Error ... Not Authorized (Security settings bug?)

  • Hi, I am trying to make a fully autonomous deploy solution. Our current vision is to make a box where we can put all the used and potentially modified laptops in, connect power an LAN, and then schedule the task to deploy. The system should then wake the machines on LAN which makes them boot via PXE and copy the image onto the drive, then turning off.
    Everything is working fine so far, except that the security settings don't seem to respond how I am interpreting them: I have "On Demand Mode" and " Web Tasks Require Login" disabled, a generated universal token (and made sure it is saved), remade the boot files and verified that the universal token is in the boot menu entries - but the machines say:

    ** An Error Has Occurred **
    ...... Not Authorized

    after downloading the core scripts. I have also tried different combinations of the security settings enabled/disabled, but nothing seems to work for now.

    Do you have any suggestions for me what I should try?

    CloneDeploy 1.4.0 on Windows (VirtualBox)

  • I have no idea whether anything really changed at all, but I had a look into the process with the debug.xz initrd today and recreated the bootfiles a few times along the way. When poking around manually using the debug image, check_auth always reported false, trying with curlAuth re-set manually using the key in the web interface and everything. Immediately after trying the normal initrd again, it suddenly worked as expected (which I totally didn't expect anymore at this point).
    If I haven't failed to make any critical observation, this would therefore suggest a bug in the server side authentification code, correct? So I won't declare this "resolved". Now I just hope it keeps working if I don't touch the security settings again...

    For completeness' sake I might add that the server was rebooted inbetween - So when rebooting, the problem persisted, but vanished later without rebooting...

  • Nope, yet another addition:
    I think the thing I overlooked is having a task in the queue vs. not having one.

    With a task everything works fine. Without having a task the Not Authorized Error appears, while the expected behaviour would be to simply shutdown or reboot, or go into On Demand mode if it were enabled.
    I previously made a version of the initrd in which I just commented out the three lines of lie_start where it assumes on demand when no task is scheduled - this however results in the login prompt being shown prior to downloading the core scripts, so something is off there, too.

    (just dumping my thoughts at this moment to document this for myself and anyone interested or with similar problems)