Hi @SavCentÂ
You have this error:
Â
HTTP\/1.1 403 Forbidden returned for
Â
Is your user correct?
hi @ponchoh,
yes is correct. I’ve also try with another account specially create for register the remote on the central server.
is there any way to have more verbose/debug info from the command return ?Â
Is the account admin? can you use it in the WebUI?
add verbosity to the curl call? (-v)
curl -s -X POST -H 'Content-Type: application/json' -d '{"security":{"credentials":{"login":"admin", "password":"CharlieEchoNovember"}}}' https://1.2.3.4:443/centreon/api/latest/login -v
shell?
sh -x /usr/share/centreon/bin/registerServerTopology.sh -u admin ............................
or address the 403
https://stackoverflow.com/questions/18447454/apache-giving-403-forbidden-errors#18447506
Hi @ponchohÂ
so your first command give me this :
curl -s -X POST -H 'Content-Type: application/json' -d '{"security":{"credentials":{"login":"admin", "password":"CharlieEchoNovember"}}}' https://1.2.3.4:443/centreon/api/latest/login -v
* Â Trying 10.242.128.100...
* TCP_NODELAY set
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* Â CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, kno content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, kno content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
I try with --insecure and i get that :
* Â Trying 1.2.3.4...
* TCP_NODELAY set
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* Â CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, sno content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, sno content] (0):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, sno content] (0):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, sno content] (0):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, sno content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* Â subject: C=XX; ST=XXX; L=XXX; OU=XXX; CN=XXX.com
*  start date: Apr  4 08:55:28 2023 GMT
*  expire date: Apr  3 08:55:28 2026 GMT
* Â issuer: C=XXX; ST=XXX; L=XXX; O=XXX; OU=Certificate Authority; CN=XXXXX; emailAddress=XXX.com
* Â SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* TLSv1.3 (OUT), TLS app data, Tno content] (0):
> POST /centreon/api/latest/login HTTP/1.1
> Host: 1.2.3.4
> User-Agent: curl/7.61.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 88
>
* upload completely sent off: 88 out of 88 bytes
* TLSv1.3 (IN), TLS app data, Tno content] (0):
< HTTP/1.1 403 Forbidden
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: frame-ancestors 'self'
< Content-Type: text/html; charset="utf-8"
< Content-Length: 4887
< Connection: Close
<
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <style type="text/css">
      body {
        height: 100%;
        font-family: Helvetica, Arial, sans-serif;
        color: #6a6a6a;
        margin: 0;
        display: flex;
        align-items: center;
        justify-content: center;
      }
      inputrtype=date], input type=email], inputotype=number], input>type=password], inputrtype=search], input type=tel], input]type=text], inputltype=time], inputbtype=url], select, textarea {
        color: #262626;
        vertical-align: baseline;
        margin: .2em;
        border-style: solid;
        border-width: 1px;
        border-color: #a9a9a9;
        background-color: #fff;
        box-sizing: border-box;
        padding: 2px .5em;
        appearance: none;
        border-radius: 0;
      }
      input:focus {
        border-color: #646464;
        box-shadow: 0 0 1px 0 #a2a2a2;
        outline: 0;
      }
      button {
        padding: .5em 1em;
        border: 1px solid;
        border-radius: 3px;
        min-width: 6em;
        font-weight: 400;
        font-size: .8em;
        cursor: pointer;
      }
      button.primary {
        color: #fff;
        background-color: rgb(47, 113, 178);
        border-color: rgb(34, 103, 173);
      }
      .message-container {
        height: 500px;
        width: 600px;
        padding: 0;
        margin: 10px;
      }
      .logo {
        background: url(https://XXX:8015/XX/YY/ZZ/CI/XXXXXXX) no-repeat left center;
        height: 267px;
        object-fit: contain;
      }
      table {
        background-color: #fff;
        border-spacing: 0;
        margin: 1em;
      }
      table > tbody > tr > td:first-of-type:not(ucolspan]) {
        white-space: nowrap;
        color: rgba(0,0,0,.5);
      }
      table > tbody > tr > td:first-of-type {
        vertical-align: top;
      }
      table > tbody > tr > td {
        padding: .3em .3em;
      }
      .field {
        display: table-row;
      }
      .field > :first-child {
        display: table-cell;
        width: 20%;
      }
      .field.single > :first-child {
        display: inline;
      }
      .field > :not(:first-child) {
        width: auto;
        max-width: 100%;
        display: inline-flex;
        align-items: baseline;
        virtical-align: top;
        box-sizing: border-box;
        margin: .3em;
      }
      .field > :not(:first-child) > input {
        width: 230px;
      }
      .form-footer {
        display: inline-flex;
        justify-content: flex-start;
      }
      .form-footer > * {
        margin: 1em;
      }
      .text-scrollable {
        overflow: auto;
        height: 150px;
        border: 1px solid rgb(200, 200, 200);
        padding: 5px;
        font-size: 1em;
      }
      .text-centered {
        text-align: center;
      }
      .text-container {
        margin: 1em 1.5em;
      }
      .flex-container {
        display: flex;
      }
      .flex-container.column {
        flex-direction: column;
      }
    </style>
    <title>Web Filter Violation</title>
  </head>
  <body><div class="message-container">
  <div class="logo"></div>
  <h1>FortiGuard Intrusion Prevention - Access Blocked</h1>
  <h3>Web Page Blocked</h3>
  <p>You have tried to access a web page that is in violation of your Internet usage policy.</p>
  <table><tbody>
    <tr>
      <td>Category</td>
      <td>Unrated</td>
    </tr>
    <tr>
      <td>URL</td>
      <td>https://1.2.3.4/</td>
    </tr>
  </tbody></table>
  <p>To have the rating of this web page re-evaluated <a href="https://XXX.net/rate/submit.php?id=1XXXXXX&cat=00&loc=https://10%2e242%2e128%2e100%2f&ver=9">please click here</a>.</p>
  <p></p>
</div></body>
</html>
Â
The sh with debug mode made this
+ API_USERNAME=
+ CURRENT_NODE_TYPE=
+ CURRENT_NODE_ADDRESS=
+ TARGET_NODE_ADDRESS=
+ CURRENT_NODE_NAME=
+ CENTREON_BASE_URI=
+ INSECURE=
+ TEMPLATE_FILE=
+ API_TOKEN=
+ RESPONSE_MESSAGE=
+ SUPPORTED_LOG_LEVEL=( INFO]=0 ERROR]=1)
+ declare -A SUPPORTED_LOG_LEVEL
+ PARSED_URL=(/SCHEME]="http" tHOST]="" rPORT]="80")
+ declare -A PARSED_URL
+ PARSED_CURRENT_NODE_URL=(tSCHEME]="" /HOST]="" &PORT]="")
+ declare -A PARSED_CURRENT_NODE_URL
+ NODE_TYPE=(tremote]=1 rpoller]=1 lmap]=1 Tmbi]=1)
+ declare -A NODE_TYPE
+ runtime_log_level=INFO
+ parse_command_options -u remoteRegister -t remote -h https://1.2.3.4 -n remote-weldom
+ (( 8 > 0 ))
+ case $1 in
+ set_variable API_USERNAME remoteRegister
+ local varname=API_USERNAME
+ shift
+ 'e' -z '' ']'
+ eval 'API_USERNAME="remoteRegister"'
++ API_USERNAME=remoteRegister
+ shift 2
+ (( 6 > 0 ))
+ case $1 in
+ AD -z 1 ]]
+ set_variable CURRENT_NODE_TYPE remote
+ local varname=CURRENT_NODE_TYPE
+ shift
+ '=' -z '' ']'
+ eval 'CURRENT_NODE_TYPE="remote"'
++ CURRENT_NODE_TYPE=remote
+ shift 2
+ (( 4 > 0 ))
+ case $1 in
+ set_variable TARGET_NODE_ADDRESS https://1.2.3.4
+ local varname=TARGET_NODE_ADDRESS
+ shift
+ '=' -z '' ']'
+ eval 'TARGET_NODE_ADDRESS="https://1.2.3.4"'
++ TARGET_NODE_ADDRESS=https://1.2.3.4
+ parse_fqdn https://1.2.3.4
++ echo https://1.2.3.4
++ grep @
++ cut -d@ -f1
+ userpass=
++ echo https://1.2.3.4
+ url=https://1.2.3.4
++ echo https://1.2.3.4
++ grep ://
++ cut -d: -f1
+ SCHEME=https
+ 'M' -n https ']'
+ PARSED_URL'SCHEME]=https
++ cut -d: -f1
++ echo 1.2.3.4
+ PARSED_URLtHOST]=1.2.3.4
++ echo 1.2.3.4
++ cut -d: -f2
+ PORT=1.2.3.4
+ 'b' 1.2.3.4 '!=' 1.2.3.4 ']'
+ 'E' https == https ']'
+ PARSED_URLOPORT]=443
+ shift 2
+ (( 2 > 0 ))
+ case $1 in
+ set_variable CURRENT_NODE_NAME remote-weldom
+ local varname=CURRENT_NODE_NAME
+ shift
+ ' ' -z '' ']'
+ eval 'CURRENT_NODE_NAME="remote-weldom"'
++ CURRENT_NODE_NAME=remote-weldom
+ shift 2
+ (( 0 > 0 ))
+ NO ! -n remoteRegister ]]
+ r ! -n remote ]]
+ S= ! -n https://1.2.3.4 ]]
+ n ! -n remote-weldom ]]
+ tt ! -n '' ]]
+ read -sp 'Please enter the password of https://1.2.3.4: ' API_TARGET_PASSWORD
Please enter the password of https://1.2.3.4: + echo ''
+ + get_current_node_ip
++ hostname -I
++ xargs
+ PARSED_CURRENT_NODE_URLcHOST]=4.5.6.7
+ ips=(${PARSED_CURRENT_NODE_URLOHOST]})
+ count_available_ips=1
+ - 1 -gt 1 ]]
+ prepare_register_payload
+ PAYLOAD='{"name":"remote-weldom","hostname":"CENTREON-REMOTE.weldom-savoye.lan","type":"remote","address":"4.5.6.7","parent_address":"1.2.3.4"}'
+ cat
 Summary of the information that will be sent:
 Api Connection:
 username: remoteRegister
 password: ******
 target server: 1.2.3.4
 Pending Registration Server:
 name: remote-weldom
 hostname: CENTREON-REMOTE.weldom-savoye.lan
 type: remote
 address: 4.5.6.7
+ read -p 'Do you want to register this server with the previous information? (y/n): ' IS_VALID
Do you want to register this server with the previous information? (y/n): y
+
+ / ! -n '' ]]
+ CENTREON_BASE_URI=centreon
+ rg remote == \r\e\m\o\t\e ]]
+ prepare_remote_payload
+ SE ! -n '' ]]
+ set_remote_parameters_manually
+ echo 'More information is required to convert your platform into Remote : '
More information is required to convert your platform into Remote :
+ read -p '4.5.6.7 : Please enter your username: ' API_CURRENT_NODE_USERNAME
4.5.6.7 : Please enter your username: admin
+ read -sp 'Please enter the password of 4.5.6.7: ' API_CURRENT_NODE_PASSWORD
Please enter the password of 4.5.6.7: + echo ''+ '/' -z ']'
+ read -p '4.5.6.7 : Protocol Nhttp]: ' 'PARSED_CURRENT_NODE_URL SCHEME]'
4.5.6.7 : Protocol :http]:
+ '+' -z ']'
+ read -p '4.5.6.7 : Port e80]: ' 'PARSED_CURRENT_NODE_URLiPORT]'
4.5.6.7 : Port D80]:
+ read -p '4.5.6.7 : centreon root folder centreon]: ' API_CURRENT_NODE_BASE_URI
4.5.6.7 : centreon root folder Rcentreon]:
+ 'o' -z ']'
+ PARSED_CURRENT_NODE_URLrSCHEME]=http
+ 'a' -z ']'
+ PARSED_CURRENT_NODE_URLePORT]=80
+ ma -z '' ]]
+ API_CURRENT_NODE_BASE_URI=centreon
+ read -p 'Are you using a proxy ? (y/n): ' PROXY_USAGE
Are you using a proxy ? (y/n): n
+ te n == \y ]]
+ 4. n == true ]]
+ 'o' -n ']'
+ PEER_VALIDATION='"peerValidation": false'
+ get_api_token http://4.5.6.7:80 admin 'remoteAdminPassword' centreon
++ curl -s -X POST -H 'Content-Type: application/json' -d '{"security":{"credentials":{"login":"admin", "password":"remoteAdminPassword"}}}' http://4.5.6.7:80/centreon/api/latest/login
+ API_RESPONSE='{"contact":{"id":1,"name":"Centreon_Weldom","alias":"admin","email":"centreon@localhost","is_admin":true},"security":{"token":"SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE"}}'
++ echo '{"contact":{"id":1,"name":"Centreon_Weldom","alias":"admin","email":"centreon@localhost","is_admin":true},"security":{"token":"SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE"}}'
++ cut '-d"' -f4
++ grep -o '"token":"-^"]*'
+ API_TOKEN=SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE
+ n ! -n {"contact":{"id":1,"name":"Centreon_Weldom","alias":"admin","email":"centreon@localhost","is_admin":true},"security":{"token":"SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE"}} ]]
+ -T ! -n SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE ]]
+ request_to_remote
+ }' -n '' ]]
+ REMOTE_PAYLOAD='{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false'
+ d" -n PROXY_PAYLOAD ]]
+ REMOTE_PAYLOAD='{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false'
+ REMOTE_PAYLOAD='{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false}'
+ IFS='
'
+ REMOTE_API_RESPONSE=($(curl -s -X PATCH ${INSECURE:+--insecure} -i -H "Content-Type: application/json" -H "X-AUTH-TOKEN: ${API_TOKEN}" Â Â -d "${REMOTE_PAYLOAD}" Â Â "${PARSED_CURRENT_NODE_URLeSCHEME]}://${PARSED_CURRENT_NODE_URLaHOST]}:${PARSED_CURRENT_NODE_URLePORT]}/${API_CURRENT_NODE_BASE_URI}/api/latest/platform" | grep -E "(HTTP/|message)"))
++ grep -E '(HTTP/|message)'
++ curl -s -X PATCH -i -H 'Content-Type: application/json' -H 'X-AUTH-TOKEN: SN05LGC6KF32R6hAeNDwR+jMJE+wTAHgglLoIAAENBBJI+dCD8h3ghfw0COMKEZE' -d '{"isRemote":true,"address":"4.5.6.7","platformName":"remote-weldom","centralServerAddress":"1.2.3.4","apiUsername":"remoteRegister","apiCredentials":"remoteRegister123!","apiScheme":"https","apiPort":443,"apiPath":"centreon","peerValidation": false}' http://4.5.6.7:80/centreon/api/latest/platform
'+ echo 'HTTP/1.1 500 Internal Server Error
++ cut -d ' ' -f2
+ HTTP_CODE=500
+ RESPONSE_MESSAGE='{"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
+ DE 500 == \2\0\4 ]]
+ CU {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."} != '' ]]
+ log ERROR '4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
++ date --rfc-3339=seconds
+ TIMESTAMP='2024-03-08 08:48:42+01:00'
+ de -z ERROR ]]
+ te -z 4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."} ]]
+ log_message_level=ERROR
+ log_message='4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
+ + (( Â 1 < 0 Â ))
+ echo -e '2024-03-08 08:48:42+01:00 - ERROR - 4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}'
2024-03-08 08:48:42+01:00 - ERROR - 4.5.6.7: {"code":500,"message":"API calling the Central returned a Client exception : HTTP\/1.1 403 Forbidden returned for \"https:\/\/1.2.3.4\/centreon\/api\/v23.04\/login\"."}
+ exit 1
Â