Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: haymann on April 24, 2007, 11:10:01 PM
-
I am wondering if anyone has any idea on how to give someone other than the server admin access to SARG reports? I have a potential customer that wants to monitor web usage and I think SARG would work great, but I don't want them to have full-access to /server-manager... I am wondering if someone might know how the reports could be emailed (but still be usable), or maybe how to get the reports to appear on a different page (i.e. server-name/sarg)?
Thank you in advance,
Ryan
-
You could allow them access with dungog's user-panels contrib.
http://sme.dungog.net/packages/smeserver/7.0/i386/RPMS.dungog/smeserver-userpanel-0.9-10.noarch.rpm
Or you could create a script to 'mail' the daily reports to someone.
Craig
-
Thanks for the idea of user-panels, I had totally forgotten about that.
I can't get SARG to work right though. I log in as the user I want to have access, and when I click on SARG it prompts me to login again (something I noticed awhile back) and I have to use the admin credentials to view the reports... Kind of defeats the purpose...
Thanks!
Ryan
-
If I remember right the sarg reports dir has a template requiring admin auth.
yeah it does:
AuthName "SME Server Manager"
AuthType Basic
AuthExternal pwauth
require user admin
Since it is a redirect from the server-manager page to the web viewable reports page it is a bit different than the other panels. I had not thought of that either. you 'could' custom template that fragment and either allow that specific user or require authuser. That would make it viewable by that user but also by any other authuser (if they know where to look).
I have been playing around a bit with custom-templating the /etc/cron.daily/sarg script to have it mail that report somewhere. That may be an option.
Craig
-
If you have the latest version of SME (updated) then you need these instructions:
http://forums.contribs.org/index.php?topic=35924.0
-
you 'could' custom template that fragment and either allow that specific user or require authuser. That would make it viewable by that user but also by any other authuser (if they know where to look).
I have been playing around a bit with custom-templating the /etc/cron.daily/sarg script to have it mail that report somewhere. That may be an option.
Craig
I guess that I am not too concerned about other users being able to view that even if they did know where to look, in fact this customer might not want to setup a DC or email so there is a good chance that there will only be one or two user accounts created anyway... Is "authuser" the term that I would use, and that would allow any SME user to view the report (assuming that I gave them access to the panel)?
If you come up with something on the email reporting I would be interested to see that as well. I didn't know what the reports would look like if mailed as you have quite a few options on the web page...
Also, I created bug 2931 (http://bugs.contribs.org/show_bug.cgi?id=2931) to try to resolve being prompted for the username and password again when accessing the SARG reports. I trust that I am not the only one that sees that, as I have seen it on a couple different servers...
Thanks again,
Ryan
-
If you have the latest version of SME (updated) then you need these instructions:
http://forums.contribs.org/index.php?topic=35924.0
I have the latest version of SME and user-panel, and it looks to me like user-panel is functioning perfectly. Did I miss what you are pointing at?
Thanks,
Ryan
-
I have the latest version of SME and user-panel, and it looks to me like user-panel is functioning perfectly. Did I miss what you are pointing at?
Thanks,
Ryan
Then you just discovered a bug, and and should report to bugtracker.
Are all the rpm's you're using from Dungog?
-
I have the latest version of SME and user-panel, and it looks to me like user-panel is functioning perfectly. Did I miss what you are pointing at?
Thanks,
Ryan
Then you just discovered a bug, and and should report to bugtracker.
Are all the rpm's you're using from Dungog?
It's not a bug. The latest user-pannel doesn't make any problems when upgrading only the older versions (0.9-9 if i'm not mistaken) had this problem.
-
I meant Sarg, or both?
-
Then you just discovered a bug, and and should report to bugtracker.
Are all the rpm's you're using from Dungog?
Yes, all packages are from Dungog. Hopefully you saw in one of my posts a little to the North of here that I did raise a bug about being prompted for username and password again after already entering it and entering server-manager. This behavior with SARG reports did not change when I accessed SARG Reports from the user-manager page. To restate, SARG Reports prompts for username and password from server-manager and from user-manager pages.
The only difference is that the user that I am using for user-manager is not admin so I can not access SARG Reports at all. As cjensen pointed out a little earlier this is built into SARG that it requires admin credentials as default.
Am I misunderstanding you completely? I apologize if I am.
So to make a long story short:
It looks to me like SARG and user-panel are functioning as designed. For my situation though I would like to modify SARG so that a user other than admin can view the report. I will explore cjensen's idea of a custom template to get around that. Now it would be nice not to have to enter my username and password twice to see the SARG Reports (once to login to SME Server, once when clicking SARG Reports) and I have raised a bug to that effect.
Thanks for all the help!
Ryan
-
Am I misunderstanding you completely?
No. You've got it. The last post was about updating SME with older contribs installed and is not related to auth.
User-pannel won't help you because the SARG template is started after you connect to the SARG report page so you should make a custom template for another user (like cjensen said in his post).
-
OK, I don't know what I am doing, but I was trying to figure out how to custom template the fragment that deals with admin auth without asking (but I think I will probably need some help anyway...). I stumbled upon /etc/sarg/sarg.conf There is an option in there to output email, would enabling that do the trick? (for email, not allowing users other that admin) I don't want to edit the file directly as I am guessing this needs to be another custom template task?
Ryan
-
OK, I need some help on the custom template process...
Here is what I did, can someone show me the error of my ways? :)
1. I copied 90e-smithAccess20sarg to /etc/e-smith/templates-custom/etc/conf/httpd.conf (edit: I should point out that I had to create the etc, conf, and httpd.conf directories as they didn't exist. I used WinSCP and also used WinSCP to copy the file I mention below. I don't know if that means anything...)
2. I modified the copied version of 90e-smithAccess20sarg from this AuthName "SME Server Manager"
AuthType Basic
AuthExternal pwauth
require user admin to this AuthName "SME Server Manager"
AuthType Basic
AuthExternal pwauth
require user authuser
3. I ran thisexpand-template /etc/httpd/conf/httpd.conf
4. Then this etc/rc.d/init.d/httpd-e-smith restart
5. I then logged into user-manager using the non-admin account that I am testing.
6. I clicked SARG Reports and was prompted for my username and password. The non-admin account does not work, but the admin account still does.
Where did I go wrong? This process was gleaned from a number of posts, but it was mostly guess work...
B-t-w, how do you experts know where to look for settings files like this? To find 90e-smithAccess20sarg I had to open the smeserver-sarg rpm with 7-zip and dig through all the files in the rpm until I came across this one that has the settings in it that cjensen mentioned initially. There has to be a faster way right?
Thanks,
Ryan
-
Well I know this isn't the proper way, but commenting out the "require user admin" line in /etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess20sarg gets rid of the prompting for password and lets the test user I created access the reports.
When I tried changing the line to "require user authuser" I could not access the reports as any user even admin...
-
The -e flag for sarg sends report to an email. Appending a custom-template with this option may accomplish your need.
copy /etc/e-smith/tamplates/etc/sarg/sarg.conf to custom-templates
edit the lines:
#output_email none
to
output_email yourdesiredemail.com
Re-expand the template and run sarg.daily to test.
Here is what you get:
Squid User Access Report
Decreasing Access (bytes)
Period 2007Apr25-2007Apr25
NUM USERID CONNECT BYTES %BYTES ELAPSED TIME MILISEC %TIME
------- -------------------- -------- --------------- ------- ---------- ---------- -------
1 user1 2546 63.56M 68.70% 05:42:17 20537430 69.34%
2 user2 4403 27.61M 29.85% 02:20:02 8402288 28.37%
3 user3 212 1.33M 1.45% 00:11:20 680130 2.30%
------- -------------------- -------- --------------- ------- ---------- ---------- -------
TOTAL 7161 92.51M 08:13:39 29619848
AVERAGE 2387 30.83M 02:44:33 9873282
Thu Apr 26 10:51:57 2007
this output may not be what you want, but it does email the result of a sarg execution.
Also from the sarg.conf file... "If you use this tag (-e), no html reports will be generated."
Craig
-
Thanks Craig,
I think that I will stay with the html reports, a lot more information available that way.
I figured out what I did wrong for the custom template. I had copied the process from another contrib and did not adjust the path to reflect sarg. I created the template in /etc/e-smith/templates-custom/etc/conf/httpd.conf but it should have been/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/ :oops:
Works much better now. I currently have the require user line commented out in the custom template, but I would rather have it accept a valid SME user. I liked the idea of authuser, but that doesn't appear to work...
Ryan
-
just a thought - instead of changing admin to authuser have you tried adding the username of the other account onto the end?
AuthName "SME Server Manager"
AuthType Basic
AuthExternal pwauth
require user admin, otherusername
-
I've used
AuthType Basic
AutExternal pwauth
...
Require valid-userto allow any configured SME user to access a specific URL...
If you want to allow multiple separate users, use space to delimit:Require user admin otheruser
Require user authuser would only work for a user named "authuser"...
http://httpd.apache.org/docs/2.0/mod/core.html#require
-
Thank you shell and mmccarn,
Adding additional users by adding a space and then another user account will work great. I could not get valid-user to work, I am guessing that it was looking for an account name valid-user??
The nice thing about commenting the line out completely is that it doesn't prompt you for a username and password again. I guess SARG can't tell who logged into server-manager anymore.
Thanks again to all!
Ryan
-
I could not get valid-user to work
:oops: :oops: My bad, when I used require valid-user it worked a lot better thanrequire user valid-user