Koozali.org: home of the SME Server

Obsolete Releases => SME 8.x Contribs => Topic started by: Bud on August 04, 2015, 06:04:40 AM

Title: OCS Inventory problem
Post by: Bud on August 04, 2015, 06:04:40 AM

guys please help

i have installed ocs as per http://wiki.contribs.org/OCS_Inventory (http://wiki.contribs.org/OCS_Inventory) on sme 8.1

my problem is getting wan access to ocs

when i do " http://mydyndns.org/ocs " i get an error " https://mydyndns.org/ocs " Forbidden - You don't have permission to access /ocs/ on this server.

please can you assist

Title: Re: OCS Inventory problem
Post by: Stefano on August 04, 2015, 12:07:23 PM

Topic splitted.

Bud, reopening a 3 years old topic is not a good idea..

and telling us "it doesn't work" withour any kind of log/error message is quite useless too

Title: Re: OCS Inventory problem
Post by: mmccarn on August 04, 2015, 01:07:19 PM

If you can access the ocsinventory console from the LAN but not the WAN I'd guess that there is a default 'allow from' in httpd.conf that isn't set as you expect.

Take a look at /etc/httpd/conf/httpd.conf:
* find the section dealing with ocs
* see if there is an 'allow from' declaration
* if there is, find the template fragment that generates the content related to ocs, and see if you need to create a custom template fragment or set a db variable to make changes.

This link may help:
http://wiki.contribs.org/Template_Tutorial#Detailed_generic_troubleshooting_.26_configuration_steps

Before doing that, consider why the developers set default access as they did -- is the access restriction based on SME Server's general 'security first' approach, or are there known security problems with exposing ocsinventory's admin interface to the world (in which case you might want to use an ssh tunnel or a vpn)

Here are some notes on using putty to tunnel into https on your SME server:
http://forums.contribs.org/index.php/topic,39153.msg179103.html#msg179103

Title: Re: OCS Inventory problem
Post by: Bud on August 04, 2015, 08:00:33 PM

Good day Stefano
Sorry to upset you buddy, like i said all is working with ocs from the lan side however i am just having an issue from the wan side.

mmccarn thank you very much for your help, much appreciated

my httpd.conf file ocs section is the following

=============================

<Directory /var/lib/ocsinventory-reports/download>
  Options None
  Options +Indexes
  Options +Includes
  AllowOverride None
  order deny,allow
  deny from all
    allow from 127.0.0.1 192.168.0.0/255.255.255.0
  php_admin_value open_basedir /var/lib/ocsinventory-reports/download:/tmp
</Directory>

<Directory /usr/share/ocsinventory-reports/ocsreports>
  SSLRequireSSL on
  AddType application/x-httpd-php .php .php3 .phtml
  Options None
  Options +Indexes
  Options +Includes
  order deny,allow
  deny from all
  allow from 127.0.0.1 192.168.0.0/255.255.255.0
  php_admin_value open_basedir /usr/share/ocsinventory-reports:/tmp:/var/lib/mysql/mysql.sock:/var/lib/ocsinventory-reports/:/etc/ocsinventory/ocsinventory-reports
  php_admin_value post_max_size 100M
  php_admin_value upload_max_filesize 100M
  php_admin_value memory_limit 100M
  php_value max_execution_time -1
#  php_value max_input_time -1
</Directory>

================================

can i change it to say the following?

<Directory /var/lib/ocsinventory-reports/download>
  Options None
  Options +Indexes
  Options +Includes
  AllowOverride None
  order deny,allow
  deny from all
    allow from all
  php_admin_value open_basedir /var/lib/ocsinventory-reports/download:/tmp
</Directory>

<Directory /usr/share/ocsinventory-reports/ocsreports>
  SSLRequireSSL on
  AddType application/x-httpd-php .php .php3 .phtml
  Options None
  Options +Indexes
  Options +Includes
  order deny,allow
  deny from all
  allow from all
  php_admin_value open_basedir /usr/share/ocsinventory-reports:/tmp:/var/lib/mysql/mysql.sock:/var/lib/ocsinventory-reports/:/etc/ocsinventory/ocsinventory-reports
  php_admin_value post_max_size 100M
  php_admin_value upload_max_filesize 100M
  php_admin_value memory_limit 100M
  php_value max_execution_time -1
#  php_value max_input_time -1
</Directory>

any help greatly appreciated  :-)

Title: Re: OCS Inventory problem
Post by: Stefano on August 04, 2015, 08:04:35 PM

as mmccarn said, opening OCS to wan can be a security issue..

Title: Re: OCS Inventory problem
Post by: mmccarn on August 06, 2015, 12:40:41 AM

You could set 'allow from all', but I'd recommend against it. 

I'm a bit worried about /var/lib/mysql/mysql.sock  in your 'open_basedir' - I can't imagine it's a good idea to have a webapp running that provides remote read/write access to your mysql socket...

Title: Re: OCS Inventory problem
Post by: stephdl on August 06, 2015, 08:34:54 AM

Quote from: Stefano on August 04, 2015, 08:04:35 PM

as mmccarn said, opening OCS to wan can be a security issue..

could you consider to allow your lan from the wan with an openvpn access, it is simple, secure and you will not need to trick the ocs contrib http://wiki.contribs.org/OpenVPN_Bridge

but by the way, that ocs contrib is old, but someone has done a howto (in french) to upgrade ocs inventory

https://smeserver.wordpress.com/contribs/ocs/
with some more things interesting
https://smeserver.wordpress.com/contribs/glpi/
https://smeserver.wordpress.com/contribs/ocs-to-glpi/

that could be a good training to upgrade the contrib, if someone wants to start the work.

Title: Re: OCS Inventory problem
Post by: stephdl on August 06, 2015, 08:52:46 AM

Quote from: stephdl on August 06, 2015, 08:34:54 AM

that could be a good training to upgrade the contrib, if someone wants to start the work.

as I can see, remi has released some updates to ocsinventory, do they are workable with our smeserver-ocsinventory ????? (use a virtual environment)

ftp://rpmfind.net/linux/remi/enterprise/6/remi/x86_64/ocsinventory-2.1.2-3.el6.remi.noarch.rpm