1. Janos SUTO Avatar Janos SUTO
  2. Piler
  3. piler
  4. Issues

SSO Permission Denied

Issue #294 wontfix
Former user created an issue

Hi,

I get permission denied when trying to login via sso.php. I am running the Debian 7 - piler 0.1.24 ova and have updated php-ldap and can log in fine using login.php

The only thing I wasn't able to do in the instructions is the "uid=33(www-data) gid=33(www-data) groups=33(www-data),125(winbindd_priv)" step. Not sure if this is a command, it has a syntax error?

Nothing shows up in the /etc/log/mail.log.

The following shows up in piler.mydomain.com-access.log:

[29/Apr/2014:08:47:53 +0200] "GET /sso.php HTTP/1.1" 200 48 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36" [29/Apr/2014:08:47:53 +0200] "GET /favicon.ico HTTP/1.1" 404 198 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36"

The following in piler.mydomain.com-error.log:

2014/04/29 08:47:55 [error] 2490#0: *30 open() "/var/www/hgarchive.hickory.com.au/favicon.ico" failed (2: No such file or directory), client: 10.1.1.10, server: piler.mydomain.com, request: "GET /favicon.ico HTTP/1.1", host: "piler.mydomain.com"

Comments (12)

  1. Janos SUTO repo owner

    "uid=33(www-data) gid=33(www-data) groups=33(www-data),125(winbindd_priv)" is not a command, rather the result. Use the usermod command to put www-data user to the winbindd_priv group.

    The missing favicon.ico (in the error log) is rather a cosmetic issue.

  3. Craig X

    so the command is "usermod -G winbindd_priv www-data". I ran that without any error.

    which log file would be logging these access denied errors? Where would you suggest I look for issues?

  4. Janos SUTO repo owner

    Thanks for the command :-) Please set the apache ErrorLevel to "debug", and try to login again. Also make sure that you have a helper account in AD that piler needs:

    $config['LDAP_HELPER_DN'] = 'cn=...'; $config['LDAP_HELPER_PASSWORD'] = 'xxxxxxx';

  5. Craig X

    Thanks, I believe the HELPER config details are correct because LDAP lookups are successful when logging in with login.php, I am only getting access denied on sso.php.

    I have the line LogLevel debug in /etc/apache2/apache2.conf already.

  6. Craig X

    Just thought I would add the only other thing I have done outside of the instructions is added another hard drive and mounted it to /var. I formatted the new volume to a ext4 logical volume and did a mv /var to the new location then remounted it as /var. Not sure if that would have any implications (specific to single sign on)?

  7. Janos SUTO repo owner

    The /var remake should NOT cause any sso problem. Please try an sso login, then show me the apache debug logs to see what's going on.

  9. Janos SUTO repo owner

    Sorry to confuse you. Debug is the name of the loglevel. So in a nutshell, check the error log for clues what happens.

  10. Craig X

    Does the LogLevel debug line have to be in /etc/apache2/apache2.conf ??

    Nothing shows up in the piler.mydomain.com-error.log (apart from the missing fav.ico).

  11. Janos SUTO repo owner

    Yes, it's fine to have it in /etc/apache2/apache2.conf. I assume you have restarted apache, and logged in to the windows network, so please check other error log files (if there are any). If you just can't make it, then I may help via a teamviewer session. If you are interested in, then find me on skype (janos.suto).

  13. Log in to comment
Assignee
Type
bug
Priority
minor
Status
wontfix
Votes
0
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!