Topic: enable open access to sever-manager from CLI

[purpaboo]

Hi

I have a cloud based SME9, where I can SSH onto it just fine.

However, the "admin" and "root" passwords do not work for /server-manager/

Is there an easy way to fix this from the CLI? I've tried resetting the passwords.

Pointers appreciated.
--

[Stefano]

please explain exactly what you did to restore passwords and how you are trying to connect

[janet]

purpaboo

Have you read the Manual ?
Please do, link at top of Forums.

Typically, user login root is for accessing command line & user login admin is for accessing server manager.

Remote access to server manager is disabled by default, & needs to be enabled at the console/text based server manager initially.

Accessing sme server remotely using ssh & root user is not "best practise", instead you should create a super user for ssh remote access, & then use sudo or su to run commands.
If you use the root user, then remember that hackers can also use root & it can be difficult to distinguish which root user is doing what.

To gain secure access to server manager you can create a ssh tunnel into your server & then use a browser to connect to
https://localhost/server-manager.
Alternatively you can configure remote access to server manager from specified remote IP's, you do this initially at the console or via LAN or via the text based server manager after logging in as root or a user with root privileges.
At the command prompt you can type console & then access the text based server manager without restriction.

Is this sufficient pointers ?

[TerryF]

I think you nailed it there Janet

[purpaboo]

Hi

This is a cloud hosted (Xen) machine where the provider no longer supports a 32-bit kernel.

I only had access to the disk images (done with 'dd') from the machine, so this is what I've done:

1. Taken a copy of the disk images to start up the machine on a local VMware setup. This works fine.

2. Used installed SME9 on another local VM. This works fine, apart from not being able to login to the server-manager after an almost completely vanilla install (I chose no RAID, no LVM).

3. I'm hoping to use Finnix to upload the SME9 VM to the cloud provider, and do an Affa restore or backup from desktop to get the machine into a working state.

So, I geuess I'll just have to have another go at getting an SME9 install working correctly. Will report back!

Oh, and thanks for the pointers. Massively appreciated, as ever.

[guest22]

This is a cloud hosted (Xen) machine where the provider no longer supports a 32-bit kernel.

Why is this provider not willing to (temporarily) make the SME Server ISO available to you, or did you not ask?

Does this provider provide you with 2 NIC's so you can run SME Server in server-gateway mode?

[purpaboo]

No idea.

Yes, 2 NICs are available.

Actually, I'm looking for the cleanest way to take a 32bit 8.1 machine to a 64bit 9.0 machine ...
--

[Stefano]

backup and restore, that's all

[purpaboo]

Okay, so backup and restore seems to have gone reasonably well.

But still having the issue with not being able to login to the server-manager, either from the web interface or actually on the box when ssh'd in.

Some history ... this is a machine which has been upgraded all the way from at least as early as 6.0

Anyway, the pertinent line from the httpd admin_error_log is:

[Wed Mar 11 20:52:33 2015] [error] [client 127.0.0.1] Could not open pipe to pwauth: Permission denied at /etc/e-smith/web/common/cgi-bin/login line 58., referer: https://www.redacted.uk/server-common/cgi-bin/login?redirect=1&back=https%3A%2F%2Fwww.redacted.co.uk%2Fserver-manager

Looks like something is a bit smashed up for some reason.

I've tried downgrading pwauth, but that's no go. Hm.

[guest22]

Maybe this helps http://bugs.contribs.org/show_bug.cgi?id=3356

[purpaboo]

Thanks. Yes, had seen that. And can get into server-manager if I chmod pwauth 777.

I kept a copy with the original perms, so will check against the old sme box tomorrow. Can you confirm what the permissions *should* be on a SME9 box?

-rwxrwxrwx 1 root public 10936 Jun  5  2013 pwauth
-rwsr-x--- 1 root public 10936 Jun  5  2013 pwauth_JIC

[janet]

purpaboo

Did you read comment 3 & comment 5 and all of that bug report ?
In particular comment 8
http://bugs.contribs.org/show_bug.cgi?id=3356#c8
Changing perms to 777 is not the answer.

[purpaboo]

Thanks for that, Janet. Are you a bot?

Sorry, that was a bit harsh of me.

Can you help me with the default permissions?

Thanks for your help. It's much appreciated!

[janet]

purpaboo

Thanks for that, Janet. Are you a bot?
Sorry, that was a bit harsh of me.

Yeah, why would you even think to say something like that, this is a civilised technical forum.

[purpaboo]

Well, the smiley shows that I was just kidding anyway. Maybe your lack of sense of humour was helping me decide you're a bot?

^ Note. This is further humour. Don't lose the plot! I've already said sorry, so let's be nice and get this sorted? Thanks.


So, just one more crinkle to sort out - webmail.

When I go to my primary domain, with "webmail" on the end, like: www.redacted.co.uk/webmail I just get a blank page, and the following in /var/log/messages:

Mar 12 08:28:39 latest httpd: PHP Deprecated:  Assigning the return value of new by reference is deprecated in /home/httpd/html/horde/lib/Test.php on line 580
Mar 12 08:28:39 latest httpd: PHP Deprecated:  Assigning the return value of new by reference is deprecated in /home/httpd/html/horde/lib/Test.php on line 637
Mar 12 08:28:39 latest httpd: PHP Warning:  filemtime() [<a href='function.filemtime'>function.filemtime</a>]: stat failed for /home/httpd/html/horde/lib/../config/registry.php in /home/httpd/html/horde/lib/Horde/Registry.php on line 182
Mar 12 08:28:39 latest httpd: PHP Warning:  require(/home/httpd/html/horde/lib/../config/registry.php) [<a href='function.require'>function.require</a>]: failed to open stream: Permission denied in /home/httpd/html/horde/lib/Horde/Registry.php on line 212
Mar 12 08:28:39 latest httpd: PHP Fatal error:  require() [<a href='function.require'>function.require</a>]: Failed opening required '/home/httpd/html/horde/lib/../config/registry.php' (include_path='/home/httpd/html/horde/lib:/usr/share/pear-addons:/usr/share/pear') in /home/httpd/html/horde/lib/Horde/Registry.php on line 212

Which is nice.

And when I try to go to a bookmarked page that I know should work:

https://www.redacted.com/horde/index.php?url=https%3A%2F%2Fwww.redacted.com%2Fhorde%2F

I get the following output in the webpage:

Some of Horde's configuration files are missing or unreadable

prefs.php

This file controls the default preferences for Horde, and also controls which preferences users can alter.

conf.php

This is the main Horde configuration file. It contains paths and basic items that apply to the core framework and all Horde applications.

mime_drivers.php

This file controls the global set of MIME drivers for the Horde framework, allowing applications to make use of programs such as enscript or mswordview to render content into HTML for viewing in a browser.

nls.php

This file provides localisation support for the Horde framework.

registry.php

The registry is how Horde applications find out how to talk to each other. You should list any installed Horde applications that you have here.

Create these files from their .dist versions in /home/httpd/html/horde/config and change them according to your needs.

So where do these Horde config files live?

TIA

Pete
--

[guest22]

Create these files from their .dist versions in /home/httpd/html/horde/config and change them according to your needs.

So where do these Horde config files live?

Exactly what it says: /home/httpd/html/horde/config.

But these conf files are templated. Is the templating system ok?

[purpaboo]

Hi RequestedDeletion.

Not sure if the templating system is okay. Just reading the developer guide now ...

Is there a quick way to tell if it's okay?

Thanks.
--

[guest22]

as a test, on the console as root do "expand-template /etc/php.ini" and look for errors on screen or in the logs.

[purpaboo]

Thanks RequestedDeletion. Yes, no errors onscreen or in logs when running that from the CLI.

I guess I'll refer back to the working default 9.0 setup I have in a VM, against the working 8.1 setup I have in another VM, and see what the differences are.

[guest22]

2. Used installed SME9 on another local VM. This works fine, apart from not being able to login to the server-manager after an almost completely vanilla install (I chose no RAID, no LVM).

I would erase this VM and start from scratch. The not being able to login should never happen, so you already working with an unexpected error and thus a unreliable install.

[purpaboo]

Yep. Did this.

It turned out that admin was not a member of "www" group. A leftover from 6.something, I think.

So I installed a new SME9 machine, and restored from backup.

Just webmail to fix.

Thanks for your help. Appreciated, as always.
--

[guest22]

Provider is Linode perhaps?

[purpaboo]

Yup, Linode.

[guest22]

Yup, Linode.

Thought so, that should work. I had a VPS there once with SME Server for a long time. But as you experience, getting SME Server up there is a challenge. indeed at the time dd was used. It was also at the time that they only provided 1 NIC, so I developed my own virtual interface to act as local interface.