You are here
I'm using the wiki appliance for a while and have no complains.
In a new install it should be placed behind a Cisco firewall and that also works.
Now, I'd like to have the wiki completely self-contained and have more visibility over what users do.
To that end I attempted to install freeRadius (can be used by Cisco firewall for authentication) and DaloRadius as aGUI front end.
I followed this how-to with the latest Turnkey MediWiki
https://help.ubuntu.com/community/CategoryNetworking/daloRADIUS
It essentially boils down to installing freeRadius/freeRadius-mysql and DaloRadius.
And I didn't get any errors while following that how-to.
But I can't connect to http://<ipaddress>/daloradius
I suspect it is a Apache config but my Linux knowledge isn't enough to tackle it.
Any advice?
Thanks.
At a glace I think you're right
My very brief browse of the instruction you link to suggest that these instructions are for a standalone install. As the TKL MediaWiki appliance is already configured to host the wiki you'll need to alter the Apache config.
And in my somewhat limited Apache knowledge this is how you'd do it (but be aware that there may be other/better ways).[edit] This doesn't work as requested by the OP. rather than creating a sub webdir of the url, it makes the DaloRadius page the webroot. See post below for proper solution.
You'll want to set up a new Apache site/virtual host. So to create the new file:and then paste/write something like this:If you only want it available via https then remove the 'NameVirtualHost *:80' line and the <VirtualHost *:80> to </VirtualHost> section (remove the <VirtualHost *:443></VirtualHost> if you want it only available, or will only work via http). Also you shouldn't actually need the VirtualHost declarations at the start (ie NameVirtualHost *:...) as they should already be set within the existing site, I just included them to be sure... Exit and save (<Ctrl><x>).Then you will need to enable your new site and restart Apache:Assuming that I haven't lead you astray, you should now have the DaloRadius WebUI showing when you navigate to http://<ipaddress>/daloradiusLet me know how you go...Thank you, Jeremy. That
Thank you, Jeremy.
That seems to be - almost - working!
Since this setup is behind the firewall (SSL VPN), I just use http (port 80).
But now the daloradius login comes up on http://<ipaddress>
instead of http://<ipaddress>/daloradius.
And the MediaWiki login on http://<ipaddress> disappeared.
Any advice how to fix that?
Thanks again.
Ooops...
Sorry about that... I got a bit over-excited... Apache config is not a real strength for me (as you can see!)
Obviously we are close... But not quite there...
In the meantime, to get back to where you where (with just your wiki):
I'll have a bit of a play, see what I can sus out and get back to you asap.
Ok worked it out
Scratch my first post...!
Instead try this. Delete the DaloRadius site we made earlier and make a new one.
This time put this in it:
Alias /daloradius/ /var/www/daloradius/ <Directory /var/www/daloradius/> Options Indexes FollowSymLinks MultiViews DirectoryIndex index.html Order allow,deny allow from all </Directory>You should now have your desired behaviour, although you will need to tweak it a little. Where it says index.html you may need to change that to the index file of your DaloRadius index page (eg index.php/index.htm or whatever it is). Also when I was testing to make sure it would work as intended I noticed that http://<domain-or-ip>/daloradius/ works, http://<domain-or-ip>/daloradius (without the last slash) doesn't. To work around this I just created a symlink in the MediaWiki doc root pointing to the DaloRadius folder like this:
(double check the MediaWiki path as I don't have acess to the MW server now - although I did test this when I did). Now http://<domain-or-ip>/daloradius nicely redirects to http://<domain-or-ip>/daloradius/
If you disabled the DaloRadius site (to get your wiki back) then re-enable it (using a2ensite - otherwise skip that). Obviously you'll also need to restart apache, but you can also just reload the settings (which is a little quicker) with:
As an afterthough, it occurred to me that perhaps you could just change the alias declaration (in etc/apache2/sites-available/daloradius) to 'Alias /daloradius ...' (rather than /daloradius/ - ie no trailing slash) but I didn't test it so I don't know if it'd work.
Have a crack at that and see if that works for you, be great to hear how you go.
Thanks, Jeremy. Now the
Thanks, Jeremy.
Now the regular wiki login is back.
And daloradius login shows up when it suppose to.
Since I plan to be the only one logging into Daloradius,
I don't mind typing http://<ipaddress>/daloradius/index.php that switches to login.php.
But the next after login screen doesn't show up. It says
"The website encountered an error while retrieving http://<ipaddress>/daloradius/dologin.php"
Despite the dologin.php being in the right place.
It looks like I'd have to learn more about the apache/radius/daloradius combo.
Thank you very much for your time.
I'm not 100% sure...
And as you've possibly guessed, it's a bit of a case of the blind leading the blind here! :)
I strongly suspect that if you have a bit of a play around with the daloradius site (ie in /etc/apache2/sites-available/) you can get this working as you want. Just remember you'll need to reload/restart Apache for the changed settings to take effect.
The Apache error log may be useful (or not) in hunting down the exact problem or tweak that needs to be made. IIRC you should find it in /var/log/apache2/ and it should be called error.log or similar.
I suggest that you recreate the error (ie try to login to DaloRadius) and check the error log. If you can't work it out, feel free to post it back here.
And as an aside, in my searching I have confirmed that if you remove the trailing slash from the Alias then you won't need the symlink for it to redrect as I suspected in my above post.
[edit] Just been having a browse online and came across a post where someone was having a similar (although slightly different) problem and they resolved it by adding a line in the <Virtualhost></Virtualhost> bit. The line was "AllowOverride All". Maybe add that and see if it helps...? Although to be honest, perhaps it'd be better to have a browse through the Apache docs (I had a quick scan but couldn't see anything, but maybe a more conprehensive look would do better?).
I believe an appliance
I believe an appliance including TurnkeyWiki integrated with freeRadius and DaloRadius could be of interest not only to me...:)
It gets messy with the abundance of different user databases, but still.
Maybe all of them can be pointed to the Radius server.
Just a thought.
I think you are right!
And perhaps it could be resolved by way of a freeRadius/DaloRadius TKLPatch which could be applied to any appliance? I don't know anywhere near enough about freeRadius/DaloRadius (or Radius in general for that matter...) to have much idea about how to set this up just yet. But it seems that you have at least some knowledge of freeRadius/DaloRadius (seeing as you have got this far!)
So I know TKL pretty well and am fairly handy with Linux in general (and possibly even more useful, I am tenacious, persistent and patient!) and have produced a number of successful (in my eyes anyway) TKLPatches.
So perhaps we could work together on this one? If we produce a TKLPatch for DaloRadius that is specifically designed to work with MediaWiki initially, then see if we can bend it to other appliances...? What do you think?
Did you keep dev notes as you set up this server you have? If not do you think you could create an install/config script, or even just some notes? Or even just a link(s) to the instructions you followed (if you used a tutorial or something? Another possibility; if you have this installed as a VM, perhaps you could 'export' it, delete all your personal data, zip it up and upload it somewhere I can access it? I could then at least help you sort out these current issues!?
Thank you, Jeremy. I think
Thank you, Jeremy.
I think you overestimate what I can do with Linux. Honestly, not much.
I have the server running virtually (8GB vmdk file) and could upload if needed.
But I can't give you access to it in its present location.
I'll have to put this on the backburner.
Will return to it closer to summer.
Thanks.
8GB is pretty huge!
So whilst possible that is probably unpractical ATM. Sorry if I got a bit overexcited! :)
Even if you can give me a link to the instructions you followed to get as far as you did that would be a great start. Even if we don't get any further with this for a little while, it will give us something to come back to.
If I'm on my own with this one, then I'll need to put it on the backburner too because I have tons on myself and am not really in a position to take this on too. Regardless I have created a blueprint because I think it's a great idea.
I'm not sure about DaloRadius...
But to get your VM to be visible to other machines on the network you will want to use either 'Bridged' or 'NAT' networking... Have a look here.
Add new comment