Seite 1 von 1
Opsi service permission error
Verfasst: 17 Apr 2024, 23:25
von mb253400
Hey I'm trying to join a computer to the opsi.
opsi is active directory integrated, pcpatch is an ad user, and when we try to join a computer to the opsi this is the error message we are getting.
Opsi rpc error; Opsi service permission error: No permission for method 'host_getO on server), I have tried running opsi-setup-rights, opsiconfd setup and restart the opsi confd service but still no luck. Any help will be appreciated. Thanks.
Re: Opsi service permission error
Verfasst: 18 Apr 2024, 07:29
von fkalweit
Hello,
there may be something wrong with the acl configuration. It is best to compare the /etc/opsi/backendManager/acl.conf with the acl.conf from our package:
opsi 4.3:
https://github.com/opsi-org/opsiconfd/b ... r/acl.conf
The log file /var/log/opsi/opsiconfd/opsiconfd.log and <client-ip>.log could also help with troubleshooting.
Best regards
Fabian
Re: Opsi service permission error
Verfasst: 23 Apr 2024, 00:14
von mb253400
Hello Fkalweit,
Thanks for reaching out, Yes apparently the pcpatch user wasn't part of the admingroup mentioned in opsi.conf file. I have fixed that issue. the setup script now runs but I ran into a new issue "Installation unsuccessful: Installation of opsi-client-agent on client "Client-ID" unsuccessful.
Here is the error message in opsiconfd.log file
Failed to update PXE boot configuration for client 'Client-ID: Failed to connect to socket '/var/run/opsipxeconfd/opsipxeconfd.socket': [Errno 13] Permission denied (opsipxeconfd.py:104)
Here is the error message in ClintComputerIP.log
[ClintComputerIP ] Opsi service permission error: Not an admin user 'Client-ID' POST //rpc (session.py:291)
Any help will be appreciated. Thanks
Best Regards,
Mustafa Bhatti
Re: Opsi service permission error
Verfasst: 23 Apr 2024, 07:48
von fkalweit
Hallo,
An admin user must be used for the first installation. Here is the link to the documentation:
https://docs.opsi.org/opsi-docs-en/4.3/ ... -installer
If this is not the problem, then there should be a log file from the client agent installation on the client. You may be able to see the error there.
Viele Grüße
Fabian
Re: Opsi service permission error
Verfasst: 25 Apr 2024, 00:25
von mb253400
Hello,
I've sent you a pm. Will appreciate if you can have a look. Thanks
Re: Opsi service permission error
Verfasst: 30 Apr 2024, 11:21
von wolfbardo
Please provide more information with which
- method yor joined the opsi-server to the Active Directory ,
- which OS your opsi-server is running
and more details/logs on the failed opsi-client-agent Installation.
Whiched method you use for the opsi-client-agent installation
Do you have any logs, for instance the log file c:\opsi.org\log\opsi-client-agent.log respectively the logfile from the oca-installation-helper.exe or the
the log file /var/log/opsi/opsiconfd/opsiconfd.log and <client-ip>.log
You can send the logs referring to this thread via mail to info|at>uib.de
kind regards,
bardo wolf
Re: Opsi service permission error
Verfasst: 01 Mai 2024, 20:35
von mb253400
Hello bardo,
Thanks for reaching out. I'm not sure about the method used to join the opsi-server to the active directory, but that seem to work perfectly fine. the OPSI server is running on Linux OS and clients are using windows. I have shared detailed required logs to info|at>uib.de. I'm running servicesetup.cmd sript which calls the oca-installation-helper.exe.
@echo off
cls
echo Starting oca-installation-helper.exe, please wait...
if "%~1" == "/u" (
call %~dp0\oca-installation-helper.exe --non-interactive
) else (
call %~dp0\oca-installation-helper.exe
)
I have tried running opsi-client-agent-installer.exe under Index of /public/opsi-client-agent/. but still the same error.
When I run the oca-installation-helper.exe it works fine until it says sending log files to the server. It shows not responding and gives an error installation failed.
Re: Opsi service permission error
Verfasst: 02 Mai 2024, 16:35
von wolfbardo
One should use the oca-installation-helper.exe
Thanks for the log-file opsi-client-agent.log.
The client gets an IPv4 address
[1] [2024-05-01 13:57:49.500] [opsi-client-agent] 192.168.xx.x - IP address
but the opsi-server has an ipv6 address in line 28/29
[6] [2024-05-01 13:57:47.346] [opsi-client-agent] 1. IP: fd6a:5f0f:85ca:777 7::ac10:8f1
[3] [2024-05-01 13:57:47.346] [opsi-client-agent] Server (opsi.datatrak.lan) unreachable. Could not resolve FQDN to valid IP-Address.
and the name could not be resolved.
Is this the correct scenario in your environment?
Can the client reach the opsiserver on port 4447?
Kind regards,
bardo wolf