Debian + Error during installation

Hi,
I tried to install privacyidea in our debian server, but I’ll get the
following error

(privacyidea)root@mfaotrs:/etc/apache2/sites-available# cp

etc/apache2/sites-available/privacyidea /etc/apache2/sites-available/

cp: Aufruf von stat für „etc/apache2/sites-available/privacyidea“ nicht

möglich: Datei oder Verzeichnis nicht gefunden

Manual:
https://www.privacyidea.org/documentation/howtos/howto-run-privacyidea-with-apache2-and-mysql/

So there are no other sub-folders in “sites-available” :frowning:

btw - is it possible to auth. against username, password and the pin code
out of the google auth. ?Am Dienstag, 17. Februar 2015 18:13:24 UTC+1 schrieb Stefan Steuer:

Hi Cornelius,
you’re very fast :wink:

I tried to install the 1.5.

Are there any debian packages for 2.0 available?

Okay.

I’m curious for The new version :slight_smile:

Oh great :slight_smile:
My otrs-instance is running on:

Description: Debian GNU/Linux 7.8 (wheezy)
Release: 7.8

Did you already created the otrs-module for 2.0
(https://www.privacyidea.org/documentation/howtos/howto-add-two-factor-authentication-to-otrs-with-privacyidea/)
?

When yes or no :wink: how is the process for the user?

  • Open the otrs url
  • type in the username and password (LDAP) and submit
  • a barcode will be displayed
  • scan the barcode/qr with google auth.
  • type in the onetime-token
  • login successful

Hi Cornelius,
you’re very fast :wink:

I tried to install the 1.5.

Are there any debian packages for 2.0 available?>

This howto refers to privacyidea 1.5.

2.0 was a total rewrite. The apache-configs etc. are not contained in
the python package at the moment.

Kind regards
CorneliusAm 17.02.2015 um 17:52 schrieb Stefan Steuer:

Hi,
I tried to install privacyidea in our debian server, but I’ll get the
following error

    (privacyidea)root@mfaotrs:/etc/apache2/sites-available# cp
    etc/apache2/sites-available/privacyidea
    /etc/apache2/sites-available/

    cp: Aufruf von stat für
    „etc/apache2/sites-available/privacyidea“ nicht möglich: Datei
    oder Verzeichnis nicht gefunden

Manual:
https://www.privacyidea.org/documentation/howtos/howto-run-privacyidea-with-apache2-and-mysql/

So there are no other sub-folders in “sites-available” :frowning:


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d608c097-e1a8-4f9a-8d4a-06532156e79e%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/d608c097-e1a8-4f9a-8d4a-06532156e79e%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

:slight_smile:

The OTRS Module is the same for 2.0 like for 1.5. Nothing has changed.

The user sees the same login mask, but in the password field he needs to
enter
OTRS-static-Password (coming from the OTRS SQL userstore or from the
LDAP userstore) concatenated with the OTP value.

The enrollment for the user is another topic.
You could have the user enter the selfservice portal to self-enroll a
google authenticator.
It is similar to the administrative enrollment.
See: https://www.youtube.com/watch?v=Cwzz5PCjHQI&t=3m20s

You could as well - depending on the IT affinity of your users - enroll
the device for the users yourself.
You might also use any hardware devices or - which i like a lot - the
yubikey.

Kind regards
CorneliusAm 17.02.2015 um 19:00 schrieb Stefan Steuer:

Oh great :slight_smile:
My otrs-instance is running on:

Description: Debian GNU/Linux 7.8 (wheezy)
Release: 7.8

Did you already created the otrs-module for 2.0
(https://www.privacyidea.org/documentation/howtos/howto-add-two-factor-authentication-to-otrs-with-privacyidea/)
?

When yes or no :wink: how is the process for the user?

  • Open the otrs url
  • type in the username and password (LDAP) and submit
  • a barcode will be displayed
  • scan the barcode/qr with google auth.
  • type in the onetime-token
  • login successful


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/3a2f4684-461c-4274-a9d9-de93c628b4ec%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/3a2f4684-461c-4274-a9d9-de93c628b4ec%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Does the user have to scan on each Login an other qr code or is it time based.

I am planning to build packages for wheezy.
If you tell me, you are running wheezy, I will take a look into it and
re-prioritize it :wink:

Yes you can authenticate against the password from your userstore and
the OTP value from GoogleAuth.
You need to define a policy, which looks like this in v2:

Kind regards
CorneliusAm 17.02.2015 um 18:13 schrieb Stefan Steuer:

Hi Cornelius,
you’re very fast :wink:

I tried to install the 1.5.

Are there any debian packages for 2.0 available?


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/57588376-9bb7-41e4-a81a-eb10a0c4e04d%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/57588376-9bb7-41e4-a81a-eb10a0c4e04d%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

The QR Code contains the secret key (unencrypted!!!) that is shared
between the server and the smartphone.
The user only needs to scan once during enrollment.
After that, the smartphone generated the OTP value on its own, i.e. on a
button press.Am 17.02.2015 um 19:27 schrieb Stefan Steuer:

Does the user have to scan on each Login an other qr code or is it time based.

Hi Stefan,
you can run privacyidea in a virtualenv on debian.

To install privacyidea 1.5 in a virtualenv you can specify the version.

pip install privacyidea==1.5.1

Looking at your original post, you simply were in the wrong directory to
get the apache-confg file.

In your virtualenv top level folder search at
etc/apache2/sites-available/pidea…

This file you can copy to the apache folder.

I just finished the packages for ubuntu 14.04lts.
which you can find here:

https://launchpad.net/~privacyidea/+archive/ubuntu/privacyidea-dev?field.series_filter=trusty

Yesterday I spent a lot of time looking at debian wheezy. Problem is,
that maaaaany python modules are not packed for debian.
So I started to pack. I ended up with about 13 new packages and came to
a point, where I also had to repack existing modules, since the exsting
modules in wheezy are soooooo old.
So at the moment I think I would create a debian package for wheezy that
just contains a complete running virtualenv.
I.e. the 60MB deb-file would hold all its software in a directory
/opt/privacyidea.
I would create a second package that can be installed to run privacyidea
with apache and another package to run PI with nginx. (I already did so
on ubuntu)

Than everyone can choose to
a) only install the base package and roll PI as he wishes to
b) easily roll privacyIDEA with apache
c) easily roll privacyIDEA with nginx…

There is no sense in providing my own 15 packages replacing older
versions and install them to the main system which might lead to version
problems and breaking other software.
What do you think?

Kind regards
CorneliusAm 19.02.2015 um 18:45 schrieb Stefan Steuer:

Hi Cornelius,
is the v1.5 still available for debian? :slight_smile:

Am Dienstag, 17. Februar 2015 19:39:56 UTC+1 schrieb Stefan Steuer:

Okay.

I'm curious for The new version :-)


You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/47c15c51-357f-4071-b7aa-600f50540c02%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/47c15c51-357f-4071-b7aa-600f50540c02%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Hi Cornelius,
is the v1.5 still available for debian? :)Am Dienstag, 17. Februar 2015 19:39:56 UTC+1 schrieb Stefan Steuer:

Okay.

I’m curious for The new version :slight_smile:

Dear Cornelius,
that sounds very good - so everyone can choose the own way to install pi :slight_smile:

For myself I’ll use a) - because I’ve apache and mysql already installed

Hi Stefan,

you may find a first shot of a wheezy package here:
https://www.privacyidea.org/wp-content/uploads/2015/privacyidea-venv_2.1~dev0_amd64.deb

I added a first quickly hacked howto:
http://privacyidea.readthedocs.org/en/latest/installation/index.html#debian-packages

I’d like to have an additional meta package, that at least installs the
necessary config files and creates the available-sites/privacyidea.conf.
If you are willing to take a look at this prebeta package I am happy
about any feedback.

Kind regards
CorneliusAm 21.02.2015 um 10:50 schrieb Stefan Steuer:

Dear Cornelius,
that sounds very good - so everyone can choose the own way to install
pi :slight_smile:

For myself I’ll use a) - because I’ve apache and mysql already installed

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/d586fca3-cb26-4d01-b3c4-fcff946eecc3%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/d586fca3-cb26-4d01-b3c4-fcff946eecc3%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

so ok…
Last post :wink:

You should add that the following mods have to be installed :slight_smile:

sudo apt-get install libapache2-mod-wsgi
sudo a2enmod wsgi

a2enmod ssl

any idea regarding the blank otrs login screen?

If you are running otrs on the same system, this will not work!

You need to change the scriptalias.
Nevertheless I found the problem and will send the link for a patched
version - immediately…

Kind regards
CorneliusAm 22.02.2015 um 16:35 schrieb Stefan Steuer:

Issue solved!!! :)

WSGIScriptAlias / /etc/privacyidea/piapp.wsgi

I can’t define another scriptalias as the root directory… :slight_smile:

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/5a9b7b90-47d9-421c-93d6-482c07239b21%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/5a9b7b90-47d9-421c-93d6-482c07239b21%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

Hi,
you should add to the manual, that the user has to add the directory
/var/log/privacyidea/ manually.

What is the url for the admin control panel after I installed the package
successful?

…take this:
https://www.privacyidea.org//wp-content/uploads/2015/privacyidea-venv_2.1~dev1_amd64.debAm 22.02.2015 um 17:26 schrieb Cornelius Kölbel:

If you are running otrs on the same system, this will not work!

You need to change the scriptalias.
Nevertheless I found the problem and will send the link for a patched
version - immediately…

Kind regards
Cornelius

Am 22.02.2015 um 16:35 schrieb Stefan Steuer:

Issue solved!!! :)

WSGIScriptAlias / /etc/privacyidea/piapp.wsgi

I can’t define another scriptalias as the root directory… :slight_smile:

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it,
send an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/5a9b7b90-47d9-421c-93d6-482c07239b21%40googlegroups.com
https://groups.google.com/d/msgid/privacyidea/5a9b7b90-47d9-421c-93d6-482c07239b21%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com
mailto:privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com
mailto:privacyidea@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/54EA0325.7050709%40privacyidea.org
https://groups.google.com/d/msgid/privacyidea/54EA0325.7050709%40privacyidea.org?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

So i created an ssl-certificate and activate SSL.

Now I’m able to see:

Support https://netknights.it/leistungen/support/privacyIDEA google group
https://groups.google.com/forum/#!forum/privacyidea