Nav-users Mars 2005

nav-users@lister.sikt.no

9 participants
20 discussions

error when accessing cricket..
by roar.pettersen＠it.uib.no 11 Mar '05

11 Mar '05

Hello ! > Mod_python error: "PythonHandler mod_python.publisher" > > Traceback (most recent call last): > > File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line 299, in > HandlerDispatch > result = object(req) > > File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line 98, > in handler > path=[path]) > > File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line 454, in > import_module > f, p, d = imp.find_module(parts[i], path) > > ImportError: No module named index You have to make a file called .htaccess, eg : echo "SetHandler none" > .htaccess This should be in a FAQ, very easy to forget. :-) -- Med vennlig hilsen / Regards; Roar Pettersen Universitetet i Bergen - The University of Bergen Nygardsgt. 5 - N-5020 BERGEN - Norway Tlf: +47 55 58 40 55 VIP: 81503 fax: +47 55 58 40 70 roar.pettersen(a)it.uib.no - IT-Avd, UiB - http://www.uib.no >From fredrik.holmberg at luh.hihm.no Fri Mar 11 15:05:40 2005 From: fredrik.holmberg at luh.hihm.no (Fredrik Holmberg) Date: Fri Mar 11 15:05:44 2005 Subject: [Nav-users] error when accessing cricket.. In-Reply-To: <Pine.GSO.4.61.0503111449220.20340(a)alf.uib.no> References: <42319FE6.2070506(a)luh.hihm.no> <Pine.GSO.4.61.0503111449220.20340(a)alf.uib.no> Message-ID: <4231A5B4.8080707(a)luh.hihm.no> Creating .htaccess in "public_html" solved the problem. Thanks! - Fredrik Roar Pettersen wrote: > Hello ! > >> Mod_python error: "PythonHandler mod_python.publisher" >> >> Traceback (most recent call last): >> >> File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line >> 299, in HandlerDispatch >> result = object(req) >> >> File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line >> 98, in handler >> path=[path]) >> >> File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line >> 454, in import_module >> f, p, d = imp.find_module(parts[i], path) >> >> ImportError: No module named index > > > You have to make a file called .htaccess, eg : > > echo "SetHandler none" > .htaccess > > > This should be in a FAQ, very easy to forget. :-) > > > -- > Med vennlig hilsen / Regards; > > Roar Pettersen > Universitetet i Bergen - The University of Bergen > Nygardsgt. 5 - N-5020 BERGEN - Norway > Tlf: +47 55 58 40 55 VIP: 81503 fax: +47 55 58 40 70 > roar.pettersen(a)it.uib.no - IT-Avd, UiB - http://www.uib.no > >From TristanRhodes at weber.edu Fri Mar 11 09:13:49 2005 From: TristanRhodes at weber.edu (Tristan RHODES) Date: Fri Mar 11 17:12:18 2005 Subject: [Nav-users] Use SNMP::Info to manage device types? Message-ID: <s2316158.051(a)gwmta2.weber.edu> The developer list is closed, so I am would like ask a question to this list. I believe there is a way to manually add device types to NAV, and there is a Wiki page listing many device OIDs. This works, but it may be a duplication of effort. There is a perl module named SNMP::Info that provides an object-oriented interface to Network Devices and data stored in SNMP MIBs. http://snmp-info.sourceforge.net/ If this module could be integrated into NAV, many different network management projects can add devices to this module, and all will benefit from it. Any thoughts on this? Tristan Rhodes >From TristanRhodes at weber.edu Fri Mar 11 09:35:19 2005 From: TristanRhodes at weber.edu (Tristan RHODES) Date: Fri Mar 11 17:33:40 2005 Subject: [Nav-users] Suse Linux Enterprise Server (SLES) 9 install documentation? Message-ID: <s231665d.085(a)gwmta2.weber.edu> I read in the wiki that SLES is used at NTNU and documentation will be available shortly. Is there any way I can help out with this? I can test the install process and make suggestions. http://metanav.ntnu.no/moin.cgi/NAVInstallation "SuSE Linux Enterprise Server The current NTNU installation of NAV is up and running on SLES 9. Installation instructions will be made available shortly." Tristan Rhodes >From peder.sefland at hivolda.no Mon Mar 14 11:26:35 2005 From: peder.sefland at hivolda.no (Peder Magne Sefland) Date: Mon Mar 14 11:27:07 2005 Subject: [Nav-users] periodic misslink in message-system for nav3 Message-ID: <s2357507.093(a)HVO-3.hivolda.no> When I try to add or edit a message, very often I get the Syslog-page. But if I go back and try again, I might get det right message-page. Peder Sefland >From woj at tstd.pl Mon Mar 14 11:37:27 2005 From: woj at tstd.pl (Wojciech Kozicki) Date: Mon Mar 14 11:37:44 2005 Subject: [Nav-users] Use SNMP::Info to manage device types? In-Reply-To: <s2316158.051(a)gwmta2.weber.edu> References: <s2316158.051(a)gwmta2.weber.edu> Message-ID: <200503141137.28354.woj(a)tstd.pl> On Friday 11 of March 2005 17:13, Tristan RHODES wrote: > The developer list is closed, so I am would like ask a question to this > list. > > I believe there is a way to manually add device types to NAV, and there > is a Wiki page listing many device OIDs. This works, but it may be a > duplication of effort. > > There is a perl module named SNMP::Info that provides an > object-oriented interface to Network Devices and data stored in SNMP > MIBs. > > http://snmp-info.sourceforge.net/ > > If this module could be integrated into NAV, many different network > management projects can add devices to this module, and all will benefit > from it. > > Any thoughts on this? > In my opinion main NAV problem is, that it is not flexible, there is no interface for adding custom devices. I was writing about this, but there is no feedback. Tristan's idea is very good. regards. -- Wojciech (Woj) Kozicki >From magnus at ntnu.no Mon Mar 14 13:35:21 2005 From: magnus at ntnu.no (Magnus Nordseth) Date: Mon Mar 14 13:35:24 2005 Subject: [Nav-users] Use SNMP::Info to manage device types? In-Reply-To: <200503141137.28354.woj(a)tstd.pl> References: <s2316158.051(a)gwmta2.weber.edu> <200503141137.28354.woj(a)tstd.pl> Message-ID: <20050314123521.GC12721(a)stud.ntnu.no> Wojciech Kozicki: > In my opinion main NAV problem is, that it is not flexible, there is no > interface for adding custom devices. I was writing about this, but there is > no feedback. The SNMP::Info module is probably cool, but as the SNMP handling in NAV is written in java, it doesn't help us much. You can add support for device foo in NAV by writing a device handler in getDeviceData subsystem, which shouldn't be too difficult, I suggest using one of the existing handlers as a starting point. Best regards, -- Magnus Nordseth echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc >From Vegard.Vesterheim at uninett.no Mon Mar 14 14:22:48 2005 From: Vegard.Vesterheim at uninett.no (Vegard Vesterheim) Date: Mon Mar 14 14:22:53 2005 Subject: [Nav-users] Use SNMP::Info to manage device types? In-Reply-To: <20050314123521.GC12721(a)stud.ntnu.no> (Magnus Nordseth's message of "Mon, 14 Mar 2005 13:35:21 +0100") References: <s2316158.051(a)gwmta2.weber.edu> <200503141137.28354.woj(a)tstd.pl> <20050314123521.GC12721(a)stud.ntnu.no> Message-ID: <tkvf7u745z.fsf(a)voll.uninett.no> On Mon, 14 Mar 2005 13:35:21 +0100 Magnus Nordseth <magnus(a)ntnu.no> wrote: > Wojciech Kozicki: >> In my opinion main NAV problem is, that it is not flexible, there is no >> interface for adding custom devices. I was writing about this, but there is >> no feedback. > > The SNMP::Info module is probably cool, but as the SNMP handling in NAV is > written in java, it doesn't help us much. I don't know enough details about the NAV database, but I would assume that alternative methods for harvesting SNMP data for insertion into the NAV database would be possible. Wouldn't it? List of devices supported by SNMP::Info: http://snmp-info.sourceforge.net/DeviceMatrix.html BTW, people taking interest in the SNMP::Info package should also be aware of the netdisco application (http://netdisco.org) for which SNMP::Info was created. netdisco is an application similar to NAV in many respects. It is implemented solely in perl, has auto-discovery capabilities, has a full-fledged API for extensions, the main interface is web-based but a command line interface is provided as well. A nifty functionality is layer 2 traceroute which displays switch port details along one possible route between two IP adresses. netdisco also provides a 'Duplex Mismatch Finder'. The web interface in netdisco is more basic, nowhere near as slick as NAV, but I guess some ideas from netdisco could be incorporated into NAV. - Vegard - >From fredrik.holmberg at luh.hihm.no Mon Mar 14 15:40:38 2005 From: fredrik.holmberg at luh.hihm.no (Fredrik Holmberg) Date: Mon Mar 14 15:43:54 2005 Subject: [Nav-users] " ... violates foreign key constraint "$1" Message-ID: <4235A266.7030309(a)luh.hihm.no> Keep getting these messages in getDeviceData.log: Mar 14 15:21:37 2005 xxx-gw.uninett.no_01 GwportHandler-6-NEW GWPORTPREFIX Gwportprefix: gwip=128.39.xxx.xxx hsrp=false prefix=128.39.xxx.xxx/32 (0) (e1ca74) Mar 14 15:21:37 2005 xxx-gw.uninett.no_01 GwportHandler-3-HANDLE SQLException: ERROR: insert or update on table "gwportprefix" violates foreign key constraint "$1" Does anyone know of a way to fix this, or doesn't it have any particular effect on NAV3 (beta 10)? - Fredrik Holmberg >From kreide at online.no Mon Mar 14 16:02:01 2005 From: kreide at online.no (Kristian Eide) Date: Mon Mar 14 16:02:09 2005 Subject: [Nav-users] Use SNMP::Info to manage device types? Message-ID: <42367F67(a)epostleser.online.no> >In my opinion main NAV problem is, that it is not flexible, there is no >interface for adding custom devices. I was writing about this, but there is >no feedback. In fact, NAV is meant to be very flexible! New OIDs can be added via the web interface, and NAV will automatically detect which devices support the new OIDs. Data collection is done by the 'getDeviceData' daemon, which uses a plugin-based architecture. The API for this is resonably well documented in Javadoc, however, it is a fact that familiarity with Java programming is required in order to create new collection plugins. Unfortunately it also seems many system administrators are much more familiar with script languages and the barrier to entry is thus high. Creating a perl binding which focused on easy of development would solve this problem, but it is of now uncertain if resources are available to implement something like this. We will discuss it internally and announce any decision this list. -- Kristian

1 0

brake-up Advanced Search web-page
by morten.vold＠ntnu.no 09 Mar '05

09 Mar '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/03/2005 13:38, Vidar Faltinsen uttered: > I consider this a bug in the report system, where the advanced page > looks very messy in variuos browsers and make it hard to use. > Probably an easy fix... Morten? Until I tried viewing the page using Internet Explorer, I didn't understand what the fuss was about. Upon closer examination, it looks like the report template outputs very bad and broken HTML, which I have now attempted to mend (save for the other bad HTML produced by the MainTemplate, which was not the problem here). Apparently, Firefox is more forgiving when attempting to render bad HTML than Internet Explorer is. The fix will be available in the next release (or from r3163 on trunk for those who like to use the bleeding edge from the Subversion repository). - -- Morten Vold NTNU ITEA Integrasjonsgruppen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLvY4XxIl0kpcOkQRAsZuAKDcdxabCX9IxUkhIGAGdPLrYE5UTQCeO7n3 7CkVNhcT/8oswPWDNGmHIvg= =cc6i -----END PGP SIGNATURE----- >From fredrik.holmberg at luh.hihm.no Fri Mar 11 14:40:54 2005 From: fredrik.holmberg at luh.hihm.no (Fredrik Holmberg) Date: Fri Mar 11 14:40:57 2005 Subject: [Nav-users] error when accessing cricket.. Message-ID: <42319FE6.2070506(a)luh.hihm.no> After erasing old Cricket data, when I access https://nav/cricket/ the following message appears: --- Mod_python error: "PythonHandler mod_python.publisher" Traceback (most recent call last): File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line 299, in HandlerDispatch result = object(req) File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line 98, in handler path=[path]) File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line 454, in import_module f, p, d = imp.find_module(parts[i], path) ImportError: No module named index --- navcron@nav3:~/cricket> ll total 1 lrwxrwxrwx 1 root root 16 2004-10-24 18:48 cricket -> ../cricket-1.0.5 drwxr-xr-x 9 navcron nav 352 2005-03-11 14:29 cricket-config drwxr-xr-x 7 navcron nav 224 2005-03-11 13:35 cricket-data drwxr-xr-x 2 navcron nav 1368 2005-03-11 14:34 cricket-logs drwxr-xr-x 2 navcron nav 312 2005-03-11 14:21 public_html navcron@nav3:~/cricket/public_html> ll total 4 lrwxrwxrwx 1 navcron nav 37 2005-03-11 14:21 cricket-config -> /usr/local/nav/cricket/cricket-config -rw-r--r-- 1 navcron nav 569 2005-03-11 12:04 cricket.css lrwxrwxrwx 1 navcron nav 35 2005-03-11 14:21 cricket-data -> /usr/local/nav/cricket/cricket-data lrwxrwxrwx 1 navcron nav 22 2005-03-11 14:17 grapher.cgi -> .../cricket/grapher.cgi lrwxrwxrwx 1 navcron nav 17 2005-03-11 14:17 images -> ../cricket/images lrwxrwxrwx 1 navcron nav 11 2005-03-11 14:18 index.cgi -> grapher.cgi lrwxrwxrwx 1 navcron nav 14 2005-03-11 14:17 lib -> ../cricket/lib lrwxrwxrwx 1 navcron nav 25 2005-03-11 14:17 mini-graph.cgi -> .../cricket/mini-graph.cgi lrwxrwxrwx 1 navcron nav 18 2005-03-11 14:17 VERSION -> ../cricket/VERSION What have I done wrong this time? :) Regards, Fredrik Holmberg >From Borge.Brunes at cc.uit.no Fri Mar 11 14:41:10 2005 From: Borge.Brunes at cc.uit.no (Borge Brunes) Date: Fri Mar 11 14:41:14 2005 Subject: [Nav-users] Problem with case sensitive hostname/sysname Message-ID: <200503111341.j2BDfA1d004639(a)duke.cc.uit.no> An old problem from The Beginning is back: eventEngine EVENTQ_MONITOR_TASK-6-RUN Got event: e=4153 d=108 n=32 t=info s=x [dnsname=piffi.cc.uit.no] [sysname=PIFFI] [alerttype=dnsMismatch] alertEngine User-6-sendSMS: SMS XXXX: piffi.cc.uit.no does not match piffi.cc.uit.no (This is an M$-box and there is no easy way tho change the sysname) regards, -- Borge Brunes, Computer Center, University of Tromso, Norway http://www.cc.uit.no/~borge/ | http://www.freebsd.org

1 0

SV: RE: [Nav-users] vlan information from cisco switches
by peder.sefland＠hivolda.no 07 Mar '05

07 Mar '05

My guess is that vlandiscovery is not running, or has a bug that effect you. Check: 1. is the requested information in the swportvlan table (probably not) correct, no information 2. does "nav status" tell you that Networkdiscovery is running Yes, everything is running (hopefully) ~# /etc/init.d/nav status networkDiscovery: Up cricket: Up eventEngine (pid 875) is running... iptrace: Up maintengine: Up servicemon.py (pid 895) is running... smsd.pl (pid 904) is running... thresholdMon: Up mactrace: Up logengine: Up safe_smsd: Up getDeviceData (pid 910) is running... backup: Up pping.py (pid 922) is running... Alertengine is running with process id 935. It has been running for 10 hours and 46 minutes. 3. is networkDiscovery-stderr.log updated reasently? does it give you a clue? The networkDiscovery-stderr.log is emty. One of the other on the nav-users-list has a cisco 2980 running software 6.3(10) and don't have this problem. My cisco 2980 is running software 6.3(5), so maybe a software upgrade will do the trick? Peder >From Borge.Brunes at cc.uit.no Tue Mar 8 15:25:32 2005 From: Borge.Brunes at cc.uit.no (Borge Brunes) Date: Tue Mar 8 15:25:37 2005 Subject: [Nav-users] more problems with the logger subsystem Message-ID: <200503081425.j28EPWt8052853(a)duke.cc.uit.no> The logengine is "leaking" connections until postgres says "connection limit exceeded for non superusers": postgres[87954]: [2-1] FATAL: connection limit exceeded for non-superusers I'm not a pythonexpert, but I guess that somewhere in the logengine.py-code a connection is opened and not closed. regards, -- Borge Brunes, Computer Center, University of Tromso, Norway http://www.cc.uit.no/~borge/ | http://www.freebsd.org

1 0

SV: Re: [Nav-users] brake-up Advanced Search web-page
by peder.sefland＠hivolda.no 07 Mar '05

07 Mar '05

This is also a good idea. Searching for portnames is an often used feature! Be aware however that NAV is competing with itself in this matter; another tool, Network Exlorer gives you the ability to search for portnames. Maybe this will be of help? - Vidar My Network Explorer works fine with all the switches that is in the same vtp-domain as my Cisco 6509(GSW). But I can't browse/search on switches that is in another vtp-domian. And swtiches on our studentshome are in a different vtp-domain. With the Advanced Search in the report it is possible to do this portname-search. Peder

1 0

External authentication in NAV
by Vegard.Vesterheim＠uninett.no 07 Mar '05

07 Mar '05

On Fri, 4 Mar 2005 14:30:32 +0100 Bjorn Ove Grotan <bjorn.grotan(a)itea.ntnu.no> wrote: > Vegard Vesterheim: >> Are there any possibilities to use an external authentication >> mechanism in NAV. In UNINETT, we are looking at so-called >> single-sign-on solutions for web applications. In our setup, the >> authentication process can be performed by the web server, not by the >> web applications. We have implemented this by hooking custom >> authentication methods into the Apache request cycle. > > Authentication is handled by subsystem/webFront/lib/nav/web/auth.py > and likewize with authorization: subsystem/lib-python/src/nav/auth.py > The authenticationmodule is initiated from > subsystem/webFront/lib/nav/web/__init__.py in function > headerparserhandler. > > There's a file ldapAuth.py for example on how to use ldap as external > source of authentication. We used this internally for testing for a > while, but had to let it go because of broken openssl/openldap in > RedHat Linux. Hmm, either I am misunderstanding your response, or you misunderstood my question. I would like to implement 'single-sign-on' (log in once, get access to several services), but you talk about a 'shared userdatabase', this is not the same thing. You say that one can have alternative authentication mechanisms *within* NAV, this is nice, but I don't want that. I would like for NAV to *not do authentication at all*, but instead rely on 'higher powers' (in my case: Apache) to do this. In principle this would imply skipping the local authentication handling in NAV altogether. Apache does the authentication part, and NAV picks up the authenticated username and just does the authorization. > > I don't remember the specifics anymore, but I think we added some > functionality to first try ldap, then local database if ldapAuth was > used.. maybe someone else can comment on this? Well, a kind of fallback mechanism with a local userdatabase in NAV could be useful. For instance if the central login-service is unavailable, a local emergency fallback could be helpful. > >> I realize that in order for authorization to be performed correctly, >> the user must probably be registered in NAV as well, but this is >> another issue altogether. My main interest is avoiding the extra >> username/password dialog in NAV. > > The NAV userdatabase using ldapAuth mentioned above, also has a means > for describing where the source of this user credentials come from, so > you can have - say all your organization in ldap where they update their > passwords in ldap - and store external users and testusers inside the > NAV database. > >> In case anyone is wondering about relations with the FEIDE project: >> This is only partly related to FEIDE, the issue should be of >> general interest. > > I was thinking of making python-bindings to Moria, but I haven't had the > time yet. Not mainly for this system, but for similar use. OK, this is a different matter altogether, but we have done some very preliminary experimentation with this. We have been able to talk to Moria services via Python SOAP modules. Let me know if this is of any interest to you. But again, I am not asking how to *add* functionality to NAV, rather I am asking how to *remove* functionality so that one could use a single-sign-on solution. - Vegard - >From odd.hauge at himolde.no Mon Mar 7 10:16:49 2005 From: odd.hauge at himolde.no (Odd Arne Hauge (HSM)) Date: Mon Mar 7 10:16:54 2005 Subject: [Nav-users] Cricket and interface description for giga-router-interfaces, and some problems with HP 5308 switches References: <20050222104551.H42633(a)duke.cc.uit.no> <200502230126.54149.kreide(a)online.no> Message-ID: <011101c522f6$65073ec0$9601a8c0(a)molde.bravida.no> Hi. Getting the description for giga-router-interfaces in cricket: # diff /usr/local/nav/cricket/cricket-config/giga-router-interfaces/.nav /usr/local/src/nav/nav-3.0_beta10/subsystem/statTools/cricket/cricket-config/giga-router-interfaces/.nav 15c15 < descr = select nettype,netident from gwportprefix left join prefix using (prefixid) left join vlan using (vlanid) where gwportid=$id and netident is not null --- > descr = select nettype,netident from gwport left join prefix using > (prefixid) left join vlan using (vlan) where gwportid=$id and netident is > not null I'm also having some problems with HP5308XL Switches. This is a layer 3 switch, but it seems like Nav is unable to detecet the router-interfaces for the box and the vlans. Another minor issue is in the report. When you select Core Switches the report lists all the switches, also the switches defined as GSW type. But when you select the report Core Switch Ports no switch ports from boxes defined as GSW are listed. Regards Odd Arne Hauge

2 2

Problem with logger (syslog analyzer)
by Borge.Brunes＠cc.uit.no 04 Mar '05

04 Mar '05

Folks, In 6 out of 10 times when I try to "Send" something I get: Mod_python error: "PythonHandler main" Traceback (most recent call last): File "/usr/local/lib/python2.4/site-packages/mod_python/apache.py", line 299, in HandlerDispatch result = object(req) File "/usr/local/nav/apache/webroot/messages/main.py", line 63, in handler path = req.uri.split(BASEPATH)[1] IndexError: list index out of range I also get some of these from logengine.py (cron): Traceback (most recent call last): File "/usr/local/nav/bin/logengine.py", line 273, in ? message = createMessage(line) File "/usr/local/nav/bin/logengine.py", line 105, in createMessage oritime = DateTime.DateTime(year,month,day,hour,min) TypeError: an integer is required but there are no "parsing errors" in the webgui. regards, -- Borge Brunes, Computer Center, University of Tromso, Norway http://www.cc.uit.no/~borge/ | http://www.freebsd.org

1 0

brake-up Advanced Search web-page
by peder.sefland＠hivolda.no 04 Mar '05

04 Mar '05

We have put description on many of our swichports, and we want to search on portname. The only way to do this (so fare I can see) is to go to Home > Report > Switchports and then click on the Advance Search. But on this page you'll have to scrool sideways pretty long before you find the portname-field I know we can customize our Navigation preferences, but it would be better to brake-up this page The best thing would be a field-search in the /report -page Something like this maybe Reports IP Device Center Room search Device search Switchports w/vlan Portname Thats only a suggestion Peder Sefland >From Vegard.Vesterheim at uninett.no Fri Mar 4 13:29:24 2005 From: Vegard.Vesterheim at uninett.no (Vegard Vesterheim) Date: Fri Mar 4 13:29:31 2005 Subject: [Nav-users] External authentication in NAV Message-ID: <tkvf87iogr.fsf(a)voll.uninett.no> Are there any possibilities to use an external authentication mechanism in NAV. In UNINETT, we are looking at so-called single-sign-on solutions for web applications. In our setup, the authentication process can be performed by the web server, not by the web applications. We have implemented this by hooking custom authentication methods into the Apache request cycle. So, in principle it should be sufficient for NAV to lookup the authenticated username from the Apache request record, and use that as a indication of successfull authentication. The NAV webfrontend should be able to go like this: "oh, I see that the user is already authenticated, so I'll just let him in". I realize that in order for authorization to be performed correctly, the user must probably be registered in NAV as well, but this is another issue altogether. My main interest is avoiding the extra username/password dialog in NAV. In case anyone is wondering about relations with the FEIDE project: This is only partly related to FEIDE, the issue should be of general interest. -- Vegard Vesterheim : Phone: +47 73 55 79 12 UNINETT : Fax: +47 73 55 79 01 N-7465 Trondheim, NORWAY : Email: Vegard.Vesterheim(a)uninett.no >From bjorn.grotan at itea.ntnu.no Fri Mar 4 14:30:32 2005 From: bjorn.grotan at itea.ntnu.no (Bjorn Ove Grotan) Date: Fri Mar 4 14:30:33 2005 Subject: [Nav-users] External authentication in NAV In-Reply-To: <tkvf87iogr.fsf(a)voll.uninett.no> References: <tkvf87iogr.fsf(a)voll.uninett.no> Message-ID: <20050304133031.GA10959(a)itea.ntnu.no> Vegard Vesterheim: > Are there any possibilities to use an external authentication > mechanism in NAV. In UNINETT, we are looking at so-called > single-sign-on solutions for web applications. In our setup, the > authentication process can be performed by the web server, not by the > web applications. We have implemented this by hooking custom > authentication methods into the Apache request cycle. Authentication is handled by subsystem/webFront/lib/nav/web/auth.py and likewize with authorization: subsystem/lib-python/src/nav/auth.py The authenticationmodule is initiated from subsystem/webFront/lib/nav/web/__init__.py in function headerparserhandler. There's a file ldapAuth.py for example on how to use ldap as external source of authentication. We used this internally for testing for a while, but had to let it go because of broken openssl/openldap in RedHat Linux. I don't remember the specifics anymore, but I think we added some functionality to first try ldap, then local database if ldapAuth was used.. maybe someone else can comment on this? > I realize that in order for authorization to be performed correctly, > the user must probably be registered in NAV as well, but this is > another issue altogether. My main interest is avoiding the extra > username/password dialog in NAV. The NAV userdatabase using ldapAuth mentioned above, also has a means for describing where the source of this user credentials come from, so you can have - say all your organization in ldap where they update their passwords in ldap - and store external users and testusers inside the NAV database. > In case anyone is wondering about relations with the FEIDE project: > This is only partly related to FEIDE, the issue should be of > general interest. I was thinking of making python-bindings to Moria, but I haven't had the time yet. Not mainly for this system, but for similar use. -- Best regards Bj?rn Ove Gr?tan NTNU, ITEA >From bjorn.grotan at itea.ntnu.no Fri Mar 4 14:42:45 2005 From: bjorn.grotan at itea.ntnu.no (Bjorn Ove Grotan) Date: Fri Mar 4 14:42:47 2005 Subject: [Nav-users] External authentication in NAV In-Reply-To: <20050304133031.GA10959(a)itea.ntnu.no> References: <tkvf87iogr.fsf(a)voll.uninett.no> <20050304133031.GA10959(a)itea.ntnu.no> Message-ID: <20050304134245.GB10959(a)itea.ntnu.no> Bjorn Ove Grotan: > There's a file ldapAuth.py for example on how to use ldap as external > source of authentication. We used this internally for testing for a > while, but had to let it go because of broken openssl/openldap in > RedHat Linux. I stand corrected.. we didn't throw ldap-authenticaion away or anything - it just didn't work with the standard openssl/openldap packages in RedHat 9, but its working with a current setup using SLES9. One of the reasons we let NAV do the external authentication on behalf of the user is because we have to cache credentials in NAV, if the external source of authentication is unavailable. -- Best regards Bj?rn Ove Gr?tan NTNU, ITEA >From valsbox at gmail.com Fri Mar 4 08:05:03 2005 From: valsbox at gmail.com (Valentin Miculit) Date: Fri Mar 4 15:05:17 2005 Subject: [Nav-users] install Message-ID: <2e5d75ca050304060554d9bff6(a)mail.gmail.com> Hi everyone, I am new to Nav. just installed on a FreeBSD Machine 5.3 Got Python and Php to work with apache2 but when i want to run the py line in /nav here is what i get: Mod_python error: "PythonHeaderParserHandler nav.web" Traceback (most recent call last): File "/usr/local/lib/python2.4/site-packages/mod_python/apache.py", line 287, in HandlerDispatch log=debug) File "/usr/local/lib/python2.4/site-packages/mod_python/apache.py", line 454, in import_module f, p, d = imp.find_module(parts[i], path) ImportError: No module named nav Any help welcome. What am i missing? Thanx. >From Borge.Brunes at cc.uit.no Fri Mar 4 15:26:20 2005 From: Borge.Brunes at cc.uit.no (Borge Brunes) Date: Fri Mar 4 15:26:32 2005 Subject: [Nav-users] install In-Reply-To: Message from Valentin Miculit <valsbox(a)gmail.com> <2e5d75ca050304060554d9bff6(a)mail.gmail.com> Message-ID: <200503041426.j24EQKEf000984(a)duke.cc.uit.no> valsbox(a)gmail.com said: [cut] > ImportError: No module named nav Is your PYTHONPATH correct? I use PYTHONPATH=/usr/local/nav/lib/python in 5.3 and it works. BTW: Have you innstalled NAV from ports? regards, -- Borge Brunes, Computer Center, University of Tromso, Norway http://www.cc.uit.no/~borge/ | http://www.freebsd.org

1 0

SV: RE: [Nav-users] vlan information from cisco switches
by peder.sefland＠hivolda.no 03 Mar '05

03 Mar '05

In my nav3beta10 (debian) every switch shows vlan information on ports, except on my two cisco 2980. model descr serial sw_ver hw_ver fw_ver WS-X2980GBRJ WS-X2980RJ 10/100BaseTx Ethernet Rev. 2.0 JAB05250BZH 5.5(18) 2.0 5.4(1) model descr serial sw_ver hw_ver fw_ver WS-X2980GBRJ WS-X2980GBRJ 10/100/1000 Ethernet Rev. 1.2 JAB061906WQ 6.3(5) 1.2 6.1(4) They are running CatOS, but my 5500 is also running CatOS and he is showing vlan information. This is the information from the web-page /report/swport?b1.netboxid=38 interface module port link Mbps duplex media trunk vlan portname 2/17 2 17 y 100.0 h 0 UPS-Strom snmp But the vlan information is collected, and I can find it tabell swport swportid | moduleid | ifindex | port | interface | link | speed | duplex | media | vlan | trunk | portname | to_netboxid | to_swportid ----------+----------+---------+------+-----------+------+-------+--------+-------+------+-------+----------------+-------------+------------- 12069 | 824 | 25 | 17 | 2/17 | y | 100 | h | | 10 | f | UPS-Strom snmp | | Any ideas? Peder Sefland >>> "Fredrik Holmberg" <fredrik.holmberg(a)luh.hihm.no> 15.02.2005 10:17:54 >>> NAV Beta 10: nav3:/usr/local/nav/etc/report # diff report.conf report.conf.old 432c432 < $sql="SELECT b1.sysname,s1.interface, m1.module, s1.port, s1.link, s1.speed, s1.duplex, s1.media, s1.trunk, vlan.vlan,s1.portname, b2.sysname as to_netboxid,m2.module AS remote_module, s1.swportid, b1.netboxid as netboxid, b1.catid FROM swport AS s1 JOIN module AS m1 USING (moduleid) JOIN netbox AS b1 USING (netboxid) LEFT JOIN netbox AS b2 ON (to_netboxid=b2.netboxid) LEFT JOIN swportvlan ON (s1.swportid=swportvlan.swportid AND trunk='f') left join vlan using(vlan) LEFT JOIN swport AS s2 ON (s1.to_swportid=s2.swportid) LEFT JOIN module AS m2 ON (s2.moduleid=m2.moduleid)"; --- > $sql="SELECT b1.sysname,s1.interface, m1.module, s1.port, s1.link, s1.speed, s1.duplex, s1.media, s1.trunk, vlan.vlan,s1.portname, b2.sysname as to_netboxid,m2.module AS remote_module, s1.swportid, b1.netboxid as netboxid, b1.catid FROM swport AS s1 JOIN module AS m1 USING (moduleid) JOIN netbox AS b1 USING (netboxid) LEFT JOIN netbox AS b2 ON (to_netboxid=b2.netboxid) LEFT JOIN swportvlan ON (s1.swportid=swportvlan.swportid AND trunk='f') left join vlan using(vlanid) LEFT JOIN swport AS s2 ON (s1.to_swportid=s2.swportid) LEFT JOIN module AS m2 ON (s2.moduleid=m2.moduleid)"; Maybe this sorts it out :) - Fredrik -----Original Message----- From: nav-users-bounces(a)itea.ntnu.no [mailto:nav-users-bounces@itea.ntnu.no] On Behalf Of Wojciech Kozicki Sent: Tuesday, February 15, 2005 10:09 AM To: nav-users(a)desperados.itea.ntnu.no Subject: Re: [Nav-users] vlan information from cisco switches Dnia wtorek, 15 lutego 2005 10:03, Fredrik Holmberg napisa*: > Are you referring to "Report"? > It doesn't show VLAN when you view the switchports? > Yes, I meant "report"... > If this is the case, I might have a "fix" for you.. :) best regards -- Wojciech (Woj) Kozicki _______________________________________________ Nav-users mailing list Nav-users(a)itea.ntnu.no http://mailman.itea.ntnu.no/mailman/listinfo/nav-users _______________________________________________ Nav-users mailing list Nav-users(a)itea.ntnu.no http://mailman.itea.ntnu.no/mailman/listinfo/nav-users

1 0

Several problems in beta10
by Borge.Brunes＠cc.uit.no 01 Mar '05

01 Mar '05

kreide(a)online.no said: >> Network explorer: >> I'm not able to browse some part of the tree. If i use >> the Device browser it's there. > > Can you give an example so I can debug this? Network explorer always starts > from the top and explores downward, thus the complete topology needs to be > present. Some missing topology is probably what is causing this problem. Seems that after I upgraded the switch browsing are working OK....but If I do a "Search in field IP" I got no hit. If I do the same search with "sysName" it works. >> Device browser: >> On some switches it don't show any info (all ports are "white") > > Example? Same solution as above: After an upgrade things are OK. Some more: Network discovery report (var/log/networkDiscovery/networkDiscovery-topology.html): (where do I find this report in the web-gui?) Some problem with the link between all(?) the routers eg: ERROR: Could not find record for other side of link! boks(31): asgvn-gsw.infra.uit.no Ifindex: 10101 boksBak: holt-gsw.infra.uit.no ERROR: Could not find record for other side of link! boks(47): mort-gsw.infra.uit.no Ifindex: 10101 boksBak: munin-gw.infra.uit.no This problem is also present in NAV v2. gDD: On the 3550 and 3750 a lot of these are found in the gDD-log: CGW_DEVHANDLER-4-CGW_MATCH-MODULE Module 0 does not exist on netbox beiva-gsw.infra.uit.no, default to 1 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Module 0 does not exist on netbox beiva-gsw.infra.uit.no, default to 1 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Loopback0 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan167 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan202 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan203 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan204 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan221 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan703 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan805 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan848 CGW_DEVHANDLER-4-CGW_MATCH-MODULE Supervisor not found and could not match module pattern to if: Vlan94 After moving a IP-net from one SVI to another: SQLException for update statement: INSERT INTO gwportprefix (gwportid,prefixid,gwip,hsrp) VALUES ('545','278','129.242.240.1','f') org.postgresql.util.PSQLException: ERROR: insert or update on table "gwportprefix" violates foreign key constraint "$2" regards, -- Borge Brunes, Computer Center, University of Tromso, Norway http://www.cc.uit.no/~borge/ | http://www.freebsd.org

1 0

cricket problem
by peder.sefland＠hivolda.no 01 Mar '05

01 Mar '05

I have nav3Beta10 (debian) up and running. But the cricket won't show anything execpt Name Description giga-router-interfaces Graphs for giga-router-interfaces giga-switch-ports Graphs for giga-switch-ports router-interfaces Graphs for router-interfaces routers Graphs for routers servers Graphs for servers switch-ports Graphs for switch-ports switches Graphs for switches When I click on any of these links, nothing comes up. Cricket is running, # /etc/init.d/nav status networkDiscovery: Up cricket: Up eventEngine (pid 875) is running... iptrace: Up maintengine: Up servicemon.py (pid 887) is running... smsd.pl (pid 903) is running... thresholdMon: Up mactrace: Up logengine: Up safe_smsd: Up getDeviceData (pid 909) is running... backup: Up pping.py (pid 918) is running... Alertengine is running with process id 932. It has been running for 3 hours and 7 minutes. And I can see that cricket is collecting data. /var/lib/nav/rrd/volda-berte-spraaklab-sw.hivolda.no.rrd /var/lib/nav/rrd/volda-berte-sw2.hivolda.no.rrd /var/lib/nav/rrd/volda-berte-sw3.hivolda.no.rrd /var/lib/nav/rrd/volda-berte-sw4.hivolda.no.rrd /var/lib/nav/rrd/volda-berte-sw5.hivolda.no.rrd ........................ I follow the instructions for installation in the README.Debian Any suggestion what could be wrong? Peder Sefland

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Nav-users Mars 2005