Hello Eugene,
can you try that:
sqlite3 db.sqlite3
UPDATE "auth_user" set
password='pbkdf2_sha256$20000$Z2Lhr1cW8QM0$mN9PtNhxneIDzApqFa4uG8V44IXqHe+r7yootSoSzJQ='
where username='admin';
the password is p@ck3tf3nc3
Regards
Fabrice
Le 2018-02-03 à 01:31, E.P. a écrit :
>
> Hi Fabrice,
>
> I feel awkward resurrecting this topic but I believe something
> happened to PKI after I upgraded PF to 7.4
>
> Really want it to be not connected with it but I can’t login to PKI
> admin interface.
>
> The login page shows normally with a prompt for username/password, I
> enter previously used admin/password credentials but nothing happens.
>
> I need to grab RADIUS server certificate to manually install it to
> Windows 10 machines so that they validate the server properly
>
> Logs under /usr/local/packetfence-pki/logs don’t show anything that
> would give me a clue except of these events:
>
>
>
> [root@PacketFence-ZEN logs]# cat ./packetfence_pki.access.log
> 172.16.0.100 - - [03/Feb/2018:03:16:06 +0000] "POST / HTTP/1.1" 200
> 2483 "https://172.16.0.222:9393/"; "Mozilla/5.0 (Windows NT 6.1; Win64;
> x64; rv:58.0) Gecko/20100101 Firefox/58.0"
>
> [root@PacketFence-ZEN logs]# cat ./error.log
> <snip>
> [Sat Feb 03 05:09:16.445232 2018] [:error] [pid 1050]
> /usr/lib/python2.7/site-packages/bootstrap3/bootstrap.py:5:
> RemovedInDjango19Warning: django.utils.importlib will be removed in
> Django 1.9.
>
> [root@PacketFence-ZEN logs]# cat ./packetfence_pki.error.log
> [Sat Feb 03 03:14:11.433371 2018] [ssl:warn] [pid 27722] AH01909: RSA
> certificate configured for pki:443 does NOT include an ID which
> matches the server name
>
> Eugene
>
>
>
>
>
> *From:*Fabrice Durand [mailto:[email protected]]
> *Sent:* Wednesday, January 03, 2018 12:26 PM
> *To:* E.P.
> *Cc:* [email protected]
> *Subject:* Re: [PacketFence-users] PKI installation
>
>
>
> Just for information, i uploaded a new version of the packetfence-pki
> for centos7 who fix all the install issues.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-12-12 à 23:58, E.P. a écrit :
>
> Well, I’m taking my hat off in front of you, no kidding and pun
> intended ;)
>
> Do you need traceback from the error page ?
>
>
>
> *From:*Durand fabrice [mailto:[email protected]]
> *Sent:* Tuesday, December 12, 2017 7:02 PM
> *To:* E.P.
> *Cc:* [email protected]
> <mailto:[email protected]>
> *Subject:* Re: [PacketFence-users] PKI installation
>
>
>
> ah ah don't worry , i like to have challenge like that to be able
> to fix the issue for better user experience.
>
> I coded the pki so i want to make it work.
>
>
>
>
>
> Le 2017-12-12 à 21:48, E.P. a écrit :
>
> Sure, take your time, Fabrice. I have a special knack of
> running into troubles in cases when others didn’t have any :)
>
>
> Eugene
>
> Sent from iPhone
>
>
> On Dec 12, 2017, at 18:18, Durand fabrice <[email protected]
> <mailto:[email protected]>> wrote:
>
> Ok let me try to install the pki on the zen and i will be
> back to you.
>
> i have installed the pki on 10 servers not a long time ago
> without any issue.
>
>
>
>
>
> Le 2017-12-12 à 20:52, E.P. a écrit :
>
> Yes, db.sqlite3 was owned by root
>
>
>
> [root@PacketFence-ZEN packetfence-pki]# ls -al
>
> total 56
>
> drwxr-xr-x 7 pf pf 128 Dec 12 08:49 .
>
> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>
> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>
> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>
> */-rw-r--r-- 1 root root 43008 Dec 12 08:44 db.sqlite3/*
>
> drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
>
> drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
>
> -rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
>
> -rw-r--r-- 1 root root 6 Dec 12 08:49
> packetfence-pki.pid
>
> drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
>
>
>
> Changed the file ownership to pf:pf
>
>
>
> [root@PacketFence-ZEN packetfence-pki]# ls -al
>
> total 100
>
> drwxr-xr-x 7 pf pf 147 Dec 13 01:45 .
>
> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>
> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>
> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>
> */-rw-r--r-- 1 pf pf 43008 Dec 13 01:45 db.sqlite3/*
>
> /drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse/
>
> /drwxrws--- 2 pf pf 90 Dec 12 01:35 logs/
>
> /-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py/
>
> /-rw-r--r-- 1 root root 5 Dec 13 01:43
> packetfence-pki.pid/
>
> /drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki/
>
>
>
> But trying to login to the PKI webpage brings me back
> to the same original error “no such table: pki_ca”
> which I showed earlier. I tried to follow your
> previous advise about renaming the db.sqlite3 file and
> running migration but the behavior is consistent. Is
> it OK that the PKI process ID file is also owned by root ?
>
>
>
> *From:*Fabrice Durand [mailto:[email protected]]
> *Sent:* Tuesday, December 12, 2017 5:35 AM
> *To:* E.P.; [email protected]
> <mailto:[email protected]>
> *Subject:* Re: [PacketFence-users] PKI installation
>
>
>
> Just change the owner of the sqlite file to pf and it
> should be ok.
>
> Btw all these steps are made in the packaging, so it
> probably failled or never finish correctly.
>
> I will do a test on my side.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-12-12 à 03:47, E.P. a écrit :
>
> Well, we are getting closer ;)
>
> Ran the python script to migrate the database it
> completed
>
>
>
> [root@PacketFence-ZEN packetfence-pki]# python
> manage.py migrate
>
> Operations to perform:
>
> Synchronize unmigrated apps: staticfiles,
> rest_framework, messages, bootstrap3
>
> Apply all migrations: authtoken, sessions,
> admin, auth, contenttypes, pki
>
> Synchronizing apps without migrations:
>
> Creating tables...
>
> Running deferred SQL...
>
> Installing custom SQL...
>
> Running migrations:
>
> Rendering model states... DONE
>
> Applying contenttypes.0001_initial... OK
>
> Applying auth.0001_initial... OK
>
> Applying admin.0001_initial... OK
>
> Applying
> contenttypes.0002_remove_content_type_name... OK
>
> Applying
> auth.0002_alter_permission_name_max_length... OK
>
> Applying auth.0003_alter_user_email_max_length... OK
>
> Applying auth.0004_alter_user_username_opts... OK
>
> Applying auth.0005_alter_user_last_login_null... OK
>
> Applying auth.0006_require_contenttypes_0002... OK
>
> Applying authtoken.0001_initial... OK
>
> Applying pki.0001_initial... OK
>
> Applying sessions.0001_initial... OK
>
>
>
> But the attempt to login to PKI failed again, now
> with a different error message:
>
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
> OperationalError at /
>
> attempt to write a readonly database
>
> *Request Method:*
>
>
>
> POST
>
> *Request URL:*
>
>
>
> https://192.168.2.25:9393/
>
> *Django Version:*
>
>
>
> 1.8.1
>
> *Exception Type:*
>
>
>
> OperationalError
>
> *Exception Value:*
>
>
>
> attempt to write a readonly database
>
> *Exception Location:*
>
>
>
>
> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py
> in execute, line 318
>
> *Python Executable:*
>
>
>
> /bin/python
>
> *Python Version:*
>
>
>
> 2.7.5
>
> *Python Path:*
>
>
>
> ['/usr/lib64/python27.zip',
>
> '/usr/lib64/python2.7',
>
> '/usr/lib64/python2.7/plat-linux2',
>
> '/usr/lib64/python2.7/lib-tk',
>
> '/usr/lib64/python2.7/lib-old',
>
> '/usr/lib64/python2.7/lib-dynload',
>
> '/usr/lib64/python2.7/site-packages',
>
> '/usr/lib/python2.7/site-packages',
>
> '/usr/local/packetfence-pki',
>
> '/usr/local/packetfence-pki/inverse']
>
> *Server time:*
>
>
>
> Tue, 12 Dec 2017 08:45:28 +0000
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
> *From:*Durand fabrice [mailto:[email protected]]
> *Sent:* Monday, December 11, 2017 7:20 PM
> *To:* E.P.;
> [email protected]
> <mailto:[email protected]>
> *Subject:* Re: [PacketFence-users] PKI installation
>
>
>
> Looks that the db hasn't been initialized , can
> you do that in /usr/local/packetfence-pki
>
> rm db3.sqlite
>
> python manage.py migrate
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-12-11 à 21:55, E.P. a écrit :
>
> I was a bit premature with my report that it
> worked ;)
>
> After logging into the PKI page I ended up
> with this error:
>
>
>
> OperationalError at /
>
> no such table: pki_ca
>
> *Request Method:*
>
>
>
> POST
>
> *Request URL:*
>
>
>
> https://192.168.2.25:9393/
>
> *Django Version:*
>
>
>
> 1.8.1
>
> *Exception Type:*
>
>
>
> OperationalError
>
> *Exception Value:*
>
>
>
> no such table: pki_ca
>
> *Exception Location:*
>
>
>
>
> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py
> in execute, line 318
>
> *Python Executable:*
>
>
>
> /bin/python
>
> *Python Version:*
>
>
>
> 2.7.5
>
> *Python Path:*
>
>
>
> ['/usr/lib64/python27.zip',
>
> '/usr/lib64/python2.7',
>
> '/usr/lib64/python2.7/plat-linux2',
>
> '/usr/lib64/python2.7/lib-tk',
>
> '/usr/lib64/python2.7/lib-old',
>
> '/usr/lib64/python2.7/lib-dynload',
>
> '/usr/lib64/python2.7/site-packages',
>
> '/usr/lib/python2.7/site-packages',
>
> '/usr/local/packetfence-pki',
>
> '/usr/local/packetfence-pki/inverse']
>
> *Server time:*
>
>
>
> Tue, 12 Dec 2017 02:53:21 +0000
>
>
>
>
>
> And there’s a whole lot of traceback that I
> can show but it will make this post unreadable
>
>
>
>
>
> *From:*E.P. [mailto:[email protected]]
> *Sent:* Monday, December 11, 2017 6:52 PM
> *To:* 'Durand fabrice';
> '[email protected]
> <mailto:[email protected]>'
> *Subject:* RE: [PacketFence-users] PKI
> installation
>
>
>
> Hm…
>
> I was stubbornly persisting on this service
> showing in the output of netstat.
>
> But now I can have the webpage for PKI come
> up. Strange…
>
> But it looks like it is now working.
>
> I REALLY appreciate your assistance, Fabrice,
> and the whole effort you do to create and
> maintain this product.
>
> I anticipate a pleasure after having it
> deployed and tuned to our requirements
>
>
>
> Eugene
>
>
>
> *From:*E.P. [mailto:[email protected]]
> *Sent:* Monday, December 11, 2017 6:44 PM
> *To:* 'Durand fabrice';
> [email protected]
> <mailto:[email protected]>
> *Subject:* RE: [PacketFence-users] PKI
> installation
>
>
>
> Yes, Fabrice, I made sure I uncommented
> iptables rules for this service.
>
> Here’s the extract from iptables.conf file:
>
>
>
> # PacketFence-PKI
>
> *-A input-management-if --protocol tcp --match
> tcp --dport 9393 --jump ACCEPT*
>
> -A input-management-if --protocol tcp --match
> tcp --dport 9292 --jump ACCEPT
>
>
>
> Here’s the extract from the output of
> “iptables –L”
>
>
>
>
>
> Chain input-management-if (1 references)
>
> target prot opt source
> destination
>
> ACCEPT tcp -- anywhere
> anywhere state NEW tcp dpt:ssh
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:http
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:https
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:ies-lm
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:websm
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:arcp
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:sun-as-jpda
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:marcam-lm
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:armtechdaemon
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:cslistener
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:mailbox
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:afs3-prserver
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:radius
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:radius
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:radius-acct
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:radius-acct
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:mmpft
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:mmpft
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:radsec
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:snmptrap
>
> ACCEPT udp -- anywhere
> anywhere udp dpt:bootps
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:bootps
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:9392
>
> ACCEPT tcp -- anywhere
> anywhere tcp dpt:8834
>
> *ACCEPT tcp -- anywhere
> anywhere tcp dpt:9393*
>
>
>
> And nothing to listen on port 9393
>
>
>
> [root@PacketFence-ZEN conf]# netstat -antlp |
> grep 9393
>
> Press any key to continue...
>
>
>
>
>
>
>
> --
>
> Fabrice Durand
>
> [email protected] <mailto:[email protected]> ::
> +1.514.447.4918 (x135) :: www.inverse.ca <http://www.inverse.ca>
>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
> PacketFence (http://packetfence.org)
>
>
>
>
>
>
>
> --
> Fabrice Durand
> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135) ::
> www.inverse.ca <http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
