Community Forum

stuliet
stuliet
Offline
Resolved
0 votes
First the good; I have just upgraded from CC5.0 to ClearOs5.1 and everything has mostly gone OK :)

Now the bad; I cannot login to the Webconfig to actually change anything. I can get to Samba shares/Websites/etc that existed before the upgrade and can also ssh to the server as root.

I think I have problems with the sudoers file as I see the messages below when trying to logon to webconfig.

Any ideas? :unsure:

Thanks,

-- Stuart


/var/log/secure;

Dec 27 08:56:11 mrnosey sudo: webconfig : sorry, you must have a tty to run sudo ; TTY=unknown ; PWD=/var/webconfig/htdocs ; USER=root ; COMMAND=/bin/ls /etc/kolab/kolab.conf


And turning on Webconfig debugging gives me;

/tmp/webconfig.log

Dec 27 9:08:19 EST 2009: 0.0003: error: debug: Daemon::__construct (131): called
Dec 27 9:08:19 EST 2009: 0.0026: error: debug: Software::__construct (126): called
Dec 27 9:08:21 EST 2009: 2.0776: error: debug: User::__construct (203): called
Dec 27 9:08:21 EST 2009: 2.0792: error: debug: User::CheckPassword (400): called
Dec 27 9:08:23 EST 2009: 4.0811: error: debug: User::_CalculateShaPassword (1373): called
Dec 27 9:08:23 EST 2009: 4.0816: error: debug: User::_GetLdapHandle (1780): called
Dec 27 9:08:23 EST 2009: 4.0819: error: debug: Ldap::__construct (136): called
Dec 27 9:08:23 EST 2009: 4.0822: error: debug: Daemon::__construct (131): called
Dec 27 9:08:23 EST 2009: 4.0829: error: debug: Software::__construct (126): called
Dec 27 9:08:23 EST 2009: 4.0840: error: debug: User::_GetUserInfo (1830): called
Dec 27 9:08:23 EST 2009: 4.0844: error: debug: Ldap::GetDnForUid (465): called
Dec 27 9:08:23 EST 2009: 4.0847: error: debug: Ldap::Bind (175): called
Dec 27 9:08:23 EST 2009: 4.0849: error: debug: Ldap::_LoadConfig (940): called
Dec 27 9:08:23 EST 2009: 4.0852: error: debug: ConfigurationFile::__construct (121): called
Dec 27 9:08:23 EST 2009: 4.0856: error: debug: File::__construct (273): called
Dec 27 9:08:23 EST 2009: 4.0866: error: debug: ConfigurationFile::Load (168): called
Dec 27 9:08:23 EST 2009: 4.0869: error: debug: File::GetContentsAsArray (334): called
Dec 27 9:08:23 EST 2009: 4.0871: error: debug: File::Exists (454): called
Dec 27 9:08:23 EST 2009: 4.0873: error: debug: ShellExec::__construct (74): called
Dec 27 9:08:23 EST 2009: 4.0878: error: debug: ShellExec::Execute (102): called
Dec 27 9:08:23 EST 2009: 4.0880: error: debug: ShellExec::Execute (105): command is: /bin/ls '/etc/kolab/kolab.conf'
Dec 27 9:08:23 EST 2009: 4.1073: error: debug: ShellExec::__destruct (220): called
Dec 27 9:08:23 EST 2009: 4.1079: exception: error: Ldap.class.php (947): File does not exist - - /etc/kolab/kolab.conf
Dec 27 9:08:23 EST 2009: exception: debug backtrace: Ldap.class.php (178): _LoadConfig
Dec 27 9:08:23 EST 2009: exception: debug backtrace: Ldap.class.php (468): Bind
Dec 27 9:08:23 EST 2009: exception: debug backtrace: User.class.php (1836): GetDnForUid
Dec 27 9:08:23 EST 2009: exception: debug backtrace: User.class.php (413): _GetUserInfo
Dec 27 9:08:23 EST 2009: exception: debug backtrace: Webconfig.inc.php (1096): CheckPassword
Dec 27 9:08:23 EST 2009: exception: debug backtrace: index.php (46): WebAuthenticate
Dec 27 9:08:23 EST 2009: 4.1088: error: debug: ConfigurationFile::__destruct (304): called
Dec 27 9:08:23 EST 2009: 4.1090: error: debug: File::__destruct (1499): called
Dec 27 9:08:23 EST 2009: 4.1092: exception: warning: User.class.php (1840): File does not exist - - /etc/kolab/kolab.conf
Dec 27 9:08:23 EST 2009: exception: debug backtrace: User.class.php (413): _GetUserInfo
Dec 27 9:08:23 EST 2009: exception: debug backtrace: Webconfig.inc.php (1096): CheckPassword
Dec 27 9:08:23 EST 2009: exception: debug backtrace: index.php (46): WebAuthenticate
Dec 27 9:08:23 EST 2009: 4.1108: error: debug: Webconfig::__destruct (519): called
Dec 27 9:08:23 EST 2009: 4.1111: error: debug: Daemon::__destruct (409): called
Dec 27 9:08:23 EST 2009: 4.1113: error: debug: Software::__destruct (462): called
Dec 27 9:08:23 EST 2009: 4.1115: error: debug: User::__destruct (1981): called
Dec 27 9:08:23 EST 2009: 4.1117: error: debug: Ldap::__destruct (962): called
Dec 27 9:08:23 EST 2009: 4.1119: error: debug: Daemon::__destruct (409): called
Dec 27 9:08:23 EST 2009: 4.1120: error: debug: Software::__destruct (462): called
Sunday, December 27 2009, 02:12 PM
Share this post:
Responses (7)
  • Accepted Answer

    stuliet
    stuliet
    Offline
    Sunday, December 27 2009, 08:30 PM - #Permalink
    Resolved
    0 votes
    We have a winner! :cheer:

    Many thanks; now I am off to see what else I have managed to break!
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, December 27 2009, 08:19 PM - #Permalink
    Resolved
    0 votes
    ## Sudoers allows particular users to run various commands as
    ## the root user, without needing the root password.
    ##
    ## Examples are provided at the bottom of the file for collections
    ## of related commands, which can then be delegated out to particular
    ## users or groups.
    ##
    ## This file must be edited with the 'visudo' command.

    ## Host Aliases
    ## Groups of machines. You may prefer to use hostnames (perhap using
    ## wildcards for entire domains) or IP addresses instead.
    # Host_Alias FILESERVERS = fs1, fs2
    # Host_Alias MAILSERVERS = smtp, smtp2

    ## User Aliases
    ## These aren't often necessary, as you can use regular groups
    ## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
    ## rather than USERALIAS
    # User_Alias ADMINS = jsmith, mikem


    ## Command Aliases
    ## These are groups of related commands...

    ## Networking
    Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

    ## Installation and management of software
    Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

    ## Services
    Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

    ## Updating the locate database
    Cmnd_Alias LOCATE = /usr/sbin/updatedb

    ## Storage
    Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount

    ## Delegating permissions
    Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

    ## Processes
    Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

    ## Drivers
    Cmnd_Alias DRIVERS = /sbin/modprobe

    # Defaults specification

    #
    # Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
    # You have to run "ssh -t hostname sudo <cmd>".
    #
    # Defaults requiretty

    Defaults env_reset
    Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
    LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
    LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
    LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
    LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
    _XKB_CHARSET XAUTHORITY"

    ## Next comes the main part: which users can run what software on
    ## which machines (the sudoers file can be shared between multiple
    ## systems).
    ## Syntax:
    ##
    ## user MACHINE=COMMANDS
    ##
    ## The COMMANDS section may have other options added to it.
    ##
    ## Allow root to run any commands anywhere
    root ALL=(ALL) ALL

    ## Allows members of the 'sys' group to run networking, software
    ## service management apps and more.
    # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

    ## Allows people in group wheel to run all commands
    # %wheel ALL=(ALL) ALL

    ## Same thing without a password
    # %wheel ALL=(ALL) NOPASSWD: ALL

    ## Allows members of the users group to mount and unmount the
    ## cdrom as root
    # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

    ## Allows members of the users group to shutdown this system
    # %users localhost=/sbin/shutdown -h now

    Defaults:webconfig !syslog
    Defaults:root !syslog
    Cmnd_Alias CC = /sbin/reboot, /sbin/halt, /usr/sbin/add-samba-directories, /usr/bin/api, /usr/sbin/syncmailboxes, /usr/sbin/api, /sbin/iptables, /var/webconfig/scripts/userimport.php, /usr/sbin/awstatsreports, /var/webconfig/scripts/avscan.php, /var/webconfig/scripts/archive_resend.php, /var/webconfig/scripts/archive.php, /usr/bin/archive_bootstrap, /usr/sbin/postsuper, /usr/sbin/postmap, /usr/sbin/postfix, /usr/sbin/postconf, /usr/sbin/mailqfmt.pl, /usr/bin/newaliases, /usr/sbin/usersetup, /usr/sbin/syncusers, /usr/sbin/groupmod, /usr/sbin/groupdel, /usr/sbin/groupadd, /usr/sbin/useradd, /usr/bin/passwd, /usr/bin/snortsam-state, /usr/bin/zgrep, /usr/bin/pdbedit, /usr/bin/net, /usr/bin/smbpasswd, /usr/sbin/dhcptest, /usr/sbin/tracklist, /usr/sbin/hping2, /usr/sbin/tw_cli, /usr/sbin/mpt-status, /sbin/sfdisk, /sbin/mdadm, /bin/umount, /bin/mount, /usr/sbin/updateflexperms, /usr/sbin/proftpd, /usr/sbin/httpd, /usr/bin/freshclam, /usr/bin/yum, /var/webconfig/scripts/rbs-schedule.php, /var/webconfig/scripts/rbs-client.php, /usr/bin/killall, /usr/bin/mkhost.sh, /bin/tar, /sbin/iwconfig, /sbin/ifup, /sbin/ifdown, /sbin/ifconfig, /sbin/ethtool, /bin/netstat, /bin/hostname, /usr/sbin/authconfig, /usr/sbin/ldapsync, /usr/sbin/kolabconf, /usr/sbin/slapcat, /usr/sbin/slapadd, /usr/sbin/slappasswd, /usr/bin/openssl, /usr/sbin/ntpdate, /sbin/hwclock, /usr/sbin/userdel, /usr/sbin/app-rename, /usr/sbin/app-realpath, /usr/sbin/app-passwd, /usr/bin/du, /usr/bin/chfn, /usr/bin/head, /usr/bin/find, /usr/bin/file, /sbin/service, /sbin/shutdown, /sbin/chkconfig, /bin/touch, /bin/rm, /bin/mv, /bin/mkdir, /bin/ls, /bin/kill, /bin/cp, /bin/chown, /bin/chmod, /bin/cat
    webconfig ALL=NOPASSWD: CC
    Cmnd_Alias CLEARCONSOLE = /usr/bin/iptraf, /usr/sbin/console_start, /usr/sbin/tc-yum, /bin/rpm, /sbin/halt, /sbin/reboot
    clearconsole ALL=NOPASSWD: CLEARCONSOLE
    Might help? from my 5.1 install
    The reply is currently minimized Show
  • Accepted Answer

    stuliet
    stuliet
    Offline
    Sunday, December 27 2009, 07:53 PM - #Permalink
    Resolved
    0 votes
    Can anyone post up or send me a copy of the /etc/sudoers from a vanilla 5.1 install so I can compare to my file? Thx
    The reply is currently minimized Show
  • Accepted Answer

    stuliet
    stuliet
    Offline
    Sunday, December 27 2009, 03:28 PM - #Permalink
    Resolved
    0 votes
    Forgot to say, ldapsync seems ok...


    [root@mrnosey squeeze]# ldapsync
    running full LDAP synchronization
    restarting LDAP server
    Stopping slapd: [ OK ]
    Starting slapd: [ OK ]
    restarting authentication server
    Stopping saslauthd: [ OK ]
    Starting saslauthd: [ OK ]
    synchronizing configuration
    synchronizing daemons with domain heronwood.co.uk
    synchronizing Samba file and print services
    Shutting down SMB services: [ OK ]
    Starting SMB services: [ OK ]
    synchronizing Samba netbios services
    Shutting down NMB services: [ OK ]
    Starting NMB services: [ OK ]
    synchronizing POP/IMAP mail
    Shutting down cyrus-imapd: [ OK ]
    Exporting cyrus-imapd databases: [ OK ]
    Importing cyrus-imapd databases: [ OK ]
    Starting cyrus-imapd: [ OK ]
    synchronizing SMTP mail
    Reloading postfix: [ OK ]
    synchronizing webmail
    synchronizing web proxy
    2009/12/27 10:27:28| WARNING: '192.168.1.0/255.255.255.0' is a subnetwork of '192.168.1.0/255.255.255.0'
    2009/12/27 10:27:28| WARNING: because of this '192.168.1.0/255.255.255.0' is ignored to keep splay tree searching predictable
    2009/12/27 10:27:28| WARNING: You should probably remove '192.168.1.0/255.255.255.0' from the ACL named 'webconfig_lan'
    2009/12/27 10:27:28| WARNING: '192.168.1.0/255.255.255.0' is a subnetwork of '192.168.1.0/255.255.255.0'
    2009/12/27 10:27:28| WARNING: because of this '192.168.1.0/255.255.255.0' is ignored to keep splay tree searching predictable
    2009/12/27 10:27:28| WARNING: You should probably remove '192.168.1.0/255.255.255.0' from the ACL named 'webconfig_to_lan'
    synchronizing FTP
    Reloading proftpd: [ OK ]
    synchronizing antivirus
    [root@mrnosey squeeze]#
    The reply is currently minimized Show
  • Accepted Answer

    stuliet
    stuliet
    Offline
    Sunday, December 27 2009, 03:26 PM - #Permalink
    Resolved
    0 votes
    The kolab.conf files is still there (and seems to have valid contents);


    [root@mrnosey squeeze]# ls -l /etc/kolab/kolab.conf
    -rw------- 1 root root 525 Jul 11 16:10 /etc/kolab/kolab.conf


    as is the RPM package;


    [root@mrnosey squeeze]# rpm -qi kolabd
    Name : kolabd Relocations: (not relocatable)
    Version : 2.2.0 Vendor: (none)
    Release : 5.5.v5 Build Date: Mon 22 Jun 2009 02:39:02 PM EDT
    Install Date: Sat 11 Jul 2009 08:52:35 PM EDT Build Host: cc5devel.lan
    Group : System Environment/Daemons Source RPM: kolabd-2.2.0-5.5.v5.src.rpm
    Size : 116730 License: GPL
    Signature : DSA/SHA1, Tue 23 Jun 2009 11:27:42 PM EDT, Key ID 14824ad1d1ac268d
    Packager : Point Clark Networks
    Summary : Kolab Groupware Server
    Description :
    Kolab is a Groupware Solution for Emails, Appointments, Contacts and more.
    It supports mixed clients environments (Outlook/KDE) because of an open
    storage format called Kolab-XML.


    I think this is a sudo problem, my sudoers file has no mention of a webconfig user, so I suspect this is at least one of my problems. I tried to force reinstall the sudo rpm but this did not alter the sudoers file :-(
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, December 27 2009, 03:05 PM - #Permalink
    Resolved
    0 votes
    What does 'rpm -qi kolabd' say? ClearOS5.1 should have the following version
    Name        : kolabd                       Relocations: (not relocatable)
    Version : 2.2.0 Vendor: (none)
    Release : 5.5.v5 Build Date: Mon 22 Jun 2009 07:39:02 PM BST
    Install Date: Thu 09 Jul 2009 07:26:06 PM BST Build Host: cc5devel.lan
    Group : System Environment/Daemons Source RPM: kolabd-2.2.0-5.5.v5.src.rpm
    Size : 116730 License: GPL
    Signature : DSA/SHA1, Wed 24 Jun 2009 04:27:42 AM BST, Key ID 14824ad1d1ac268d
    Packager : Point Clark Networks
    Summary : Kolab Groupware Server
    Description :
    Kolab is a Groupware Solution for Emails, Appointments, Contacts and more.
    It supports mixed clients environments (Outlook/KDE) because of an open
    storage format called Kolab-XML.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, December 27 2009, 03:03 PM - #Permalink
    Resolved
    0 votes
    What has happened to /etc/kolab/kolab.conf ? it appears to be missing. It appears something broke during the ldap config change

    Does 'ldapsync' give any output / errors?
    The reply is currently minimized Show
Your Reply