authentication required

Question

authentication required

Closed this issue 2 years ago · 12 comments

I’ve installed letsconnect on a Debian 11 machine. I run into an error when executing server-config. It says authentication required. The keys of the api are the same of the portal. I really have no clue. I followed the steps of the deploy_debian.sh script

`/usr/libexec/vpn-server-node/server-config
ERROR: 401
---- BODY ----
{"error":"authentication required"}
---- /BODY ----
---- HEADERS ----
HTTP/1.1 401 Unauthorized
Date: Wed, 14 Sep 2022 12:42:41 GMT
Server: Apache/2.4.54 (Debian)
WWW-Authenticate: Bearer realm="Node API"
Content-Length: 35
Content-Type: application/json

---- /HEADERS ---- `

Anyone any clues?

Answer 1 · 2022-09-15T17:00:20.000Z

I followed the steps of the deploy_debian.sh script

You mean you manually followed the steps, or you ran the script? I've tested deploying on a clean Debian 11 many many times using the deploy_debian.sh script and it never resulted in problems...

Answer 2 · 2022-09-15T18:03:46.000Z

You mean you manually followed the steps, or you ran the script? I've tested deploying on a clean Debian 11 many many times using the deploy_debian.sh script and it never resulted in problems...

Yes, I followed every step manual, because it is a multi homed system. The daemons start ok, the website works.

I think it has something to do with the api-key. With the error I see.

Answer 3 · 2022-09-15T18:06:49.000Z

Yes, then it is probably a mismatchs with API key, or nodeNumber or something. Also make sure (as documented) when copy/pasting keys you store them without trailing return/whitespace(s).

Answer 4 · 2022-09-16T19:35:00.000Z

A mismatch I cannot discover. I repeated al the steps again in the deploy_debian.sh script.

I've checked /etc/vpn-user-portal/keys/node.0.key and /etc/vpn-server-node/keys/node.key these are the same. The website is working but it seems the api isn't.

Answer 5 · 2022-09-16T19:42:43.000Z

Also if you do sha256sum of the files? Did you set the nodeNumber correctly in vpn-server-node config?

It is difficult to debug the situation when I can't see what you did, that's why the deploy scripts are provided ;-)

Answer 6 · 2022-09-16T19:48:00.000Z

sha255sum:

$ sha256sum /etc/vpn-user-portal/keys/node.0.key
4b44d0f58ec9e4c953105970f06b32bff57e9d4f6db1691e2969b15e5029332e  /etc/vpn-user-portal/keys/node.0.key
$ sha256sum /etc/vpn-server-node/keys/node.key
4b44d0f58ec9e4c953105970f06b32bff57e9d4f6db1691e2969b15e5029332e  /etc/vpn-server-node/keys/node.key

In the deploy_debian.sh I didn't see anything with a nodeNumber. In the configfiles already checked them and they point to the default 0.

I really did the script rule by rule (only because the hostname of the machine is different then the hostname I configured lets connect with).

Answer 7 · 2022-09-16T19:49:48.000Z

I'm not sure where to go from here. I don't know in which state your system is, so I can't really say much... could be a bunch of things, maybe even the Apache configuration.

What do you mean by "multi homed system"?

Answer 8 · 2022-09-16T19:51:20.000Z

At this point I'd recommend to start fresh with a clean VM image/OS install and use deploy_debian.sh.

In case you ever change the hostname of your server: https://github.com/eduvpn/documentation/blob/v3/CHANGE_HOSTNAME.md

Answer 9 · 2022-09-16T19:55:28.000Z

I run multiple virtual hosts on it and that's the reason I don't run scripts automatically.

the hostname of the system is backdoor. The hostname of the virtual host and the hosts in the al the config.php's is pointed to the vpn.domain.com

Do you say that the hostname of the virtual host + all config.php's where the hostname is used has to be backdoor.domain.com ?

Answer 10 · 2022-09-16T20:03:45.000Z

I run multiple virtual hosts on it and that's the reason I don't run scripts automatically.

I see! Possible earlier changes to your server configuration could interfere perhaps...

This is unfortunately not something we can support, you could have many any number of changes to the configuration. The approach to manually walk through the deploy_debian.sh script is a good one, but one should really know all changes you already made to the default Debian configuration to be able to figure out if they would cause problems.

Some hints: perhaps the Authorization header is not properly propagated from Apache to php-fpm. It is probably something very tiny, but one needs to really know Apache/PHP well as to make sure nothing critical was changed before installing Let's Connect!.

Do you say that the hostname of the virtual host + all config.php's where the hostname is used has to be backdoor.domain.com ?

No, I don't :)

Answer 11 · 2022-09-17T05:37:26.000Z

That hint solved the issue. I assumed (tunnel vision not having a tunnel ;) ) that php-fpm was used. The module php7-4 was active. Maybe you can add a2dismod php7.4 to the script

When the module php is active it overrides the use of php-fpm.

Answer 12 · 2022-10-11T08:22:50.000Z

Hi, I followed every step manual, because it is a multi homed system. I think it has something to do with the api-key. With the error I see. Regards Gerjan Op 15 sep. 2022 om 19:00 heeft François Kooman ***@***.***> het volgende geschreven: I followed the steps of the deploy_debian.sh script You mean you *manually* followed the steps, or you ran the script? I've tested deploying on a clean Debian 11 many many times using the deploy_debian.sh script and it never resulted in problems... — Reply to this email directly, view it on GitHub <#80 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3CEIQCOD7AA5MG2P6QRLEDV6NI27ANCNFSM6AAAAAAQMQAR4A> . You are receiving this because you authored the thread.Message ID: ***@***.***>