OPSI4UCS - no login possible

opsi

#1

I have installed for a first test the OPSI Package on my UCS 4.1. The setup is finished, but I cannot login.

Which are the credentials of the Opsi Config Editor?

How can i force a new installation of OPSI4 UCS? I think (i have several install / deinstall the package via the App Center) that something is going wrong. In the LDAP i missing the mentioned user “pcpatch” or group “opsiadmin”

Thanks for the help


#2

Hi,

On what role did you install?
Did you try running the join script again manually?

regarding the login: have you assigned your user to the group of opsi administrators (opsiadmin)?


#3

The Role is “Domain Master”

I dont know where the join script is.

By the first try to login - before i deinstall and do some much more - the user “Administrator” was in group “opsiadmin”. I create a new user in the domain and add them to the group too, but no login was possible.

My current state: I have remove UCS from the App Center. Now only “opsiconfd” and “opsipxeconfd” are still there and cannot remove:

Löschen der Konfigurationsdateien von opsipxeconfd ...
 Removing any system startup links for /etc/init.d/opsipxeconfd ...
dpkg: Fehler beim Bearbeiten von opsipxeconfd (--purge):
 Unterprozess installiertes post-removal-Skript gab den Fehlerwert 1 zurück
Fehler traten auf beim Bearbeiten von:
 opsipxeconfd
W: Can not find PkgVer for 'opsipxeconfd'
E: Sub-process /usr/bin/dpkg returned an error code (1)

#4

OK - I have again install opsi via App Center.

Then I go to Domain Settings and rerun the 99opsi4ucs Join-Script. Now all users/groups again available :slight_smile: I check, that the “Administrator”-Account is in group “opsiadmin”

Then I restart the server and try again to login. When I use the account “Administrator” or another user then I cant login. But when i use “root” with the password of the administrator, then i can login - but i have some errors:


Okt 12  17:02:51.450  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'config_updateObjects' denied for user 'root': Backend permission denied error: Access denied
Okt 12  17:02:51.515  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'config_updateObjects' denied for user 'root': Backend permission denied error: Access denied
Okt 12  17:02:51.811  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'group_getObjects' denied for user 'root'
Okt 12  17:02:52.064  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'objectToGroup_getObjects' denied for user 'root'
Okt 12  17:02:52.135  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'config_updateObjects' denied for user 'root': Backend permission denied error: Access denied
Okt 12  17:03:10.120  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'configState_getObjects' denied for user 'root'
Okt 12  17:03:10.123  2017 -- JSONReMapper: Exception on reproducing  null, java.lang.NullPointerException
Okt 12  17:03:10.134  2017 -- Nicht erwarteter Fehler 6
Bitte die Logdatei einsehen
Okt 12  17:03:11.290  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'config_updateObjects' denied for user 'root': Backend permission denied error: Access denied
Okt 12  17:03:11.377  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'config_updateObjects' denied for user 'root': Backend permission denied error: Access denied
Okt 12  17:03:12.445  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'product_getObjects' denied for user 'root'
Okt 12  17:03:12.448  2017 -- JSONReMapper: Exception on reproducing  null, java.lang.NullPointerException
Okt 12  17:03:12.524  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'productOnDepot_getObjects' denied for user 'root'
Okt 12  17:03:12.526  2017 -- JSONReMapper: Exception on reproducing  null, java.lang.NullPointerException
Okt 12  17:03:12.601  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'config_getObjects' denied for user 'root'
Okt 12  17:03:12.669  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'productProperty_getObjects' denied for user 'root'
Okt 12  17:03:12.673  2017 -- JSONReMapper: Exception on reproducing  null, java.lang.NullPointerException
Okt 12  17:03:13.092  2017 -- Opsi service error:  [BackendPermissionDeniedError] Backend permission denied error: Access to method 'config_getObjects' denied for user 'root'

#5

Hi,

I can’t recommend using root or Administrator.
Create an (or use an existing) user and assign the user to the groups opsiadmin and pcpatch.


#6

Yes - that was my first idea too: not using admin or root. But if i put my own user to the group “opsiadmin” than i cannot login in opsi.

The Usergroup “pcpatch” is not available. Only “OPSI Depot Servers” and “opsifileadmins”

BTW: I find a user with the name “pcpatch”

Add note:

Here is a part of the log from the join script.

Check for opsi fileadmingroup e[0;33;40m[4] [Oct 12 16:49:26] Failed to read opsi modules file '/etc/opsi/modules': [Errno 2] No such file or directory: u'/etc/opsi/modules' (Backend.py|421)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:26] Disabling mysql backend and license management module: no customer in modules file (MySQL.py|492)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:26] Creating base path: '/var/lib/opsi/config' (File.py|233)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:26] Creating opsi base (SQL.py|465)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] Try to find a Configserver. (opsi-setup|1860)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] Getting current system config (opsi-setup|119)e[0;0;0m
e[0;33;40m[4] [Oct 12 16:49:30] Failed to get vendor/device id for network device br0 (Posix.py|474)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] System information: (opsi-setup|172)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] distributor : Univention (opsi-setup|173)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] distribution : Univention Corporate Server 4.1-4 errata478 (Vahr) (opsi-setup|174)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] ip address : 192.168.2.40 (opsi-setup|175)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] netmask : 255.255.255.0 (opsi-setup|176)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] subnet : 192.168.2.0 (opsi-setup|177)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] broadcast : 192.168.2.255 (opsi-setup|178)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] fqdn : ucs002040.testcompany.lan (opsi-setup|179)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] hostname : ucs002040 (opsi-setup|180)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] domain : testcompany.lan (opsi-setup|181)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:30] win domain : TESTCOMPANY (opsi-setup|182)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:31] Configuring client user pcpatch (opsi-setup|188)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:31] Creating RSA private key for user pcpatch in '/var/lib/opsi/.ssh/id_rsa' (opsi-setup|202)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:31] Setting rights on directory '/var/lib/opsi/.ssh' (Rights.py|121)e[0;0;0m
e[0;33;40m[4] [Oct 12 16:49:31] Failed to read opsi modules file '/etc/opsi/modules': [Errno 2] No such file or directory: u'/etc/opsi/modules' (Backend.py|421)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:31] Disabling mysql backend and license management module: no customer in modules file (MySQL.py|492)e[0;0;0m
e[0;33;40m[4] [Oct 12 16:49:31] Failed to read opsi modules file '/etc/opsi/modules': [Errno 2] No such file or directory: u'/etc/opsi/modules' (Backend.py|421)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:31] Disabling mysql backend and license management module: no customer in modules file (MySQL.py|492)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:33] Setting rights on directory u'/etc/opsi' (Rights.py|121)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:33] Setting rights on directory u'/var/log/opsi' (Rights.py|121)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:33] Setting rights on directory u'/var/lib/opsi' (Rights.py|121)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:34] Setting rights on directory u'/home/opsiproducts' (Rights.py|121)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:34] Setting rights on directory u'/tftpboot/linux' (Rights.py|121)e[0;0;0m
e[0;33;40m[4] [Oct 12 16:49:34] Failed to read opsi modules file '/etc/opsi/modules': [Errno 2] No such file or directory: u'/etc/opsi/modules' (Backend.py|421)e[0;0;0m
e[0;32;40m[5] [Oct 12 16:49:34] Disabling mysql backend and license management module: no customer in modules file (MySQL.py|492)e[0;0;0m

There is mysql is disabled? Find some paths not? Is that right?


#7

MySQL is disabled as general backend. It is free however to use it for inventory data and should be configured to do so. Please look at this chapter in the getting started for more information about the backends.
The message about the missing /etc/opsi/modules file can be ignored.


#8

OK - thanks for this informations. I try it again with the new User. The User is in group “opsiadmin” and “opsifileadmin”. I try again to login, but no success.

The user credentials are correct. There no special characters or something. Only a word with small characters :wink:

BTW: Should a open a question in the german opsi-forum? My first language is german - but can i put in questions about Opsi4Ucs?


#9

You should check for logged messages in /var/log/opsi/opsiconfd/YOUR_IP.log.
Should give a hint on what is wrong.

You can also try the following commands on the shell of your server:

  • opsi-setup --set-rights
  • opsi-setup --init-current-config
  • service opsiconfd restart
  • service opsipxeconfd restart

This often helps but if the authentication fails there usually is something different wrong.

Natürlich kannst du auch im opsi-Forum fragen!
(Of course you ask in the opsi forum.)


#10

Here the solution:

ucr set --force samba/interfaces="$(ucr get samba/interfaces) lo"
service samba restart