Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

Categories

Troubleshooting 403 errors in agent checkin

New install of ocsinventory, all modules on the same (debian) server.  /ocs-reports seems to be working fine now, but when I install the agent on a test machine it can't reach the server module located at /ocsinventory

The relevant line in the agent logs is:

ERROR *** AGENT => Failed to send Prolog <HTTP Status Code #403>

I've also tried manually pointing a browser at http://x.x.x.x/ocsinventory and I do indeed get a 403 error.  When I do the same from the server itself I get a blank page, which I assume is intended.

I do not have a firewall or any network-level blocks between the agent computer and the server.  I assume I have misconfigured something.

If I compare permissions between /usr/share/ocsinventory-reports and /usr/share/ocsinventory-server, the only difference is that /ocsinventory-reports is owned by www-data www-data and ocsinventory-server is owned by root root.  Is it possible that's the source of my problem? I'm hesitant to just go changing owners without fully understanding who the owner is *supposed* to be.
in OCS Inventory NG server for Unix by (440 points)
Share on
share on gp share on fb share on tw share on li

6 Answers

0 votes
 
Best answer
Alright, finally figured it out after much beating my head against the wall.

For anyone that finds this later, the solution is to go in to ocsinventory-server.conf, and on line 243 (Just below the scary "DO NOT MODIFY BELOW" line lol) add the following:

   Listen 8080

   <VirtualHost *:8080>

and then at the very end of the document add:

   </VirtualHost>

Note that I used port 8080 here for troubleshooting purposes, it would probably work just fine with the default 80.  I also removed the ifmodule logic that checks which version of apache I'm using and just replaced those with a

   Require all granted

but I don't think that's actually relevant.  Also remember to do a
systemctl restart apache2

after saving your changes.
by (440 points)
0 votes

Went ahead and changed those permissions, to no avail.

Confirmed that ocsinventory-server.conf and z_ocsinventory-server.conf are the only files that touch the <location> /ocsinventory and they still have the default config:

---snip---

  1. <Location /ocsinventory>
  2. <IfModule mod_authz_core.c>
  3. # Apache 2.4
  4. Require all granted
  5. </IfModule>
  6. <IfModule !mod_authz_core.c>
  7. # Apache 2.2
  8. order deny,allow
  9. allow from all
  10. </IfModule>
---snip---
by (440 points)
0 votes
Where is yours checks of Apache configuration and Apache access log files ? Without these checks, there is no chance to solve ...

Please check : apache2ctl -S and access.log
by (20.9k points)
0 votes

Hi and thanks again Jacquesh, requested file snips are below:

Access.log: blank file. I think you may be more interested in...

Other_vhosts_access.log:

localhost:80 192.168.1.198 - - [20/Jun/2025:08:36:32 -0500] "GET /ocsinventory/deploy/label HTTP/1.1" 403 154 "-" "OCS-NG_WINDOWS_AGENT_v2.11.0.1"

localhost:80 192.168.1.198 - - [20/Jun/2025:08:36:32 -0500] "POST /ocsinventory HTTP/1.1" 403 154 "-" "OCS-NG_WINDOWS_AGENT_v2.11.0.1"

Apache2ctl -S output:

ocsinventory-server: Bad setting. `SNMP_LINK_TAG` is not set. Default: `0`

ocsinventory-server: Bad setting. `SCAN_TYPE_IPDISCOVER` is not set. Default: `ICMP`

ocsinventory-server: Bad setting. `SCAN_ARP_BANDWIDTH` is not set. Default: `256`

ocsinventory-server: Bad setting. `IPDISCOVER_LINK_TAG_NETWORK` is not set. Default: `0`

ocsinventory-server: Bad setting. `GENERATE_OCS_FILES_SNMP` is not set. Default: `0`

ocsinventory-server: Bad setting. `SCAN_TYPE_SNMP` is not set. Default: `ICMP`

VirtualHost configuration:

*:80                   localhost (/etc/apache2/sites-enabled/glpi.conf:1)

ServerRoot: "/etc/apache2"

Main DocumentRoot: "/var/www/html"

Main ErrorLog: "/var/log/apache2/error.log"

Mutex mpm-accept: using_defaults

Mutex watchdog-callback: using_defaults

Mutex rewrite-map: using_defaults

Mutex default: dir="/var/run/apache2/" mechanism=default 

PidFile: "/var/run/apache2/apache2.pid"

Define: DUMP_VHOSTS

Define: DUMP_RUN_CFG

Define: MODPERL2

User: name="www-data" id=33

Group: name="www-data" id=33

Bonus, Error.log:
by (440 points)
0 votes
So I think I need to create a virtualhost for the server module (or possibly just an alias in my existing virtualhost definition?) But what directory should I point /ocsinventory to?
by (440 points)
0 votes
When you host on same server 2 or more services, you need to think 'virtualhost'. You have to set a .conf file in 'sites-available' for each service you provide.

I copy original .conf file provided by OCS to these .conf file in 'site-available', and with 'a2ensites' you enable the .conf site file.

For example, I host, with 2 dns different name the /ocsinventory and /ocsreports parts of OCS. (and 'apache2ctl -S' give the nameserver and the .conf file)
by (20.9k points)
 
Powered by Question2Answer
...