config_getObjects' denied for user 'adminuser'")> (statistics.py|419)
Code: Alles auswählen
$ id adminuser
uid=1001(adminuser) gid=992(pcpatch) groups=992(pcpatch)
Code: Alles auswählen
opsi-set-rights
opsi-setup --init-current-config
Code: Alles auswählen
[5] [Oct 05 21:00:30] Application 'opsi config editor 4.0.7.5.22' on client '10.0.1.124' did not send cookie (workers.py|183)
[5] [Oct 05 21:00:30] New session created (session.py|77)
[5] [Oct 05 21:00:30] Authorization request from adminuser@10.0.1.124 (application: opsi config editor 4.0.7.5.22) (workers.py|213)
[5] [Oct 05 21:00:32] Session 'zuGnQFiZCoOOUePWqJIzBTbtT1tPOYuz' from ip '10.0.1.124', application 'opsi config editor 4.0.7.5.22' deleted (Session.py|225)
[2] [Oct 05 21:00:32] Traceback: (Logger.py|757)
[2] [Oct 05 21:00:32] File "/usr/lib/python2.7/dist-packages/OPSI/Service/Worker.py", line 292, in _errback
failure.raiseException()
(Logger.py|757)
[2] [Oct 05 21:00:32] File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 588, in _runCallbacks
current.result = callback(current.result, *args, **kw)
(Logger.py|757)
[2] [Oct 05 21:00:32] File "/usr/lib/python2.7/dist-packages/opsiconfd/workers.py", line 278, in _authenticate
raise OpsiAuthenticationError(u"Forbidden: %s" % error)
(Logger.py|757)
[2] [Oct 05 21:00:32] ==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: PAM authentication failed for user 'adminuser': ('Authentication failure', 7) (Worker.py|294)
[3] [Oct 05 21:00:32] 6 authentication failures from '10.0.1.124' in a row, waiting 60 seconds to prevent flooding (workers.py|93)