Changes between Initial Version and Version 1 of Ticket #810, comment 6


Ignore:
Timestamp:
01/03/17 22:21:44 (5 years ago)
Author:
Selva Nair
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #810, comment 6

    initial v1  
    11>I am local admin (but I'm running under a policy, is there something that could be conflicting?)
    22
    3 Could be.. If the GUI concludes that you are a member of the admin group (i.e the user can potentially can escalate privileges without needing a password), it will pass the config to interactive service without showing that dialog. This check in the GUI is done to precisely avoid the problem you are seeing --- that is to avoid the interactive service to rejects the config with a cryptic message. However it seems the GUI thinks you are admin but the service doesn't. I've never seen that happen -- could be due to the policy restrictions.
     3Could be.. If the GUI concludes that you are a member of the admin group (i.e the user can potentially can escalate privileges without needing a password), it will pass the config to interactive service without showing that dialog. This check in the GUI is done to precisely avoid the problem you are seeing --- that is to avoid the interactive service to reject the config with a cryptic message. However it seems the GUI thinks you are admin but the service doesn't. I've never seen that happen -- could be due to the policy restrictions.
    44 
    55>The confusing part is, when i close the dialog everything disappears and I can't read >it anymore. The only line written to the log is the "OpenVPN not started due to >previous errors" line... and since there are no previous errors (as they are not >written to the log it confused the hell out of me)
    66
    7 The log is written by openvpn which is not even started at this point where the service rejects the config. For the GUI we currently do not have a way to persist the status log window -- generally its the same as what is in openvpn log except in such early failures.
     7The log is written by openvpn which is not even started at this point when the service rejects the config. For the GUI we currently do not have a way to persist the status log window -- generally its the same as what is in openvpn log except in such early failures.
    88
    99The easiest solution would be to manually add a group named "OpenVPN Administrators" and make the user a member of it. The group doesn't need any special permissions; its used only as a validation that the user has been "blessed" by the admin to do anything they like with openvpn.