OPSI clients installation

opsi

#1

Have just installed opsi on UCS server, but have no idea how to add clients to list
. OPSI don’t see any domain pc. Can someone maybe help me a little bit?
I have login in opsi with Administrator.

I have tried to follow this guide:
log in to the Windows client with administrative privileges
mount the shared directory on the opsi server at \\opsi_depot to a drive letter
on the drive letter from the previous step, start the script opsi-client-agent\service_setup.cmd
The script connects to the opsi-webservice in order to create the client on the server side and get the pckey. The first connection is established with the user/password combination provided in the config.ini. If the connection fails, a login window will pop up, where the user can type in a Service-URL (opsi-config-server), with a user and a password. The provided user needs to be member of the group opsiadmin.
But when I’m getting Access is denied when I try to log in \\opsi_depot.


#2

Still need help, if some one can help me.


#3

If you want an sync between the LDAP and opsi, you have to buy the Directory-Connector.

The URL has to be\\$opsi-hostname\opsi_depot, not \\opsi_depot. If you’re using the correct URL, you should check groups of the $user you’re using. The user that you are using accessing the share has also to be member of opsifileadmins:

id $user

And of course you should login with the $user in Windows, and $user should also be an administrator.


#4

it was the correct address. and a user is in group opsifileadmins, doman admin, and local admin.
I solved it be using smb share.
Now I have added 2 clients
image

But got another problem. Software inventory is empty and I got an unexpected error in log files can see errors.
Maybe you can help me to solve this?

(0)       [4] [Dec 23 22:01:04] Failed to read opsi modules file '/etc/opsi/modules': [Errno 2] No such file or directory: u'/etc/opsi/modules' (Backend.py|421)
(1)       [5] [Dec 23 22:01:04] Application 'opsi-script 4.11.6.15' on client '192.168.4.148' did not send cookie (workers.py|183)
(2)       [5] [Dec 23 22:01:04] New session created (session.py|77)
(3)       [5] [Dec 23 22:01:04] Authorization request from adminuser@192.168.4.148 (application: opsi-script 4.11.6.15) (workers.py|213)
(4)       [5] [Dec 23 22:01:06] Session 'eA5YcX9eEB5oKsp7QsJ5H2NeTWO3H05I' from ip '192.168.4.148', application 'opsi-script 4.11.6.15' deleted (Session.py|225)
(5)       [2] [Dec 23 22:01:06] Traceback: (Logger.py|757)
(6)       [2] [Dec 23 22:01:06]   File "/usr/lib/python2.7/dist-packages/OPSI/Service/Worker.py", line 292, in _errback
(7)           failure.raiseException()
(8)        (Logger.py|757)
(9)       [2] [Dec 23 22:01:06]   File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 577, in _runCallbacks
(10)          current.result = callback(current.result, *args, **kw)
(11)       (Logger.py|757)
(12)      [2] [Dec 23 22:01:06]   File "/usr/lib/python2.7/dist-packages/opsiconfd/workers.py", line 278, in _authenticate
(13)          raise OpsiAuthenticationError(u"Forbidden: %s" % error)
(14)       (Logger.py|757)
(15)      [2] [Dec 23 22:01:06]      ==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: PAM authentication failed for user 'adminuser': ('User not known to the underlying authentication module', 10) (Worker.py|294)

#5

And he is member of opsiadmin?


#6

Yes.


#7

Still looking for help.


#8

I have no idea at the moment. Maybe you should ask in the opsi forum


#9

Nobody answer on opsi forum :sleepy:


#10

Bear with us, it has been holiday season so things might slow down a little in that time. :wink:
You have an answer waiting for you at the opsi forums.

If you require fast answers I have to suggest getting a support contract.


#11

First of all, need to test what can do OPSI and then can think about support contract.


#12

I just found out that I have some components not installed on UCS.


I have tried to EXECUTE scrip and got the error:

Found this theme AD-Verbindung und AD-Takeover: Verwirrender Systemzustand
But our USC server is joined to the domain already…


#13

That seems to be a generic problem. opsi wants Samba 4, but this is not supported in the AD member mode.


#14

Can it be the reason for OPSI problems?


#15

Hi,

are you running opsi on role member?
In this case we require samba-univention to be installed.
There is also a special chapter in the Getting Started of opsi regarding installation on the member role.


#16

Yes, we do, thx I will take a look at samba-invention.


#17

I have followed steps from your link. and didn’t found pcpatch group on UCS so I added this group manually.

image

Wierd that I have added pcpatch group but don’t see this group in group list in UCS web interface but I see there pcpatch user. :face_with_raised_eyebrow:

the pcpatch group is the member of opsiadmin.
Do I need to add pcpathc group to Domain admin group?
When I try to log in to opsi config editor I getting BackendPremissionDeniedError.


#18

If I understand correctly UCS cant normally work with Win server 2012?
image


#19

Hi maksvell,

We use the groupname opsifileadmins on UCS because we have a user pcpatch and Samba 4 will not allow for a user and a group to have the same name.
I’d advise to stick with this.

While it still is possible to create all groups and users yourself I would not encourage this but let the join script handle this.
Is your system correctly joined?

Bye


#20

What you mean witn Is your system correctly joined?