OpenVPN4UCS Registerkarte wird bei Server nicht angezeigt

openvpn

#1

Ich habe OpenVPN4UCS auf meinem Server installiert. Die App wird zwar als installiert angezeigt, allerdings finde ich beim Server nicht die entsprechende Registerkarte in den erweiterten Einstellungen. Gibt es eine Möglichkeit, das zu beheben ?

Herzlichen Dank und LG Helmut


#2

Huhu,

ist denn das Join-Script des Moduls anständig durchgelaufen? univention-check-join-status sollte nur Joined successfully ausgeben.

Falls nicht: was ist die Ausgabe? Dann mal univention-run-join-scripts ausführen und die Ausgabe von /var/log/univention/join.log posten, falls die Module nicht richtig ausgeführt werden können sollten.

Gruß
m.


#3

Hallo, Moritz,

univention-check-join-status gibt Joined successfully aus.
Habe dann univention-run-join-scripts ausgeführt und folgendes in der join.log gefunden:

univention-run-join-scripts started
Mon Apr  8 17:52:05 CEST 2019

univention-join-hooks: looking for hook type "join/pre-joinscripts" on ucs.xxxx.local
Found hooks:
  
RUNNING 00kopano4ucs-safemode-on.inst
EXITCODE=already_executed
RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 02univention-directory-notifier.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-directory-notifier-post.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-appcenter.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-s4-connector.inst
EXITCODE=already_executed
RUNNING 31univention-nagios-samba.inst
EXITCODE=already_executed
RUNNING 33univention-portal.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 35univention-appcenter-docker.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-admindiary.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-diagnostic.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ipchange.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-printers.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-cups.inst
EXITCODE=already_executed
RUNNING 35univention-server-overview.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 40univention-postgresql.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 50dudle.inst
EXITCODE=already_executed
RUNNING 50nextcloud.inst
EXITCODE=already_executed
RUNNING 60univention-admin-diary-backend.inst
EXITCODE=already_executed
RUNNING 70kopano4ucs-udm.inst
EXITCODE=already_executed
RUNNING 70kopano4ucs.inst
EXITCODE=already_executed
RUNNING 70zarafa4ucs-udm.inst
EXITCODE=already_executed
RUNNING 71kopano4ucs-webapp.inst
EXITCODE=already_executed
RUNNING 79univention-printserver.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 91univention-saml.inst
EXITCODE=already_executed
RUNNING 92univention-fetchmail-schema.inst
EXITCODE=already_executed
RUNNING 92univention-fetchmail.inst
EXITCODE=already_executed
RUNNING 92univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 94univention-openvpn-master.inst
EXITCODE=already_executed
RUNNING 94univention-openvpn-server.inst
EXITCODE=already_executed
RUNNING 94univention-openvpn-sitetosite.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
EXITCODE=already_executed
RUNNING 97univention-s4-connector.inst
EXITCODE=already_executed
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-saml-kerberos.inst
EXITCODE=already_executed
RUNNING 99kopano4ucs-safemode-off.inst
EXITCODE=already_executed
univention-join-hooks: looking for hook type "join/post-joinscripts" on ucs.zabrana.local
Found hooks:
  

Mon Apr  8 17:52:09 CEST 2019
univention-run-join-scripts finished

Sehe da keine Fehler !?

LG und danke für deine Hilfe
Helmut


#4

Jo, das sieht OK aus.

Die OpenVPN-Einstellungen sind keine eigene Registerkarte sondern nur ein Abschnitt auf der Registerkarte »Erweiterte Einstellungen«:

DeepinScreenshot_select-area_20190409095915

Sind die bei Ihnen wirklich nicht vorhanden? Falls nicht, was gibt der folgende Befehl aus:

univention-ldapsearch -LLLo ldif-wrap=no -b "cn=openvpn,cn=custom attributes,cn=univention,$(ucr get ldap/base)"

#5

Hallo, Moritz,

danke für deine Rückmeldung. Unter erweiterte Einstellungen hab ich keinen Punkt “OpenVPN”. Der von dir angeführte Befehl ergab folgende Ausgabe:

Last login: Mon Apr  8 18:15:51 2019 from 192.168.1.59
root@ucs:~# univention-ldapsearch -LLLo ldif-wrap=no -b "cn=openvpn,cn=custom attributes,cn=univention,$(ucr get ldap/base)"
No such object (32)
Matched DN: cn=custom attributes,cn=univention,dc=xxxxx,dc=xxxxx

LG
Helmut


#6

Huhu,

das passt alles nicht zusammen. Das Join-Script 94univention-openvpn-master.inst ist zwar angeblich sauber durchgelaufen, aber genau das erstellt eigentlich einen Haufen von Custom Attributes, und die sind deiner Ausgabe nach schlicht nicht vorhanden.

Bitte führ auf deinem DC Master noch mal das Join-Script wie folgt aus:

univention-run-join-scripts --force --run-scripts 94univention-openvpn-master.inst

Anschließend poste bitte wieder den Inhalt vom join.log. Danke.


#7

Hallo, Markus,

das dürfte jetzt funktioniert haben. Habe jetzt den Eintrag in den “Erweiterten Einstellungen” beim Benutzer.

einstellungen

Die LOG-Datei sagt folgendes:

univention-run-join-scripts started
Sam Apr 13 18:57:25 CEST 2019

univention-join-hooks: looking for hook type "join/pre-joinscripts" on xxx.xxx.local
Found hooks:

RUNNING 94univention-openvpn-master.inst
2019-04-13 18:57:28.781590746+02:00 (in joinscript_init)
Object exists: cn=services,cn=univention,dc=xxx,dc=xxx
Object exists: cn=OpenVPN,cn=services,cn=univention,dc=xxx,dc=xxx
WARNING: cannot append OpenVPN to service, value exists
No modification: cn=ucs,cn=dc,cn=computers,dc=xxx,dc=xxx
Object exists: cn=udm_hook,cn=univention,dc=xxx,dc=xxx
INFO: No change of core data of object univention-openvpn.
Object modified: cn=univention-openvpn,cn=udm_hook,cn=univention,dc=xxx,dc=xxx

Waiting for activation of the extension object univention-openvpn: OK
Waiting for file /usr/share/pyshared/univention/admin/hooks.d/univention-openvpn.py: OK
Object exists: cn=udm_syntax,cn=univention,dc=xxx,dc=xxx
INFO: No change of core data of object univention-openvpn-schema.
Object modified: cn=univention-openvpn-schema,cn=udm_syntax,cn=univention,dc=xxx,dc=xxx

Waiting for activation of the extension object univention-openvpn-schema: OK
Waiting for file /usr/share/pyshared/univention/admin/syntax.d/univention-openvpn-schema.py: OK
Object created: cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-UserAddress,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-FixedAddresses,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Dualfactorauth,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Duplicate,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Redirect,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-NetIPv6,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Net,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Port,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Address,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Active,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Account,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Secret,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-RemoteAddress,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-LocalAddress,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-SitetoSitePort,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-Remote,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-SitetoSiteActive,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
Object created: cn=UniventionOpenvpn-License,cn=openvpn,cn=custom attributes,cn=univention,dc=xxx,dc=xxx
E: Object exists: (uid) ldapper-m-ucs
E: Object exists: (group) : VPN Admins
sed: /var/www/readytogo/*/.htaccess kann nicht gelesen werden: Datei oder Verzeichnis nicht gefunden
sed: /var/www/readytogo/*/.htaccess kann nicht gelesen werden: Datei oder Verzeichnis nicht gefunden
Site openvpn4ucs2 already enabled
Restarting apache2 (via systemctl): apache2.service.
Object exists: cn=ldapacl,cn=univention,dc=xxx,dc=xxx
INFO: No change of core data of object 63openvpn-sitetosite.
Object modified: cn=63openvpn-sitetosite,cn=ldapacl,cn=univention,dc=xxx,dc=xxx

Waiting for activation of the extension object 63openvpn-sitetosite: OK
2019-04-13 18:58:18.746190068+02:00 (in joinscript_save_current_version)
EXITCODE=0
univention-join-hooks: looking for hook type "join/post-joinscripts" on xxx.xxx.local
Found hooks:

Ich werde jetzt mal versuchen, OpenVPN nun auch praktisch zu testen.

Herzichen Dank :slight_smile:

LG
Helmut