đź‘Ť (thumb up) !
Thanks, Fabrice. I thought that it may have to do with sqlite database but
wanted to confirm it
Eugene
Sent from iPhone
> On Feb 6, 2018, at 06:00, Fabrice Durand <[email protected]> wrote:
>
> Hello Eugene,
>
> can you try that:
>
> sqlite3 db.sqlite3
>
> UPDATE "auth_user" set
> password='pbkdf2_sha256$20000$Z2Lhr1cW8QM0$mN9PtNhxneIDzApqFa4uG8V44IXqHe+r7yootSoSzJQ='
> where username='admin';
>
> the password is p@ck3tf3nc3
>
>
> Regards
>
> Fabrice
>
>
>
>> Le 2018-02-03 Ă 01:31, E.P. a Ă©crit :
>> Hi Fabrice,
>> I feel awkward resurrecting this topic but I believe something happened to
>> PKI after I upgraded PF to 7.4
>> Really want it to be not connected with it but I can’t login to PKI admin
>> interface.
>> The login page shows normally with a prompt for username/password, I enter
>> previously used admin/password credentials but nothing happens.
>> I need to grab RADIUS server certificate to manually install it to Windows
>> 10 machines so that they validate the server properly
>> Logs under /usr/local/packetfence-pki/logs don’t show anything that would
>> give me a clue except of these events:
>>
>> [root@PacketFence-ZEN logs]# cat ./packetfence_pki.access.log
>> 172.16.0.100 - - [03/Feb/2018:03:16:06 +0000] "POST / HTTP/1.1" 200 2483
>> "https://172.16.0.222:9393/"; "Mozilla/5.0 (Windows NT 6.1; Win64; x64;
>> rv:58.0) Gecko/20100101 Firefox/58.0"
>>
>> [root@PacketFence-ZEN logs]# cat ./error.log
>> <snip>
>> [Sat Feb 03 05:09:16.445232 2018] [:error] [pid 1050]
>> /usr/lib/python2.7/site-packages/bootstrap3/bootstrap.py:5:
>> RemovedInDjango19Warning: django.utils.importlib will be removed in Django
>> 1.9.
>>
>> [root@PacketFence-ZEN logs]# cat ./packetfence_pki.error.log
>> [Sat Feb 03 03:14:11.433371 2018] [ssl:warn] [pid 27722] AH01909: RSA
>> certificate configured for pki:443 does NOT include an ID which matches the
>> server name
>>
>> Eugene
>>
>>
>> From: Fabrice Durand [mailto:[email protected]]
>> Sent: Wednesday, January 03, 2018 12:26 PM
>> To: E.P.
>> Cc: [email protected]
>> Subject: Re: [PacketFence-users] PKI installation
>>
>> Just for information, i uploaded a new version of the packetfence-pki for
>> centos7 who fix all the install issues.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2017-12-12 Ă 23:58, E.P. a Ă©crit :
>> Well, I’m taking my hat off in front of you, no kidding and pun intended ;)
>> Do you need traceback from the error page ?
>>
>> From: Durand fabrice [mailto:[email protected]]
>> Sent: Tuesday, December 12, 2017 7:02 PM
>> To: E.P.
>> Cc: [email protected]
>> Subject: Re: [PacketFence-users] PKI installation
>>
>> ah ah don't worry , i like to have challenge like that to be able to fix the
>> issue for better user experience.
>>
>> I coded the pki so i want to make it work.
>>
>>
>>
>>
>> Le 2017-12-12 Ă 21:48, E.P. a Ă©crit :
>> Sure, take your time, Fabrice. I have a special knack of running into
>> troubles in cases when others didn’t have any :)
>>
>> Eugene
>> Sent from iPhone
>>
>> On Dec 12, 2017, at 18:18, Durand fabrice <[email protected]> wrote:
>>
>> Ok let me try to install the pki on the zen and i will be back to you.
>>
>> i have installed the pki on 10 servers not a long time ago without any issue.
>>
>>
>>
>>
>> Le 2017-12-12 Ă 20:52, E.P. a Ă©crit :
>> Yes, db.sqlite3 was owned by root
>>
>> [root@PacketFence-ZEN packetfence-pki]# ls -al
>> total 56
>> drwxr-xr-x 7 pf pf 128 Dec 12 08:49 .
>> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>> -rw-r--r-- 1 root root 43008 Dec 12 08:44 db.sqlite3
>> drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
>> drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
>> -rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
>> -rw-r--r-- 1 root root 6 Dec 12 08:49 packetfence-pki.pid
>> drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
>>
>> Changed the file ownership to pf:pf
>>
>> [root@PacketFence-ZEN packetfence-pki]# ls -al
>> total 100
>> drwxr-xr-x 7 pf pf 147 Dec 13 01:45 .
>> drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
>> drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
>> drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
>> -rw-r--r-- 1 pf pf 43008 Dec 13 01:45 db.sqlite3
>> drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
>> drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
>> -rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
>> -rw-r--r-- 1 root root 5 Dec 13 01:43 packetfence-pki.pid
>> drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
>>
>> But trying to login to the PKI webpage brings me back to the same original
>> error “no such table: pki_ca” which I showed earlier. I tried to follow your
>> previous advise about renaming the db.sqlite3 file and running migration but
>> the behavior is consistent. Is it OK that the PKI process ID file is also
>> owned by root ?
>>
>> From: Fabrice Durand [mailto:[email protected]]
>> Sent: Tuesday, December 12, 2017 5:35 AM
>> To: E.P.; [email protected]
>> Subject: Re: [PacketFence-users] PKI installation
>>
>> Just change the owner of the sqlite file to pf and it should be ok.
>>
>> Btw all these steps are made in the packaging, so it probably failled or
>> never finish correctly.
>>
>> I will do a test on my side.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2017-12-12 Ă 03:47, E.P. a Ă©crit :
>> Well, we are getting closer ;)
>> Ran the python script to migrate the database it completed
>>
>> [root@PacketFence-ZEN packetfence-pki]# python manage.py migrate
>> Operations to perform:
>> Synchronize unmigrated apps: staticfiles, rest_framework, messages,
>> bootstrap3
>> Apply all migrations: authtoken, sessions, admin, auth, contenttypes, pki
>> Synchronizing apps without migrations:
>> Creating tables...
>> Running deferred SQL...
>> Installing custom SQL...
>> Running migrations:
>> Rendering model states... DONE
>> Applying contenttypes.0001_initial... OK
>> Applying auth.0001_initial... OK
>> Applying admin.0001_initial... OK
>> Applying contenttypes.0002_remove_content_type_name... OK
>> Applying auth.0002_alter_permission_name_max_length... OK
>> Applying auth.0003_alter_user_email_max_length... OK
>> Applying auth.0004_alter_user_username_opts... OK
>> Applying auth.0005_alter_user_last_login_null... OK
>> Applying auth.0006_require_contenttypes_0002... OK
>> Applying authtoken.0001_initial... OK
>> Applying pki.0001_initial... OK
>> Applying sessions.0001_initial... OK
>>
>> But the attempt to login to PKI failed again, now with a different error
>> message:
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> OperationalError at /
>>
>> attempt to write a readonly database
>> Request Method:
>> POST
>> Request URL:
>> https://192.168.2.25:9393/
>> Django Version:
>> 1.8.1
>> Exception Type:
>> OperationalError
>> Exception Value:
>> attempt to write a readonly database
>> Exception Location:
>> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py in
>> execute, line 318
>> Python Executable:
>> /bin/python
>> Python Version:
>> 2.7.5
>> Python Path:
>> ['/usr/lib64/python27.zip',
>> '/usr/lib64/python2.7',
>> '/usr/lib64/python2.7/plat-linux2',
>> '/usr/lib64/python2.7/lib-tk',
>> '/usr/lib64/python2.7/lib-old',
>> '/usr/lib64/python2.7/lib-dynload',
>> '/usr/lib64/python2.7/site-packages',
>> '/usr/lib/python2.7/site-packages',
>> '/usr/local/packetfence-pki',
>> '/usr/local/packetfence-pki/inverse']
>> Server time:
>> Tue, 12 Dec 2017 08:45:28 +0000
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> From: Durand fabrice [mailto:[email protected]]
>> Sent: Monday, December 11, 2017 7:20 PM
>> To: E.P.; [email protected]
>> Subject: Re: [PacketFence-users] PKI installation
>>
>> Looks that the db hasn't been initialized , can you do that in
>> /usr/local/packetfence-pki
>>
>> rm db3.sqlite
>>
>> python manage.py migrate
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2017-12-11 Ă 21:55, E.P. a Ă©crit :
>> I was a bit premature with my report that it worked ;)
>> After logging into the PKI page I ended up with this error:
>>
>> OperationalError at /
>> no such table: pki_ca
>>
>> Request Method:
>> POST
>> Request URL:
>> https://192.168.2.25:9393/
>> Django Version:
>> 1.8.1
>> Exception Type:
>> OperationalError
>> Exception Value:
>> no such table: pki_ca
>> Exception Location:
>> /usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py in
>> execute, line 318
>> Python Executable:
>> /bin/python
>> Python Version:
>> 2.7.5
>> Python Path:
>> ['/usr/lib64/python27.zip',
>> '/usr/lib64/python2.7',
>> '/usr/lib64/python2.7/plat-linux2',
>> '/usr/lib64/python2.7/lib-tk',
>> '/usr/lib64/python2.7/lib-old',
>> '/usr/lib64/python2.7/lib-dynload',
>> '/usr/lib64/python2.7/site-packages',
>> '/usr/lib/python2.7/site-packages',
>> '/usr/local/packetfence-pki',
>> '/usr/local/packetfence-pki/inverse']
>> Server time:
>> Tue, 12 Dec 2017 02:53:21 +0000
>>
>>
>> And there’s a whole lot of traceback that I can show but it will make this
>> post unreadable
>>
>>
>> From: E.P. [mailto:[email protected]]
>> Sent: Monday, December 11, 2017 6:52 PM
>> To: 'Durand fabrice'; '[email protected]'
>> Subject: RE: [PacketFence-users] PKI installation
>>
>> Hm…
>> I was stubbornly persisting on this service showing in the output of netstat.
>> But now I can have the webpage for PKI come up. Strange…
>> But it looks like it is now working.
>> I REALLY appreciate your assistance, Fabrice, and the whole effort you do to
>> create and maintain this product.
>> I anticipate a pleasure after having it deployed and tuned to our
>> requirements
>>
>> Eugene
>>
>> From: E.P. [mailto:[email protected]]
>> Sent: Monday, December 11, 2017 6:44 PM
>> To: 'Durand fabrice'; [email protected]
>> Subject: RE: [PacketFence-users] PKI installation
>>
>> Yes, Fabrice, I made sure I uncommented iptables rules for this service.
>> Here’s the extract from iptables.conf file:
>>
>> # PacketFence-PKI
>> -A input-management-if --protocol tcp --match tcp --dport 9393 --jump ACCEPT
>> -A input-management-if --protocol tcp --match tcp --dport 9292 --jump ACCEPT
>>
>> Here’s the extract from the output of “iptables –L”
>>
>>
>> Chain input-management-if (1 references)
>> target prot opt source destination
>> ACCEPT tcp -- anywhere anywhere state NEW tcp
>> dpt:ssh
>> ACCEPT tcp -- anywhere anywhere tcp dpt:http
>> ACCEPT tcp -- anywhere anywhere tcp dpt:https
>> ACCEPT tcp -- anywhere anywhere tcp dpt:ies-lm
>> ACCEPT tcp -- anywhere anywhere tcp dpt:websm
>> ACCEPT tcp -- anywhere anywhere tcp dpt:arcp
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:sun-as-jpda
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:marcam-lm
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:armtechdaemon
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:cslistener
>> ACCEPT tcp -- anywhere anywhere tcp dpt:mailbox
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:afs3-prserver
>> ACCEPT tcp -- anywhere anywhere tcp dpt:radius
>> ACCEPT udp -- anywhere anywhere udp dpt:radius
>> ACCEPT tcp -- anywhere anywhere tcp
>> dpt:radius-acct
>> ACCEPT udp -- anywhere anywhere udp
>> dpt:radius-acct
>> ACCEPT tcp -- anywhere anywhere tcp dpt:mmpft
>> ACCEPT udp -- anywhere anywhere udp dpt:mmpft
>> ACCEPT tcp -- anywhere anywhere tcp dpt:radsec
>> ACCEPT udp -- anywhere anywhere udp
>> dpt:snmptrap
>> ACCEPT udp -- anywhere anywhere udp dpt:bootps
>> ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9392
>> ACCEPT tcp -- anywhere anywhere tcp dpt:8834
>> ACCEPT tcp -- anywhere anywhere tcp dpt:9393
>>
>> And nothing to listen on port 9393
>>
>> [root@PacketFence-ZEN conf]# netstat -antlp | grep 9393
>> Press any key to continue...
>>
>>
>>
>>
>>
>> --
>> Fabrice Durand
>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>>
>> --
>> Fabrice Durand
>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>
> --
> Fabrice Durand
> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
