Hi Cornelius,
merry Christmas to you also!
The hint with the missing line did help and also the update did work fine.
While following the tutorial, I found two more issues, which cause me
currently some problems:
- The Apache config file privacyidea.conf
http://www.howtoforge.com/files/two-factor-authentication-with-otp-using-privacyidea-and-freeradius-on-centos/privacyidea.conf
linked on Howtoforge answers with 403 forbidden(The raddb config file does
answer with 404), if I try to download it. So i used the one from the git
repository but this seems to be not the one fitting for the CentOS install
perfectly. I did some corrections and apache is starting, but it looks like
this is not that perfect (I did disable the default ssl.conf):
WSGIPythonHome /opt/privacyIDEA/bin/
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
ServerAdmin webmaster@localhost
# You might want to change this
ServerName localhost
Header always edit Set-Cookie ^(.*)$ $1;secure
DocumentRoot /var/www/html
<Directory />
# For Apache 2.4 you need to set this:
#Require all granted
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
# For Apache 2.4 you need to remove the
# following two lines
Order allow,deny
allow from all
# For Apache 2.4 you need to set this:
#Require all granted
</Directory>
Alias /doc/html /usr/share/doc/privacyideadoc/html
WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi#
# The daemon is running as user 'privacyidea'
# This user should have access to the encKey database encryption
file
WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{
GROUP} user=privacyidea
WSGIProcessGroup privacyidea
WSGIPassAuthorization On
<LocationMatch /ocra/(request|checkstatus|getActivationCode|
calculateOtp)>
AuthType Digest
AuthName "privacyIDEA admin area"
AuthDigestProvider file
AuthUserFile /etc/privacyidea/admins
Require valid-user
<Location /gettoken>
AuthType Digest
AuthName "privacyIDEA gettoken"
AuthDigestProvider file
AuthUserFile /etc/privacyidea/gettoken-api
Require valid-user
</Location>
ErrorLog /var/log/httpd/error.log
LogLevel warn
# Do not use %q! This will reveal all parameters, including setting
PINs and Keys!
# Using SSL_CLINET_S_DN_CN will show you, which administrator did
what task
LogFormat “%h %l %u %t %>s “%m %U %H” %b “%{Referer}i”
”%{User-agent}i"" privacyIDEA
CustomLog /var/log/httpd/ssl_access.log privacyIDEA
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# If both key and certificate are stored in the same file, only
the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/privacyideaserver.pem
SSLCertificateKeyFile /etc/ssl/private/privacyideaserver.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
ErrorDocument 500 "<h1>Internal Server Error</h1> Possible reasons
can be missing modules or bad access rights on privacyIDEA configuration
files or log files. Please check the apache logfile
/var/log/apache2/
error.log
for more details."
When calling /gettoken for testing I do receive HTTP 500. Propably as
"privacyidea-fix-access-rights -f
/opt/pirvacyIDEA/etc/privacyidea/privacyidea.ini -u privacyidea" is failing
with some Python stuff again:
(privacyIDEA)[root@privacyID3A privacyIDEA]# privacyidea-fix-access-rights
-f /opt/pirvacyIDEA/etc/privacyidea/privacyidea.ini -u privacyidea
Traceback (most recent call last):
File “/opt/privacyIDEA/bin/privacyidea-fix-access-rights”, line 97, in
main()
File “/opt/privacyIDEA/bin/privacyidea-fix-access-rights”, line 91, in
main
fix_rights(file, user)
File “/opt/privacyIDEA/bin/privacyidea-fix-access-rights”, line 24, in
fix_rights
config.set(“app:main”, “here”, config_path)
File “/usr/lib64/python2.6/ConfigParser.py”, line 377, in set
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: ‘app:main’
Could you provide the two original config files maybe? Would be easier to
follow the tutorial then.
Thanks in advance!
Best Regards
Dirk