ImportError: No module named privacyidea.app
335 views
Skip to first unread message
John Whitten
Jan 8, 2016, 1:24:22 AM1/8/16
to privacyidea
Hello,
I have been working to get this PrivacyIDEA software installed on a CentOS 6.5 system, along with FreeRADIUS.
I have been mostly following the directions in these three documents (none of them appears to be entirely accurate):
CentOS install:
Python Install:
PrivacyIdea Documentation Latest:
Between the various documents though, and a whole lot of trial and error, I have gotten it mostly working I think. The actual installation files are from using the "Python PIP Install" method, so are whichever version are available that way. (I'm not a Python guy). Also I should mention that I figured out that it doesn't work with Python 2.6 and have installed Python 2.7. As soon as I did that, the install went very smoothly. You should probably note that someplace in the documents and save people a whole lot of time.
Anyway, I have come to the part where I'm hooking up FreeRADIUS and it keeps bombing with the following message:
==> /var/log/httpd/error.log <==
[Thu Jan 07 23:27:48 2016] [error] [client 10.200.1.10] mod_wsgi (pid=24859): Target WSGI script '/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi' cannot be loaded as Python module.
[Thu Jan 07 23:27:48 2016] [error] [client 10.200.1.10] mod_wsgi (pid=24859): Exception occurred processing WSGI script '/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi'.
[Thu Jan 07 23:27:48 2016] [error] Traceback (most recent call last):
[Thu Jan 07 23:27:48 2016] [error] File "/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Thu Jan 07 23:27:48 2016] [error] from privacyidea.app import create_app
[Thu Jan 07 23:27:48 2016] [error] ImportError: No module named privacyidea.app
RADIUS itself seems to be working fine. I had it set up originally and tested it with the test radius client and it all seemed to work fine. I now have it configured to call the "privacyidea_radius.pm" module from /etc/raddb/modules/perl. I had to correct the path as below:
perl {
# module = /opt/privacyIDEA/privacyidea_radius.pm
module = /opt/privacyIDEA/lib/privacyidea/authmodules/FreeRADIUS/privacyidea_radius.pm
}
When I try to authenticate using the test client now, I get the above error message, apparently looking for something called "privacyidea.app". There is nothing on my system anywhere with that name, and I cannot find any good reference to it online apart from a brief mention here and there with respect to the "perl" file in the RADIUS modules directory.
Can you assist me? I am under the gun to get this worked out and I'm having a heck of a time getting everything set up and working.
I have gotten the PrivacyIDEA web portion itself worked out. I have been able to login as Admin, set up a Realm, connect it to our Active Directory and whatnot, and all that seems to work. I also was able to login to the PrivacyIDEA as a user and enroll myself a token. I got the FreeOTP Android App for my smartphone from Google Play, and used the QR feature to set up the token into the FreeOTP app. All of that went very smoothly and without much problem.
But when I go to try to authenticate with it, I run into the problem above.
Thanks for any assistance you can provide!
John Whitten
Cornelius Kölbel
Jan 8, 2016, 2:31:59 AM1/8/16
to priva...@googlegroups.com
Hello John,
thanks for the feedback regarding the installation instructions.
This is the official instruction
http://privacyidea.readthedocs.org/en/latest/installation/index.html
I will add a note, that it needs python 2.7.
Good news: If you are able to access the web ui, authenticating with
FreeRADIUS will also work in a moment.
I assume you are accessing the webui at an URL like
https://yourserver/
i.e. in the root directory?
Then the FreeRADIUS would have to call
https://yourserver/validate/check
I think the FreeRADIUS privacyIDEA plugin is just not completely
configured yet.
See
http://privacyidea.readthedocs.org/en/latest/application_plugins/radius.html?highlight=freeradius
Have you created any /opt/privacyidea/rlm_perl.ini file yet?
I recommend creating a file
/etc/privacyidea/rlm_perl.ini
with the following content:
[Default]
URL = https://your.server/validate/check
SSL_CHECK = false
DEBUG = true
adapt the URL accordingly.
You should change SSL_CHECK to true, later. I.e. you need to get a
trusted certificate, if privacyIDEA is running on another server than
freeradius.
Starting with DEBUG=true gives you some good ideas about whats going on.
Please tell, if it was your rlm_perl.ini that was missing.
Kind regards
Cornelius
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/d7f639b0-bfcd-403a-a6c8-c176e7d66519%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
thanks for the feedback regarding the installation instructions.
This is the official instruction
http://privacyidea.readthedocs.org/en/latest/installation/index.html
I will add a note, that it needs python 2.7.
Good news: If you are able to access the web ui, authenticating with
FreeRADIUS will also work in a moment.
I assume you are accessing the webui at an URL like
https://yourserver/
i.e. in the root directory?
Then the FreeRADIUS would have to call
https://yourserver/validate/check
I think the FreeRADIUS privacyIDEA plugin is just not completely
configured yet.
See
http://privacyidea.readthedocs.org/en/latest/application_plugins/radius.html?highlight=freeradius
Have you created any /opt/privacyidea/rlm_perl.ini file yet?
I recommend creating a file
/etc/privacyidea/rlm_perl.ini
with the following content:
[Default]
URL = https://your.server/validate/check
SSL_CHECK = false
DEBUG = true
adapt the URL accordingly.
You should change SSL_CHECK to true, later. I.e. you need to get a
trusted certificate, if privacyIDEA is running on another server than
freeradius.
Starting with DEBUG=true gives you some good ideas about whats going on.
Please tell, if it was your rlm_perl.ini that was missing.
Kind regards
Cornelius
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/privacyidea/d7f639b0-bfcd-403a-a6c8-c176e7d66519%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
John Whitten
Jan 8, 2016, 9:02:44 AM1/8/16
to privacyidea
Hi Cornelius,
Thanks for the quick reply.
Yes, you were correct that my "rlm_perl.ini" file was missing. But, sadly, adding the file and adjusting the params did not resolve the issue. In fact, the problem remains the same:
[root@myhost FreeRADIUS]# echo "User-Name=user, Password=pin123456" | radclient -sx localhost auth 'OURSECRET'
Sending Access-Request of id 127 to 127.0.0.1 port 1812
User-Name = "user"
Password = "pin123456"
==> /var/log/httpd/error.log <==
[Fri Jan 08 08:53:23 2016] [error] [client 127.0.0.1] mod_wsgi (pid=24859): Target WSGI script '/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi' cannot be loaded as Python module.
[Fri Jan 08 08:53:23 2016] [error] [client 127.0.0.1] mod_wsgi (pid=24859): Exception occurred processing WSGI script '/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi'.
[Fri Jan 08 08:53:23 2016] [error] Traceback (most recent call last):
[Fri Jan 08 08:53:23 2016] [error] File "/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Fri Jan 08 08:53:23 2016] [error] from privacyidea.app import create_app
[Fri Jan 08 08:53:23 2016] [error] ImportError: No module named privacyidea.app
==> /var/log/httpd/ssl_access.log <==
127.0.0.1 - - [08/Jan/2016:08:53:23 -0500] 500 "POST /validate/check HTTP/1.1" 599 "-" "libwww-perl/6.15"
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=127, length=75
Reply-Message = "privacyIDEA request failed: 500 Internal Server Error"
Total approved auths: 0
Total denied auths: 1
Total lost auths: 0
---
Here is what the "rlm_perl.ini" file now contains:
[Default]
REALM = myrealm
#RESCONF = someResolver
#SSL_CHECK = true
SSL_CHECK = false
DEBUG = true
---
BTW, the result is the same with or without the port 5000 part. I tried removing it and it is still bombing with the import error. It is apparently looking for something called "privacyidea.app" and there is nothing with that name on my system, or available on your site as far as I can tell. At least not directly.
It feels to me like I am very close to getting this thing up and running! So I am hopeful! ;-)
John
Cornelius Kölbel
Jan 8, 2016, 3:54:43 PM1/8/16
to priva...@googlegroups.com
Hello John,
1. Check the configuration
The httpd error log says
file /opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi look like?
b) How does your apache config look like?
I suspect that that you have two different configurations, one that
works when accessing the UI and on that does not work and is accessed
when issuing the authentication request.
2. Check the API without the FreeRADIUS
Please execute
https://yourhost/validate/check?user=....&pass=...
in your browser and take a look at the result.
Or course you must not use the port 5000 unless you are running the
Apache SSL on 5000.
3. Check the log file
The FreeRADIUS reply message says:
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=127,
length=75
Reply-Message = "privacyIDEA request failed: 500 Internal Server
Error"
So please check the privacyIDEA log.
4. Debug
You enabled DEBUG=true in the your rlm_perl.ini.
So you should get more privacyIDEA specific output when running
freeradius -X
You did not post this. Can you do so?
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/2e9e6914-9e02-458d-9656-e73d5613e152%40googlegroups.com.
1. Check the configuration
The httpd error log says
Target WSGI script
'/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi' cannot be loaded
as Python module
a) How does the
'/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi' cannot be loaded
as Python module
file /opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi look like?
b) How does your apache config look like?
I suspect that that you have two different configurations, one that
works when accessing the UI and on that does not work and is accessed
when issuing the authentication request.
2. Check the API without the FreeRADIUS
Please execute
https://yourhost/validate/check?user=....&pass=...
in your browser and take a look at the result.
Or course you must not use the port 5000 unless you are running the
Apache SSL on 5000.
3. Check the log file
The FreeRADIUS reply message says:
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=127,
length=75
Reply-Message = "privacyIDEA request failed: 500 Internal Server
Error"
4. Debug
You enabled DEBUG=true in the your rlm_perl.ini.
So you should get more privacyIDEA specific output when running
freeradius -X
You did not post this. Can you do so?
Kind regards
Cornelius
John Whitten
Jan 11, 2016, 10:58:28 AM1/11/16
to privacyidea
Hello Cornelius,
1. How does the file /opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi look like?
[root@MyHost privacyidea]# cat /opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi
import sys
sys.stdout = sys.stderr
from privacyidea.app import create_app
# Now we can select the config file:
application = create_app(config_name="production", config_file="/etc/privacyidea/pi.cfg")
2. When I run it via Apache I get a "500 Server Error" and the error log contains the message about the "privacyidea.app" issue:
==> /var/log/httpd/error.log <==
[Sun Jan 10 01:25:29 2016] [error] [client 192.168.3.204] mod_wsgi (pid=24859): Target WSGI script '/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi' cannot be loaded as Python module.
[Sun Jan 10 01:25:29 2016] [error] [client 192.168.3.204] mod_wsgi (pid=24859): Exception occurred processing WSGI script '/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi'.
[Sun Jan 10 01:25:29 2016] [error] Traceback (most recent call last):
[Sun Jan 10 01:25:29 2016] [error] File "/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Sun Jan 10 01:25:29 2016] [error] from privacyidea.app import create_app
[Sun Jan 10 01:25:29 2016] [error] ImportError: No module named privacyidea.app
When I run it (via the "pi-manage runserver" method which is set to operate on port 5000), it logs me in and I get a "token/list" url and a page which should be showing me tokens, but for some reason it does not show any listed. There should be two tokens registered for the username I'm using. Here is the command line I'm using:
pi-manage runserver -h MyHost -p 5000 -d -r
3. This is what I get from the privacyidea.log:
[2016-01-11 10:29:28,768][25056][140316471326464][DEBUG][privacyidea.api.lib.utils:235] Can not get param: No JSON object could be decoded
4. Post output of Freeradius -X
Request:
[root@MyHost FreeRADIUS]# echo "User-Name=SomeUser@SomeRealm, Password=SomePassword" | radclient -sx localhost auth 'OurSecret'
Sending Access-Request of id 89 to 127.0.0.1 port 1812
User-Name = "SomeUser@SomeRealm"
Password = "SomePassword"
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=89, length=75
Reply-Message = "privacyIDEA request failed: 500 Internal Server Error"
Total approved auths: 0
Total denied auths: 1
Total lost auths: 0
Debug Output:
rad_recv: Access-Request packet from host 127.0.0.1 port 54525, id=89, length=55
User-Name = "SomeUser@SomeRealm"
User-Password = "SomePassword"
# Executing section authorize from file /etc/raddb/sites-enabled/privacyidea
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] Looking up realm "SomeRealm" for User-Name = "SomeUser@SomeRealm"
[suffix] No such realm "SomeRealm"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 183
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = perl
# Executing group from file /etc/raddb/sites-enabled/privacyidea
+group authenticate {
rlm_perl: Config File not found!
rlm_perl: Default URL https://127.0.0.1/validate/check
rlm_perl: Looking for config for auth-type perl
rlm_perl: Warning:
rlm_perl: Auth-Type: perl
rlm_perl: url: https://127.0.0.1/validate/check
rlm_perl: user sent to privacyidea: SomeUser@SomeRealm
rlm_perl: realm sent to privacyidea:
rlm_perl: resolver sent to privacyidea:
rlm_perl: client sent to privacyidea: 127.0.0.1
rlm_perl: state sent to privacyidea:
rlm_perl: urlparam client
rlm_perl: urlparam pass
rlm_perl: urlparam user
rlm_perl: Not verifying SSL certificate!
rlm_perl: privacyIDEA request failed: 500 Internal Server Error
rlm_perl: return RLM_MODULE_FAIL
rlm_perl: Added pair User-Name = SomeUser@SomeRealm
rlm_perl: Added pair User-Password = SomePassword
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Reply-Message = privacyIDEA request failed: 500 Internal Server Error
rlm_perl: Added pair Auth-Type = perl
++[perl] = fail
+} # group authenticate = fail
Failed to authenticate the user.
Delaying reject of request 15 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 15
Sending Access-Reject of id 89 to 127.0.0.1 port 54525
Reply-Message = "privacyIDEA request failed: 500 Internal Server Error"
Waking up in 4.9 seconds.
Cleaning up request 15 ID 89 with timestamp +409247
Ready to process requests.
You didn't ask, but here is my Apache config:
[root@MyHost conf.d]# cat privacyidea.conf
TraceEnable on
ServerSignature Off
ServerTokens Prod
WSGIPythonHome /opt/privacyIDEA
WSGISocketPrefix /var/run/wsgi
#############################################
## Redirect All Port 80 Accesses to Port 443
#############################################
#<VirtualHost _default_:80>
# ServerAdmin webmaster@localhost
# ServerName localhost
# RewriteEngine On
# RewriteCond %{HTTPS} !=On
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#</VirtualHost>
#############################################
## Handle Port 443 Accesses
#############################################
#<VirtualHost _default_:443>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName localhost
DocumentRoot /var/www
<Directory />
# Require all granted
Allow from all
Options FollowSymLinks
AllowOverride None
</Directory>
# WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi
WSGIScriptAlias / /opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi
# The daemon is running as user 'privacyidea'
# This user should have access to the encKey database encryption file
WSGIDaemonProcess privacyidea python-path=/etc/privacyidea:/opt/privacyIDEA/lib/python2.7/site-packages processes=1 threads=15 display-name=%{GROUP} user=privacyidea
WSGIProcessGroup privacyidea
WSGIPassAuthorization On
## Logging
ErrorLog /var/log/httpd/error.log
LogLevel warn
# Do not use %q! This will reveal all parameters, including setting PINs and Keys!
# Using SSL_CLINET_S_DN_CN will show you, which administrator did what task
#LogFormat "%h %l %u %t %>s \"%m %U %H\" %b \"%{Referer}i\" \"%{User-agent}i\"" privacyIDEA
LogFormat "%h %l %u %t %>s \"%m %U %H\" %b \"%{Referer}i\" \"%{User-agent}i\" %q" privacyIDEA
CustomLog /var/log/httpd/ssl_access.log privacyIDEA
SSLEngine On
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AES256:DHE+AES256:EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
SSLCertificateFile /etc/pki/tls/certs/privacyideaserver.pem
SSLCertificateKeyFile /etc/pki/tls/private/privacyideaserver.key
</VirtualHost>
IMO, while I may very well have other issues in the setup, the biggest problem always seems to come back to this one item:
[Sat Jan 09 01:25:22 2016] [error] File "/opt/privacyIDEA/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Sat Jan 09 01:25:22 2016] [error] from privacyidea.app import create_app
[Sat Jan 09 01:25:22 2016] [error] ImportError: No module named privacyidea.app
Thanks for all of your kind assistance! I really appreciate your help.
John
Cornelius Kölbel
Jan 11, 2016, 11:47:15 AM1/11/16
to priva...@googlegroups.com
Hello John,
the "privacyidea.app" in fact indicates that there is something wrong
with your python setup. In certain cases the WSGI process does not find
the complete python environment.
Which howto did you use to install?
-> This is the change to improve the documentation :-)
We do not need to take a look at FreeRADIUS now, since your privacyIDEA
installation seems messed up.
Kind regards
Cornelius
> https://groups.google.com/d/msgid/privacyidea/107f7393-dd39-4671-b0be-5908b9b5a5c5%40googlegroups.com.
the "privacyidea.app" in fact indicates that there is something wrong
with your python setup. In certain cases the WSGI process does not find
the complete python environment.
Which howto did you use to install?
-> This is the change to improve the documentation :-)
We do not need to take a look at FreeRADIUS now, since your privacyIDEA
installation seems messed up.
Kind regards
Cornelius
Michael Muenz
Jul 6, 2016, 8:17:07 AM7/6/16
to privacyidea
Hi,
I installed PI 2.13 via PiP on a fresh Debian 8 and have the same issue here.
Running via py-manage runserver I can access the system, but via apache / wsgi I get:
[Wed Jul 06 14:12:55.024738 2016] [wsgi:error] [pid 17269:tid 139826853345024] [remote X:59909] mod_wsgi (pid=17269): Target WSGI script '/etc/privacyidea/privacyideaapp.wsgi' cannot be loaded as Python module.
[Wed Jul 06 14:12:55.024797 2016] [wsgi:error] [pid 17269:tid 139826853345024] [remote X:59909] mod_wsgi (pid=17269): Exception occurred processing WSGI script '/etc/privacyidea/privacyideaapp.wsgi'.
[Wed Jul 06 14:12:55.024837 2016] [wsgi:error] [pid 17269:tid 139826853345024] [remote X:59909] Traceback (most recent call last):
[Wed Jul 06 14:12:55.024875 2016] [wsgi:error] [pid 17269:tid 139826853345024] [remote X:59909] File "/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Wed Jul 06 14:12:55.024929 2016] [wsgi:error] [pid 17269:tid 139826853345024] [remote X:59909] from privacyidea.app import create_app
[Wed Jul 06 14:12:55.024964 2016] [wsgi:error] [pid 17269:tid 139826853345024] [remote X:59909] ImportError: No module named privacyidea.app
[Wed Jul 06 14:12:55.125165 2016] [wsgi:error] [pid 17269:tid 139826937272064] [remote X:59909] mod_wsgi (pid=17269): Target WSGI script '/etc/privacyidea/privacyideaapp.wsgi' cannot be loaded as Python module.
[Wed Jul 06 14:12:55.125198 2016] [wsgi:error] [pid 17269:tid 139826937272064] [remote X:59909] mod_wsgi (pid=17269): Exception occurred processing WSGI script '/etc/privacyidea/privacyideaapp.wsgi'.
[Wed Jul 06 14:12:55.125231 2016] [wsgi:error] [pid 17269:tid 139826937272064] [remote X:59909] Traceback (most recent call last):
[Wed Jul 06 14:12:55.125263 2016] [wsgi:error] [pid 17269:tid 139826937272064] [remote X:59909] File "/etc/privacyidea/privacyideaapp.wsgi", line 3, in <module>
[Wed Jul 06 14:12:55.125309 2016] [wsgi:error] [pid 17269:tid 139826937272064] [remote X:59909] from privacyidea.app import create_app
[Wed Jul 06 14:12:55.125341 2016] [wsgi:error] [pid 17269:tid 139826937272064] [remote X:59909] ImportError: No module named privacyidea.app
Thanks
Michael
cornelius.koelbel
Jul 6, 2016, 8:25:04 AM7/6/16
to Michael Muenz, privacyidea
Pip in root or virtual environment?
Config?
Cornelius Kölbel
+49 151 2960 1417
-------- Ursprüngliche Nachricht --------
Von: Michael Muenz <m.m...@gmail.com>
Datum: 06.07.16 14:17 (GMT+01:00)
An: privacyidea <priva...@googlegroups.com>
Betreff: [privacyidea] Re: ImportError: No module named privacyidea.app
--
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.
For professional services and consultancy regarding two factor authentication please visit
https://netknights.it/en/leistungen/one-time-services/
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/
---
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.
For professional services and consultancy regarding two factor authentication please visit
https://netknights.it/en/leistungen/one-time-services/
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/
---
You received this message because you are subscribed to the Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/bfcaacaa-3167-473c-b360-17bf4b9e93b5%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/bfcaacaa-3167-473c-b360-17bf4b9e93b5%40googlegroups.com.
Michael Muenz
Jul 6, 2016, 8:35:25 AM7/6/16
to privacyidea, m.m...@gmail.com
virtualenv.
I followed the steps in your guide, mixed with an old one from howtoforge. I documented all the steps since I want to write a Debian 8 howto:
- aptitude install libjpeg-dev zlib1g-dev python-dev \
libffi-dev libssl-dev libxslt1-dev virtualenv gcc \
mysql-server freeradius libconfig-inifiles-perl \
libdata-dump-perl libtry-tiny-perl libconfig-json-perl \
libjson-perl libmysqlclient-dev apache2 libapache2-mod-wsgi
- virtualenv /opt/privacyidea
- cd /opt/privacyidea
- source bin/activate
- pip install privacyidea
- pip install MySQL-python
- pip install click
- mysql -u root -p
create database pi;
grant all privileges on pi.* to "pi"@"localhost" identified by "XXX";
flush privileges;
quit;
- mkdir /etc/privacyidea
- useradd -r privacyidea
- cp etc/privacyidea/* /etc/privacyidea/
- vi /etc/privacyidea/pi.cfg
import logging
# The realm, where users are allowed to login as administrators
SUPERUSER_REALM = ['super']
# Your database
#SQLALCHEMY_DATABASE_URI = 'sqlite:////etc/privacyidea/data.sqlite'
# This is used to encrypt the auth_token
#SECRET_KEY = 't0p s3cr3t'
# This is used to encrypt the admin passwords
#PI_PEPPER = "Never know..."
# This is used to encrypt the token data and token passwords
PI_ENCFILE = '/etc/privacyidea/enckey'
# This is used to sign the audit log
# This is the dummy base class
#PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.base'
# This is the default
#PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.sqlaudit'
# This is used to sign the audit log
PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem'
PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem'
PI_LOGFILE = '/var/log/privacyidea/privacyidea.log'
PI_LOGLEVEL = logging.INFO
PI_PEPPER = 'X'
SECRET_KEY = 'X'
SQLALCHEMY_DATABASE_URI = 'mysql://pi:XXX@localhost/pi'
- pi-manage create_enckey
- pi-manage create_audit_keys
- pi-manage createdb
- pi-manage admin add admin@localhost
- privacyidea-fix-access-rights -f /etc/privacyidea/pi.cfg -u privacyidea
- a2enmod ssl
- vi /etc/apache2/sites-available/privacyidea.conf
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
# You might want to change this
ServerName localhost
DocumentRoot /var/www
<Directory />
# For Apache 2.4 you need to set this:
Require all granted
Options FollowSymLinks
AllowOverride None
</Directory>
# Yubico servers use /wsapi/2.0/verify as the path in the
# validation URL. Some tools (e.g. Kolab 2fa) let the
# user/admin change the api host, but not the rest of
# the URL. Uncomment the following two lines to reroute
# the api URL internally to privacyideas /ttype/yubikey.
#RewriteEngine on
#RewriteRule "^/wsapi/2.0/verify" "/ttype/yubikey" [PT]
# We can run several instances on different paths with different configurations
WSGIScriptAlias / /etc/privacyidea/privacyideaapp.wsgi
#WSGIScriptAlias /instance1 /home/cornelius/src/privacyidea/deploy/privacyideaapp1.wsgi
#WSGIScriptAlias /instance2 /home/cornelius/src/privacyidea/deploy/privacyideaapp2.wsgi
#WSGIScriptAlias /instance3 /home/cornelius/src/privacyidea/deploy/privacyideaapp3.wsgi
#
# The daemon is running as user 'privacyidea'
# This user should have access to the encKey database encryption file
WSGIDaemonProcess privacyidea processes=1 threads=15 display-name=%{GROUP} user=privacyidea
WSGIProcessGroup privacyidea
WSGIPassAuthorization On
ErrorLog /var/log/apache2/error.log
LogLevel warn
# Do not use %q! This will reveal all parameters, including setting PINs and Keys!
# Using SSL_CLINET_S_DN_CN will show you, which administrator did what task
LogFormat "%h %l %u %t %>s \"%m %U %H\" %b \"%{Referer}i\" \"%{User-agent}i\"" privacyIDEA
CustomLog /var/log/apache2/ssl_access.log privacyIDEA
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/privacyideaserver.pem
SSLCertificateKeyFile /etc/ssl/private/privacyideaserver.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
# If you want to forward http request to https enable the
# following virtual host.
#<VirtualHost _default_:80>
# # This will enable the Rewrite capabilities
# RewriteEngine On
#
# # This checks to make sure the connection is not already HTTPS
# RewriteCond %{HTTPS} !=on
# RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
#</VirtualHost>
cd /etc/apache2/sites-enabled/
rm -f 000-default.conf
ln -s ../sites-available/privacyidea.conf .
mkdir /home/privacyidea
chown -R privacyidea /home/privacyidea/
chown -R privacyidea /etc/privacyidea/
The part with user privacyidea is not within your guide, so there could be a problem but I don't get it.
Thanks
Michael
cornelius.koelbel
Jul 6, 2016, 8:59:42 AM7/6/16
to Michael Muenz, privacyidea
You need e.g. to set wsgipythonhome.
Kind regards
Cornelius
-------- Ursprüngliche Nachricht --------
Von: Michael Muenz <m.m...@gmail.com>
Datum: 06.07.16 14:35 (GMT+01:00)
An: privacyidea <priva...@googlegroups.com>
Cc: m.m...@gmail.com
Betreff: Re: [privacyidea] Re: ImportError: No module named privacyidea.app
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/1e31225b-6c48-4abd-91f2-d42f7fac8925%40googlegroups.com.
cornelius.koelbel
Jul 6, 2016, 9:04:04 AM7/6/16
to Michael Muenz, privacyidea
Alternatively take a look here
Michael Muenz
Jul 6, 2016, 9:14:39 AM7/6/16
to privacyidea, m.m...@gmail.com
This was missing:
chown -R privacyidea /var/log/privacyidea/
vi /etc/apache2/mods-enabled/wsgi.conf
Add "WSGIPythonHome /opt/privacyidea/bin/python2.7" at the end
Thanks Cornelius!
...
Reply all
Reply to author
Forward
0 new messages