Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: julio on July 01, 2015, 07:01:55 pm

Title: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: julio on July 01, 2015, 07:01:55 pm
open a terminal window and "copy & paste" the following commands:

changes:
09.14.15 - winbind package added to dependency
                change UID attribute to sAMAccountName in ldap.mas, credits to jbahillo, thx!
10.23.15 - fixed LDAP group filter
11.05.15 - added double quotes to group in user.mas
                fixed patch versions
11.14.15 - startup script changes, fixed ntlm_auth permissions
                re-set the permissions on existing certificates
06.11.16 - extended "LogHelper.pm" parsing function,
                with mac address format: "aabbccddeeff"
06.12.16 - extended "LogHelper.pm" parsing function,
                change mac address format to uppercase format               
03.04.17 - Adapted to 5.0,
                changed service handling to systemd
09.07.17 - Adapted zentyal 5.0 version to use Samba 4.5 NTLMv1 authentication instead of default NTLMv2
09.04.18 - Adapted to 5.1
05.09.18 - Fixed typo in 5.1

zentyal 4.0:
Code: [Select]
sudo apt-get install -y zbuildtools build-essential fakeroot dpkg-dev
cd /tmp
wget 'http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz' -O zentyal-radius_3.5.1.tar.gz
tar -xf zentyal-radius_3.5.1.tar.gz
mv zentyal-radius_3.5.1 zentyal-radius_4.0
wget 'https://drive.google.com/uc?export=download&id=0B4_d-7xL0AS_VER4RkJRU1FQNEk' -O zentyal-radius-4.0.patch
patch -t -p1 -i zentyal-radius-4.0.patch
cd zentyal-radius-4.0
dpkg-buildpackage -rfakeroot -b -tc
cd ..
sudo apt-get install -y ./zentyal-radius_4.0_all.deb
sudo service zentyal webadmin restart

zentyal 4.2:
Code: [Select]
sudo apt-get install -y zbuildtools build-essential fakeroot dpkg-dev
cd /tmp
wget 'http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz' -O zentyal-radius_3.5.1.tar.gz
tar -xf zentyal-radius_3.5.1.tar.gz
mv zentyal-radius_3.5.1 zentyal-radius_4.2
wget 'https://drive.google.com/uc?export=download&id=0B4_d-7xL0AS_MWRMOS10Y2c1S2s' -O zentyal-radius-4.2.patch
patch -t -p1 -i zentyal-radius-4.2.patch
cd zentyal-radius-4.2
dpkg-buildpackage -rfakeroot -b -tc
cd ..
sudo apt-get install -y ./zentyal-radius_4.2_all.deb
sudo service zentyal webadmin restart

zentyal 5.0:
Code: [Select]
sudo apt install -y zbuildtools build-essential fakeroot dpkg-dev
cd /tmp
wget 'http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz' -O zentyal-radius_3.5.1.tar.gz
tar -xf zentyal-radius_3.5.1.tar.gz
mv zentyal-radius_3.5.1 zentyal-radius_5.0
wget 'https://drive.google.com/uc?export=download&id=0B4_d-7xL0AS_djZpaXNIUHFNOWs' -O zentyal-radius-5.0.patch
patch -t -p1 -i zentyal-radius-5.0.patch
cd zentyal-radius-5.0
dpkg-buildpackage -rfakeroot -b -tc
cd ..
sudo apt install -y ./zentyal-radius_5.0_all.deb
sudo zs webadmin restart
sudo mkdir -p /etc/zentyal/stubs/samba
sudo cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba/smb.conf.mas
sudo sed -i '/\[global\]/a lanman auth = yes\nntlm auth = yes' /etc/zentyal/stubs/samba/smb.conf.mas
sudo zs samba restart

zentyal 5.1:
Code: [Select]
sudo apt install -y zbuildtools build-essential fakeroot dpkg-dev
cd /tmp
wget 'http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz' -O zentyal-radius_3.5.1.tar.gz
tar -xf zentyal-radius_3.5.1.tar.gz
mv zentyal-radius_3.5.1 zentyal-radius_5.1
wget 'https://drive.google.com/uc?export=download&id=1K99PAIAHl1j4bnBxcTMyXgKpJEpTQflB' -O zentyal-radius-5.1.patch
patch -t -p1 -i zentyal-radius-5.1.patch
cd zentyal-radius-5.1
dpkg-buildpackage -rfakeroot -b -tc
cd ..
sudo apt install -y ./zentyal-radius_5.1_all.deb
sudo zs webadmin restart
sudo mkdir -p /etc/zentyal/stubs/samba
sudo cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba/smb.conf.mas
sudo sed -i '/\[global\]/a lanman auth = yes\nntlm auth = yes' /etc/zentyal/stubs/samba/smb.conf.mas
sudo zs samba restart
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: Mittelerde on July 02, 2015, 12:48:55 pm
Thanks for sharing  :)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: bino on September 07, 2015, 09:58:32 am
Dear Sir.

Kindly please help me on https://forum.zentyal.org/index.php/topic,26466.0.html

Sincerely
-bino-
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: antsu on October 22, 2015, 04:18:38 pm
julio, thanks for going through the trouble of making and sharing this.
I've followed your instructions and successfully built the RADIUS module. Authentication works perfectly from radtest (with mschap) and from a Mikrotik router (for L2TP authentication).
There's just one detail that is not working as expected: No matter what group I choose at Zentyal's web interface, the RADIUS server will authenticate ANY valid user, regardless of the user being part of the specified group or not. As long as it's a valid domain account, it'll reply with an "Accept-Accept".
I've checked that the group is correcly being set inside /etc/freeradius/users:
Code: [Select]
DEFAULT LDAP-Group == <group name>
and also tried to manually edit it, using the full DN, but it makes no difference:
Code: [Select]
DEFAULT LDAP-Group == "CN=group,OU=foo,DC=bar,DC=com"
I don't have any experience with Freeradius, so I'm a bit lost about what can be causing this.
Running Zentyal 4.1 x86 (old server), if it makes any difference.
Any help is very much appreciated.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: julio on October 23, 2015, 11:55:11 pm
julio, thanks for going through the trouble of making and sharing this.
I've followed your instructions and successfully built the RADIUS module. Authentication works perfectly from radtest (with mschap) and from a Mikrotik router (for L2TP authentication).
There's just one detail that is not working as expected: No matter what group I choose at Zentyal's web interface, the RADIUS server will authenticate ANY valid user, regardless of the user being part of the specified group or not. As long as it's a valid domain account, it'll reply with an "Accept-Accept".
I've checked that the group is correcly being set inside /etc/freeradius/users:
Code: [Select]
DEFAULT LDAP-Group == <group name>
and also tried to manually edit it, using the full DN, but it makes no difference:
Code: [Select]
DEFAULT LDAP-Group == "CN=group,OU=foo,DC=bar,DC=com"
I don't have any experience with Freeradius, so I'm a bit lost about what can be causing this.
Running Zentyal 4.1 x86 (old server), if it makes any difference.
Any help is very much appreciated.

Bug is fixed, please try one more time...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: Dersch on October 30, 2015, 10:23:56 pm
Also so many thanks from my side. Today some problems started with the login of my Admin Account. All time long it was fine but now got LogIn Incorrect. Now it is working again :)

BTW: Does it work with 4.2 as well?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: antsu on November 05, 2015, 08:40:43 pm
Bug is fixed, please try one more time...

Thank you very much.

I was able to compile the module and the group filter indeed is working as expected.
There are only two things I noticed that need fixing/improving (but can be "worked-around"):


Again, thanks!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: julio on November 05, 2015, 10:40:43 pm
Bug is fixed, please try one more time...

Thank you very much.

I was able to compile the module and the group filter indeed is working as expected.
There are only two things I noticed that need fixing/improving (but can be "worked-around"):

  • The diff files in your instructions are referencing the folder "zentyal-radius-4.0" instead of "zentyal-radius-4.1", causing errors when patching. Editing the files and replacing all the occurrences with the "4.1" path solves the problem.
  • After installed, if the selected group has spaces in its name, the Freeradius service is unable to start, logging errors when trying to parse "/etc/freeradius/users". Editing the file and enclosing the group's name in double quotes solves the problem, but gets undone since Zentyal rewrites the config files. A workaround (which I had to use) is to rename the group, removing all blank spaces, and then let Zentyal save its configurations again.

Again, thanks!

i've changed/fixed, please test it...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: vahabudeen on November 06, 2015, 07:25:28 am
Please help me to resole this .

root@zentyal4:/home/amagi/Downloads# sudo dpkg -i zentyal-radius_4.1_all.deb
Selecting previously unselected package zentyal-radius.
(Reading database ... 59970 files and directories currently installed.)
Preparing to unpack zentyal-radius_4.1_all.deb ...
Unpacking zentyal-radius (4.1) ...
dpkg: dependency problems prevent configuration of zentyal-radius:
 zentyal-radius depends on winbind; however:
  Package winbind is not installed.
 zentyal-radius depends on freeradius; however:
  Package freeradius is not installed.
 zentyal-radius depends on freeradius-ldap; however:
  Package freeradius-ldap is not installed.

dpkg: error processing package zentyal-radius (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 zentyal-radius


root@zentyal4:/home/amagi/Downloads# dpkg -i zentyal-radius_4.1_all.deb
(Reading database ... 59998 files and directories currently installed.)
Preparing to unpack zentyal-radius_4.1_all.deb ...
Unpacking zentyal-radius (4.1) over (4.1) ...
dpkg: dependency problems prevent configuration of zentyal-radius:
 zentyal-radius depends on winbind; however:
  Package winbind is not installed.
 zentyal-radius depends on freeradius; however:
  Package freeradius is not installed.
 zentyal-radius depends on freeradius-ldap; however:
  Package freeradius-ldap is not installed.

dpkg: error processing package zentyal-radius (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 zentyal-radius
root@zentyal4:/home/amagi/Downloads#
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on November 06, 2015, 07:55:19 am
please run the following command:
Code: [Select]
sudo apt-get install -f -y
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: vahabudeen on November 06, 2015, 08:00:32 am
Then should i run this command?

sudo dpkg -i zentyal-radius_4.1_all.deb
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on November 06, 2015, 08:03:11 am
not, only the:
sudo apt-get install -f -y

(plese check the instructions)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.1
Post by: antsu on November 06, 2015, 01:54:59 pm
i've changed/fixed, please test it...

Tested for 4.1 x86. Working flawlessly!
Thank you.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on November 13, 2015, 10:04:51 am
hi, i have problems to install the radius module with 4.2

Code: [Select]

dirk@superserver:~/Downloads$ sudo dpkg -i zentyal-radius_4.2_all.deb
(Lese Datenbank ... 621495 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von zentyal-radius_4.2_all.deb ...
Entpacken von zentyal-radius (4.2) über (4.2) ...
dpkg: Abhängigkeitsprobleme verhindern Konfiguration von zentyal-radius:
 zentyal-radius hängt ab von freeradius-ldap; aber:
  Paket freeradius-ldap ist noch nicht konfiguriert.

dpkg: Fehler beim Bearbeiten des Paketes zentyal-radius (--install):
 Abhängigkeitsprobleme - verbleibt unkonfiguriert
Fehler traten auf beim Bearbeiten von:
 zentyal-radius
dirk@superserver:~/Downloads$

dirk@superserver:~/Downloads$ sudo apt-get install -f -y
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
Das folgende Paket wurde automatisch installiert und wird nicht mehr benötigt:
  linux-image-extra-3.13.0-66-generic
Verwenden Sie »apt-get autoremove«, um es zu entfernen.
0 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
2 nicht vollständig installiert oder entfernt.
Nach dieser Operation werden 0 B Plattenplatz zusätzlich benutzt.
freeradius-ldap (2.1.12+dfsg-1.2ubuntu8.1) wird eingerichtet ...
reload: Unknown instance:
invoke-rc.d: initscript freeradius, action "force-reload" failed.
dpkg: Fehler beim Bearbeiten des Paketes freeradius-ldap (--configure):
 Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück
dpkg: Abhängigkeitsprobleme verhindern Konfiguration von zentyal-radius:
 zentyal-radius hängt ab von freeradius-ldap; aber:
  Paket freeradius-ldap ist noch nicht konfiguriert.

dpkg: Fehler beim Bearbeiten des Paketes zentyal-radius (--configure):
 Abhängigkeitsprobleme - verbleibt unkonfiguriert
Es wurde kein Apport-Bericht verfasst, da die Fehlermeldung darauf hindeutet, dass dies lediglich ein Folgefehler eines vorherigen Problems ist.
                                             E: Sub-process /usr/bin/dpkg returned an error code (1)

dirk@superserver:~/Downloads$ sudo dpkg --configure -a
freeradius-ldap (2.1.12+dfsg-1.2ubuntu8.1) wird eingerichtet ...
reload: Unknown instance:
invoke-rc.d: initscript freeradius, action "force-reload" failed.
dpkg: Fehler beim Bearbeiten des Paketes freeradius-ldap (--configure):
 Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück
dpkg: Abhängigkeitsprobleme verhindern Konfiguration von zentyal-radius:
 zentyal-radius hängt ab von freeradius-ldap; aber:
  Paket freeradius-ldap ist noch nicht konfiguriert.

dpkg: Fehler beim Bearbeiten des Paketes zentyal-radius (--configure):
 Abhängigkeitsprobleme - verbleibt unkonfiguriert
Fehler traten auf beim Bearbeiten von:
 freeradius-ldap
 zentyal-radius


Is there some fix?

I found that:

Code: [Select]
zentyal-install-module /home/dirk/Downloads/zentyal-radius-4.2/debian/zentyal-radius/

cp: der Aufruf von stat für »schemas/*.ldif“ ist nicht möglich: Datei oder Verzeichnis nicht gefunden

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on November 13, 2015, 04:36:21 pm
Julio, please help me  :-\ i need radius for my wlan access and it does not work as it should at the moment. I assume it is just a small bug in the installation :)

It worked like a charm with 4.1 and today i upgraded to 4.2.1 after i saw that i can install the radius module.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on November 13, 2015, 06:07:22 pm
Hi Dersch,

open the "/var/lib/dpkg/info/freeradius-ldap.postinst" file and modify the line:
invoke-rc.d freeradius force-reload to /etc/init.d/freeradius force-reload

After the modification run: sudo apt-get install -f
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on November 13, 2015, 10:59:30 pm
Hey julio, thanks for your help. Now i could install and configure it. But it is still not working, the module is stopped. If i reload the module i get the message "successful reloaded" but it is still stopped.

Here is what happend after your hint:

Code: [Select]
dirk@superserver:~$ sudo nano /var/lib/dpkg/info/freeradius-ldap.postinst
dirk@superserver:~$ sudo apt-get install -f
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
0 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
2 nicht vollständig installiert oder entfernt.
Nach dieser Operation werden 0 B Plattenplatz zusätzlich benutzt.
freeradius-ldap (2.1.12+dfsg-1.2ubuntu8.1) wird eingerichtet ...
 * Reloading FreeRADIUS daemon freeradius                                                                       
* /var/run/freeradius/freeradius.pid not found...                                                       [ OK ]
zentyal-radius (4.2) wird eingerichtet ...
Trigger für zentyal-core (4.2.1) werden verarbeitet ...
 * Restarting Zentyal module: webadmin                                   [ OK ]
 * Restarting Zentyal module: logs                                       [ OK ]

Freeradius is running:
Code: [Select]
sudo service freeradius start                                                     
freeradius start/running, process 5237

But stopped immeditaley
Code: [Select]
sudo service freeradius status
freeradius stop/waiting

And i activated the module, of course.

I also started the install process again but it had no effect.

The freeradius log at /var/log/freeradius is full of errors:

Code: [Select]
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Fri Nov 13 23:07:19 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Fri Nov 13 23:07:19 2015 : Error: rlm_eap: Failed to initialize type tls
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Fri Nov 13 23:07:19 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Fri Nov 13 23:07:19 2015 : Error: Failed to load virtual server <default>
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on November 14, 2015, 12:32:46 am
No i could fix the issue with the certificate. At CA Authority i checked RADIUS once and saved. The error stopped.

Then i got another error in the Log File:
Code: [Select]
Sat Nov 14 00:16:59 2015 : Error: Errors reading /etc/freeradius/users
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/modules/files[7]: Instantiation failed for module "files"
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/sites-enabled/default[152]: Failed to load module "files".
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
Sat Nov 14 00:16:59 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 00:16:59 2015 : Error: /etc/freeradius/users[3]: Parse error (check) for entry DEFAULT: Expected end of line or comma

I changed in Zentyal the group allowed to authenticate once and saved to write the file new. Then freeradius could start:

Code: [Select]
Sat Nov 14 00:20:31 2015 : Info: Loaded virtual server <default>
Sat Nov 14 00:20:31 2015 : Info: Loaded virtual server inner-tunnel
Sat Nov 14 00:20:31 2015 : Info:  ... adding new socket proxy address * port 40920
Sat Nov 14 00:20:31 2015 : Info: Ready to process requests.

But it is still impossible to login:
Code: [Select]
Sat Nov 14 00:21:44 2015 : Error:   [ldap] ldap_search() failed: Operations error
Sat Nov 14 00:21:44 2015 : Auth: Invalid user: [Administrator] (from client 192.168.10.40/32 port 0 cli E8-50-8B-83-95-42)

Also Zentyal Webinterface does not recognize the running service.

Manual start is also impossible:
Code: [Select]
service zentyal radius restart
 * Restarting Zentyal module: radius                                     [fail]

It is very strange right now. With 4.1 everything worked so well without any issue.  Please help me to fix that. There must be some error within the installation tipps.

best regards
Dirk
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on November 14, 2015, 02:44:59 am
my opinion completely remove/reinstall much easier:
Code: [Select]
sudo apt-get purge --auto-remove zentyal-radius freeradius

cd ~/Downloads
sudo dpkg -i zentyal-radius_4.2_all.deb
sudo apt-get install -f -y
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on November 14, 2015, 09:41:30 am
Thats not changing anything. Now freeradius does not start because of the first error

Code: [Select]
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
Sat Nov 14 09:39:23 2015 : Error: rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/freeradius.pem
Sat Nov 14 09:39:23 2015 : Error: rlm_eap: Failed to initialize type tls
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[287]: Failed to load module "eap".
Sat Nov 14 09:39:23 2015 : Error: /etc/freeradius/sites-enabled/default[234]: Errors parsing authenticate section.
Sat Nov 14 09:39:23 2015 : Error: Failed to load virtual server <default>
dirk@superserver:~/Downloads$
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on November 14, 2015, 10:43:35 am
please remove/recompile/reinstall one more time:

Code: [Select]
sudo rm -rf ~/Downloads/*radius*
sudo apt-get purge --auto-remove zentyal-radius freeradius freeradius-common libfreeradius2
sudo rm -rf /etc/freeradius

recompile/reinstall the zentyal-radius module

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on November 14, 2015, 02:32:02 pm
IT WORKS!!! Thank you so much! I don't know what i should do with Zentyal without you ;)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on November 14, 2015, 06:31:31 pm
I am glad I was able to help. :)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: gummibear1986 on January 29, 2016, 10:37:01 pm
Hi Julio

Awesome work in getting RADIUS back into Zentyal, this was one of the main reasons i was looking at possible alternatives as my firewall requires it to authenticate VPN users (can't use AD).

It all seems to work brilliantly, the only issue i have found is that if i set it to authenticate Domain Users, it fails everytime. The user i am testing with is a Domain Admin and it works if i select that or All Users, but never under Domain Users. I have added another user who is not a Domain Admin in case this was the issue and the result is the same.

Also, do you know if it is possible to use MSCHAP? I cant seem to figure that one out either.

Thanks again for your work on this.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on January 31, 2016, 06:30:19 pm
Hi Julio

Awesome work in getting RADIUS back into Zentyal, this was one of the main reasons i was looking at possible alternatives as my firewall requires it to authenticate VPN users (can't use AD).

It all seems to work brilliantly, the only issue i have found is that if i set it to authenticate Domain Users, it fails everytime. The user i am testing with is a Domain Admin and it works if i select that or All Users, but never under Domain Users. I have added another user who is not a Domain Admin in case this was the issue and the result is the same.

Also, do you know if it is possible to use MSCHAP? I cant seem to figure that one out either.

Thanks again for your work on this.

Please use with your own group, nested groups 'Domain Admins, Domain Users, Domain Guests' not working yet!
MSCHAPV2:
http://www.nmt.edu/information-services-division/3845-windows-7-peap-ms-chapv2 (http://www.nmt.edu/information-services-division/3845-windows-7-peap-ms-chapv2)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on June 04, 2016, 11:59:17 am
Hello Julio and all,

Thanks' for bringing Radius into Zentyal 4.2!
I was able to install successfully and it seems to work in general, but not in my specific setup.

I want to use Radius to grant WiFi access to registered users and tried with two different AP's so far. One is an older Siemens DSL router and the other is a buffalo router with DD-WRT on board.
Both seem to be using MSCHAP authentication, but they always fail with "Login incorrect". Looking into the radius.log file, all I can see is:
Code: [Select]
Fri Jun  3 19:01:02 2016 : Auth: Login incorrect (mschap: External script says ): [#username#] (from client ##.##.###.#/32 port 0 via TLS tunnel)
Fri Jun  3 19:01:03 2016 : Auth: Login incorrect: [#username#] (from client ##.##.###.#/32 port 1 cli ##-##-##-##-##-##)
 
and that's basically it. No more hints.
I also tried using radtest tool and it works successfully, unless I choose MSCHAP as type. So my understanding is that the auth against the AD works in general and there must be an issue with the MSCHAP module.

The module does exist in the modules folder and besides the domain hack being active, the ntlm_auth looks like this:
Code: [Select]
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"

I'm not a big pro on Radius setup, so I hope someone can help me to get this going. We're using the installation for a refugee project.

update:
radtest output for mschap auth: MS-CHAP-Error = "\000E=691 R=1"

update2: checked ntlm_auth and it does work, but only when using sudo. Is this correct? I read some comments about freerad user to be member of the winbindd_priv group, but this is already the case. (winbindd_priv:x:118:freerad)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on June 04, 2016, 01:55:12 pm
Hello Julio and all,

Thanks' for bringing Radius into Zentyal 4.2!
I was able to install successfully and it seems to work in general, but not in my specific setup.

I want to use Radius to grant WiFi access to registered users and tried with two different AP's so far. One is an older Siemens DSL router and the other is a buffalo router with DD-WRT on board.
Both seem to be using MSCHAP authentication, but they always fail with "Login incorrect". Looking into the radius.log file, all I can see is:
Code: [Select]
Fri Jun  3 19:01:02 2016 : Auth: Login incorrect (mschap: External script says ): [#username#] (from client ##.##.###.#/32 port 0 via TLS tunnel)
Fri Jun  3 19:01:03 2016 : Auth: Login incorrect: [#username#] (from client ##.##.###.#/32 port 1 cli ##-##-##-##-##-##)
 
and that's basically it. No more hints.
I also tried using radtest tool and it works successfully, unless I choose MSCHAP as type. So my understanding is that the auth against the AD works in general and there must be an issue with the MSCHAP module.

The module does exist in the modules folder and besides the domain hack being active, the ntlm_auth looks like this:
Code: [Select]
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"

I'm not a big pro on Radius setup, so I hope someone can help me to get this going. We're using the installation for a refugee project.

update:
radtest output for mschap auth: MS-CHAP-Error = "\000E=691 R=1"

update2: checked ntlm_auth and it does work, but only when using sudo. Is this correct? I read some comments about freerad user to be member of the winbindd_priv group, but this is already the case. (winbindd_priv:x:118:freerad)

please make own group for radius users ex.: radusers
add radius users to this group and
set this group in "RADIUS - General configuration" -> "Group allowed to authenticate"
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on June 04, 2016, 03:13:50 pm
Hey,
Thanks' for the prompt response and help.
Actually, the minute you posted, I found the solution as per one of your earlier advices.
https://forum.zentyal.org/index.php/topic,26466.msg97883.html#msg97883 (https://forum.zentyal.org/index.php/topic,26466.msg97883.html#msg97883)

First I tried
Code: [Select]
sudo chown root:root /etc/samba/openchange.conf
sudo chmod 644 /etc/samba/openchange.conf
which worked. so finally I did
Code: [Select]
echo -e "#"'!'"/bin/bash\nchown root:root /etc/samba/openchange.conf\nchmod 644 /etc/samba/openchange.conf\nexit 0" | sudo tee /etc/zentyal/hooks/openchange.postsetconf
sudo chmod +x /etc/zentyal/hooks/openchange.postsetconf

Seems this did the trick.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on June 08, 2016, 10:24:55 pm
Again i'm facing problems with RADIUS but this time it seems to be the connection with LDAP. I already removed and recomplied the zentyal radius module but without success. Overall the RADIUS Module seems to work and short after a reboot everything is fine. Only after a couple of minutes up to one hour it is starting with the following errors...

Code: [Select]
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 via TLS tunnel)
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:08:59 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:08:59 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:09:02 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 24 due to unfinished request 33
Wed Jun  8 21:09:04 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:04 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:09:20 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 26 due to unfinished request 35
Wed Jun  8 21:09:22 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:22 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:29:43 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:29:43 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:29:46 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 8 due to unfinished request 36
Wed Jun  8 21:29:48 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:29:48 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)
Wed Jun  8 21:30:01 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 10 due to unfinished request 38
Wed Jun  8 21:30:03 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:30:03 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on June 09, 2016, 06:17:37 am
Again i'm facing problems with RADIUS but this time it seems to be the connection with LDAP. I already removed and recomplied the zentyal radius module but without success. Overall the RADIUS Module seems to work and short after a reboot everything is fine. Only after a couple of minutes up to one hour it is starting with the following errors...

Code: [Select]
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 via TLS tunnel)
Wed Jun  8 20:29:23 2016 : Auth: Login OK: [Administrator] (from client 192.168.10.40/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:08:59 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:08:59 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:09:02 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 24 due to unfinished request 33
Wed Jun  8 21:09:04 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:04 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:09:20 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 48323 - ID: 26 due to unfinished request 35
Wed Jun  8 21:09:22 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:09:22 2016 : Auth: Invalid user: [Administrator] (from client 192.168.10.42/32 port 0 cli E8-50-8B-83-95-42)
Wed Jun  8 21:29:43 2016 : Error:   [ldap] ldap_search() failed: LDAP connection lost.
Wed Jun  8 21:29:43 2016 : Info:   [ldap] Attempting reconnect
Wed Jun  8 21:29:46 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 8 due to unfinished request 36
Wed Jun  8 21:29:48 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:29:48 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)
Wed Jun  8 21:30:01 2016 : Error: Discarding duplicate request from client 192.168.10.42/32 port 35385 - ID: 10 due to unfinished request 38
Wed Jun  8 21:30:03 2016 : Error:   [ldap] ldap_search() failed: Timed out while waiting for server to respond. Please increase the timeout.
Wed Jun  8 21:30:03 2016 : Auth: Invalid user: [Daniela] (from client 192.168.10.42/32 port 0 cli AC-5F-3E-33-AF-45)

after restarting the radius service working again?
Code: [Select]
sudo service zentyal radius restart
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: Dersch on June 09, 2016, 08:35:41 am
Hi Julio,

no unfortunately not.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on June 09, 2016, 12:09:13 pm
please check the Samba - LDAP service...
ex.: ldapsearch
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on June 11, 2016, 04:27:36 pm
Dear Julio,

Hope you can also help with this little issue. Now that I've got the radius module working, I noticed that - depending on the AP - MAC address information will be shown or not in the log file presentation (via zentyal log viewer).

I have an older Siemens AP here, which result in the following log entry:

Code: [Select]
Sat Jun 11 15:37:44 2016 : Auth: Login OK: [username] (from client xxx.xxx.x.xxx/32 port 5 cli 2002af9a30af)
Means, the MAC address is 20:02:AF:9A:30:AF, but it's not shown, the mac column remains empty.
My guess is that the parser is not able to convert and/or identify the mac entry in the log file.

Is there any hack possible to fix this?

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on June 11, 2016, 10:27:57 pm
Dear Julio,

Hope you can also help with this little issue. Now that I've got the radius module working, I noticed that - depending on the AP - MAC address information will be shown or not in the log file presentation (via zentyal log viewer).

I have an older Siemens AP here, which result in the following log entry:

Code: [Select]
Sat Jun 11 15:37:44 2016 : Auth: Login OK: [username] (from client xxx.xxx.x.xxx/32 port 5 cli 2002af9a30af)
Means, the MAC address is 20:02:AF:9A:30:AF, but it's not shown, the mac column remains empty.
My guess is that the parser is not able to convert and/or identify the mac entry in the log file.

Is there any hack possible to fix this?

modified, please check...
https://forum.zentyal.org/index.php/topic,25541.msg96226.html#msg96226 (https://forum.zentyal.org/index.php/topic,25541.msg96226.html#msg96226)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on June 12, 2016, 11:01:48 am

modified, please check...
https://forum.zentyal.org/index.php/topic,25541.msg96226.html#msg96226 (https://forum.zentyal.org/index.php/topic,25541.msg96226.html#msg96226)

Thanks' Julio,

Installed it and now have to test. Since it is a remote site, it will take a few days before I'll see the effect. I assume the change will only take effect on new log entries, right?

In any case, I'm very thankful for your prompt help! Really great!!!

p.s. maybe a little remark: I think there's a little mistake in the instruction.
Code: [Select]
wget wget http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz -O zentyal-radius_3.5.1.tar.gzdouble wget...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on June 12, 2016, 12:54:57 pm

modified, please check...
https://forum.zentyal.org/index.php/topic,25541.msg96226.html#msg96226 (https://forum.zentyal.org/index.php/topic,25541.msg96226.html#msg96226)

Thanks' Julio,

Installed it and now have to test. Since it is a remote site, it will take a few days before I'll see the effect. I assume the change will only take effect on new log entries, right?

In any case, I'm very thankful for your prompt help! Really great!!!

p.s. maybe a little remark: I think there's a little mistake in the instruction.
Code: [Select]
wget wget http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz -O zentyal-radius_3.5.1.tar.gzdouble wget...

thank you your suggestion about "wget wget" mistake!
i've changed the mac format to uppercase format,
please install one more time and you can test it force with following command:
Code: [Select]
LC_TIME_ORIG=$LC_TIME && LC_TIME=en_US.UTF-8 && echo "$(date '+%a %b %e %H:%M:%S %Y') : Auth: Login OK: [testuser] (from client 127.0.0.1/32 port 5 cli 2002af9a30af)" | sudo tee -a /var/log/freeradius/radius.log && LC_TIME=$LC_TIME_ORIG
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on June 12, 2016, 02:48:13 pm

thank you your suggestion about "wget wget" mistake!
i've changed the mac format to uppercase format,
please install one more time and you can test it force with following command:
Code: [Select]
LC_TIME_ORIG=$LC_TIME && LC_TIME=en_US.UTF-8 && echo "$(date '+%a %b %e %H:%M:%S %Y') : Auth: Login OK: [testuser] (from client 127.0.0.1/32 port 5 cli 2002af9a30af)" | sudo tee -a /var/log/freeradius/radius.log && LC_TIME=$LC_TIME_ORIG

tried the echo but it seems my locale for date is set to De, so Week day is prompted as "So" and not "Sun". At the end, the echoed log entry is not shown in zentyal log module... :-)

p.s. modified the echo command and set the date/time manually. However, it seems to not appear inside the zentyal log display? update: got it! works!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on June 12, 2016, 03:56:42 pm
"tried the echo but it seems my locale for date is set to De, so Week day is prompted as "So" and not "Sun"."

me too DE.. thats why: LC_TIME_ORIG=$LC_TIME && LC_TIME=en_US.UTF-8

"en_US.UTF-8" locale installed?
Code: [Select]
locale -a
me works (see screenshot attached)

try restart the logs and the radius service before echo...
Code: [Select]
sudo service zentyal logs restart
sudo service zentyal radius restart
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on June 12, 2016, 04:28:57 pm
locale is installed. restarted modules but still it will generate "So" instead of "Sun"  :o
Anyway, I'm confident it will work well now  ::) Thanks again!!!

update: just notice

Code: [Select]
locale -a
C
C.UTF-8
de_DE.utf8
en_US.utf8
POSIX

so, probably I need to modify the locale setting accordingly?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on June 12, 2016, 05:42:18 pm
locale is installed. restarted modules but still it will generate "So" instead of "Sun"  :o
Anyway, I'm confident it will work well now  ::) Thanks again!!!

update: just notice

Code: [Select]
locale -a
C
C.UTF-8
de_DE.utf8
en_US.utf8
POSIX

so, probably I need to modify the locale setting accordingly?
no, you don't need...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on October 03, 2016, 08:42:23 pm
Julio,

Hope to get one more hint from you ;-)

Worked all fine for the time being, but for some reason I had to re-install (not only, but also) the radius package and now I seem to be getting no access to the LDAP. (Radius only rejects)

In the freeradius log, I can only find two lines, i.e.

Code: [Select]
Mon Oct  3 20:29:46 2016 : Error:   [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Mon Oct  3 20:29:46 2016 : Error:   [ldap] (re)connection attempt failed

I checked the ldap module at freeradius and the credentials are filled in. I also checked the user in the tree, removed it, reconfigured so the user was back in.  Still no good.
I tried a full purge on freeradius, zentyal-radius and the related packages, and reinstalled from the scratch. Nothing helped.

Anything else where I could look into?


Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on October 03, 2016, 09:14:19 pm
for more details start freeradius manually:
Code: [Select]
sudo service zentyal radius stop
sudo freeradius -XXX
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on October 03, 2016, 09:28:06 pm
Here it goes, Julio.
Only masked the secrets "###secret###
It wouldn't let me post the whole text (20000 chars limit), so here's a link to the file:

https://dl.dropboxusercontent.com/u/1666516/freeradius%20debug.txt (https://dl.dropboxusercontent.com/u/1666516/freeradius%20debug.txt)

update: this is only the debug output before the actual auth trial
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on October 03, 2016, 09:31:32 pm
So,here comes the output from an actual try via radtest:

Code: [Select]
Mon Oct  3 21:16:24 2016 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 39583, id=246, length=80
User-Name = "###username###"
User-Password = "###password###"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
Message-Authenticator = 0xae07c03a0fa5825814f6e4066277a23b
Mon Oct  3 21:29:05 2016 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Mon Oct  3 21:29:05 2016 : Info: +- entering group authorize {...}
Mon Oct  3 21:29:05 2016 : Info: ++[preprocess] returns ok
Mon Oct  3 21:29:05 2016 : Info: ++[chap] returns noop
Mon Oct  3 21:29:05 2016 : Info: ++[mschap] returns noop
Mon Oct  3 21:29:05 2016 : Info: [eap] No EAP-Message, not doing EAP
Mon Oct  3 21:29:05 2016 : Info: ++[eap] returns noop
Mon Oct  3 21:29:05 2016 : Info: [files] users: Matched entry DEFAULT at line 1
Mon Oct  3 21:29:05 2016 : Info: ++[files] returns ok
Mon Oct  3 21:29:05 2016 : Info: [ldap] performing user authorization for ###username###
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: %{Stripped-User-Name} ->
Mon Oct  3 21:29:05 2016 : Info: [ldap] ... expanding second conditional
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: %{User-Name} -> ###username###
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=###username###)
Mon Oct  3 21:29:05 2016 : Info: [ldap] expand: DC=fritz,DC=box -> DC=fritz,DC=box
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] ldap_get_conn: Checking Id: 0
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] ldap_get_conn: Got Id: 0
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] attempting LDAP reconnection
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] (re)connect to ldap://127.0.0.1, authentication 0
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] bind as CN=zentyal-radius-zentyal,CN=Users,DC=fritz,DC=box/###password### to ldap://127.0.0.1
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] waiting for bind result ...
Mon Oct  3 21:29:05 2016 : Error:   [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Mon Oct  3 21:29:05 2016 : Error:   [ldap] (re)connection attempt failed
Mon Oct  3 21:29:05 2016 : Info: [ldap] search failed
Mon Oct  3 21:29:05 2016 : Debug:   [ldap] ldap_release_conn: Release Id: 0
Mon Oct  3 21:29:05 2016 : Info: ++[ldap] returns fail
Mon Oct  3 21:29:05 2016 : Auth: Invalid user: [###username###] (from client 127.0.0.1/32 port 1812)
Mon Oct  3 21:29:05 2016 : Info: Using Post-Auth-Type Reject
Mon Oct  3 21:29:05 2016 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Mon Oct  3 21:29:05 2016 : Info: +- entering group REJECT {...}
Mon Oct  3 21:29:05 2016 : Info: [attr_filter.access_reject] expand: %{User-Name} -> ###username###
Mon Oct  3 21:29:05 2016 : Debug: attr_filter: Matched entry DEFAULT at line 11
Mon Oct  3 21:29:05 2016 : Info: ++[attr_filter.access_reject] returns updated
Mon Oct  3 21:29:05 2016 : Info: Delaying reject of request 0 for 1 seconds
Mon Oct  3 21:29:05 2016 : Debug: Going to the next request
Mon Oct  3 21:29:05 2016 : Debug: Waking up in 0.9 seconds.
Mon Oct  3 21:29:06 2016 : Info: Sending delayed reject for request 0
Sending Access-Reject of id 246 to 127.0.0.1 port 39583
Mon Oct  3 21:29:06 2016 : Debug: Waking up in 4.9 seconds.
Mon Oct  3 21:29:11 2016 : Info: Cleaning up request 0 ID 246 with timestamp +761
Mon Oct  3 21:29:11 2016 : Info: Ready to process requests.

User Info is also accessible:

Code: [Select]
User info (Level-0):
====================
Name:              zentyal-radius-zentyal
SID:               S-1-5-21-1293354772-482189516-68840057-1231
Uid:               910689487
Gid:               910688769
Gecos:             <null>
Shell:             /bin/sh
Home dir:          /home/local/FRITZ/zentyal-radius-zentyal
Logon restriction: NO
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on October 04, 2016, 04:24:12 pm
please post the results of:
Code: [Select]
ls -la /var/lib/zentyal/conf/
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on October 04, 2016, 04:39:31 pm
Code: [Select]
ls -la /var/lib/zentyal/conf/
total 144
drwxr-xr-x  9 ebox adm   4096 Okt  3 20:51 .
drwxr-xr-x 10 ebox ebox  4096 Okt  4 01:16 ..
drwx------  2 ebox adm   4096 Okt  2 22:14 backups
drwxr-xr-x  2 ebox ebox  4096 Feb 18  2016 dhcp
-rw-r--r--  1 ebox adm    371 Okt 21  2015 eboxlog.conf
-rw-r--r--  1 ebox adm     33 Feb  3  2016 ebox.passwd
-rw-------  1 ebox ebox     0 Feb 18  2016 ebox.sid
-rw-------  1 ebox ebox    32 Okt  2 20:53 fetchmail.passwd
-rw-------  1 ebox ebox    32 Okt  2 20:32 fetchmail.passwd~
-rw-r--r--  1 ebox ebox    11 Okt  3 20:51 locale
drwxrwxrwx  2 ebox ebox  4096 Feb 18  2016 logs
-rw-r--r--  1 ebox ebox  3857 Okt  3 20:51 nginx.conf
drwxr-xr-x  2 root root  4096 Mär  1  2016 openchange
-rw-r--r--  1 root root  9527 Feb  3  2016 openssl.cnf
-rw-------  1 ebox root 25726 Okt  3 20:47 redis.conf
-rw-------  1 ebox ebox     8 Feb 18  2016 redis.passwd
drwxr-xr-x  2 ebox ebox  4096 Feb 18  2016 remoteservices
-rw-rw-rw-  1 ebox ebox   146 Okt  3 20:50 samba-antivirus.conf
-r--------  1 ebox ebox   193 Okt  3 20:50 samba.keytab
-r--------  1 root root     8 Mär  3  2016 sa-mysql.passwd
-rw-------  1 ebox ebox     8 Feb 19  2016 sogo_db.passwd
drwx------  2 root root  4096 Okt  3 20:49 ssl
drwxr-xr-x  2 ebox adm   4096 Feb  3  2016 ssl-ca
-rw-r--r--  1 root root   353 Apr 25 12:08 zavsd-log.conf
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-mailfilter-zentyal.passwd
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-mail-zentyal.passwd
-r--------  1 root root     8 Feb 18  2016 zentyal-mysql.passwd
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-openchange-zentyal.passwd
-rw-------  1 ebox ebox    20 Okt  2 20:53 zentyal-radius-zentyal.passwd

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: julio on October 04, 2016, 04:46:27 pm
try restore the zentyal-radius-zentyal user password:
Code: [Select]
sudo samba-tool user setpassword zentyal-radius-zentyal --newpassword=$(cat /var/lib/zentyal/conf/zentyal-radius-zentyal.passwd)
sudo service zentyal radius restart
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: segelfreak on October 04, 2016, 06:14:15 pm
You're my man, Julio! It worked!
Thank's so much, you've made more than 40 refugees happy. They can now use their WiFi AP again.
So easy after all, but when you're sitting in the middle of a forest, it's hard to see a single tree ;-)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.1, 4.2
Post by: l4n on March 04, 2017, 12:02:27 pm
Hello
I ran into some trouble to make it work with Zenyal 5.0, but I finally did it. So I am sharing my steps with you guys.
Code: [Select]
mkdir ~/radius
cd ~/radius
rm -rf zentyal-radius-4.2
wget http://archive.zentyal.org/zentyal/pool/main/z/zentyal-radius/zentyal-radius_3.5.1.tar.gz -O zentyal-radius_3.5.1.tar.gz
tar -xf zentyal-radius_3.5.1.tar.gz
mv zentyal-radius-3.5.1 zentyal-radius-5.0
wget 'https://drive.google.com/uc?export=download&id=0B4LpBN3axE3nUHZROVJGY3hPeVk' -O zentyal-radius-5.0.patch
patch -t -p1 -i zentyal-radius-5.0.patch
cd zentyal-radius-5.0
dpkg-buildpackage -rfakeroot -b -tc
cd ..
apt install ./zentyal-radius_5.0_all.deb -y
sudo apt-get install -f -y

Dont forget to manually add firewall rules for the radius service (on port UDP 1812) !
julio, feel free to edit this into your first post if you want.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: luis.apodaca on March 21, 2017, 10:20:30 pm
Hello everyone

I have been trying to install the radius module all week but I have not been lucky, the installation of my virtual machine is new, when renewing the server I had to format and deal with a new installation, previously I followed these instructions and I did not have problems but On this occasion I have not been able to install, since the first command tells me that the package build-essential is lost and will not allow me to continue.

any ideas ? Thanks for any help.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on March 22, 2017, 12:33:11 pm
Hello everyone

I have been trying to install the radius module all week but I have not been lucky, the installation of my virtual machine is new, when renewing the server I had to format and deal with a new installation, previously I followed these instructions and I did not have problems but On this occasion I have not been able to install, since the first command tells me that the package build-essential is lost and will not allow me to continue.

any ideas ? Thanks for any help.

Try with the original instructions, step by step...
https://forum.zentyal.org/index.php/topic,25541.0.html (https://forum.zentyal.org/index.php/topic,25541.0.html)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: luis.apodaca on March 22, 2017, 03:11:41 pm
sorry, when i said this instructions i meant the originally list, but also yesterday i tried the last one, and is sending me the same error !!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on March 22, 2017, 03:54:49 pm
sorry, when i said this instructions i meant the originally list, but also yesterday i tried the last one, and is sending me the same error !!

please post the error messages or give me more detail about the error!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: luis.apodaca on March 22, 2017, 04:13:06 pm

Here is a picture of the error message
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on March 22, 2017, 11:38:32 pm
Please enable the main repository in the /etc/apt/sources.list file.

It looks like:
deb http://de.archive.ubuntu.com/ubuntu trusty main restricted universe multiverse
#deb-src http://de.archive.ubuntu.com/ubuntu trusty main restricted universe multiverse

deb http://de.archive.ubuntu.com/ubuntu trusty-updates main restricted universe multiverse
#deb-src http://de.archive.ubuntu.com/ubuntu trusty-updates main restricted universe multiverse

deb http://de.archive.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
#deb-src http://de.archive.ubuntu.com/ubuntu trusty-security main restricted universe multiverse

deb http://de.archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse
#deb-src http://de.archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse

## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
deb http://extras.ubuntu.com/ubuntu trusty main

After that:
sudo apt-get update
sudo apt-get install zbuildtools build-essential fakeroot dpkg-dev -y
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: luis.apodaca on March 22, 2017, 11:54:12 pm
Thanks, I'll try what you say, but just to be sure;
Are you asking me to run these commands on the console before the original instruction list?
....
.
.
.
.
sorry but no, it doesnt work !!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on March 23, 2017, 08:27:01 am
Open the /etc/apt/sources.list with text editor and enable the main repo... Like my previous post!
Title: [SOLVED]Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.
Post by: luis.apodaca on March 23, 2017, 06:02:58 pm
thank so much Julio, it works really nice, now I´m gonna set it up everything  to put the wifi client´s to work, if something goes wrong i will let you know

thank´s again and regards.


Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: half_life on April 08, 2017, 08:06:04 pm
Thanks Julio,

The only issue I had was failed dependencies when trying to install the .deb file.  sudo apt-get install -f fixed it.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on April 09, 2017, 08:26:52 pm
Thanks Julio,

The only issue I had was failed dependencies when trying to install the .deb file.  sudo apt-get install -f fixed it.

Modified, thank you for your feedback!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: realflow on April 28, 2017, 01:46:44 am
For everybody else having issues with the new version of samba:

Add this

   lanman auth = yes
   ntlm auth = yes


in the [global] section
to /usr/share/zentyal/stubs/samba/smb.conf.mas

and reload samba settings.

Note: This will reenable NTLMv1 authentication which is disabled by default in newer samba versions. Unfortunately freeradius only supports NTLMv1 (and not the newer NTLMv2)
https://www.samba.org/samba/history/samba-4.5.0.html

@Julio: maybe you want to change to sudo dpkg --force-depends -i zentyal-radius_5.0_all.deb as this occurs:
dependency problems - leaving unconfigured
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on April 28, 2017, 05:00:32 pm
For everybody else having issues with the new version of samba:

Add this

   lanman auth = yes
   ntlm auth = yes


in the [global] section
to /usr/share/zentyal/stubs/samba/smb.conf.mas

and reload samba settings.

Note: This will reenable NTLMv1 authentication which is disabled by default in newer samba versions. Unfortunately freeradius only supports NTLMv1 (and not the newer NTLMv2)
https://www.samba.org/samba/history/samba-4.5.0.html

@Julio: maybe you want to change to sudo dpkg --force-depends -i zentyal-radius_5.0_all.deb as this occurs:
dependency problems - leaving unconfigured

"sudo apt-get install -f" because dependency problems, but the
"sudo dpkg --force-depends -i ..." is more elegant, thanks!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: liopi on May 30, 2017, 10:51:58 pm
Hello,
after I did install on Zentyal 5.0.8 and when i'm trying to enable Free radius module i have the following error:

Quote
Failed to enable: root command /usr/share//zentyal-radius/enable-module failed. Error output: + test '!' -e /etc/freeradius/certs/freeradius.pem + test '!' -e /etc/ssl/certs/ssl-cert-snakeoil.pem + test '!' -e /etc/ssl/private/ssl-cert-snakeoil.key + cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key /usr/share//zentyal-radius/enable-module: line 12: /etc/freeradius/certs/freeradius.pem: No such file or directory + chown root:freerad /etc/freeradius/certs/freeradius.pem chown: invalid group: â?˜root:freeradâ?? + chmod 440 /etc/freeradius/certs/freeradius.pem chmod: cannot access '/etc/freeradius/certs/freeradius.pem': No such file or directory + usermod -a -G winbindd_priv freerad usermod: user 'freerad' does not exist + chown root:winbindd_priv /var/lib/samba/winbindd_privileged/ + chmod 755 /var/log/freeradius chmod: cannot access '/var/log/freeradius': No such file or directory Command output: . Exit value: 1 at /usr/share/perl5/EBox/ServiceModule/CGI/ConfigureModuleController.pm line 65

How to fix this ?

Best regards.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: giovanniconcone on May 31, 2017, 12:55:41 pm
Hello to all
I can not run the radius server
I followed both page 1 and page 4 guidelines
I can start the shell radius but if it starts from the zentyal console i am mistaken.
I installed zentyal 5.08 and configured as primary domain controller
i test it whit a new install bat don't have resolv
If they can serve the attached ldap settings
DN base
DC = mms, DC = local
Default Users DN
CN = Users, DC = mms, DC = local
Default Groups DN
CN = Users, DC = mms, DC = local

And log


2017/05/31 12:49:49 INFO> Service.pm:958 EBox::Module::Service::restartService - Restarting service for module: radius
2017/05/31 12:49:50 DEBUG> Validate.pm:658 EBox::Validate::checkDomainName - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Validate.pm line 658
2017/05/31 12:49:50 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: Valore non valido per Nome comune (CN): Host Zentyal.
2017/05/31 12:49:50 ERROR> Service.pm:964 EBox::Module::Service::restartService - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Module/Service.pm line 964
2017/05/31 12:49:50 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of RADIUS from dashboard failed: Valore non valido per Nome comune (CN): Host Zentyal.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on May 31, 2017, 09:41:34 pm
Hello,
after I did install on Zentyal 5.0.8 and when i'm trying to enable Free radius module i have the following error:

Quote
Failed to enable: root command /usr/share//zentyal-radius/enable-module failed. Error output: + test '!' -e /etc/freeradius/certs/freeradius.pem + test '!' -e /etc/ssl/certs/ssl-cert-snakeoil.pem + test '!' -e /etc/ssl/private/ssl-cert-snakeoil.key + cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key /usr/share//zentyal-radius/enable-module: line 12: /etc/freeradius/certs/freeradius.pem: No such file or directory + chown root:freerad /etc/freeradius/certs/freeradius.pem chown: invalid group: â?˜root:freeradâ?? + chmod 440 /etc/freeradius/certs/freeradius.pem chmod: cannot access '/etc/freeradius/certs/freeradius.pem': No such file or directory + usermod -a -G winbindd_priv freerad usermod: user 'freerad' does not exist + chown root:winbindd_priv /var/lib/samba/winbindd_privileged/ + chmod 755 /var/log/freeradius chmod: cannot access '/var/log/freeradius': No such file or directory Command output: . Exit value: 1 at /usr/share/perl5/EBox/ServiceModule/CGI/ConfigureModuleController.pm line 65

How to fix this ?

Best regards.

please try install the missing dependencies with:
Code: [Select]
sudo apt install -f -y
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on May 31, 2017, 09:55:35 pm
Hello to all
I can not run the radius server
I followed both page 1 and page 4 guidelines
I can start the shell radius but if it starts from the zentyal console i am mistaken.
I installed zentyal 5.08 and configured as primary domain controller
i test it whit a new install bat don't have resolv
If they can serve the attached ldap settings
DN base
DC = mms, DC = local
Default Users DN
CN = Users, DC = mms, DC = local
Default Groups DN
CN = Users, DC = mms, DC = local

And log


2017/05/31 12:49:49 INFO> Service.pm:958 EBox::Module::Service::restartService - Restarting service for module: radius
2017/05/31 12:49:50 DEBUG> Validate.pm:658 EBox::Validate::checkDomainName - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Validate.pm line 658
2017/05/31 12:49:50 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: Valore non valido per Nome comune (CN): Host Zentyal.
2017/05/31 12:49:50 ERROR> Service.pm:964 EBox::Module::Service::restartService - Valore non valido per Nome comune (CN): Host Zentyal. at Valore non valido per Nome comune (CN): Host Zentyal. at /usr/share/perl5/EBox/Module/Service.pm line 964
2017/05/31 12:49:50 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of RADIUS from dashboard failed: Valore non valido per Nome comune (CN): Host Zentyal.

please try with purge all freeradius packets and install again:
Code: [Select]
sudo apt purge freeradius freeradius-common freeradius-ldap freeradius-utils libfreeradius2 libltdl7 zentyal-radius
sudo rm -rf /etc/freeradius
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: liopi on May 31, 2017, 11:42:11 pm
Hello,
after I did install on Zentyal 5.0.8 and when i'm trying to enable Free radius module i have the following error:

Quote
Failed to enable: root command /usr/share//zentyal-radius/enable-module failed. Error output: + test '!' -e /etc/freeradius/certs/freeradius.pem + test '!' -e /etc/ssl/certs/ssl-cert-snakeoil.pem + test '!' -e /etc/ssl/private/ssl-cert-snakeoil.key + cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key /usr/share//zentyal-radius/enable-module: line 12: /etc/freeradius/certs/freeradius.pem: No such file or directory + chown root:freerad /etc/freeradius/certs/freeradius.pem chown: invalid group: â?˜root:freeradâ?? + chmod 440 /etc/freeradius/certs/freeradius.pem chmod: cannot access '/etc/freeradius/certs/freeradius.pem': No such file or directory + usermod -a -G winbindd_priv freerad usermod: user 'freerad' does not exist + chown root:winbindd_priv /var/lib/samba/winbindd_privileged/ + chmod 755 /var/log/freeradius chmod: cannot access '/var/log/freeradius': No such file or directory Command output: . Exit value: 1 at /usr/share/perl5/EBox/ServiceModule/CGI/ConfigureModuleController.pm line 65

How to fix this ?

Best regards.

please try install the missing dependencies with:
Code: [Select]
sudo apt install -f -y


Great, everything is working fine  ;D
Thank you for help.
Best regards
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: giovanniconcone on June 05, 2017, 05:35:40 pm
not work

"Qualche modulo ha riportato errori durante il salvataggio. Maggiori informazioni nel log /var/log/zentyal/

Valore non valido per Nome comune (CN): Host Zentyal."
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on June 06, 2017, 08:00:21 pm
not work

"Qualche modulo ha riportato errori durante il salvataggio. Maggiori informazioni nel log /var/log/zentyal/

Valore non valido per Nome comune (CN): Host Zentyal."

what is your server hostname?
because, according to RFC underscores are forbidden in "hostnames"!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: giovanniconcone on June 13, 2017, 12:29:09 pm
my hostname is srv01    , my domain is mms.local


What is the radius file I need to modify to integrate my host?
 :o
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on June 13, 2017, 12:46:34 pm
my hostname is srv01    , my domain is mms.local


What is the radius file I need to modify to integrate my host?
 :o

maybe web interface language problem?
same error:
https://tracker.zentyal.org/issues/4738 (https://tracker.zentyal.org/issues/4738)
please change the web interface language from italian to english
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: computercody94 on August 28, 2017, 08:50:35 pm
I'm having a problem trying to get RADIUS in 5.0 to work with my APs (Ubiquiti UniFi). Any ideas?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on August 28, 2017, 10:41:26 pm
please try with:
802.1x EAP & PEAP & MSCHAPV2
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: computercody94 on August 28, 2017, 11:47:33 pm
Are these settings to change in RADIUS?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on August 29, 2017, 12:40:54 am
no not in radius, on the clients, instead of WPA2-Enterprise...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: computercody94 on August 29, 2017, 01:51:16 am
I tried that & I get the same error. On Windows it says 'Can't connect to this network".  On my Android it says 'Authentication Problem'.
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: segelfreak on October 01, 2017, 11:39:34 am
Hi Julio,

After having successfully installed a new 5.0 system with the radius module (as per your new instruction), I'm still struggling to get it up and running.
Wifi clients are rejected.
Please see log:
Code: [Select]
rad_recv: Access-Request packet from host 192.168.1.2 port 3072, id=0, length=165
Sat Sep 23 17:09:53 2017 : Info: Cleaning up request 8 ID 0 with timestamp +20
        User-Name = "user"
        NAS-IP-Address = 192.168.1.2
        Called-Station-Id = "0016e37246ff"
        Calling-Station-Id = "90fd6153bfc4"
        NAS-Identifier = "0016e37246ff"
        NAS-Port = 40
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0208002e190017030300230bf5df21adc20eeb36f8c66f036cd7e3b97e8f593fa2b13b9763b32e9db63655c5f04b
        Message-Authenticator = 0x69f2de24306d9ee3142149f1f95e5448
Sat Sep 23 17:09:53 2017 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Sat Sep 23 17:09:53 2017 : Info: +group authorize {
Sat Sep 23 17:09:53 2017 : Info: ++[preprocess] = ok
Sat Sep 23 17:09:53 2017 : Info: ++[chap] = noop
Sat Sep 23 17:09:53 2017 : Info: ++[mschap] = noop
Sat Sep 23 17:09:53 2017 : Info: [eap] EAP packet type response id 8 length 46
Sat Sep 23 17:09:53 2017 : Info: [eap] Continuing tunnel setup.
Sat Sep 23 17:09:53 2017 : Info: ++[eap] = ok
Sat Sep 23 17:09:53 2017 : Info: +} # group authorize = ok
Sat Sep 23 17:09:53 2017 : Info: Found Auth-Type = EAP
Sat Sep 23 17:09:53 2017 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Sat Sep 23 17:09:53 2017 : Info: +group authenticate {
Sat Sep 23 17:09:53 2017 : Info: [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
Sat Sep 23 17:09:53 2017 : Info: [eap] Failed in handler
Sat Sep 23 17:09:53 2017 : Info: ++[eap] = invalid
Sat Sep 23 17:09:53 2017 : Info: +} # group authenticate = invalid
Sat Sep 23 17:09:53 2017 : Info: Failed to authenticate the user.
Sat Sep 23 17:09:53 2017 : Auth: Login incorrect: [user] (from client 192.168.1.2/32 port 40 cli 90fd6153bfc4)
Sat Sep 23 17:09:53 2017 : Info: Using Post-Auth-Type Reject
Sat Sep 23 17:09:53 2017 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Sat Sep 23 17:09:53 2017 : Info: +group REJECT {
Sat Sep 23 17:09:53 2017 : Info: [attr_filter.access_reject]    expand: %{User-Name} -> user
Sat Sep 23 17:09:53 2017 : Debug: attr_filter: Matched entry DEFAULT at line 11
Sat Sep 23 17:09:53 2017 : Info: ++[attr_filter.access_reject] = updated
Sat Sep 23 17:09:53 2017 : Info: +} # group REJECT = updated
Sat Sep 23 17:09:53 2017 : Info: Delaying reject of request 9 for 1 seconds
Sat Sep 23 17:09:53 2017 : Debug: Going to the next request
Sat Sep 23 17:09:53 2017 : Debug: Waking up in 0.9 seconds.
Sat Sep 23 17:09:54 2017 : Info: Sending delayed reject for request 9
Sending Access-Reject of id 0 to 192.168.1.2 port 3072
Sat Sep 23 17:09:54 2017 : Debug: Waking up in 4.9 seconds.

I have reset the passwords (which did the trick last time https://forum.zentyal.org/index.php/topic,25541.msg103865.html#msg103865 (https://forum.zentyal.org/index.php/topic,25541.msg103865.html#msg103865)), but luck.

Tried different settings in the Radius module, all users, domains users, etc., nothing worked.
I saw these lines in the log:
Sat Sep 23 17:09:53 2017 : Info: [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
Sat Sep 23 17:09:53 2017 : Info: [eap] Failed in handler
Sat Sep 23 17:09:53 2017 : Info: ++[eap] = invalid
Sat Sep 23 17:09:53 2017 : Info: +} # group authenticate = invalid
Sat Sep 23 17:09:53 2017 : Info: Failed to authenticate the user.

Anything to do with it?

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on October 01, 2017, 12:59:34 pm
Hi Julio,

After having successfully installed a new 5.0 system with the radius module (as per your new instruction), I'm still struggling to get it up and running.
Wifi clients are rejected.
Please see log:
Code: [Select]
rad_recv: Access-Request packet from host 192.168.1.2 port 3072, id=0, length=165
Sat Sep 23 17:09:53 2017 : Info: Cleaning up request 8 ID 0 with timestamp +20
        User-Name = "user"
        NAS-IP-Address = 192.168.1.2
        Called-Station-Id = "0016e37246ff"
        Calling-Station-Id = "90fd6153bfc4"
        NAS-Identifier = "0016e37246ff"
        NAS-Port = 40
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0208002e190017030300230bf5df21adc20eeb36f8c66f036cd7e3b97e8f593fa2b13b9763b32e9db63655c5f04b
        Message-Authenticator = 0x69f2de24306d9ee3142149f1f95e5448
Sat Sep 23 17:09:53 2017 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default
Sat Sep 23 17:09:53 2017 : Info: +group authorize {
Sat Sep 23 17:09:53 2017 : Info: ++[preprocess] = ok
Sat Sep 23 17:09:53 2017 : Info: ++[chap] = noop
Sat Sep 23 17:09:53 2017 : Info: ++[mschap] = noop
Sat Sep 23 17:09:53 2017 : Info: [eap] EAP packet type response id 8 length 46
Sat Sep 23 17:09:53 2017 : Info: [eap] Continuing tunnel setup.
Sat Sep 23 17:09:53 2017 : Info: ++[eap] = ok
Sat Sep 23 17:09:53 2017 : Info: +} # group authorize = ok
Sat Sep 23 17:09:53 2017 : Info: Found Auth-Type = EAP
Sat Sep 23 17:09:53 2017 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Sat Sep 23 17:09:53 2017 : Info: +group authenticate {
Sat Sep 23 17:09:53 2017 : Info: [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
Sat Sep 23 17:09:53 2017 : Info: [eap] Failed in handler
Sat Sep 23 17:09:53 2017 : Info: ++[eap] = invalid
Sat Sep 23 17:09:53 2017 : Info: +} # group authenticate = invalid
Sat Sep 23 17:09:53 2017 : Info: Failed to authenticate the user.
Sat Sep 23 17:09:53 2017 : Auth: Login incorrect: [user] (from client 192.168.1.2/32 port 40 cli 90fd6153bfc4)
Sat Sep 23 17:09:53 2017 : Info: Using Post-Auth-Type Reject
Sat Sep 23 17:09:53 2017 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Sat Sep 23 17:09:53 2017 : Info: +group REJECT {
Sat Sep 23 17:09:53 2017 : Info: [attr_filter.access_reject]    expand: %{User-Name} -> user
Sat Sep 23 17:09:53 2017 : Debug: attr_filter: Matched entry DEFAULT at line 11
Sat Sep 23 17:09:53 2017 : Info: ++[attr_filter.access_reject] = updated
Sat Sep 23 17:09:53 2017 : Info: +} # group REJECT = updated
Sat Sep 23 17:09:53 2017 : Info: Delaying reject of request 9 for 1 seconds
Sat Sep 23 17:09:53 2017 : Debug: Going to the next request
Sat Sep 23 17:09:53 2017 : Debug: Waking up in 0.9 seconds.
Sat Sep 23 17:09:54 2017 : Info: Sending delayed reject for request 9
Sending Access-Reject of id 0 to 192.168.1.2 port 3072
Sat Sep 23 17:09:54 2017 : Debug: Waking up in 4.9 seconds.

I have reset the passwords (which did the trick last time https://forum.zentyal.org/index.php/topic,25541.msg103865.html#msg103865 (https://forum.zentyal.org/index.php/topic,25541.msg103865.html#msg103865)), but luck.

Tried different settings in the Radius module, all users, domains users, etc., nothing worked.
I saw these lines in the log:
Sat Sep 23 17:09:53 2017 : Info: [eap] Either EAP-request timed out OR EAP-response to an unknown EAP-request
Sat Sep 23 17:09:53 2017 : Info: [eap] Failed in handler
Sat Sep 23 17:09:53 2017 : Info: ++[eap] = invalid
Sat Sep 23 17:09:53 2017 : Info: +} # group authenticate = invalid
Sat Sep 23 17:09:53 2017 : Info: Failed to authenticate the user.

Anything to do with it?

please try with this (suggestions from realflow):
Code: [Select]
sudo mkdir -p /etc/zentyal/stubs/samba
sudo cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba/smb.conf.mas
sudo sed -i '/\[global\]/a lanman auth = yes\nntlm auth = yes' /etc/zentyal/stubs/samba/smb.conf.mas
sudo zs samba restart
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: segelfreak on October 06, 2017, 05:18:57 pm
please try with this (suggestions from realflow):
Code: [Select]
sudo mkdir -p /etc/zentyal/stubs/samba
sudo cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba/smb.conf.mas
sudo sed -i '/\[global\]/a lanman auth = yes\nntlm auth = yes' /etc/zentyal/stubs/samba/smb.conf.mas
sudo zs samba restart

Works!!!

Great Job, Thanks!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: Uloga on October 24, 2017, 06:25:43 pm
I try to use the RADIUS server to authenticate with Mikrotik devices to Login.
I have added the devices to the Radius clients, and added a usergroup "radusers" as told in another guide.

Although, now I get the message on the radius server: "Login incorrect"   
I have checked the passwords multiple times and still I'm getting this error.

Does anybody have a clue where to look?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on October 25, 2017, 01:01:03 pm
I try to use the RADIUS server to authenticate with Mikrotik devices to Login.
I have added the devices to the Radius clients, and added a usergroup "radusers" as told in another guide.

Although, now I get the message on the radius server: "Login incorrect"   
I have checked the passwords multiple times and still I'm getting this error.

Does anybody have a clue where to look?

please post the freeradius verbose logging output during the connection:
Code: [Select]
sudo zs radius stop
sudo freeradius -XXX
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: Uloga on October 26, 2017, 02:26:57 pm
I try to use the RADIUS server to authenticate with Mikrotik devices to Login.
I have added the devices to the Radius clients, and added a usergroup "radusers" as told in another guide.

Although, now I get the message on the radius server: "Login incorrect"   
I have checked the passwords multiple times and still I'm getting this error.

Does anybody have a clue where to look?

please post the freeradius verbose logging output during the connection:
Code: [Select]
sudo zs radius stop
sudo freeradius -XXX

Please see in attachment the full log
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on October 26, 2017, 03:23:02 pm
please try one more time with this:
Code: [Select]
sudo zs radius stop
sudo killall freeradius
sudo freeradius -XXX
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: Uloga on October 27, 2017, 09:28:08 am
please try one more time with this:
Code: [Select]
sudo zs radius stop
sudo killall freeradius
sudo freeradius -XXX
There you go :-)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on October 27, 2017, 10:09:17 am
please try one more time with this:
Code: [Select]
sudo zs radius stop
sudo killall freeradius
sudo freeradius -XXX
There you go :-)

sorry but there is no client connection info,
please run the commands and try connecting with your client (Mikrotik device).
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: Uloga on October 27, 2017, 04:21:19 pm
please try one more time with this:
Code: [Select]
sudo zs radius stop
sudo killall freeradius
sudo freeradius -XXX
There you go :-)

sorry but there is no client connection info,
please run the commands and try connecting with your client (Mikrotik device).

Oh ok, now there's client info included, tried 2 times

If it can be any help, this is what I found:

Quote
HI
I had the same problem before, my problem solved by moving some lines in /usr/local/etc/raddb/sites-enabled/default
i'm using SQL so i load SQL module and pap,chap

I've changed the lines from

chap
sql
pap

to:

sql
pap
chap

so freeradius first loads the sql and then loads the chap, so it could locate password in SQL.
But I cant find that file...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on October 28, 2017, 10:37:14 pm
please create new client under Radius - General configuration:
IP Address: 127.0.0.1/32
Shared Secret: your supersecret password

test the connection on the server with (modify the username and passwords):
Code: [Select]
radtest -t mschap your_raduser raduser_password 127.0.0.1:1812 0 shared_secret_password
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: Uloga on October 29, 2017, 02:07:29 pm
please create new client under Radius - General configuration:
IP Address: 127.0.0.1/32
Shared Secret: your supersecret password

test the connection on the server with (modify the username and passwords):
Code: [Select]
radtest -t mschap your_raduser raduser_password 127.0.0.1:1812 0 shared_secret_password
Login OK from local

But still not ok from Mikrotik device
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on October 29, 2017, 09:48:59 pm
bad news:
Mikrotik using for login, CHAP auth. with clear text password,
this combination of auth. under zentyal LDAP not supported (PEAP-MSCHAPv2+MD5).

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: Uloga on October 30, 2017, 11:44:42 am
bad news:
Mikrotik using for login, CHAP auth. with clear text password,
this combination of auth. under zentyal LDAP not supported (PEAP-MSCHAPv2+MD5).

And is there a possibility to disable LDAP so this will work?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on October 30, 2017, 01:08:38 pm
no, because the zentyal-radius conception LDAP based...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: JLLEWELYN on January 10, 2018, 02:04:25 am
hello, do you have any guidelines to configure MySQL + freeradius mode EAP TTLS + PAP and the hostapd for a TL-WDN4800 adapter?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on January 10, 2018, 09:02:09 am
hello, do you have any guidelines to configure MySQL + freeradius mode EAP TTLS + PAP and the hostapd for a TL-WDN4800 adapter?
no i do not have...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: desperados on February 06, 2018, 12:05:29 pm
i've zentyal 4.2, configured in april 2017
all ok since a couple of weeks ago
now radius doesn't work any more, maybe i need some fix for recent zentyal updates ?

EDIT: tried to reinstall module, i cant any more....
1st, i think there is an error, you wrote:
Quote
sudo apt-get install -y ./zentyal-radius_4.0_all.deb
but the package is 4.2

and then this is the error (final part, it's very long):
Quote
E: Release "zentyal-radius_4.2_all.deb" per "python-sievelib" not found.
E: Release "zentyal-radius_4.2_all.deb" per "python-spyne" not found.
E: Release "zentyal-radius_4.2_all.deb" per "python2.7-rpclib" not found.
E: Release "zentyal-radius_4.2_all.deb" per "python2.7-spyne" not found.
E: Release "zentyal-radius_4.2_all.deb" per "sogo-activesync" not found.
E: Release "zentyal-radius_4.2_all.deb" per "z-push" not found.
E: Release "zentyal-radius_4.2_all.deb" per "sogo-dev" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zenbuntu-core" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zenbuntu-desktop" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-software" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-all" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-openchange" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-mail" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-antivirus" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-mailfilter" not found.
E: Release "zentyal-radius_4.2_all.deb" per "dovecot-openchange-plugin" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zoctools-dbg" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zoctools" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zsupporttools" not found.

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on February 06, 2018, 12:27:10 pm
i've zentyal 4.2, configured in april 2017
all ok since a couple of weeks ago
now radius doesn't work any more, maybe i need some fix for recent zentyal updates ?

EDIT: tried to reinstall module, i cant any more....
1st, i think there is an error, you wrote:
Quote
sudo apt-get install -y ./zentyal-radius_4.0_all.deb
but the package is 4.2

and then this is the error (final part, it's very long):
Quote
E: Release "zentyal-radius_4.2_all.deb" per "python-sievelib" not found.
E: Release "zentyal-radius_4.2_all.deb" per "python-spyne" not found.
E: Release "zentyal-radius_4.2_all.deb" per "python2.7-rpclib" not found.
E: Release "zentyal-radius_4.2_all.deb" per "python2.7-spyne" not found.
E: Release "zentyal-radius_4.2_all.deb" per "sogo-activesync" not found.
E: Release "zentyal-radius_4.2_all.deb" per "z-push" not found.
E: Release "zentyal-radius_4.2_all.deb" per "sogo-dev" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zenbuntu-core" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zenbuntu-desktop" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-software" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-all" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-openchange" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-mail" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-antivirus" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zentyal-mailfilter" not found.
E: Release "zentyal-radius_4.2_all.deb" per "dovecot-openchange-plugin" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zoctools-dbg" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zoctools" not found.
E: Release "zentyal-radius_4.2_all.deb" per "zsupporttools" not found.

yes it is 4.2, modified...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: desperados on February 06, 2018, 02:31:01 pm
ok i renamed but i've those errors when trying to install
it seems some packages/dependencies are missing
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on February 06, 2018, 02:39:12 pm
try with:
Code: [Select]
cd /tmp
sudo dpkg -i zentyal-radius_4.2_all.deb
sudo apt-get install -f -y
sudo service zentyal webadmin restart
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: desperados on February 07, 2018, 09:36:07 am
I've removed all and tried to reinstall all, and i've problem with package freeradius-ldap: (in italian, sorry)

Quote
(Lettura del database... 67416 file e directory attualmente installati.)
Preparing to unpack freeradius-ldap_2.1.12+dfsg-1.2ubuntu8.2_amd64.deb ...
Unpacking freeradius-ldap (2.1.12+dfsg-1.2ubuntu8.2) over (2.1.12+dfsg-1.2ubuntu8.2) ...
Configurazione di freeradius-ldap (2.1.12+dfsg-1.2ubuntu8.2)...
reload: Unknown instance:
invoke-rc.d: initscript freeradius, action "force-reload" failed.
dpkg: error processing package freeradius-ldap (--install):
 il sottoprocesso installato script di post-installation ha restituito lo stato di errore 1
Si sono verificati degli errori nell'elaborazione:
 freeradius-ldap

EDIT: fixed, as wrote here https://askubuntu.com/questions/507040/invoke-rc-d-initscript-freeradius-action-force-reload-failed-while-config I edited /var/lib/dpkg/info/freeradius-ldap.postinst and it works! thanks
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: ovecka on March 24, 2018, 08:08:36 am
Hi, can you add 5.1 patch, please? The old 5.0 patch isn't usabe due to 5.0 zentyal-core dependency.

EDIT: Guess it was as easy as editing the patch file by changing all the 5.0 mentions to 5.1 and changing the dependency from <<5.1 to <<5.2. All the bash commands need to change accordingly of course.

It installs correctly. Let's hope it works too.

EDIT 2: Well, it does.

Here's the file for those lazy ones. Use it to your liking: https://drive.google.com/file/d/1zXYnpABblfWwnWv5r8ip6LBuR87p5dxv

and don't forget to change this part of the original guide:
Quote
wget 'https://drive.google.com/file/d/1zXYnpABblfWwnWv5r8ip6LBuR87p5dxv' -O zentyal-radius-5.1.patch
patch -t -p1 -i zentyal-radius-5.1.patch
cd zentyal-radius-5.1
.
.
sudo apt install -y ./zentyal-radius_5.1_all.deb

Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0
Post by: julio on April 09, 2018, 02:58:59 pm
Hi, can you add 5.1 patch, please? The old 5.0 patch isn't usabe due to 5.0 zentyal-core dependency.

EDIT: Guess it was as easy as editing the patch file by changing all the 5.0 mentions to 5.1 and changing the dependency from <<5.1 to <<5.2. All the bash commands need to change accordingly of course.

It installs correctly. Let's hope it works too.

EDIT 2: Well, it does.

Here's the file for those lazy ones. Use it to your liking: https://drive.google.com/file/d/1zXYnpABblfWwnWv5r8ip6LBuR87p5dxv

and don't forget to change this part of the original guide:
Quote
wget 'https://drive.google.com/file/d/1zXYnpABblfWwnWv5r8ip6LBuR87p5dxv' -O zentyal-radius-5.1.patch
patch -t -p1 -i zentyal-radius-5.1.patch
cd zentyal-radius-5.1
.
.
sudo apt install -y ./zentyal-radius_5.1_all.deb

added to instructions...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: sagal74 on April 18, 2018, 10:22:58 am
Can anyone help me?

Error: TLS Alert read:fatal:unknown CA
Error:     TLS_accept: failed in unknown state
Error: rlm_eap: SSL error error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.
Auth: Login incorrect (TLS Alert read:fatal:unknown CA):
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: rcdominguez on September 04, 2018, 11:19:45 pm
interesting post I have znetyal 5.1 installed, I followed the steps and everything went well,
which I notice something curious when I compile zentyal-radius-5.1 I created a .deb
with the name of zentyal-radius_5.0_all.deb and not 5.1 as it says in the steps to follow, would
sudo apt install -y ./zentyal-radius_5.0_all.deb.
I only make the clarification so that it is known and it does not hinder the installation,
as I said so and everything works wonders. Thank you very much Julio

when you have problems with the dependencies when installing
sudo apt install -y ./zentyal-radius_X.X_all.deb
simply sudo dpkg --configure -a
install the dependencies and solve
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: julio on September 05, 2018, 10:24:54 pm
interesting post I have znetyal 5.1 installed, I followed the steps and everything went well,
which I notice something curious when I compile zentyal-radius-5.1 I created a .deb
with the name of zentyal-radius_5.0_all.deb and not 5.1 as it says in the steps to follow, would
sudo apt install -y ./zentyal-radius_5.0_all.deb.
I only make the clarification so that it is known and it does not hinder the installation,
as I said so and everything works wonders. Thank you very much Julio

when you have problems with the dependencies when installing
sudo apt install -y ./zentyal-radius_X.X_all.deb
simply sudo dpkg --configure -a
install the dependencies and solve

thanks for the hint, corrected...
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: desperados on October 13, 2018, 05:36:54 pm
zentyal 4.2
sometimes freeradius stops, in logs i found: "Info: Signalled to terminate"
so I've found in /etc/logrotate.d/freeradius the command
Quote
invoke-rc.d freeradius reload >/dev/null 2>&1 || true
I change reload with restart, I'll check next days if it works
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: J. A. Calvo on October 30, 2018, 01:22:27 am
We've just released Zentyal 6.0 with zentyal-radius included in the official repository, integrating FreeRADIUS 3.0 on Ubuntu 18.04.

Many thanks to julio for all the patches on the previous versions!!
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: julio on November 04, 2018, 08:51:12 pm
We've just released Zentyal 6.0 with zentyal-radius included in the official repository, integrating FreeRADIUS 3.0 on Ubuntu 18.04.

Many thanks to julio for all the patches on the previous versions!!

I'm glad I was able to help. :)
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: Neustradamus on November 07, 2018, 10:54:25 pm
There is a ticket about it:
- https://github.com/zentyal/zentyal/issues/1839
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: Rapthor on February 05, 2019, 06:04:22 pm
Hello
In zentyal 5.1 I can not pass this code, I get an error when creating the patch.
but the patch was generated with zentyal 5.0 it works.
It will be that I can use 5.0 to install
Code: [Select]
wget 'https://drive.google.com/uc?export=download&id=1K99PAIAHl1j4bnBxcTMyXgKpJEpTQflB' -O zentyal-radius-5.1.patch
patch -t -p1 -i zentyal-radius-5.1.patch

I appreciate your valuable response

the error appears
Code: [Select]
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
Title: Re: HowTo: add radius module with mschap support to zentyal 4.0, 4.2, 5.0, 5.1
Post by: Acolit on June 16, 2019, 02:34:22 pm
Hello. I'm using radius on zential 6 installed over ubuntu 18.04. I use it with ubiquiti APs to manage users access to wifi network. I set my zentyal as secondary domain. So now i can connect with domain credentials from any devices (Iphone, Android, Linux) except windows 10 machines. On windows 10 I see "Can't connect to this network". I read that after November update there is an issue in connecting to a WPA-2 Enterprise network. But there said that on freeradius 3.0.9 and higher this issue is fixed. My zentyal installed 3.0.16 freeradius, so everything should be Ok, but it isn't. I can connect only if I add network manually, setting security type as WPA-Enterprise AES, EAP method PEAP and Authentication method - security password EAP-MSCHAP v2. After that I can connect to my network and enter my credentials on win10 machines. Is there any way to reach smooth connection without this shamanism, because it's difficult for users?