Couple of questions on PKI, Fabfice
1. How would I change the password for admin user in PKI. The “User
Management” section gives me the option of editing the admin user but I can’t
see the password change option
2. I’m adding a server certificate after I created a server certificate
profile by filling out necessary fields and linking it to the certificate
profile. Clicking Submit and it shows in the list with an icon to sign it.
Now I simply follow the guide on PKI which says the following:
Since the server certificate is stored in the PKI database, you will have to
sign and export it to the PacketFence server.
On the PKI web interface, under Certificates click on the "sign" icon for the
certificate for your RADIUS server. This will automatically sign the
certificate with your CA. Use the Send certificate or Download certificate to
export it. The certificate will be exported in p12 format which combines both
the certificate and its key. The password to decrypt the file will be send by
email.
Ok, I click on the Sign icon for the newly created server certificate and it
redirects me to the page where I can have an option of sending or downloading
it. I select “Download certificate” and end up with an error:
SMTPSenderRefused at /pki/cert/2/download/
(550, '5.7.1 Sender unknown', u'pf-nore...@options.bc.ca')
Request Method:
GET
Request URL:
https://172.16.0.222:9393/pki/cert/2/download/
Django Version:
1.8.1
Exception Type:
SMTPSenderRefused
Exception Value:
(550, '5.7.1 Sender unknown', u'pf-nore...@options.bc.ca')
Exception Location:
/usr/lib64/python2.7/smtplib.py in sendmail, line 735
Python Executable:
/usr/bin/python
Python Version:
2.7.5
Python Path:
['/usr/lib64/python27.zip',
'/usr/lib64/python2.7',
'/usr/lib64/python2.7/plat-linux2',
'/usr/lib64/python2.7/lib-tk',
'/usr/lib64/python2.7/lib-old',
'/usr/lib64/python2.7/lib-dynload',
'/usr/lib64/python2.7/site-packages',
'/usr/lib/python2.7/site-packages',
'/usr/local/packetfence-pki',
'/usr/local/packetfence-pki/inverse']
Server time:
Tue, 9 Jan 2018 07:56:21 +0000
If I select “Send certificate” I end up with the same error but a bit different
title
SMTPSenderRefused at /pki/cert/2/send/
(550, '5.7.1 Sender unknown', u'pf-nore...@options.bc.ca')
Request Method:
GET
Request URL:
https://172.16.0.222:9393/pki/cert/2/send/
Where would I need to make a change to SMTP server.
Needless to say that when I create a local user from PF GUI and select an
option of sending an email to the address I specify the email gets delivered
without any errors
Eugene
From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Wednesday, January 03, 2018 12:26 PM
To: E.P.
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
Just for information, i uploaded a new version of the packetfence-pki for
centos7 who fix all the install issues.
Regards
Fabrice
Le 2017-12-12 à 23:58, E.P. a écrit :
Well, I’m taking my hat off in front of you, no kidding and pun intended ;)
Do you need traceback from the error page ?
From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Tuesday, December 12, 2017 7:02 PM
To: E.P.
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
ah ah don't worry , i like to have challenge like that to be able to fix the
issue for better user experience.
I coded the pki so i want to make it work.
Le 2017-12-12 à 21:48, E.P. a écrit :
Sure, take your time, Fabrice. I have a special knack of running into troubles
in cases when others didn’t have any :)
Eugene
Sent from iPhone
On Dec 12, 2017, at 18:18, Durand fabrice <fdur...@inverse.ca> wrote:
Ok let me try to install the pki on the zen and i will be back to you.
i have installed the pki on 10 servers not a long time ago without any issue.
Le 2017-12-12 à 20:52, E.P. a écrit :
Yes, db.sqlite3 was owned by root
[root@PacketFence-ZEN packetfence-pki]# ls -al
total 56
drwxr-xr-x 7 pf pf 128 Dec 12 08:49 .
drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
-rw-r--r-- 1 root root 43008 Dec 12 08:44 db.sqlite3
drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
-rw-r--r-- 1 root root 6 Dec 12 08:49 packetfence-pki.pid
drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
Changed the file ownership to pf:pf
[root@PacketFence-ZEN packetfence-pki]# ls -al
total 100
drwxr-xr-x 7 pf pf 147 Dec 13 01:45 .
drwxr-xr-x. 15 root root 182 Dec 12 01:33 ..
drwxrws--- 2 pf pf 6 Nov 15 14:20 ca
drwxr-xr-x 2 pf pf 125 Dec 12 01:33 conf
-rw-r--r-- 1 pf pf 43008 Dec 13 01:45 db.sqlite3
drwxr-xr-x 2 pf pf 204 Dec 12 02:49 inverse
drwxrws--- 2 pf pf 90 Dec 12 01:35 logs
-rwxr--r-- 1 pf pf 250 Nov 15 14:20 manage.py
-rw-r--r-- 1 root root 5 Dec 13 01:43 packetfence-pki.pid
drwxr-xr-x 5 pf pf 4096 Dec 12 02:49 pki
But trying to login to the PKI webpage brings me back to the same original
error “no such table: pki_ca” which I showed earlier. I tried to follow your
previous advise about renaming the db.sqlite3 file and running migration but
the behavior is consistent. Is it OK that the PKI process ID file is also
owned by root ?
From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Tuesday, December 12, 2017 5:35 AM
To: E.P.; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
Just change the owner of the sqlite file to pf and it should be ok.
Btw all these steps are made in the packaging, so it probably failled or never
finish correctly.
I will do a test on my side.
Regards
Fabrice
) and PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users