to check - Githubissues

Hellikandra commented 1 year ago

From a scratch Ubuntu 22.04 on Rpi4 8GB here is some things I view by following the guideline:

openssh-server is not installed directly (maybe as a prereq ?)
COUNTRY (C in the certificate is still at US).

I have also some problem to generate the client and data package (shared).

cgmckeever commented 1 year ago

Thank you for your work on this!!

openssh-server is not installed directly (maybe as a prereq ?)

I've added it as a prereq now ..interesting I never crossed that, maybe different base OS install type https://github.com/cgmckeever/tak-tools/pull/10/files#diff-c164eefc5e78cd72821fb5f3a4ec6b70e2444a8229f577b8949ab50a5142ac88R37

COUNTRY (C in the certificate is still at US).

added

Can you explain more about the cert issues in. more detail?

Hellikandra commented 1 year ago

Thanks for adds :-).

Currently I try your script a lot of time due to some issue with the tak server (modifying mdp, username, etc.). And it is always from a scratch image ;-).

Yes, I will share with you my issue when I will have no problem at the end of the setup script. I currently encounter an infinite loop where the script wait to the tak server to start...

I will retry that during this weekend

EDIT : So the server finally start correctly, however I have an issue during the

---------------- Creating TAK Auto-Enroll Data Package ----------------------- tee: /opt/tak/certs/files/clients/manifest.xml: Permission denied tee: /opt/tak/certs/files/clients/server.pref: Permission denied

    zip warning: name not matched: manifest.xml
    zip warning: name not matched: server.pref

zip I/O error: Permission denied zip error: Could not create output file (/opt/tak/certs/files/clients/rpi4TakServer--10.147.18.78.zip)

Failed to create file: /opt/tak/certs/files/clients/itak-rpi4TakServer--10.147.18.78-QR.png Permission denied

Auto-Enroll Data Package File: /opt/tak/certs/files/clients/rpi4TakServer--10.147.18.78.zip Transfer File: scp username@192.168.0.132:/opt/tak/certs/files/clients/rpi4TakServer--10.147.18.78.zip .

ITAK QR File: /opt/tak/certs/files/clients/itak-rpi4TakServer--10.147.18.78-QR.png Transfer File: scp username@192.168.0.132:/opt/tak/certs/files/clients/itak-rpi4TakServer--10.147.18.78-QR.png .

Transfer Both: scp username@192.168.0.132:/opt/tak/certs/files/clients/10.147.18.78 .

----------------- Installation Complete -----------------

Certificates and CERT DATA PACKAGES are in /opt/tak/certs/files Import the /opt/tak/certs/files/tak-admin.p12 certificate to your browser

Login at https://192.168.0.132:8443 with your admin account certificate.

Login at https://192.168.0.132:8089 with your admin account user/pass. No need to run the /setup step as this has been done.

I did not go in deeper

cgmckeever commented 1 year ago

well .. the good news is, the server is running, and you dont need the autoenroll script working to continue .. but we should figure out what is happening

~Are you doing the docker or standalone install?~

I think the answer is standalone from the output /opt/tak

cgmckeever commented 1 year ago

Can you let me know who owns this directory/files

ls -la  /opt/tak/certs/files/clients

ls -la  /opt/tak/certs/files/clients/

cgmckeever commented 1 year ago

I doing a scratch PI4 - standalone install now

cgmckeever commented 1 year ago

I have an idea

cgmckeever commented 1 year ago

I made some changes, and from a clean install on a PI4 was able to install standalone If you get a chance to try, would love feedback

Hellikandra commented 1 year ago

Hey sorry for delay :

Yes it is a stand alone install.
the command ls -la provide :

drwxr-xr-x 3 tak tak 4096 Aug 26 11:00 . drwxr-xr-x 4 tak tak 4096 Aug 26 11:05 .. -rw-rw-r-- 1 tak tak 654 Aug 26 11:00 ca.crl -rw------- 1 tak tak 1854 Aug 26 11:00 ca-do-not-share.key -rw-rw-r-- 1 tak tak 2737 Aug 26 11:00 ca.pem -rw-rw-r-- 1 tak tak 2915 Aug 26 11:00 ca-trusted.pem drwxr-xr-x 2 tak tak 4096 Aug 26 10:57 clients -rw-rwxr-- 1 tak tak 1633 Aug 26 11:00 config-rpi4TakServer.cfg -rw-rw-r-- 1 tak tak 0 Aug 26 11:00 crl_index.txt -rw-rw-r-- 1 tak tak 18 Aug 26 11:00 crl_index.txt.attr -rw-rw-r-- 1 tak tak 1366 Aug 26 11:00 fed-truststore.jks -rw------- 1 tak tak 1854 Aug 26 11:00 root-ca-do-not-share.key -rw-rw-r-- 1 tak tak 1354 Aug 26 11:00 root-ca.pem -rw-rw-r-- 1 tak tak 1435 Aug 26 11:00 root-ca-trusted.pem -rw-rw-r-- 1 tak tak 1009 Aug 26 11:00 rpi4TakServer.csr -rw-rw-r-- 1 tak tak 666 Aug 26 11:00 rpi4TakServer-Intermediary-CA-01.crl -rw-rw-r-- 1 tak tak 1033 Aug 26 11:00 rpi4TakServer-Intermediary-CA-01.csr -rw------- 1 tak tak 1854 Aug 26 11:00 rpi4TakServer-Intermediary-CA-01.key -rw-rw-r-- 1 tak tak 2737 Aug 26 11:00 rpi4TakServer-Intermediary-CA-01.pem -rw-rw-r-- 1 tak tak 4092 Aug 26 11:00 rpi4TakServer-Intermediary-CA-01-signing.jks -rw------- 1 tak tak 3750 Aug 26 11:00 rpi4TakServer-Intermediary-CA-01-signing.p12 -rw-rw-r-- 1 tak tak 2915 Aug 26 11:00 rpi4TakServer-Intermediary-CA-01-trusted.pem -rw-rw-r-- 1 tak tak 5270 Aug 26 11:00 rpi4TakServer.jks -rw------- 1 tak tak 1854 Aug 26 11:00 rpi4TakServer.key -rw------- 1 tak tak 4744 Aug 26 11:00 rpi4TakServer.p12 -rw-rw-r-- 1 tak tak 4185 Aug 26 11:00 rpi4TakServer.pem -rw-rw-r-- 1 tak tak 2915 Aug 26 11:00 rpi4TakServer-trusted.pem -rw-rw-r-- 1 tak tak 1001 Aug 26 11:00 tak-admin.csr -rw-rw-r-- 1 tak tak 5214 Aug 26 11:00 tak-admin.jks -rw------- 1 tak tak 1854 Aug 26 11:00 tak-admin.key -rw------- 1 tak tak 4688 Aug 26 11:00 tak-admin.p12 -rw-rw-r-- 1 tak tak 4128 Aug 26 11:00 tak-admin.pem -rw-rw-r-- 1 tak tak 2915 Aug 26 11:00 tak-admin-trusted.pem -rw-rw-r-- 1 tak tak 1366 Aug 26 11:00 truststore-root.jks -rw------- 1 tak tak 1240 Aug 26 11:00 truststore-root.p12 -rw-rw-r-- 1 tak tak 1350 Aug 26 11:00 truststore-rpi4TakServer-Intermediary-CA-01.jks -rw------- 1 tak tak 2344 Aug 26 11:00 truststore-rpi4TakServer-Intermediary-CA-01.p12

And for the clients folder, it is currently empty.

I can try to do a new from scratch install to check if everything works correctly. Let me do that during the day ;-)

cgmckeever commented 1 year ago

You can do a re-install (recommended) or

Pull latest
```
cd /opt/tak-tools/
sudo git pull
```

re-run autoenroll

sudo su - tak
tools/autoenroll-data-package.sh

Hellikandra commented 1 year ago

I do a from scratch install : Everything works correctly and I reach the auto-Enroll Data Package successfully.

Seems that everything is OK.

Now I try to connect to it :-).

EDIT: Auto-Enroll Data Package works but idk if I do it correctly : Send my zip file to my device. Import it from tak (import / sd card / zip file).

I set the login / pw. However I received an error to register to the server. I need to go to the data package, re-import correctly the intermediary cert I need to go to the server menu, re-import the intermediary cert in Trust store, re-type the password of it.

And only after that I have a success to connect to the server.

However at the end, everything seems to works correctly.

Now I will create a new user and autoenroll to ensure that I can connect a new "lambda" user.

Many thanks for support.

cgmckeever commented 1 year ago

the intermediary should be in the data package. Did you get all this working?

Hellikandra commented 1 year ago

Yes the intermediary is in the datapackage with all files required for auto enroll. I successfully connected the ATAK.

Still not tested for WinTAK and iTAK... (sorry).

cgmckeever commented 1 year ago

You all set for now?

cgmckeever / tak-tools

to check #9