forum.opsi.org

Hey I'm trying to join a computer to the opsi.
opsi is active directory integrated, pcpatch is an ad user, and when we try to join a computer to the opsi this is the error message we are getting.
Opsi rpc error; Opsi service permission error: No permission for method 'host_getO on server), I have tried running opsi-setup-rights, opsiconfd setup and restart the opsi confd service but still no luck. Any help will be appreciated. Thanks.

Hello,

there may be something wrong with the acl configuration. It is best to compare the /etc/opsi/backendManager/acl.conf with the acl.conf from our package:
opsi 4.3: https://github.com/opsi-org/opsiconfd/b ... r/acl.conf

The log file /var/log/opsi/opsiconfd/opsiconfd.log and <client-ip>.log could also help with troubleshooting.

Best regards
Fabian

Hello Fkalweit,
Thanks for reaching out, Yes apparently the pcpatch user wasn't part of the admingroup mentioned in opsi.conf file. I have fixed that issue. the setup script now runs but I ran into a new issue "Installation unsuccessful: Installation of opsi-client-agent on client "Client-ID" unsuccessful.
Here is the error message in opsiconfd.log file
Failed to update PXE boot configuration for client 'Client-ID: Failed to connect to socket '/var/run/opsipxeconfd/opsipxeconfd.socket': [Errno 13] Permission denied (opsipxeconfd.py:104)
Here is the error message in ClintComputerIP.log
[ClintComputerIP ] Opsi service permission error: Not an admin user 'Client-ID' POST //rpc (session.py:291)
Any help will be appreciated. Thanks

Best Regards,
Mustafa Bhatti

Hallo,

An admin user must be used for the first installation. Here is the link to the documentation:

https://docs.opsi.org/opsi-docs-en/4.3/ ... -installer

If this is not the problem, then there should be a log file from the client agent installation on the client. You may be able to see the error there.

Viele Grüße
Fabian

Hello,

I've sent you a pm. Will appreciate if you can have a look. Thanks

Please provide more information with which
- method yor joined the opsi-server to the Active Directory ,
- which OS your opsi-server is running

and more details/logs on the failed opsi-client-agent Installation.

Whiched method you use for the opsi-client-agent installation

Do you have any logs, for instance the log file c:\opsi.org\log\opsi-client-agent.log respectively the logfile from the oca-installation-helper.exe or the
the log file /var/log/opsi/opsiconfd/opsiconfd.log and <client-ip>.log

You can send the logs referring to this thread via mail to info|at>uib.de

kind regards,
bardo wolf

Hello bardo,
Thanks for reaching out. I'm not sure about the method used to join the opsi-server to the active directory, but that seem to work perfectly fine. the OPSI server is running on Linux OS and clients are using windows. I have shared detailed required logs to info|at>uib.de. I'm running servicesetup.cmd sript which calls the oca-installation-helper.exe.
@echo off
cls
echo Starting oca-installation-helper.exe, please wait...
if "%~1" == "/u" (
call %~dp0\oca-installation-helper.exe --non-interactive
) else (
call %~dp0\oca-installation-helper.exe
)
I have tried running opsi-client-agent-installer.exe under Index of /public/opsi-client-agent/. but still the same error.
When I run the oca-installation-helper.exe it works fine until it says sending log files to the server. It shows not responding and gives an error installation failed.

One should use the oca-installation-helper.exe

Thanks for the log-file opsi-client-agent.log.

The client gets an IPv4 address
[1] [2024-05-01 13:57:49.500] [opsi-client-agent] 192.168.xx.x - IP address

but the opsi-server has an ipv6 address in line 28/29

[6] [2024-05-01 13:57:47.346] [opsi-client-agent] 1. IP: fd6a:5f0f:85ca:777 7::ac10:8f1
[3] [2024-05-01 13:57:47.346] [opsi-client-agent] Server (opsi.datatrak.lan) unreachable. Could not resolve FQDN to valid IP-Address.

and the name could not be resolved.

Is this the correct scenario in your environment?
Can the client reach the opsiserver on port 4447?

Kind regards,
bardo wolf