Openvpn4ucs kann nicht aktiviert werden

openvpn

#1

Hallo,

ich habe mir heute frisch Openvpn4UCS auf meinen Master installiert und wenn ich es auch auf dem bei “Rechner” aktivieren möchte, kommt die Meldung, dass das LDAP Attribut “openvpnsecret” nicht erlaubt ist. Setze ich bei OpenSitetoSite eines, kommt “kein Zugriff”.

In der Anleitung steht leider auch nicht wirklich viel dazu. Kann mir jemand eine Hilfestellung geben oder mir sagen, woran es liegt mit einem Lösungsvorschlag?

Ich möchte lediglich einen server anbieten, womit sich Clients in das Netzwerk verbinden können.

Grüße


#2

Moin,

liefen die Joinscripte sauber durch? Informationen dazu finden Sie in der /var/log/univention/join.log

Viele Grüße von der bytemine GmbH


#3

Moin,

dort kommt leider nur das hier:

univention-run-join-scripts started
Do 28. Dez 11:00:25 CET 2017

RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 02univention-directory-notifier.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-directory-notifier-post.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-appcenter.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-s4-connector.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-samba.inst
EXITCODE=already_executed
RUNNING 33univention-portal.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 34univention-self-service.inst
EXITCODE=already_executed
RUNNING 35univention-appcenter-docker.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-diagnostic.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ipchange.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-pkgdb.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-printers.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-cups.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-squid.inst
EXITCODE=already_executed
RUNNING 35univention-self-service-passwordreset-umc.inst
EXITCODE=already_executed
RUNNING 35univention-server-overview.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 40univention-postgresql.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 42asterisk4ucs-udm.inst
EXITCODE=already_executed
RUNNING 42asterisk4ucs-umc-deploy.inst
EXITCODE=already_executed
RUNNING 42asterisk4ucs-umc-music.inst
EXITCODE=already_executed
RUNNING 42asterisk4ucs-umc-user.inst
EXITCODE=already_executed
RUNNING 50dudle.inst
EXITCODE=already_executed
RUNNING 50jenkins.inst
EXITCODE=already_executed
RUNNING 50nextcloud.inst
EXITCODE=already_executed
RUNNING 50onlyoffice-ds.inst
EXITCODE=already_executed
RUNNING 50univention-pkgdb.inst
EXITCODE=already_executed
RUNNING 50wordpress.inst
EXITCODE=already_executed
RUNNING 78univention-kde.inst
EXITCODE=already_executed
RUNNING 79univention-printserver.inst
EXITCODE=already_executed
RUNNING 79univention-squid.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 91univention-saml.inst
EXITCODE=already_executed
RUNNING 92univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 94univention-openvpn-master.inst
EXITCODE=already_executed
RUNNING 94univention-openvpn-server.inst
EXITCODE=already_executed
RUNNING 94univention-openvpn-sitetosite.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
EXITCODE=already_executed
RUNNING 97univention-s4-connector.inst
EXITCODE=already_executed
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
EXITCODE=already_executed
RUNNING 99opsi4ucs.inst
EXITCODE=already_executed

Do 28. Dez 11:00:26 CET 2017
univention-run-join-scripts finished

Das hier kommt, wenn ich das Joinscript erneut erzwinge (openvpn server)

univention-run-join-scripts started
Do 28. Dez 11:08:08 CET 2017

RUNNING 94univention-openvpn-server.inst
2017-12-28 11:08:08.951480360+01:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=c-corp,dc=org
Object exists: cn=OpenVPN,cn=services,cn=univention,dc=c-corp,dc=org
WARNING: cannot append OpenVPN to service, value exists
No modification: cn=central,cn=dc,cn=computers,dc=c-corp,dc=org
Object created: uid=ldapper-s-central,cn=users,dc=c-corp,dc=org
Site openvpn4ucs already enabled
2017-12-28 11:08:10.237654886+01:00 (in joinscript_save_current_version)
EXITCODE=0

Do 28. Dez 11:08:10 CET 2017
univention-run-join-scripts finished

Openvpn Master

univention-run-join-scripts started
Do 28. Dez 11:09:12 CET 2017

RUNNING 94univention-openvpn-master.inst
2017-12-28 11:09:12.659119925+01:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=c-corp,dc=org
Object exists: cn=OpenVPN,cn=services,cn=univention,dc=c-corp,dc=org
WARNING: cannot append OpenVPN to service, value exists
No modification: cn=central,cn=dc,cn=computers,dc=c-corp,dc=org
Object exists: cn=udm_hook,cn=univention,dc=c-corp,dc=org
INFO: No change of core data of object univention-openvpn.
No modification: cn=univention-openvpn,cn=udm_hook,cn=univention,dc=c-corp,dc=org

Waiting for activation of the extension object univention-openvpn: OK
Waiting for file /usr/share/pyshared/univention/admin/hooks.d/univention-openvpn.py: OK
Object exists: cn=udm_syntax,cn=univention,dc=c-corp,dc=org
INFO: No change of core data of object univention-openvpn-schema.
No modification: cn=univention-openvpn-schema,cn=udm_syntax,cn=univention,dc=c-corp,dc=org

Waiting for activation of the extension object univention-openvpn-schema: OK
Waiting for file /usr/share/pyshared/univention/admin/syntax.d/univention-openvpn-schema.py: OK
Object created: cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-UserAddress,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-FixedAddresses,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Dualfactorauth,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Duplicate,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Redirect,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-NetIPv6,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Net,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Port,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Address,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Active,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Account,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Secret,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-RemoteAddress,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-LocalAddress,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-SitetoSitePort,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-Remote,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-SitetoSiteActive,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: cn=UniventionOpenvpn-License,cn=openvpn,cn=custom attributes,cn=univention,dc=c-corp,dc=org
Object created: uid=ldapper-m-central,cn=users,dc=c-corp,dc=org
E: Object exists: (group) : VPN Admins
sed: kann /var/www/readytogo/*/.htaccess nicht lesen: Datei oder Verzeichnis nicht gefunden
sed: kann /var/www/readytogo/*/.htaccess nicht lesen: Datei oder Verzeichnis nicht gefunden
Site openvpn4ucs2 already enabled
Restarting apache2 (via systemctl): apache2.service.
Object exists: cn=ldapacl,cn=univention,dc=c-corp,dc=org
INFO: No change of core data of object 63openvpn-sitetosite.
No modification: cn=63openvpn-sitetosite,cn=ldapacl,cn=univention,dc=c-corp,dc=org

Waiting for activation of the extension object 63openvpn-sitetosite: OK
2017-12-28 11:09:18.056284171+01:00 (in joinscript_save_current_version)
EXITCODE=0

Do 28. Dez 11:09:18 CET 2017
univention-run-join-scripts finished

zu “.htaccess not found”

root@central:/var/www/readytogo# ls -ltra
insgesamt 16
drwxr-xr-x  2 root root 4096 Dez 21 10:28 .
drwxr-xr-x 11 root root 4096 Dez 28 10:59 ..
-rw-r--r--  1 root root 3331 Dez 28 11:09 notfound.html
-rw-r--r--  1 root root   43 Dez 28 11:09 .htaccess
root@central:/var/www/readytogo#


#4

Moin,

treten die Probleme nun auch weiterhin nach dem erzwungenen Durchlauf des Joinscripts auf?

Viele Grüße von der bytemine GmbH


#5

Moin,

Aktualisierung:
Nach Neustart des Servers und erneuter Join Durchführung ist nun der Reiter in den Erweiterten Einstellungen vorhanden und aktiv ohne probleme (Muss SitetoSite mit aktivieren)

Leider ist aber immer noch kein ready2go Eintrag vorhanden und das Join Script kann die .htaccess nicht lesen. Die hat nur lese und schreibrechte auf Root in dem Ordner. Wie kann ich die Ready2go Pakete instand setzen, sodass ich die Konfigurationen nicht manuell einrichten muss für jeden User?

Den Eintrag habe ich nun auch wieder erstellt und komme auch auf die seite. Dem Ordner readytogo habe ich nun die Rechte gegeben 755 und es kommt keine forbidden meldung mehr. Leider komme ich allerdings nicht viel weiter.
Nun kommt diese Meldung, wenn ich dort meinen Usernamen eingebe. Ich habe ihn bereits für openvpn als account aktiviert in “Benutzer”

This page does not exist. Please talk to your VPN admin who should consider a license issue.

Im Home-Verzeichnis erscheint leider auch kein Zertifikat oder Paket für den User.

Grüße und schon einmal vielen Dank für die Hilfe.