Baculum: Cannot add non-admin users

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Baculum: Cannot add non-admin users

Sergio Belkin-2
Hi,

I use bacula 7.0.5, apache 2.4.6 and baculum-7.4.0-1.el7.centos.noarch

I have no problems configuring only an admin user. But I cannot add non-admin users:

This what I did:

1) Run wizard

So I get the following settings file:

type = "mysql"
name = "bacula"
login = "bacula"
password = "XXXXXX"
ip_addr = "localhost"
port = "3306"
path = ""

[bconsole]
bin_path = "/usr/sbin/bconsole"
cfg_path = "/etc/bacula/bconsole.conf"
cfg_custom_path = "/etc/bacula/bconsole-{user}.conf"
use_sudo = "1"

[baculum]
login = "admin"
password = "XXXXX"
debug = "0"
lang = "en"


EOF

Then I add a new user through web UI, and now users files is as follows:

cat /etc/baculum/Data-apache/baculum.users

admin:xxxxxxxxxxxx
esteban:xxxxxxxxxxx

Of corse I've obfuscated passwords.

When I try to login browser prompts me to enter user and password again

apache error logs:

[Sun Jan 15 18:20:56.469640 2017] [auth_basic:error] [pid 5322] [client 192.168.6.26:60056] AH01617: user admin: authentication failure for "/": Password Mismatch, referer: http://192.168.6.85:9095/

I've tried even using htpasswd by hand with no success.

Also I have bconsole file: /etc/bacula/bconsole-esteban.conf

Console {
    Name = "BaculaRestrictedUser"
    Password = "XXXXXXf"
    CommandACL = run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
    CatalogACL = *all*
    ClientACL = user-fd
    JobACL = somejob1,userjob
    PoolACL = Full-Pool
    StorageACL = VTL
    FileSetACL = somejob1-fileset,userjobFileSet3
    WhereACL = *all*
}



Am I doing something wrong?

Thanks in advance!'
~


--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users
Reply | Threaded
Open this post in threaded view
|

Re: Baculum: Cannot add non-admin users

Sergio Belkin-2


2017-01-15 18:45 GMT-03:00 Sergio Belkin <[hidden email]>:
Hi,

I use bacula 7.0.5, apache 2.4.6 and baculum-7.4.0-1.el7.centos.noarch

I have no problems configuring only an admin user. But I cannot add non-admin users:

This what I did:

1) Run wizard

So I get the following settings file:

type = "mysql"
name = "bacula"
login = "bacula"
password = "XXXXXX"
ip_addr = "localhost"
port = "3306"
path = ""

[bconsole]
bin_path = "/usr/sbin/bconsole"
cfg_path = "/etc/bacula/bconsole.conf"
cfg_custom_path = "/etc/bacula/bconsole-{user}.conf"
use_sudo = "1"

[baculum]
login = "admin"
password = "XXXXX"
debug = "0"
lang = "en"


EOF

Then I add a new user through web UI, and now users files is as follows:

cat /etc/baculum/Data-apache/baculum.users

admin:xxxxxxxxxxxx
esteban:xxxxxxxxxxx

Of corse I've obfuscated passwords.

When I try to login browser prompts me to enter user and password again

apache error logs:

[Sun Jan 15 18:20:56.469640 2017] [auth_basic:error] [pid 5322] [client 192.168.6.26:60056] AH01617: user admin: authentication failure for "/": Password Mismatch, referer: http://192.168.6.85:9095/

I've tried even using htpasswd by hand with no success.

Also I have bconsole file: /etc/bacula/bconsole-esteban.conf

Console {
    Name = "BaculaRestrictedUser"
    Password = "XXXXXXf"
    CommandACL = run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
    CatalogACL = *all*
    ClientACL = user-fd
    JobACL = somejob1,userjob
    PoolACL = Full-Pool
    StorageACL = VTL
    FileSetACL = somejob1-fileset,userjobFileSet3
    WhereACL = *all*
}



Am I doing something wrong?

Thanks in advance!'
~


--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org


Well, now I get this error:

Baculum problem

Error 4 - problem with connection to bconsole.

________________________________
What can I do

Please check if Bacula Director service is running.
Please check in shell console if bconsole program is able to connect to Bacula Director service.
Please be sure if Web Server user is allowed for executing bconsole program.
You can login to shell console as Web Server user and try to run bconsole program.
Please re-run Baculum Initial Wizard and on step "Console" please perform connection test.

TRY AGAIN

1 )Bacula Director is running:


● bacula-dir.service - Bacula-Director, the Backup-server
   Loaded: loaded (/usr/lib/systemd/system/bacula-dir.service; enabled; vendor preset: disabled)
   Active: active (running) since dom 2017-01-15 19:05:05 ART; 5s ago
     Docs: man:bacula-dir(8)
 Main PID: 7876 (bacula-dir)
   CGroup: /system.slice/bacula-dir.service
           └─7876 /usr/sbin/bacula-dir -f -c /etc/bacula/bacula-dir.conf -u bacu...

ene 15 19:05:05 backup.zanella.local systemd[1]: Started Bacula-Director, the B....
ene 15 19:05:05 backup.zanella.local systemd[1]: Starting Bacula-Director, the ....
Hint: Some lines were ellipsized, use -l to show in full.

2) bconsole can connect to Director:

bconsole
Connecting to Director localhost:9101
1000 OK: 1 bacula-dir Version: 7.0.5 (28 July 2014)
Enter a period to cancel a command.
}

BUT it cannot connect using /etc/bacula/bconsole-esteban.conf:

 bconsole -c /etc/bacula/bconsole-esteban.conf 15-ene 19:07 bconsole: ERROR TERMINATION at parse_conf.c:981
Config error: Keyword "CommandACL" not permitted in this resource.
Perhaps you left the trailing brace off of the previous resource.
            : line 4, col 15 of file /etc/bacula/bconsole-esteban.conf
    CommandACL = run

3) Same error with apache user

Any ideas?

Thanks in advance!

--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users
Reply | Threaded
Open this post in threaded view
|

Re: Baculum: Cannot add non-admin users

Marcin Haba
Hello Sergio,

This Console resource should be stored in Director configuration, not
in Bconsole configuration:

Console {
    Name = "BaculaRestrictedUser"
    Password = "XXXXXXf"
    CommandACL =
run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
    CatalogACL = *all*
    ClientACL = user-fd
    JobACL = somejob1,userjob
    PoolACL = Full-Pool
    StorageACL = VTL
    FileSetACL = somejob1-fileset,userjobFileSet3
    WhereACL = *all*
}

In Bconsole config you need to define Console resource as well but
with a bit different content.

Here you can see more information:

http://www.bacula.org/7.4.x-manuals/en/main/Console_Configuration.html

Please let know if it works after correction.

Good luck.

Best regards.
Marcin Haba (gani)

On 15 January 2017 at 23:08, Sergio Belkin <[hidden email]> wrote:

>
>
> 2017-01-15 18:45 GMT-03:00 Sergio Belkin <[hidden email]>:
>>
>> Hi,
>>
>> I use bacula 7.0.5, apache 2.4.6 and baculum-7.4.0-1.el7.centos.noarch
>>
>> I have no problems configuring only an admin user. But I cannot add
>> non-admin users:
>>
>> This what I did:
>>
>> 1) Run wizard
>>
>> So I get the following settings file:
>>
>> type = "mysql"
>> name = "bacula"
>> login = "bacula"
>> password = "XXXXXX"
>> ip_addr = "localhost"
>> port = "3306"
>> path = ""
>>
>> [bconsole]
>> bin_path = "/usr/sbin/bconsole"
>> cfg_path = "/etc/bacula/bconsole.conf"
>> cfg_custom_path = "/etc/bacula/bconsole-{user}.conf"
>> use_sudo = "1"
>>
>> [baculum]
>> login = "admin"
>> password = "XXXXX"
>> debug = "0"
>> lang = "en"
>>
>>
>> EOF
>>
>> Then I add a new user through web UI, and now users files is as follows:
>>
>> cat /etc/baculum/Data-apache/baculum.users
>>
>> admin:xxxxxxxxxxxx
>> esteban:xxxxxxxxxxx
>>
>> Of corse I've obfuscated passwords.
>>
>> When I try to login browser prompts me to enter user and password again
>>
>> apache error logs:
>>
>> [Sun Jan 15 18:20:56.469640 2017] [auth_basic:error] [pid 5322] [client
>> 192.168.6.26:60056] AH01617: user admin: authentication failure for "/":
>> Password Mismatch, referer: http://192.168.6.85:9095/
>>
>> I've tried even using htpasswd by hand with no success.
>>
>> Also I have bconsole file: /etc/bacula/bconsole-esteban.conf
>>
>> Console {
>>     Name = "BaculaRestrictedUser"
>>     Password = "XXXXXXf"
>>     CommandACL =
>> run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
>>     CatalogACL = *all*
>>     ClientACL = user-fd
>>     JobACL = somejob1,userjob
>>     PoolACL = Full-Pool
>>     StorageACL = VTL
>>     FileSetACL = somejob1-fileset,userjobFileSet3
>>     WhereACL = *all*
>> }
>>
>>
>>
>> Am I doing something wrong?
>>
>> Thanks in advance!'
>> ~
>>
>>
>> --
>> --
>> Sergio Belkin
>> LPIC-2 Certified - http://www.lpi.org
>
>
>
> Well, now I get this error:
>
> Baculum problem
>
> Error 4 - problem with connection to bconsole.
>
> ________________________________
> What can I do
>
> Please check if Bacula Director service is running.
> Please check in shell console if bconsole program is able to connect to
> Bacula Director service.
> Please be sure if Web Server user is allowed for executing bconsole program.
> You can login to shell console as Web Server user and try to run bconsole
> program.
> Please re-run Baculum Initial Wizard and on step "Console" please perform
> connection test.
>
> TRY AGAIN
>
> 1 )Bacula Director is running:
>
>
> ● bacula-dir.service - Bacula-Director, the Backup-server
>    Loaded: loaded (/usr/lib/systemd/system/bacula-dir.service; enabled;
> vendor preset: disabled)
>    Active: active (running) since dom 2017-01-15 19:05:05 ART; 5s ago
>      Docs: man:bacula-dir(8)
>  Main PID: 7876 (bacula-dir)
>    CGroup: /system.slice/bacula-dir.service
>            └─7876 /usr/sbin/bacula-dir -f -c /etc/bacula/bacula-dir.conf -u
> bacu...
>
> ene 15 19:05:05 backup.zanella.local systemd[1]: Started Bacula-Director,
> the B....
> ene 15 19:05:05 backup.zanella.local systemd[1]: Starting Bacula-Director,
> the ....
> Hint: Some lines were ellipsized, use -l to show in full.
>
> 2) bconsole can connect to Director:
>
> bconsole
> Connecting to Director localhost:9101
> 1000 OK: 1 bacula-dir Version: 7.0.5 (28 July 2014)
> Enter a period to cancel a command.
> }
>
> BUT it cannot connect using /etc/bacula/bconsole-esteban.conf:
>
>  bconsole -c /etc/bacula/bconsole-esteban.conf 15-ene 19:07 bconsole: ERROR
> TERMINATION at parse_conf.c:981
> Config error: Keyword "CommandACL" not permitted in this resource.
> Perhaps you left the trailing brace off of the previous resource.
>             : line 4, col 15 of file /etc/bacula/bconsole-esteban.conf
>     CommandACL = run
>
> 3) Same error with apache user
>
> Any ideas?
>
> Thanks in advance!
>
> --
> --
> Sergio Belkin
> LPIC-2 Certified - http://www.lpi.org
>
> ------------------------------------------------------------------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today. http://sdm.link/xeonphi
> _______________________________________________
> Bacula-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>



--
"Greater love hath no man than this, that a man lay down his life for
his friends." Jesus Christ

"Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie
za przyjaciół swoich." Jezus Chrystus

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users
Reply | Threaded
Open this post in threaded view
|

Re: Baculum: Cannot add non-admin users

Sergio Belkin-2
Marcin, thanks a lot!

It worked!

Because of that I think that http://www.bacula.org/7.4.x-manuals/en/console/Baculum_Web_GUI_Tool.html#SECTION00360000000000000000 instructions are a bit misleading, it would be nice if made clear that this example goes to /etc/bacula/bacula-dir.conf

Greetings

2017-01-16 4:05 GMT-03:00 Marcin Haba <[hidden email]>:
Hello Sergio,

This Console resource should be stored in Director configuration, not
in Bconsole configuration:

Console {
    Name = "BaculaRestrictedUser"
    Password = "XXXXXXf"
    CommandACL =
run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
    CatalogACL = *all*
    ClientACL = user-fd
    JobACL = somejob1,userjob
    PoolACL = Full-Pool
    StorageACL = VTL
    FileSetACL = somejob1-fileset,userjobFileSet3
    WhereACL = *all*
}

In Bconsole config you need to define Console resource as well but
with a bit different content.

Here you can see more information:

http://www.bacula.org/7.4.x-manuals/en/main/Console_Configuration.html

Please let know if it works after correction.

Good luck.

Best regards.
Marcin Haba (gani)

On 15 January 2017 at 23:08, Sergio Belkin <[hidden email]> wrote:
>
>
> 2017-01-15 18:45 GMT-03:00 Sergio Belkin <[hidden email]>:
>>
>> Hi,
>>
>> I use bacula 7.0.5, apache 2.4.6 and baculum-7.4.0-1.el7.centos.noarch
>>
>> I have no problems configuring only an admin user. But I cannot add
>> non-admin users:
>>
>> This what I did:
>>
>> 1) Run wizard
>>
>> So I get the following settings file:
>>
>> type = "mysql"
>> name = "bacula"
>> login = "bacula"
>> password = "XXXXXX"
>> ip_addr = "localhost"
>> port = "3306"
>> path = ""
>>
>> [bconsole]
>> bin_path = "/usr/sbin/bconsole"
>> cfg_path = "/etc/bacula/bconsole.conf"
>> cfg_custom_path = "/etc/bacula/bconsole-{user}.conf"
>> use_sudo = "1"
>>
>> [baculum]
>> login = "admin"
>> password = "XXXXX"
>> debug = "0"
>> lang = "en"
>>
>>
>> EOF
>>
>> Then I add a new user through web UI, and now users files is as follows:
>>
>> cat /etc/baculum/Data-apache/baculum.users
>>
>> admin:xxxxxxxxxxxx
>> esteban:xxxxxxxxxxx
>>
>> Of corse I've obfuscated passwords.
>>
>> When I try to login browser prompts me to enter user and password again
>>
>> apache error logs:
>>
>> [Sun Jan 15 18:20:56.469640 2017] [auth_basic:error] [pid 5322] [client
>> 192.168.6.26:60056] AH01617: user admin: authentication failure for "/":
>> Password Mismatch, referer: http://192.168.6.85:9095/
>>
>> I've tried even using htpasswd by hand with no success.
>>
>> Also I have bconsole file: /etc/bacula/bconsole-esteban.conf
>>
>> Console {
>>     Name = "BaculaRestrictedUser"
>>     Password = "XXXXXXf"
>>     CommandACL =
>> run,show,.client,.jobs,.fileset,.pool,.storage,.jobs,.bvfs_update,.bvfs_lsdirs,.bvfs_lsfiles,.bvfs_versions,.bvfs_get_jobids,.bvfs_restore,restore
>>     CatalogACL = *all*
>>     ClientACL = user-fd
>>     JobACL = somejob1,userjob
>>     PoolACL = Full-Pool
>>     StorageACL = VTL
>>     FileSetACL = somejob1-fileset,userjobFileSet3
>>     WhereACL = *all*
>> }
>>
>>
>>
>> Am I doing something wrong?
>>
>> Thanks in advance!'
>> ~
>>
>>
>> --
>> --
>> Sergio Belkin
>> LPIC-2 Certified - http://www.lpi.org
>
>
>
> Well, now I get this error:
>
> Baculum problem
>
> Error 4 - problem with connection to bconsole.
>
> ________________________________
> What can I do
>
> Please check if Bacula Director service is running.
> Please check in shell console if bconsole program is able to connect to
> Bacula Director service.
> Please be sure if Web Server user is allowed for executing bconsole program.
> You can login to shell console as Web Server user and try to run bconsole
> program.
> Please re-run Baculum Initial Wizard and on step "Console" please perform
> connection test.
>
> TRY AGAIN
>
> 1 )Bacula Director is running:
>
>
> ● bacula-dir.service - Bacula-Director, the Backup-server
>    Loaded: loaded (/usr/lib/systemd/system/bacula-dir.service; enabled;
> vendor preset: disabled)
>    Active: active (running) since dom 2017-01-15 19:05:05 ART; 5s ago
>      Docs: man:bacula-dir(8)
>  Main PID: 7876 (bacula-dir)
>    CGroup: /system.slice/bacula-dir.service
>            └─7876 /usr/sbin/bacula-dir -f -c /etc/bacula/bacula-dir.conf -u
> bacu...
>
> ene 15 19:05:05 backup.zanella.local systemd[1]: Started Bacula-Director,
> the B....
> ene 15 19:05:05 backup.zanella.local systemd[1]: Starting Bacula-Director,
> the ....
> Hint: Some lines were ellipsized, use -l to show in full.
>
> 2) bconsole can connect to Director:
>
> bconsole
> Connecting to Director localhost:9101
> 1000 OK: 1 bacula-dir Version: 7.0.5 (28 July 2014)
> Enter a period to cancel a command.
> }
>
> BUT it cannot connect using /etc/bacula/bconsole-esteban.conf:
>
>  bconsole -c /etc/bacula/bconsole-esteban.conf 15-ene 19:07 bconsole: ERROR
> TERMINATION at parse_conf.c:981
> Config error: Keyword "CommandACL" not permitted in this resource.
> Perhaps you left the trailing brace off of the previous resource.
>             : line 4, col 15 of file /etc/bacula/bconsole-esteban.conf
>     CommandACL = run
>
> 3) Same error with apache user
>
> Any ideas?
>
> Thanks in advance!
>
> --
> --
> Sergio Belkin
> LPIC-2 Certified - http://www.lpi.org
>
> ------------------------------------------------------------------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today. http://sdm.link/xeonphi
> _______________________________________________
> Bacula-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>



--
"Greater love hath no man than this, that a man lay down his life for
his friends." Jesus Christ

"Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie
za przyjaciół swoich." Jezus Chrystus



--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/bacula-users