ELOG Forum

Demo Discussion

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG, Page 99 of 238

Not logged in

Find | Login | Help

Full | Summary | Threaded | Collapse | Expand

1902 Entries

Goto page Previous 1, 2, 3 ... 98, 99, 100 ... 236, 237, 238 Next

problems with https in Chrome and IE, posted by Christian Herzog on Wed Jan 25 10:07:16 2012

Hi,

we're evaluating elog right now at the Physics Department of ETH Zurich and I'm trying to come up with a good config. One of the first steps of course was to enable SSL/https. With http, all tested browsers work fine, but with https at least Google Chrome 16 and IE 9 do not get past the "unknown certificate" warning and I see "TCP connection broken" errors in the log file. Firefox however works fine. Same behavior on Linux, Mac and Windows (given the browser in question is available). elog server is running on Lucid.

Any idea?

thanks,

-Christian

Re: problems with https in Chrome and IE, posted by Andreas Luedeke on Wed Jan 25 10:50:43 2012

Christian Herzog wrote:

[...] we're evaluating elog right now at the Physics Department of ETH Zurich and I'm trying to come up with a good config. One of the first steps of course was to enable SSL/https. With http, all tested browsers work fine, but with https at least Google Chrome 16 and IE 9 do not get past the "unknown certificate" warning and I see "TCP connection broken" errors in the log file. Firefox however works fine. Same behavior on Linux, Mac and Windows (given the browser in question is available). elog server is running on Lucid.[...]

If you want to use https you should know what a certificate is.

Certificates are used to encript the data, but at the same time they are used to identify the host.

ELOG is delivered with a self generated certificate.

This can be used to encript the data, but no certification authority knows this certificate, so nobody can guaratee that you are connected to the right host.

Most browsers will warn you, that nobody did and if you don't care you need to change the security settings of you browser to accept the connection anyway.

The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

Re: problems with https in Chrome and IE, posted by Christian Herzog on Wed Jan 25 14:05:46 2012

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

If you want to use https you should know what a certificate is.

Certificates are used to encript the data, but at the same time they are used to identify the host.

ELOG is delivered with a self generated certificate.

This can be used to encript the data, but no certification authority knows this certificate, so nobody can guaratee that you are connected to the right host.

Most browsers will warn you, that nobody did and if you don't care you need to change the security settings of you browser to accept the connection anyway.

The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

The point is that it stops AFTER the point at which I tell the browser to accept the self-signed certificates. I now even got a CACert and the problem remains: FF works, Chrome and IE don't: https://phd-bkp-gw2.ethz.ch:8080/admin/

log says: TCP connection broken

thanks,

-Christian

Re: problems with https in Chrome and IE, posted by Andreas Luedeke on Wed Jan 25 14:48:36 2012

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

Sorry that I was mis-interpreting your question

Unfortunately I don't know what's wrong with your set-up. I can confirm that I cannot access your logbook with "konquerer", but can access it with "firefox". The "konquerer" (on Scientific Linux 5.7) just gets timed out.

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

Re: problems with https in Chrome and IE, posted by Christian Herzog on Wed Jan 25 15:08:53 2012

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?

thanks,

-Christian

Re: problems with https in Chrome and IE, posted by Andreas Luedeke on Wed Jan 25 15:26:04 2012

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook.

Regarding LDAP: you'll either need to convince Stefan Ritt or do it yourself ;-) Stefan did last year a kerberos binding for me: I was lucky that many other people had already asked for the same thing before me.

Re: problems with https in Chrome and IE, posted by Christian Herzog on Wed Jan 25 15:33:59 2012

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook.

⇄

Detect language » English

ok thanks, I'll check the LDAP thing.

And just for the record: I have to conclude a clean install of elog 2.9.0 SSL does not work for half of the browsers out there on Debian Squeeze or Ubuntu Lucid right now. You might want to look into that.

thanks,

-Christian

Re: problems with https in Chrome and IE, posted by Yoshio Imai on Wed Jan 25 15:40:17 2012

Might this be related to the problem reported by Allen?

Re: problems with https in Chrome and IE, posted by Christian Herzog on Wed Jan 25 15:42:17 2012

[quote="Yoshio Imai"]Might this be related to the problem reported by [url=elog:67160]Allen[/url]?[/quote]

can't tell, but Chrome on Linux doesn't work either...

Re: problems with https in Chrome and IE, posted by Andreas Luedeke on Wed Jan 25 16:05:13 2012

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]

⇄

Detect language » English

[...]

thanks,

-Christian

Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.

I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.

Re: problems with https in Chrome and IE, posted by Christian Herzog on Wed Jan 25 16:13:22 2012

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]

⇄

Detect language » English

[...]

thanks,

-Christian

Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.

I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.

⇄

Detect language » English

well maybe SL 5.7 is the explanation - it's old as the hills. Maybe newer versions of libssl or whatever make a difference? I might also try on a recent Fedora, let's see..

Re: problems with https in Chrome and IE, posted by Christian Herzog on Wed Jan 25 19:47:38 2012

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]

⇄

Detect language » English

[...]

thanks,

-Christian

Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.

I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.

⇄

Detect language » English

well maybe SL 5.7 is the explanation - it's old as the hills. Maybe newer versions of libssl or whatever make a difference? I might also try on a recent Fedora, let's see..

update: clean install on F16, plain vanilla, same problem: TCP connection broken

Re: problems with https in Chrome and IE, posted by Andreas Luedeke on Sat Feb 11 05:47:27 2012

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]

⇄

Detect language » English

[...]

thanks,

-Christian

Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.

I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.

⇄

Detect language » English

well maybe SL 5.7 is the explanation - it's old as the hills. Maybe newer versions of libssl or whatever make a difference? I might also try on a recent Fedora, let's see..

update: clean install on F16, plain vanilla, same problem: TCP connection broken

See https://midas.psi.ch/elogs/Forum/67184 to fix that problem. It is likely not a problem of ELOG, but of your firewall settings.

Re: problems with https in Chrome and IE, posted by Christian Herzog on Sat Feb 11 22:07:37 2012

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]

⇄

Detect language » English

[...]

thanks,

-Christian

Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.

I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.

⇄

Detect language » English

well maybe SL 5.7 is the explanation - it's old as the hills. Maybe newer versions of libssl or whatever make a difference? I might also try on a recent Fedora, let's see..

update: clean install on F16, plain vanilla, same problem: TCP connection broken

See https://midas.psi.ch/elogs/Forum/67184 to fix that problem. It is likely not a problem of ELOG, but of your firewall settings.

⇄

Detect language » English

see #67184, I'm pretty positive it isn't.

-Christian

Re: problems with https in Chrome and IE, posted by Diego on Mon Feb 13 18:36:29 2012

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

Andreas Luedeke wrote:

Christian Herzog wrote:

⇄

Detect language » English

[...] The proper way out of this is to buy a certificate from a certification authority. Or to switch off https. (See https://midas.psi.ch/elog/config.html#global SSL option)

we know about certificates, thank you

log says: TCP connection broken [...]

⇄

Detect language » English

Sorry that I was mis-interpreting your question

But I can access other SSL/https ELOGs with the konquerer. The problem only occurs with your logbook!

Therefore I would think it is a particular problem of your installation. I have three ideas how to isolate the problem:

first, I would try to change to the standard port 443. Just in case it is related to some firewall, etc. problem.
second, I would try another operating system than Ubuntu Lucid. It should work of course with Ubuntu, but if it still doesn't work with the other operating system then many things are already ruled out.
third, I would try to set-up an apache webserver in front of ELOG. We have it here just for safety reasons. ELOG runs then on some special port and apache connects to it with a reverse proxy.

The latter is a little bit of work (about a day) if you never set-up apache before. Therefore I would try the other two, first.

Good luck!

thanks for the fast resonse.

1) port 433 done. No change

2) compiled elog 2.9.0 on Squeeze and only reused the config file. No change: https://daduke.org:8443/

3) we can do that (and we will) no problem, but I'd like to get it working w/o apache nonetheless

speaking of reverse proxy: we'd like to hook elog to our LDAP server. As there's no LDAP binding built in, is there any way to use apache LDAP auth and then bind to that one?[...]

Okay, I did run out of ideas. I've never tested Chrome, but IE 8 and konquerer works fine here with SSL for our logbooks, but not for your logbook. [...]

⇄

Detect language » English

[...]

thanks,

-Christian

Excuse me, but I beg to differ. I'm running ELOG V2.9.0-2425 on my production server, therefore I thought that you're maybe right that the latest SVN snapshot has a problem.

I've downloaded it just now from SVN (it is V2.9.0- 2427), compiled it on SL 5.7, installed it and I can easily access it with IE8, Safari, konquerer and firefox.

⇄

Detect language » English

well maybe SL 5.7 is the explanation - it's old as the hills. Maybe newer versions of libssl or whatever make a difference? I might also try on a recent Fedora, let's see..

update: clean install on F16, plain vanilla, same problem: TCP connection broken

See https://midas.psi.ch/elogs/Forum/67184 to fix that problem. It is likely not a problem of ELOG, but of your firewall settings.

⇄

Detect language » English

see #67184, I'm pretty positive it isn't.

-Christian

Hi,

I have the same problem. with SSL = 1 in elog.cfg I am not able to connect using firefox 10 or chrome. However, using Internet explorer 6.0 it works fine.

Everything it has been checked in a local machine with windows 7 with and without firewall.

Use port 443, works fine with all browser.

Thank you so much!

Diego

el cheapo LDAP binding, posted by Christian Herzog on Fri Jan 27 14:05:09 2012

Hi all,

we would like to hook elog to our LDAP server. Instead of writing a full-featured LDAP auth module for elog, I have the following idea: use Apache's LDAP module to require LDAP auth for a single logbook:

 <Location /elog/admin>

        Use PhysLDAP

        Use RequirePhysLDAPGroup isg


        RewriteEngine On

        RewriteCond %{LA-U:REMOTE_USER} (.+)

        RewriteRule . - [E=RU:%1]

        RequestHeader add X-Forwarded-User %{RU}e

</Location>

the two Use statements are Apache macros that define our LDAP settings. The last 4 lines are necessary for Apache to pass on the logged in user to the proxied elog (ends up in ENV X-Forwarded-User).

In elogd.c, I added

   /* extract REMOTE_USER */

   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {

      p += 17;

      while (*p && *p == ' ')

         p++;

      strlcpy(remote_user, p, sizeof(remote_user));

      if (strchr(remote_user, '\r'))

         *strchr(remote_user, '\r') = 0;


         char sid[32];

         /* get a new session ID */

         sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);


         /* set SID cookie */

         set_sid_cookie(NULL, sid);

         // TODO: set lbs!

   }

to process_http_request in order to extract the LDAP login. I have managed to populate the author field with remote_user, but what I'd really like is to write a cookie containing this login name so that session handling kicks in. You can see that I attempt to write a cookie, but elogd segfaults at set_sid_cookie() (gdb backtrace:

set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99", global=0, expiration=0x7ffffffd7300 "")

Would anyone be willing to help me with this? I'm not at all familiar with the program flow in elogd and my C is a bit rusty...

thanks,

-Christian

Dr. Christian Herzog <herzog@phys.ethz.ch> support: +41 44 633 26 68

IT Services Group, HPT H 8 voice: +41 44 633 39 50

Department of Physics, ETH Zurich

8093 Zurich, Switzerland http://nic.phys.ethz.ch/

Re: el cheapo LDAP binding, posted by Christof Hanke on Mon Jan 30 09:31:51 2012

Hi Christian,

I have also the need to do auth on the webserver, but I tried to integrate it into elogd as far as I could.

However, I do not try to set a special cookie to set the username, but always use
"X-Forwarded-User". Like this, every request is authenticated by the webserver in front.

If that's not too heavy for you, try out the applied patch.

HTH,

Christof

PS:

@Stefan:

If you are willing to integrate this into the official tree,

I can provide some docs for it (like setting author

directly etc.)

-----------------------------------------------------------------
Christof Hanke e-mail hanke@rzg.mpg.de
RZG (Rechenzentrum Garching) phone +49-89-3299-1041
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut für Plasmaphysik (IPP)

Christian Herzog wrote:

Hi all,

 <Location /elog/admin>

        Use PhysLDAP

        Use RequirePhysLDAPGroup isg


        RewriteEngine On

        RewriteCond %{LA-U:REMOTE_USER} (.+)

        RewriteRule . - [E=RU:%1]

        RequestHeader add X-Forwarded-User %{RU}e

</Location>

In elogd.c, I added

   /* extract REMOTE_USER */

   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {

      p += 17;

      while (*p && *p == ' ')

         p++;

      strlcpy(remote_user, p, sizeof(remote_user));

      if (strchr(remote_user, '\r'))

         *strchr(remote_user, '\r') = 0;


         char sid[32];

         /* get a new session ID */

         sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);


         /* set SID cookie */

         set_sid_cookie(NULL, sid);

         // TODO: set lbs!

   }

set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99", 
global=0, expiration=0x7ffffffd7300 "")

Would anyone be willing to help me with this? I'm not at all familiar with the program flow in elogd and my C is a bit rusty...

thanks,

-Christian

Dr. Christian Herzog <herzog@phys.ethz.ch> support: +41 44 633 26 68

IT Services Group, HPT H 8 voice: +41 44 633 39 50

Department of Physics, ETH Zurich

8093 Zurich, Switzerland http://nic.phys.ethz.ch/

Re: el cheapo LDAP binding, posted by Christian Herzog on Fri Feb 3 09:30:20 2012

Hi Christof,

wow thanks, that's (almost) exactly what I was looking for! I only had to add

 --- src/elogd.c.orig 2012-02-03 09:11:42.000000000 +0100
+++ src/elogd.c 2012-02-03 09:11:32.000000000 +0100
@@ -8375,6 +8375,10 @@
    strcpy(list[i], "remote_host");
    strlcpy(value[i++], rem_host, NAME_LENGTH);

+   /* add LDAP author */
+   strcpy(list[i], "http_user");
+   strlcpy(value[i++], http_user, NAME_LENGTH);
+

    /* add local host */
    strcpy(list[i], "host");
    strlcpy(value[i++], host_name, NAME_LENGTH);

in order to get

Preset Author = $http_user

to work. I fully support getting your patches into upstream.

thanks a bunch,

-Christian

Migrate to elog, posted by Kenneth Nielsen on Thu Feb 2 16:51:32 2012

Hallo and thanks for a great program.

At my work we have previously been using another program (Rednotebook) for our lab journals, but now we wish to migrate to elog because it is more configurable and because it runs in a browser.

We would off course like to move all of our old log entries with us. Luckily Rednotebook uses a standard module (YAML) for data storage, so I can easily access the data (e.g. with python) and I have already done do, and I have exchanged the native markup with html.

Now I would prefer it if I can make the elog data files directly, in stead of using the elog command, because that makes it possible and easy to revert the change, and also to not have to handle escaping html string before feeding them to elog on the commandline. I have actually already written the program that produces the elog data files, but now I have a few questions:

1) Is there an overall way of validating the datafiles, to make sure elog doesn't choke on them at some point in the future when I try to open one of the old entries. Along the same lines, does elog parse all the files when the demon is started, so if it starts then I'm ok?

2) What exactly are the requirements for the HTML content

2a) Will any valid html do, or are there some speciel requirements (e.g. like   at blank lines)

2b) Does it require a particular version of html, because then I could at least validate it against that doctype beforehand

3) Is there a log from elog where I can see if it encounters something it doesn't like?

I hope the you can answer some of my questions.

Regards Kenneth

Return Code, posted by Alan Grant on Fri Jan 27 02:26:02 2012

We are using the Elog client from one vlan to insert entries into our Elog system on a different vlan.

Works fine for the most part but we occasionally have network connection issues which prevents some entries from being added, and we don't find out about it until later.

Is there a Return Code associated with the client pgm? Or some suggestion to promptly verify a successful enrty? (We'd queue and resubmit in bulk once running again, if we knew about it.)

Thanks.

Re: Return Code, posted by Yoshio Imai on Mon Jan 30 18:23:39 2012

It depends on how you actually call the elog client, but it outputs a message

Message successfully transmitted, ID=(new message id)

to the console upon successful transmission. Maybe you can catch this and evaluate?

Elog does not work after installing MS12-006/MS12-012 on Win 7, posted by Allen on Wed Jan 11 22:19:49 2012

After patching a windows 7 computer with MS12-006, can no longer connect to elog, get page cannot be displayed

See

http://support.microsoft.com/kb/2643584

Re: Elog does not work after installing MS12-006/MS12-012 on Win 7, posted by Allen on Thu Jan 12 19:34:28 2012

Allen wrote:

After patching a windows 7 computer with MS12-006, can no longer connect to elog, get page cannot be displayed

See

http://support.microsoft.com/kb/2643584

A little more information here

We are running elog on an Ubuntu server

Elog was working fine, then, on a windows 7 machine, MS12-006 was installed, rebooted, and could no longer connect to the elog web page.

Discovered that in Internet Explorer 8, by unchecking the use TLS 1.0 in options advanced tab, and making sure that SSL 3.0, TLS 1.1, TLS 1.2 were checked, that the page once again worked. I'm guessing the elog does not support SSL 3.0, otherwise, I assume I would have to uncheck that as well. Things do appear to still work on XP, thus far, only Windows 7 appears to break. While we have a work around, ideally we would like to see a bug fix so that (for legacy reasons), elog will still work with TLS 1.0 on Windows 7.

Re: Elog does not work after installing MS12-006/MS12-012 on Win 7, posted by Allen on Thu Jan 12 19:37:52 2012

Allen wrote:

After patching a windows 7 computer with MS12-006, can no longer connect to elog, get page cannot be displayed

See

http://support.microsoft.com/kb/2643584

A little more information here

We are running elog on an Ubuntu server

Elog was working fine, then, on a windows 7 machine, MS12-006 was installed, rebooted, and could no longer connect to the elog web page.

Also, strangely, I am able to use the elog forum page https://midas.psi.ch/elogs/Forum while TLS 1.0 is checked. I notice the version number is 2.9.0-2425, while we are using 2.9.0-2396, so wondering if this is fixed in this newer version.

Re: Elog does not work after installing MS12-006/MS12-012 on Win 7, posted by Stefan Ritt on Fri Jan 13 14:33:04 2012

Allen wrote:

After patching a windows 7 computer with MS12-006, can no longer connect to elog, get page cannot be displayed

See

http://support.microsoft.com/kb/2643584

A little more information here

We are running elog on an Ubuntu server

Elog was working fine, then, on a windows 7 machine, MS12-006 was installed, rebooted, and could no longer connect to the elog web page.

The forum does not use TLS, but has Apache in front of it which works as a proxy. So TLS is actually handled by Apache, which might have a newer implementation of TLS. The ELOG version number certainly does not make a difference, I did not touch the SSL functionality in a while. But when you compile ELOG on your Ubunto server, you can maybe play with different versions of OpenSSL and see if that changes anything?

- Stefan

Problems with Version 2.9.0 Service did not start, posted by Michael Dannmeyer on Wed Dec 7 14:18:41 2011

Hello,

I tried to update our ELOG installation 2.7.8 to 2.9.0. If I try to start the service i get the error:

Error 193: %1 is not a valid win32 application.

I uninstalled the old version an installed the new one.

Do you have any Idea? The OS is windows 2000 Server.

Best regards

Michael

Could not start the elogd service on local Computer

Re: Problems with Version 2.9.0 Service did not start, posted by Stefan Ritt on Wed Dec 14 10:18:37 2011

Michael Dannmeyer wrote:

Hello,

I tried to update our ELOG installation 2.7.8 to 2.9.0. If I try to start the service i get the error:

Error 193: %1 is not a valid win32 application.

I uninstalled the old version an installed the new one.

Do you have any Idea? The OS is windows 2000 Server.

Best regards

Michael

Could not start the elogd service on local Computer

Can you start elogd.exe manually in a DOS box? If you get the same error there, the download file might be corrupted and you should try to re-load it again.

Best regards,

Stefan

Re: Problems with Version 2.9.0 Service did not start, posted by Grant Jeffcote on Sat Dec 17 17:20:05 2011

Stefan Ritt wrote:

Michael Dannmeyer wrote:

Hello,

I tried to update our ELOG installation 2.7.8 to 2.9.0. If I try to start the service i get the error:

Error 193: %1 is not a valid win32 application.

I uninstalled the old version an installed the new one.

Do you have any Idea? The OS is windows 2000 Server.

Best regards

Michael

Could not start the elogd service on local Computer

Can you start elogd.exe manually in a DOS box? If you get the same error there, the download file might be corrupted and you should try to re-load it again.

Best regards,

Stefan

Michael,

I had this problem with the service/elogd.exe not starting on the later versions of ELog and with Stefan's help we tracked it down to some missing Microsoft C runtime library files.
In my case it was a fresh install of Win2k3.

Try installing one the following and see if it helps (mine was solved with the middle option).

http://www.microsoft.com/download/en/details.aspx?id=3387
http://www.microsoft.com/download/en/details.aspx?id=5582
http://www.microsoft.com/download/en/details.aspx?id=5555

Regards

Grant

Re: Problems with Version 2.9.0 Service did not start, posted by Michael Dannmeyer on Fri Dec 23 14:31:27 2011

Grant Jeffcote wrote:

Stefan Ritt wrote:

Michael Dannmeyer wrote:

Hello,

I tried to update our ELOG installation 2.7.8 to 2.9.0. If I try to start the service i get the error:

Error 193: %1 is not a valid win32 application.

I uninstalled the old version an installed the new one.

Do you have any Idea? The OS is windows 2000 Server.

Best regards

Michael

Could not start the elogd service on local Computer

Can you start elogd.exe manually in a DOS box? If you get the same error there, the download file might be corrupted and you should try to re-load it again.

Best regards,

Stefan

Michael,

Try installing one the following and see if it helps (mine was solved with the middle option).

http://www.microsoft.com/download/en/details.aspx?id=3387
http://www.microsoft.com/download/en/details.aspx?id=5582
http://www.microsoft.com/download/en/details.aspx?id=5555

Regards

Grant

Thanks probelm is solved.

ELOG was installed at a windows 2000 Server. After Grant's Tip I moved it to W2003R2 and installed the midlle option. No it works without any problems.

Regards

Michael

My current Elog works fine with v2.6 but not 2.9, posted by Hung Dao on Fri Nov 11 17:44:45 2011

I have been using v2.6. I works fine so far for what I need except that I could not disable the attachments in the notification emails. Now I need to upgrade to a latest version v2.9. However, with this latest version, I've received this error when navigate pages: "Error: Too many parameters (> 120). Cannot perform operation". What does this error mean? Should I do to fix it? I also have tested other version 2.7 and 2.8 as well. The problem exists.

Re: My current Elog works fine with v2.6 but not 2.9, posted by Stefan Ritt on Mon Dec 19 13:10:27 2011

Hung Dao wrote:

Maybe you have indeed too many options in your configuration file. Can you please post it here or send it to my privately so that I can have a look?

- Stefan

Build with Visual Studio 2010?, posted by Hung Dao on Fri Dec 16 18:28:58 2011

First I have tried to checkout the source code and got an error shown in below. So, I clicked on the Web Access link to download the trunk.tar.gz. I have opened elogd.sln in Visual Studio 2010. Despite of downloading openssl and and installing krb5, I still received errors related to header files that could not be opened or found. Has anyone checked out all files from trunk.tar.gz and built successfully. Any hint or advise prior to build this elogd solution in VS2010 will be highly appreciated.

>svn checkout svn+ssh://svn@savannah.psi.ch/repos/meg/elog/trunk elog
svn: E720002: Unable to connect to a repository at URL 'svn+ssh://svn@savannah.psi.ch/repo
s/meg/elog/trunk'
svn: E720002: Can't create tunnel: The system cannot find the file specified.

Goto page Previous 1, 2, 3 ... 98, 99, 100 ... 236, 237, 238 Next

ELOG V3.1.5-3fb85fa6