PDA

View Full Version : Dialup Admin for Freeradius



John_Gill
06-Feb-2015, 14:40
Hi,

Running Sles11sp3 on a XEN VM with Freeradius 2.1x
I am trying to get the dialupadmin web component working.

I have install and configured the freeradius and tested with a dummy user and all is good.
I then created a link as follows: radius # ln -s /usr/share/dialup_admin/htdocs /srv/www/htdocs/dialup
Apache2 has also been started.
I have also created 2 index.html and index.php and firefox displays the pages correctly.
The permissions look correct but I think I might have missed something......

When I point Firefox to http://127.0.0.1/dialup/index.html I get a 403 error (permissions error)
I have tried many variations of the url, but no joy....

Any ideas, recommendations, suggestions or complaints will be appreciated.
Regards
John

John_Gill
09-Feb-2015, 12:57
mmmh, after much digging thru various log files, I now find that the issue is with Apache with the following error:
Symbolic link not allowed or link target not accessible /srv/www/htdocs/dialup
My link to the dialup_admin seems to be right but .......

As always, suggestions, comments or complains etc

ab
09-Feb-2015, 13:11
Does your Apache httpd configuration allow symlinks to be followed? Try a
hard link for a silly test:



rm /srv/www/htdocs/dialup
ln /srv/www/htdocs/dialup_admin/htdocs /srv/www/htdocs/dialup


Alowing symlinks is done via an AllowOverride line (as I recall) in the
configuration files located under /etc/apache2 (again, from memory) but
can also probably be set from Yast if that's the UI you're using for
configuration currently.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

John_Gill
09-Feb-2015, 14:18
Hi ab,

I removed the symbolic link and tried a hard link.. This failed because "hard link not allowed for directory"
When I tried ln -F /usr/share/dialup_admin/htdocs /srv/www/htdocs I get "Operation not permitted"
I also tried the "override option in the /etc/apache2/httpd.conf and when I stopped and started apache2
the apache complained about "Directory index forbidden by options directive"

Regards
John

John_Gill
09-Feb-2015, 14:44
moan, groan, *****, complain .... (so many conf files)
Ok, now edited the file /etc/apache2/default-server.conf and changed the following
Options none => Options Indexes FollowSymLinks
AllowOverride none => AllowOverride all
Order allow,deny => Order deny,allow

Stop and start apache2 and the webadmin page appears (YAH!!)
I might have opened a can of worms with security, so if I should change anything, please let me know ....

Regards
John

jmozdzen
09-Feb-2015, 14:45
Hi John,

> and when I stopped and started apache2 the apache complained about "Directory index forbidden by options directive"

so it seems you're on the right path. Setting up the web server to properly "serve" an application may require more than a single configuration change and should be documented in the application's manual.

Is there, by chance, a ".htaccess" file in /usr/share/dialup_admin/htdocs (which should be reachable as /srv/www/htdocs/.htaccess as well)? Then you might simply need to allow that file to take effect (in the main server configuration), instead of adding all required settings in the main config.

A different approach might be to set up a separate, "virtual" server and set the DocumentRoot to /usr/share/dialup_admin/htdocs - then any additional settings required for your application won't affect the whole web server. You will have to add either an additional IP address or DNS name to distinctively reach that virtual server.

Regards,
Jens

John_Gill
09-Feb-2015, 14:55
There is no ".htaccess" file so I guess the /etc/apache/default-server.conf" is the way to go.

Thanks ab and Jens for you input.

ab
09-Feb-2015, 14:57
On 02/09/2015 06:24 AM, John Gill wrote:
>
> I removed the symbolic link and tried a hard link.. This failed because
> "hard link not allowed for directory"

Doh... I always forget about that one. My bad.

> When I tried ln -F /usr/share/dialup_admin/htdocs /srv/www/htdocs I get
> "Operation not permitted"

You were likely trying to overwrite an existing directory in this case
unless you first removed /srv/www/htdocs, but no matter since you've moved
past this.

> I also tried the "override option in the /etc/apache2/httpd.conf and
> when I stopped and started apache2
> the apache complained about "Directory index forbidden by options
> directive"

Okay, so progress. Now add the default "file" to be accessed; perhaps
this is index.html, or index.php, or similar. If you add it to the
address bar in your browser then the DirectoryIndex feature will not need
to be used and things should load up. Of course, you probably do not want
to specify index.whatever each time you access the site, so making the
DirectoryIndex work is a good idea.

In the default httpd.conf (or linked-in file from httpd.conf) there is
probably a <Directory/> block which specifies the allowed options for this
directory. You can either change these options, or allow overrides and
then use an .htaccess file within your 'htdocs' directory to allow these
options to work. Generally speaking if you own the server I'd just add an
exception to the rule via a <Directory/> block:



<Directory /usr/share/dialup_admin/htdocs>
Options +Indexes
</Directory>


(or something like that)

Be sure to restart httpd to apply the change.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...