OPSI clients installation

Apps & App Center
1

Have just installed opsi on UCS server, but have no idea how to add clients to list
. OPSI don’t see any domain pc. Can someone maybe help me a little bit?
I have login in opsi with Administrator.

I have tried to follow this guide:
log in to the Windows client with administrative privileges
mount the shared directory on the opsi server at \\opsi_depot to a drive letter
on the drive letter from the previous step, start the script opsi-client-agent\service_setup.cmd
The script connects to the opsi-webservice in order to create the client on the server side and get the pckey. The first connection is established with the user/password combination provided in the config.ini. If the connection fails, a login window will pop up, where the user can type in a Service-URL (opsi-config-server), with a user and a password. The provided user needs to be member of the group opsiadmin.
But when I’m getting Access is denied when I try to log in \\opsi_depot.

2

Still need help, if some one can help me.

3

If you want an sync between the LDAP and opsi, you have to buy the Directory-Connector.

The URL has to be\\$opsi-hostname\opsi_depot, not \\opsi_depot. If you’re using the correct URL, you should check groups of the $user you’re using. The user that you are using accessing the share has also to be member of opsifileadmins:

id $user

And of course you should login with the $user in Windows, and $user should also be an administrator.

4

it was the correct address. and a user is in group opsifileadmins, doman admin, and local admin.
I solved it be using smb share.
Now I have added 2 clients
image

But got another problem. Software inventory is empty and I got an unexpected error in log files can see errors.
Maybe you can help me to solve this?

(0)       [4] [Dec 23 22:01:04] Failed to read opsi modules file '/etc/opsi/modules': [Errno 2] No such file or directory: u'/etc/opsi/modules' (Backend.py|421)
(1)       [5] [Dec 23 22:01:04] Application 'opsi-script 4.11.6.15' on client '192.168.4.148' did not send cookie (workers.py|183)
(2)       [5] [Dec 23 22:01:04] New session created (session.py|77)
(3)       [5] [Dec 23 22:01:04] Authorization request from adminuser@192.168.4.148 (application: opsi-script 4.11.6.15) (workers.py|213)
(4)       [5] [Dec 23 22:01:06] Session 'eA5YcX9eEB5oKsp7QsJ5H2NeTWO3H05I' from ip '192.168.4.148', application 'opsi-script 4.11.6.15' deleted (Session.py|225)
(5)       [2] [Dec 23 22:01:06] Traceback: (Logger.py|757)
(6)       [2] [Dec 23 22:01:06]   File "/usr/lib/python2.7/dist-packages/OPSI/Service/Worker.py", line 292, in _errback
(7)           failure.raiseException()
(8)        (Logger.py|757)
(9)       [2] [Dec 23 22:01:06]   File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 577, in _runCallbacks
(10)          current.result = callback(current.result, *args, **kw)
(11)       (Logger.py|757)
(12)      [2] [Dec 23 22:01:06]   File "/usr/lib/python2.7/dist-packages/opsiconfd/workers.py", line 278, in _authenticate
(13)          raise OpsiAuthenticationError(u"Forbidden: %s" % error)
(14)       (Logger.py|757)
(15)      [2] [Dec 23 22:01:06]      ==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: PAM authentication failed for user 'adminuser': ('User not known to the underlying authentication module', 10) (Worker.py|294)
5

And he is member of opsiadmin?

6

Yes.
image

7

Still looking for help.

8

I have no idea at the moment. Maybe you should ask in the opsi forum

9

Nobody answer on opsi forum :sleepy:

10

Bear with us, it has been holiday season so things might slow down a little in that time. :wink:
You have an answer waiting for you at the opsi forums.

If you require fast answers I have to suggest getting a support contract.

11

First of all, need to test what can do OPSI and then can think about support contract.

12

I just found out that I have some components not installed on UCS.
image
I have tried to EXECUTE scrip and got the error:
image

Found this theme AD-Verbindung und AD-Takeover: Verwirrender Systemzustand
But our USC server is joined to the domain already…

13

That seems to be a generic problem. opsi wants Samba 4, but this is not supported in the AD member mode.

14

Can it be the reason for OPSI problems?

15

Hi,

are you running opsi on role member?
In this case we require samba-univention to be installed.
There is also a special chapter in the Getting Started of opsi regarding installation on the member role.

16

Yes, we do, thx I will take a look at samba-invention.

17

I have followed steps from your link. and didn’t found pcpatch group on UCS so I added this group manually.

image

Wierd that I have added pcpatch group but don’t see this group in group list in UCS web interface but I see there pcpatch user. :face_with_raised_eyebrow:

image

the pcpatch group is the member of opsiadmin.
Do I need to add pcpathc group to Domain admin group?
When I try to log in to opsi config editor I getting BackendPremissionDeniedError.

18

If I understand correctly UCS cant normally work with Win server 2012?
image

19

Hi maksvell,

We use the groupname opsifileadmins on UCS because we have a user pcpatch and Samba 4 will not allow for a user and a group to have the same name.
I’d advise to stick with this.

While it still is possible to create all groups and users yourself I would not encourage this but let the join script handle this.
Is your system correctly joined?

Bye

20

What you mean witn Is your system correctly joined?