Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Russian / Re: Обновление Zentyal 2.2 на Zentyal 3.0
« on: September 17, 2012, 05:35:08 pm »
Такого ключа нет:
Code: [Select]
root@mycomputer:/# sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 8E9229F7E23F4777
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.LR6ThrrtHj --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 8E9229F7E23F4777
gpg: requesting key E23F4777 from hkp server keyserver.ubuntu.com
gpgkeys: key 8E9229F7E23F4777 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
2
Installation and Upgrades / Re: no admin gui
« on: September 02, 2010, 01:40:31 am »
I downloaded ebox-iso v. 1.4.1 (~650MB), extracted and installed ebox-trafficshaping_1.4.1-0ubuntu1~ppa1~hardy1_all.deb.
-> same "nasty bug" error.
Then I downloaded ebox-iso v. 1.4(~620MB), extracted and installed ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1_all.deb.
-> gui works as expected
So for people with limited bandwidth: don't bother with ebox-iso v. 1.4.1
Bug logged:
http://trac.ebox-platform.com/ticket/2163
-> same "nasty bug" error.
Then I downloaded ebox-iso v. 1.4(~620MB), extracted and installed ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1_all.deb.
-> gui works as expected
So for people with limited bandwidth: don't bother with ebox-iso v. 1.4.1
Bug logged:
http://trac.ebox-platform.com/ticket/2163
3
Spanish / Re: ERROR de Trafficshaping (urgente)
« on: August 31, 2010, 02:40:16 pm »
Check link below for workaround:
http://forum.ebox-platform.com/index.php?topic=4679.0
http://forum.ebox-platform.com/index.php?topic=4679.0
4
Installation and Upgrades / Re: no admin gui
« on: August 31, 2010, 03:02:21 am »
Oceanwatcher,
I understand that they are busy with 2.0 and to tell you the truth that's why I did not want to bother anybody with the debug of 1.4.2.
Just wanted to downrange to 1.4.0 to have a working gui exactly like before the upgrade.
Marcus,
You assumed wrong. I do not have a backup of my installation. Well. I have to confess I am not a very organized individual. I assume eventually I will found a copy of ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1 and will downgrade the trafficshaping module.
I understand that they are busy with 2.0 and to tell you the truth that's why I did not want to bother anybody with the debug of 1.4.2.
Just wanted to downrange to 1.4.0 to have a working gui exactly like before the upgrade.
Marcus,
You assumed wrong. I do not have a backup of my installation. Well. I have to confess I am not a very organized individual. I assume eventually I will found a copy of ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1 and will downgrade the trafficshaping module.
5
Installation and Upgrades / Re: no admin gui
« on: August 30, 2010, 11:38:10 pm »
Oceanwatcher,
Similarly, to the original poster, I upgraded ebox-trafficshaping from version 1.4 to 1.4.2 and cannot longer use gui. When trying to log in, gui crashes with the "A really nasty bug has occurred" message.
I believe it's not an unreasonable request to make ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1 available in repository, so myself and others could downgrade in a mean time. I really surprised that earlier versions of the modules are not available anywhere including the official ebox repository. Is it possible?
If you would like to debug version 1.4.2 here the info:
and
Similarly, to the original poster, I upgraded ebox-trafficshaping from version 1.4 to 1.4.2 and cannot longer use gui. When trying to log in, gui crashes with the "A really nasty bug has occurred" message.
I believe it's not an unreasonable request to make ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1 available in repository, so myself and others could downgrade in a mean time. I really surprised that earlier versions of the modules are not available anywhere including the official ebox repository. Is it possible?
If you would like to debug version 1.4.2 here the info:
Code: [Select]
dpkg -l | grep "ebox-"
rc ebox-asterisk 1.4-0ubuntu1~ppa1~hardy2 eBox - VoIP
ii ebox-ca 1.4.1-0ubuntu1~ppa1~hardy1 eBox - Certification Authority
ii ebox-dhcp 1.4-0ubuntu1~ppa1~hardy1 eBox - DHCP Service
ii ebox-dns 1.4-0ubuntu1~ppa1~hardy1 eBox - DNS Service
ii ebox-ebackup 1.4.5-0ubuntu1~ppa1~hardy1 eBox - Backup
ii ebox-firewall 1.4.3-0ubuntu1~ppa1~hardy1 eBox - Firewall
ii ebox-ids 1.4-0ubuntu1~ppa1~hardy1 eBox - Intrusion Detection System
ii ebox-infrastructure 1.4 eBox - Network Infrastructure Suite
ii ebox-l7-protocols 1.4-0ubuntu1~ppa1~hardy1 eBox - Application Protocols
ii ebox-monitor 1.4.3-0ubuntu1~ppa1~hardy1 eBox - Monitor
ii ebox-network 1.4.3-0ubuntu1~ppa1~hardy1 eBox - Network Configuration
ii ebox-ntp 1.4-0ubuntu1~ppa1~hardy1 eBox - NTP Service
ii ebox-objects 1.4-0ubuntu1~ppa1~hardy1 eBox - Network Objects
ii ebox-openvpn 1.4.1-0ubuntu1~ppa1~hardy1 eBox - VPN Service
ii ebox-printers 1.4-0ubuntu1~ppa1~hardy1 eBox - Printer Sharing
ii ebox-radius 1.4-0ubuntu1~ppa1~hardy1 eBox - RADIUS
ii ebox-remoteservices 1.4.9-0ubuntu1~ppa1~hardy1 eBox - Control Center Client
ii ebox-samba 1.4.2-0ubuntu1~ppa1~hardy1 eBox - File Sharing
ii ebox-services 1.4-0ubuntu1~ppa1~hardy1 eBox - Network Services
ii ebox-software 1.4.3-0ubuntu1~ppa1~hardy1 eBox - Software Management
rc ebox-squid 1.4.1-0ubuntu1~ppa1~hardy1 eBox - HTTP Proxy (Cache and Content Filter)
ii ebox-trafficshaping 1.4.2-0ubuntu1~ppa1~hardy1 eBox - Traffic Shaping
ii ebox-usersandgroups 1.4.4-0ubuntu1~ppa1~hardy1 eBox - Users and Groups
ii ebox-webserver 1.4-0ubuntu1~ppa1~hardy1 eBox - Web Server
and
Code: [Select]
cat /var/log/ebox/ebox.log
2010/08/30 17:20:08 DEBUG> ModelProvider.pm:246 EBox::Model::ModelProvider::AUTOLOAD - Trace begun at /usr/share/perl5/EBox/Model/ModelProvider.pm line 245
EBox::Model::ModelProvider::AUTOLOAD('EBox::Network=HASH(0x970e8bc)', 'eth1') called at /usr/share/perl5/EBox/TrafficShaping.pm line 838
EBox::TrafficShaping::uploadRate('EBox::TrafficShaping=HASH(0xab4f694)', 'eth1') called at /usr/share/perl5/EBox/TrafficShaping.pm line 240
EBox::TrafficShaping::models('EBox::TrafficShaping=HASH(0xab4f694)') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 615
EBox::Model::ModelManager::_setUpModelsFromProvider('EBox::Model::ModelManager=HASH(0x8d54208)', 'EBox::TrafficShaping=HASH(0xab4f694)') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 564
EBox::Model::ModelManager::_setUpModels('EBox::Model::ModelManager=HASH(0x8d54208)') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 55
EBox::Model::ModelManager::_new('EBox::Model::ModelManager') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 73
EBox::Model::ModelManager::instance('EBox::Model::ModelManager') called at /usr/share/perl5/EBox/UsersAndGroups.pm line 2921
EBox::UsersAndGroups::mode('EBox::UsersAndGroups=HASH(0x8d544cc)') called at /usr/share/ebox-usersandgroups/slave-sync line 23
2010/08/30 17:20:08 ERROR> ModelProvider.pm:248 EBox::Model::ModelProvider::AUTOLOAD - Undefined method etherIface
2010/08/30 17:21:58 DEBUG> ModelProvider.pm:246 EBox::Model::ModelProvider::AUTOLOAD - Trace begun at /usr/share/perl5/EBox/Model/ModelProvider.pm line 245
EBox::Model::ModelProvider::AUTOLOAD('EBox::Network=HASH(0x9d8ca8c)', 'eth1') called at /usr/share/perl5/EBox/TrafficShaping.pm line 838
EBox::TrafficShaping::uploadRate('EBox::TrafficShaping=HASH(0xae41eb8)', 'eth1') called at /usr/share/perl5/EBox/TrafficShaping.pm line 240
EBox::TrafficShaping::models('EBox::TrafficShaping=HASH(0xae41eb8)') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 615
EBox::Model::ModelManager::_setUpModelsFromProvider('EBox::Model::ModelManager=HASH(0xb754f50)', 'EBox::TrafficShaping=HASH(0xae41eb8)') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 564
EBox::Model::ModelManager::_setUpModels('EBox::Model::ModelManager=HASH(0xb754f50)') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 55
EBox::Model::ModelManager::_new('EBox::Model::ModelManager') called at /usr/share/perl5/EBox/Model/ModelManager.pm line 73
EBox::Model::ModelManager::instance('EBox::Model::ModelManager') called at /usr/share/perl5/EBox/UsersAndGroups.pm line 2921
EBox::UsersAndGroups::mode at /usr/share/perl5/EBox/UsersAndGroups.pm line 2245
EBox::UsersAndGroups::isRunning('EBox::UsersAndGroups=HASH(0xaf82d24)') called at /usr/share/perl5/EBox/Module/Service.pm line 359
EBox::Module::Service::addModuleStatus('EBox::UsersAndGroups=HASH(0xaf82d24)', 'EBox::Dashboard::Section=HASH(0xb70eafc)') called at /usr/share/perl5/EBox/SysInfo.pm line 75
EBox::SysInfo::modulesWidget('EBox::SysInfo=HASH(0x9e8b574)', 'EBox::Dashboard::Widget=HASH(0xb70ecdc)', undef) called at /usr/share/perl5/EBox/Module/Base.pm line 651
EBox::Module::Base::widget('EBox::SysInfo=HASH(0x9e8b574)', 'modules') called at /usr/share/perl5/EBox/CGI/Dashboard/Index.pm line 56
EBox::CGI::Dashboard::Index::masonParameters('EBox::CGI::Dashboard::Index=HASH(0xb460bf4)') called at /usr/share/perl5/EBox/CGI/Base.pm line 518
EBox::CGI::Base::_process('EBox::CGI::Dashboard::Index=HASH(0xb460bf4)') called at /usr/share/perl5/EBox/CGI/Base.pm line 263
EBox::CGI::Base::__ANON__ at /usr/share/perl5/Error.pm line 416
eval {...} at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0xb47af80)', 'HASH(0xb70ba18)') called at /usr/share/perl5/EBox/CGI/Base.pm line 279
EBox::CGI::Base::run('EBox::CGI::Dashboard::Index=HASH(0xb460bf4)') called at /usr/share/perl5/EBox/CGI/Run.pm line 120
EBox::CGI::Run::run('EBox::CGI::Run', 'Dashboard/Index', 'EBox') called at /usr/share/ebox/cgi/ebox.cgi line 19
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::__ANON__ at /usr/share/perl5/Error.pm line 416
eval {...} at /usr/share/perl5/Error.pm line 408
Error::subs::try('CODE(0x82ac930)', 'HASH(0xb4609d8)') called at /usr/share/ebox/cgi/ebox.cgi line 42
ModPerl::ROOT::ModPerl::Registry::usr_share_ebox_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x9afd340)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
eval {...} at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
ModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0xa085ecc)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
ModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0xa085ecc)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
ModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x9afd340)') called at -e line 0
eval {...} at -e line 0
2010/08/30 17:21:58 ERROR> ModelProvider.pm:248 EBox::Model::ModelProvider::AUTOLOAD - Undefined method etherIface
6
Installation and Upgrades / Re: no admin gui
« on: August 30, 2010, 03:57:40 pm »
ebox team,
please put back ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1 into the repository, so people can downgrade.
Also remove ebox-trafficshaping_1.4.2-0ubuntu1~ppa1~hardy1 as it dows not work.
Thanks.
please put back ebox-trafficshaping_1.4-0ubuntu1~ppa1~hardy1 into the repository, so people can downgrade.
Also remove ebox-trafficshaping_1.4.2-0ubuntu1~ppa1~hardy1 as it dows not work.
Thanks.
7
Installation and Upgrades / Re: [SOLVED] Asterisk not completely removed, now no incoming calls.
« on: August 02, 2010, 09:46:26 pm »
No it's the only one. It's used as the gateway/router/firewall/pdc in the network.
8
Installation and Upgrades / Re: Asterisk not completely removed, now no incoming calls.
« on: August 01, 2010, 04:51:58 pm »
It is the second.
I set up the asterisk module using eBox gui. Tested. Removed using ebox gui.
Attached and configured ATA device (has it's own ip). = Problem with incoming calls.
Try to use a softphone on a different computer. Same = No incoming calls.
Outbound calls (dialing out) was working at all time.
During the incoming calls monitored syslog, and asterisk module (supposedly removed) was intercepting the calls.
Manually cleaning ebox computer from all asterisk modules/directories solved the issue.
I set up the asterisk module using eBox gui. Tested. Removed using ebox gui.
Attached and configured ATA device (has it's own ip). = Problem with incoming calls.
Try to use a softphone on a different computer. Same = No incoming calls.
Outbound calls (dialing out) was working at all time.
During the incoming calls monitored syslog, and asterisk module (supposedly removed) was intercepting the calls.
Manually cleaning ebox computer from all asterisk modules/directories solved the issue.
9
Installation and Upgrades / Re: Asterisk not completely removed, now no incoming calls.
« on: July 30, 2010, 11:36:36 pm »
Figured it out - no more index errors.
Updated http://forum.ebox-platform.com/index.php?topic=3006.0 if anybody curious how to eliminate bdb_substring_candidates errors
Also removing dahdi + reboot required as well. Now it's working.
Updated http://forum.ebox-platform.com/index.php?topic=3006.0 if anybody curious how to eliminate bdb_substring_candidates errors
Also removing dahdi + reboot required as well. Now it's working.
Code: [Select]
$ sudo rm -rf /etc/dahdi
$ sudo rm -rf /user/share/dahdi
10
Installation and Upgrades / Re: slapd: connection_read(XX): no connection!
« on: July 30, 2010, 07:13:15 pm »
Looks like an open bug:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/594840
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/594840
11
Installation and Upgrades / Re: Slapd errors? in syslog
« on: July 30, 2010, 06:44:04 pm »
Below worked for me:
Stop slapd:
Index:
Stop slapd:
Code: [Select]
$ sudo /etc/init.d/slapd stopModify config to include additional indexesCode: [Select]
$ sudo nano /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldifFindCode: [Select]
olcDbIndex: objectclass eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: uid eq
olcDbIndex: memberUid eqReplace withCode: [Select]
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,sn,mail,givenname eq,pres,sub
olcDbIndex: uidNumber,gidNumber,memberUid eq,pres
olcDbIndex: loginShell eq,pres
olcDbIndex: uniqueMember eq,pres
olcDbIndex: uid pres,sub,eq
olcDbIndex: displayName pres,sub,eq
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaDomainName eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eqSave.Index:
Code: [Select]
$ sudo slapindex
WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!Fix permissionsCode: [Select]
$ sudo chown openldap:openldap -R /var/lib/ldap*Restart slapdCode: [Select]
$ sudo /etc/init.d/slapd start
12
Installation and Upgrades / Re: Asterisk not completely removed, now no incoming calls.
« on: July 30, 2010, 03:44:26 pm »
Actually, I was looking more on a tip how slapd is implemented in ebox and what entries asterisk makes into slapd dbs, and how remove them manually.
Also I have
At least I remember install/uninstall ebox-asterisk, but I did not install email module at all.
But sure if it could help:
ebox-asterisk removed using ebox gui. Double checked with apt-get and it is removed.
How to reproduce:
Make incoming voip call either to softphone or ata. It would not connect.
Also I have
Code: [Select]
SASL [conn=XXXX] Failure: realm changed: authentication aborted in my logs.At least I remember install/uninstall ebox-asterisk, but I did not install email module at all.
But sure if it could help:
Code: [Select]
$ dpkg -l | grep "ebox-"
rc ebox-asterisk 1.4-0ubuntu1~ppa1~hardy2 eBox - VoIP
ii ebox-ca 1.4.1-0ubuntu1~ppa1~hardy1 eBox - Certification Authority
ii ebox-dhcp 1.4-0ubuntu1~ppa1~hardy1 eBox - DHCP Service
ii ebox-dns 1.4-0ubuntu1~ppa1~hardy1 eBox - DNS Service
ii ebox-ebackup 1.4.5-0ubuntu1~ppa1~hardy1 eBox - Backup
ii ebox-firewall 1.4.3-0ubuntu1~ppa1~hardy1 eBox - Firewall
ii ebox-ids 1.4-0ubuntu1~ppa1~hardy1 eBox - Intrusion Detection System
ii ebox-infrastructure 1.4 eBox - Network Infrastructure Suite
ii ebox-l7-protocols 1.4-0ubuntu1~ppa1~hardy1 eBox - Application Protocols
ii ebox-monitor 1.4.2-0ubuntu1~ppa1~hardy1 eBox - Monitor
ii ebox-network 1.4.3-0ubuntu1~ppa1~hardy1 eBox - Network Configuration
ii ebox-ntp 1.4-0ubuntu1~ppa1~hardy1 eBox - NTP Service
ii ebox-objects 1.4-0ubuntu1~ppa1~hardy1 eBox - Network Objects
ii ebox-openvpn 1.4.1-0ubuntu1~ppa1~hardy1 eBox - VPN Service
ii ebox-printers 1.4-0ubuntu1~ppa1~hardy1 eBox - Printer Sharing
ii ebox-radius 1.4-0ubuntu1~ppa1~hardy1 eBox - RADIUS
ii ebox-remoteservices 1.4.6-0ubuntu1~ppa1~hardy1 eBox - Control Center Client
ii ebox-samba 1.4.2-0ubuntu1~ppa1~hardy1 eBox - File Sharing
ii ebox-services 1.4-0ubuntu1~ppa1~hardy1 eBox - Network Services
ii ebox-software 1.4.1-0ubuntu1~ppa1~hardy1 eBox - Software Management
ii ebox-squid 1.4.1-0ubuntu1~ppa1~hardy1 eBox - HTTP Proxy (Cache and Content Filter)
ii ebox-trafficshaping 1.4-0ubuntu1~ppa1~hardy1 eBox - Traffic Shaping
ii ebox-usersandgroups 1.4.4-0ubuntu1~ppa1~hardy1 eBox - Users and Groups
ii ebox-webserver 1.4-0ubuntu1~ppa1~hardy1 eBox - Web ebox-asterisk removed using ebox gui. Double checked with apt-get and it is removed.
Code: [Select]
sudo apt-get remove ebox-asterisk
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package ebox-asterisk is not installed, so not removedasterisk modules are not loaded and do not need to be removedCode: [Select]
lsmod | grep zaptel
{Empty}
lsmod | grep dahdi
{Empty}All asterisk directories removed manually:Code: [Select]
rm -rf /etc/asterisk
rm -f /etc/zaptel.conf
rm -rf /var/log/asterisk
rm -rf /var/lib/asterisk
rm -rf /var/spool/asterisk
rm -rf /usr/lib/asteriskHow to reproduce:
Make incoming voip call either to softphone or ata. It would not connect.
Code: [Select]
tail -f /var/log/syslogwould give multiple entries ofCode: [Select]
Jul 30 09:31:35 ebox slapd[4917]: <= bdb_equality_candidates: (AstExtension) not indexed
Jul 30 09:31:35 ebox slapd[4917]: <= bdb_equality_candidates: (AstContext) not indexed
Jul 30 09:31:35 ebox slapd[4917]: <= bdb_equality_candidates: (AstPriority) not indexed
Jul 30 09:31:35 ebox slapd[4917]: <= bdb_substring_candidates: (AstExtension) not indexed
Jul 30 09:31:35 ebox slapd[4917]: <= bdb_equality_candidates: (AstContext) not indexed
Jul 30 09:31:35 ebox slapd[4917]: <= bdb_equality_candidates: (AstPriority) not indexed
13
Installation and Upgrades / Re: Slapd errors? in syslog
« on: July 30, 2010, 02:00:07 am »
According to http://trac.ebox-platform.com/wiki/Document/HowTo/LDAPoptimization you have to modify
Code: [Select]
$ sudo vim /etc/ldap/slapd-frontend.d/cn\=config/olcDatabase\=\{1\}hdb.ldif
$ sudo vim /etc/ldap/slapd-translucent.d/cn\=config/olcDatabase\=\{1\}hdb.ldif
$ sudo vim /etc/ldap/slapd-replica.d/cn\=config/olcDatabase\=\{1\}hdb.ldifwhich no longer the case as slapd schema has changed.14
Installation and Upgrades / [SOLVED] Asterisk not completely removed, now no incoming calls.
« on: July 29, 2010, 10:31:52 pm »
Tried asterisk module, then removed and uninstalled it using ebox gui. But apparently it was not removed completely. Now I cannot receive incoming calls using either using ATA or softphone.
I do not have any other asterisk server at all on my network!!! But syslog shows for each incoming call.
I do not have any other asterisk server at all on my network!!! But syslog shows for each incoming call.
Code: [Select]
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_substring_candidates: (AstExtension) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (AstContext) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (AstPriority) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (displayName) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (gidNumber) not indexed
Jul 29 16:20:14 eboxcomp last message repeated 2 times
Jul 29 16:20:14 eboxcomp slapd[4084]: connection_read(36): no connection!
Jul 29 16:20:14 eboxcomp slapd[4084]: connection_read(36): no connection!
15
Installation and Upgrades / Re: Radius server Error: TLS_accept failed in SSLv3 read client certificate A
« on: July 21, 2010, 03:33:52 am »
As I explained before, authentication using user credentials works using PEAP/MSCHAPv2, but not LDAP. Do not change ldap module, it is irrelevant:
But for computer authentication to work you need to strip host/Domain name and add $.
Novell web site http://www.novell.com/coolsolutions/feature/17044.html#7 suggests to use attr_rewrite, i.e:
If you made it work, please, post the configuration.
Code: [Select]
[ldap] performing user authorization for MYDOMAIN\john
expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=john)
expand: dc=mydomain,dc=local -> dc=mydomain,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap://127.0.0.1:389/, authentication 0
rlm_ldap: bind as cn=ebox,dc=mydomain,dc=local/XXXXXXX/ to ldap://127.0.0.1:389/
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=mydomain,dc=local, with filter (uid=john)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0xxx531
rlm_ldap: sambaLmPassword -> LM-Password == 0xxx545
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?but EAP/mschapv2 works just fine:Code: [Select]
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for olga with NT-Password
expand: --username=%{mschap:User-Name:-None} -> --username=john
expand: %{mschap:NT-Domain} -> MYDOMAIN
expand: --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} -> --domain=MYDOMAIN
[mschap] mschap2: 5f
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=xxxxxxxxxxxx
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=xxxxxxxxxxxxxxxxxx
Exec-Program output: NT_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Exec-Program-Wait: plaintext: NT_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP SuccessBut for computer authentication to work you need to strip host/Domain name and add $.
Novell web site http://www.novell.com/coolsolutions/feature/17044.html#7 suggests to use attr_rewrite, i.e:
Code: [Select]
attr_rewrite add-dollar-sign {
attribute = Stripped-User-Name
searchfor = "^(host/.*)"
searchin = packet
new_attribute = no
replacewith = "%{1}$"
}
So if you know regex well, try to play with /etc/freeradius/modules/mschap and attr_rewrite to convert host/MYCOMPUTER.MYDOMAIN to MYCOMPUTER$.If you made it work, please, post the configuration.