Author Topic: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1  (Read 38600 times)

realflow

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #60 on: April 28, 2017, 01:46:44 am »
For everybody else having issues with the new version of samba:

Add this

   lanman auth = yes
   ntlm auth = yes


in the [global] section
to /usr/share/zentyal/stubs/samba/smb.conf.mas

and reload samba settings.

Note: This will reenable NTLMv1 authentication which is disabled by default in newer samba versions. Unfortunately freeradius only supports NTLMv1 (and not the newer NTLMv2)
https://www.samba.org/samba/history/samba-4.5.0.html

@Julio: maybe you want to change to sudo dpkg --force-depends -i zentyal-radius_5.0_all.deb as this occurs:
dependency problems - leaving unconfigured
« Last Edit: April 28, 2017, 01:58:51 am by realflow »

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #61 on: April 28, 2017, 05:00:32 pm »
For everybody else having issues with the new version of samba:

Add this

   lanman auth = yes
   ntlm auth = yes


in the [global] section
to /usr/share/zentyal/stubs/samba/smb.conf.mas

and reload samba settings.

Note: This will reenable NTLMv1 authentication which is disabled by default in newer samba versions. Unfortunately freeradius only supports NTLMv1 (and not the newer NTLMv2)
https://www.samba.org/samba/history/samba-4.5.0.html

@Julio: maybe you want to change to sudo dpkg --force-depends -i zentyal-radius_5.0_all.deb as this occurs:
dependency problems - leaving unconfigured

"sudo apt-get install -f" because dependency problems, but the
"sudo dpkg --force-depends -i ..." is more elegant, thanks!
« Last Edit: April 28, 2017, 05:02:55 pm by julio »

liopi

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hello,
after I did install on Zentyal 5.0.8 and when i'm trying to enable Free radius module i have the following error:

Quote
Failed to enable: root command /usr/share//zentyal-radius/enable-module failed. Error output: + test '!' -e /etc/freeradius/certs/freeradius.pem + test '!' -e /etc/ssl/certs/ssl-cert-snakeoil.pem + test '!' -e /etc/ssl/private/ssl-cert-snakeoil.key + cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key /usr/share//zentyal-radius/enable-module: line 12: /etc/freeradius/certs/freeradius.pem: No such file or directory + chown root:freerad /etc/freeradius/certs/freeradius.pem chown: invalid group: â?˜root:freeradâ?? + chmod 440 /etc/freeradius/certs/freeradius.pem chmod: cannot access '/etc/freeradius/certs/freeradius.pem': No such file or directory + usermod -a -G winbindd_priv freerad usermod: user 'freerad' does not exist + chown root:winbindd_priv /var/lib/samba/winbindd_privileged/ + chmod 755 /var/log/freeradius chmod: cannot access '/var/log/freeradius': No such file or directory Command output: . Exit value: 1 at /usr/share/perl5/EBox/ServiceModule/CGI/ConfigureModuleController.pm line 65

How to fix this ?

Best regards.

giovanniconcone

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Hello to all
I can not run the radius server
I followed both page 1 and page 4 guidelines
I can start the shell radius but if it starts from the zentyal console i am mistaken.
I installed zentyal 5.08 and configured as primary domain controller
i test it whit a new install bat don't have resolv
If they can serve the attached ldap settings
DN base
DC = mms, DC = local
Default Users DN
CN = Users, DC = mms, DC = local
Default Groups DN
CN = Users, DC = mms, DC = local

And log


2017/05/31 12:49:49 INFO> Service.pm:958 EBox::Module::Service::restartService - Restarting service for module: radius
2017/05/31 12:49:50 DEBUG> Validate.pm:658 EBox::Validate::checkDomainName - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Validate.pm line 658
2017/05/31 12:49:50 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: Valore non valido per Nome comune (CN): Host Zentyal.
2017/05/31 12:49:50 ERROR> Service.pm:964 EBox::Module::Service::restartService - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Module/Service.pm line 964
2017/05/31 12:49:50 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of RADIUS from dashboard failed: Valore non valido per Nome comune (CN): Host Zentyal.

julio

  • Guest
Hello,
after I did install on Zentyal 5.0.8 and when i'm trying to enable Free radius module i have the following error:

Quote
Failed to enable: root command /usr/share//zentyal-radius/enable-module failed. Error output: + test '!' -e /etc/freeradius/certs/freeradius.pem + test '!' -e /etc/ssl/certs/ssl-cert-snakeoil.pem + test '!' -e /etc/ssl/private/ssl-cert-snakeoil.key + cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key /usr/share//zentyal-radius/enable-module: line 12: /etc/freeradius/certs/freeradius.pem: No such file or directory + chown root:freerad /etc/freeradius/certs/freeradius.pem chown: invalid group: â?˜root:freeradâ?? + chmod 440 /etc/freeradius/certs/freeradius.pem chmod: cannot access '/etc/freeradius/certs/freeradius.pem': No such file or directory + usermod -a -G winbindd_priv freerad usermod: user 'freerad' does not exist + chown root:winbindd_priv /var/lib/samba/winbindd_privileged/ + chmod 755 /var/log/freeradius chmod: cannot access '/var/log/freeradius': No such file or directory Command output: . Exit value: 1 at /usr/share/perl5/EBox/ServiceModule/CGI/ConfigureModuleController.pm line 65

How to fix this ?

Best regards.

please try install the missing dependencies with:
Code: [Select]
sudo apt install -f -y

julio

  • Guest
Hello to all
I can not run the radius server
I followed both page 1 and page 4 guidelines
I can start the shell radius but if it starts from the zentyal console i am mistaken.
I installed zentyal 5.08 and configured as primary domain controller
i test it whit a new install bat don't have resolv
If they can serve the attached ldap settings
DN base
DC = mms, DC = local
Default Users DN
CN = Users, DC = mms, DC = local
Default Groups DN
CN = Users, DC = mms, DC = local

And log


2017/05/31 12:49:49 INFO> Service.pm:958 EBox::Module::Service::restartService - Restarting service for module: radius
2017/05/31 12:49:50 DEBUG> Validate.pm:658 EBox::Validate::checkDomainName - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Validate.pm line 658
2017/05/31 12:49:50 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: Valore non valido per Nome comune (CN): Host Zentyal.
2017/05/31 12:49:50 ERROR> Service.pm:964 EBox::Module::Service::restartService - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Module/Service.pm line 964
2017/05/31 12:49:50 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of RADIUS from dashboard failed: Valore non valido per Nome comune (CN): Host Zentyal.

please try with purge all freeradius packets and install again:
Code: [Select]
sudo apt purge freeradius freeradius-common freeradius-ldap freeradius-utils libfreeradius2 libltdl7 zentyal-radius
sudo rm -rf /etc/freeradius

liopi

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hello,
after I did install on Zentyal 5.0.8 and when i'm trying to enable Free radius module i have the following error:

Quote
Failed to enable: root command /usr/share//zentyal-radius/enable-module failed. Error output: + test '!' -e /etc/freeradius/certs/freeradius.pem + test '!' -e /etc/ssl/certs/ssl-cert-snakeoil.pem + test '!' -e /etc/ssl/private/ssl-cert-snakeoil.key + cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key /usr/share//zentyal-radius/enable-module: line 12: /etc/freeradius/certs/freeradius.pem: No such file or directory + chown root:freerad /etc/freeradius/certs/freeradius.pem chown: invalid group: â?˜root:freeradâ?? + chmod 440 /etc/freeradius/certs/freeradius.pem chmod: cannot access '/etc/freeradius/certs/freeradius.pem': No such file or directory + usermod -a -G winbindd_priv freerad usermod: user 'freerad' does not exist + chown root:winbindd_priv /var/lib/samba/winbindd_privileged/ + chmod 755 /var/log/freeradius chmod: cannot access '/var/log/freeradius': No such file or directory Command output: . Exit value: 1 at /usr/share/perl5/EBox/ServiceModule/CGI/ConfigureModuleController.pm line 65

How to fix this ?

Best regards.

please try install the missing dependencies with:
Code: [Select]
sudo apt install -f -y


Great, everything is working fine  ;D
Thank you for help.
Best regards

giovanniconcone

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #67 on: June 05, 2017, 05:35:40 pm »
not work

"Qualche modulo ha riportato errori durante il salvataggio. Maggiori informazioni nel log /var/log/zentyal/

Valore non valido per Nome comune (CN): Host Zentyal."

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #68 on: June 06, 2017, 08:00:21 pm »
not work

"Qualche modulo ha riportato errori durante il salvataggio. Maggiori informazioni nel log /var/log/zentyal/

Valore non valido per Nome comune (CN): Host Zentyal."

what is your server hostname?
because, according to RFC underscores are forbidden in "hostnames"!
« Last Edit: June 06, 2017, 08:05:51 pm by julio »

giovanniconcone

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #69 on: June 13, 2017, 12:29:09 pm »
my hostname is srv01    , my domain is mms.local


What is the radius file I need to modify to integrate my host?
 :o

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #70 on: June 13, 2017, 12:46:34 pm »
my hostname is srv01    , my domain is mms.local


What is the radius file I need to modify to integrate my host?
 :o

maybe web interface language problem?
same error:
https://tracker.zentyal.org/issues/4738
please change the web interface language from italian to english

computercody94

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #71 on: August 28, 2017, 08:50:35 pm »
I'm having a problem trying to get RADIUS in 5.0 to work with my APs (Ubiquiti UniFi). Any ideas?

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #72 on: August 28, 2017, 10:41:26 pm »
please try with:
802.1x EAP & PEAP & MSCHAPV2

computercody94

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #73 on: August 28, 2017, 11:47:33 pm »
Are these settings to change in RADIUS?

julio

  • Guest
Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
« Reply #74 on: August 29, 2017, 12:40:54 am »
no not in radius, on the clients, instead of WPA2-Enterprise...