You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2023-06-27 10:55:04

Akyrave
Member
From: Lyon
Registered: 2023-06-27
Posts: 4

[SOLVED] [GLPI 10.0.7] [GLPI-Agent] 401 Unauthorized POST with Agent

Hi everyone,

We recently updated our GLPI server from 10.0.5 to 10.0.7.

Technical spec :

  • Server : Debian 11

  • GLPI Server : 10.0.7

  • Inventory : GLPI-Agent 1.4

  • Web Server : Apache 2.4 with PHP 8.1

  • SSO : Yes with GSS

I changed our apache2 site in order to meet the new public folder security standard, but unfortunatly, the agent now can't establish POST request with GLPI.

[Tue Jun 27 10:22:08 2023][info] target server0: server http://myserver/front/inventory.php
[Tue Jun 27 10:22:08 2023][info] sending prolog request to server0
[Tue Jun 27 10:22:08 2023][error] [http client] authentication required, no credentials available
[Tue Jun 27 10:22:08 2023][error] No answer from server at http://myserver/front/inventory.php
[Tue Jun 27 10:22:08 2023][info] target server0: next run: Tue Jun 27 10:54:08 2023 - http://myserver/front/inventory.php
[Tue Jun 27 10:22:08 2023][info] GLPI Agent memory usage: WSS=3215360 PFU=117043200
[Tue Jun 27 10:31:28 2023][info] target server0: server http://myserver/front/inventory.php
[Tue Jun 27 10:31:28 2023][info] sending prolog request to server0
[Tue Jun 27 10:31:28 2023][error] [http client] authentication required, no credentials available
[Tue Jun 27 10:31:28 2023][error] No answer from server at http://myserver/front/inventory.php
[Tue Jun 27 10:31:28 2023][info] target server0: next run: Tue Jun 27 11:31:28 2023 - http://myserver/front/inventory.php
[Tue Jun 27 10:31:28 2023][info] GLPI Agent memory usage: WSS=3231744 PFU=117043200

Here is apache2 conf: 

<VirtualHost helpdesk:80>
        ServerAdmin webmaster@localhost
        ServerName myserver
        DocumentRoot /var/www/glpi-10.7/public
        ServerSignature Off

        ErrorLog ${APACHE_LOG_DIR}/glpi_priv_error.log
        CustomLog ${APACHE_LOG_DIR}/glpi_priv_access.log combined

        <Directory  /var/www/glpi-10.7/public>
                AuthType GSSAPI
                AuthName "Kerberos authenticated intranet with mod_auht_gssapi"
                GssapiCredStore keytab:/etc/kerberos.keytab
                GssapiAllowedMech krb5
                GssapiAllowedMech ntlmssp
                GssapiBasicAuth On
                GssapiLocalName On
                GssapiSSLonly off
                Require valid-user
                RewriteEngine On
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteRule ^(.*)$ index.php [QSA,L]
        </Directory>

        <Location "/front/inventory.php">
                Options FollowSymLinks
                AllowOverride All

                Require all granted
        </Location>

</VirtualHost>

When I cat logs :

192.168.9.34 - - [27/Jun/2023:10:17:05 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.9.49 - - [27/Jun/2023:10:20:20 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.10.55 - - [27/Jun/2023:10:20:23 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.9.28 - - [27/Jun/2023:10:22:08 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.9.46 - - [27/Jun/2023:10:25:01 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.10.129 - - [27/Jun/2023:10:30:04 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.9.28 - - [27/Jun/2023:10:31:28 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.5.32 - - [27/Jun/2023:10:32:26 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.10.55 - - [27/Jun/2023:10:36:23 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"

I tried to add a new redirection, likes below, in Directory, results are 404 error: 

RewriteRule ^front/inventory.php(.*)$ http://myserver/front/inventory.php [NC,L]

 

When I change the documentroot from /var/www/glpi-10.7/public to /var/www/glpi-10.7, GSSAPI doesn't work anymore but the inventory run again as normal.

We don't have any installed plugins.

All help is welcome!
Regards

Last edited by Akyrave (2023-07-03 17:20:06)

Offline

#2 2023-06-27 11:41:54

gbougard
Moderator
From: Montpellier, France
Registered: 2021-07-21
Posts: 537
Website

Re: [SOLVED] [GLPI 10.0.7] [GLPI-Agent] 401 Unauthorized POST with Agent

Hi Akyrave,

can you simply try to remove /front/inventory.php from the url in glpi-agent configuration ?

GLPI-Agent developer from Teclib' and GLPI-Network team
Previously FusionInventory-Agent maintainer

Offline

#3 2023-06-27 12:02:10

Akyrave
Member
From: Lyon
Registered: 2023-06-27
Posts: 4

Re: [SOLVED] [GLPI 10.0.7] [GLPI-Agent] 401 Unauthorized POST with Agent

Hi gbougard,

Thank you for taking part of it.
Do you mean remove /front/inventory.php from the vbs installation script ? 

SetupOptions = "/quiet RUNNOW=1 SERVER='http://myserver/front/inventory.php'"

Modified as 

SetupOptions = "/quiet RUNNOW=1 SERVER='http://myserver/'"

Same error in /var/log/apache2/glpi_priv_access.log (one with /front/inventory.php (previously), two after modification)

192.168.5.45 - - [27/Jun/2023:11:54:15 +0200] "POST /front/inventory.php HTTP/1.1" 401 601 "-" "GLPI-Agent_v1.4"
192.168.9.69 - - [27/Jun/2023:11:59:12 +0200] "POST / HTTP/1.1" 401 716 "-" "GLPI-Agent_v1.4"
192.168.9.69 - - [27/Jun/2023:12:00:12 +0200] "POST / HTTP/1.1" 401 716 "-" "GLPI-Agent_v1.4"

Offline

#4 2023-06-29 16:08:08

Akyrave
Member
From: Lyon
Registered: 2023-06-27
Posts: 4

Re: [SOLVED] [GLPI 10.0.7] [GLPI-Agent] 401 Unauthorized POST with Agent

Hi,

I tried creating two virtualhost : one for GLPI_Agent, one for GLPI -> Getting 404

<VirtualHost helpdesk:80>
	DocumentRoot /var/www/glpi-10.7/front
	ServerSignature Off
	ErrorLog ${APACHE_LOG_DIR}/glpi_priv_error.log
    CustomLog ${APACHE_LOG_DIR}/glpi_priv_access.log combined
	
	<Location "/inventory.php">
		Options FollowSymLinks
		AllowOverride All

		Require all granted
    </Location>
</VirtualHost>
<VirtualHost helpdesk:80>
        ServerAdmin webmaster@localhost
        ServerName myserver
        DocumentRoot /var/www/glpi-10.7/public
        ServerSignature Off

        ErrorLog ${APACHE_LOG_DIR}/glpi_priv_error.log
        CustomLog ${APACHE_LOG_DIR}/glpi_priv_access.log combined

        <Directory  /var/www/glpi-10.7/public>
                AuthType GSSAPI
                AuthName "Kerberos authenticated intranet with mod_auht_gssapi"
                GssapiCredStore keytab:/etc/kerberos.keytab
                GssapiAllowedMech krb5
                GssapiAllowedMech ntlmssp
                GssapiBasicAuth On
                GssapiLocalName On
                GssapiSSLonly off
                Require valid-user
                RewriteEngine On
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteRule ^(.*)$ index.php [QSA,L]
        </Directory>

</VirtualHost>

Here are the log : 

192.168.9.49 - - [29/Jun/2023:15:58:37 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.4"
192.168.9.199 - - [29/Jun/2023:15:58:42 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.5"
192.168.9.89 - - [29/Jun/2023:15:58:58 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.4"
192.168.3.121 - - [29/Jun/2023:15:59:00 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.5"
192.168.10.8 - - [29/Jun/2023:15:59:31 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.5"
192.168.9.49 - - [29/Jun/2023:15:59:48 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.4"
192.168.9.49 - - [29/Jun/2023:16:00:42 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.4"
192.168.9.49 - - [29/Jun/2023:16:00:44 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.4"
192.168.9.49 - - [29/Jun/2023:16:00:51 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.4"
192.168.5.40 - - [29/Jun/2023:16:01:21 +0200] "POST /front/inventory.php HTTP/1.1" 404 413 "-" "GLPI-Agent_v1.4"

Offline

#5 2023-07-03 10:06:08

Akyrave
Member
From: Lyon
Registered: 2023-06-27
Posts: 4

Re: [SOLVED] [GLPI 10.0.7] [GLPI-Agent] 401 Unauthorized POST with Agent

Hello,

So ! I resolved my problem.
I created a new apache2 conf file whom listen port 8081. 

Listen 8081
<VirtualHost helpdesk:8081>
        ServerAdmin webmaster@localhost
        ServerName helpdesk.myserver.com
        DocumentRoot /var/www/glpi-10.7
        #DocumentRoot /var/www/glpi-10.5-old
        ServerSignature Off

        ErrorLog ${APACHE_LOG_DIR}/glpi-agent_pub_error.log
        CustomLog ${APACHE_LOG_DIR}/glpi-agent_pub_access.log combined

        <Location  "/front/inventory.php">
                Require all granted
                AllowOverride All
                Options FollowSymLinks
        </location>
</VirtualHost>

Thank you for your help.
Regards

Last edited by Akyrave (2023-07-03 10:06:30)

Offline

Pages: 1

Board footer

Powered by FluxBB