Bug 46263 - univention-radius needs to be adjusted to freeradius 3
univention-radius needs to be adjusted to freeradius 3
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Radius
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3
Assigned To: Jürn Brodersen
Stefan Gohmann
: interim-2
: 46187 (view as bug list)
Depends on:
Blocks: 46120 46492 46528 46561
  Show dependency treegraph
 
Reported: 2018-02-08 15:35 CET by Philipp Hahn
Modified: 2019-02-19 17:49 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-02-08 15:35:29 CET
univention-radius (5.0.0-2A~4.3.0.201712211509) wird eingerichtet ...
...
Calling joinscript 80univention-radius.inst ...
...
cp: reguläre Datei '/etc/freeradius/ssl/private.key' kann nicht angelegt werden: Datei oder Verzeichnis nicht gefunden
cp: reguläre Datei '/etc/freeradius/ssl/cert.pem' kann nicht angelegt werden: Datei oder Verzeichnis nicht gefunden
Invalid command 'gendh'; type "help" for a list.
chgrp: Zugriff auf '/etc/freeradius/ssl/private.key' nicht möglich: Datei oder Verzeichnis nicht gefunden
chgrp: Zugriff auf '/etc/freeradius/ssl/cert.pem' nicht möglich: Datei oder Verzeichnis nicht gefunden
chmod: Zugriff auf '/etc/freeradius/ssl/private.key' nicht möglich: Datei oder Verzeichnis nicht gefunden
chmod: Zugriff auf '/etc/freeradius/ssl/cert.pem' nicht möglich: Datei oder Verzeichnis nicht gefunden
chmod: Zugriff auf '/etc/freeradius/ssl/dh' nicht möglich: Datei oder Verzeichnis nicht gefunden
...

There is a /etc/freeradius/3.0/certs/, but no /etc/freeradius/ssl/
Confirmed by doing a "apt-get install univention-freeradius" inside a minimal Docker container using the following Dockerfile:

FROM phahn/ucs-minbase:430
ENV DEBIAN_FRONTEND noninteractive
RUN eval "$(sed -rne 's,^deb (.+/)([0-9]+)\.([0-9]+)/maintained/\2\.\3-([0-9]+) ucs[0-9]+ main,url=\1 major=\2 minor=\3 patch=\4,p' /etc/apt/sources.list)"&&(seq -f "$major.$minor-%.0f" $patch -1 1&&seq -f "$major.%.0f-0" $minor -1 0)|while read rel;do for arch in '$(ARCH)' all;do echo "deb [trusted=yes] ${url}${rel%-*}/unmaintained ${rel}/${arch}/";done;done|tee /etc/apt/sources.list.d/unmaintained.list
RUN apt-get -qq update && apt-get install --yes univention-radius
Comment 1 Jürn Brodersen univentionstaff 2018-02-22 10:07:03 CET
Jessie -> freeradius 2.2.5
Stretch -> freeradius 3.0.12

Upgrade notes: http://networkradius.com/doc/current/upgrading/
Comment 2 Jürn Brodersen univentionstaff 2018-02-22 12:12:13 CET
The notification-daemon package moved to unmaintained and plasma-workspace is installed as an alternative. The package should be moved back to maintained.
Comment 3 Jürn Brodersen univentionstaff 2018-02-23 15:42:40 CET
On a fresh system it works again. I still need to test 4.2 -> 4.3 upgrade.

[4.3-0 854abddafd] Bug #46263: add /etc/freeradius/ssl directory creation to join script
[4.3-0 4624d2d597] Bug #46263: update freeradius config to freeradius 3
[4.3-0 5a28f95b48] Bug #46263: update changelog
Comment 4 Jürn Brodersen univentionstaff 2018-02-26 11:01:29 CET
I added to test cases:
[4.3-0 2dd3a0bce7] Bug #46263: add radius test section
[4.3-0 40fac4112b] Bug #46263: changelog
Comment 5 Felix Botner univentionstaff 2018-02-27 09:07:29 CET
please remove the dependency to univention-radius from ucs-test-radius

Instead add something like "## packages: [ldap-utils]" to the tests.

We don't install services with ucs-test-* packages as they may not fully configured on all systems and we end up with broken tests like 
http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/Apps/job/wordpress/job/App%20Autotest%20MultiEnv/SambaVersion=no-samba,Systemrolle=master/lastCompletedBuild/testReport/
Comment 6 Jürn Brodersen univentionstaff 2018-02-27 09:59:05 CET
(In reply to Felix Botner from comment #5)
> please remove the dependency to univention-radius from ucs-test-radius
> 
> Instead add something like "## packages: [ldap-utils]" to the tests.
> 
> We don't install services with ucs-test-* packages as they may not fully
> configured on all systems and we end up with broken tests like 
> http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/Apps/job/wordpress/
> job/App%20Autotest%20MultiEnv/SambaVersion=no-samba,Systemrolle=master/
> lastCompletedBuild/testReport/

Thanks, changed:

[4.3-0 4c0897120d] Bug #46263: remove univention-radius dependency from debian/control
Comment 7 Jürn Brodersen univentionstaff 2018-03-02 17:28:24 CET
[4.3-0 8ba1d8f444] Bug #46263: enable freeradius.service
[4.3-0 e2eae21003] Bug #46263: add maintscript for old templates
[4.3-0 081e8fde60] Bug #46263: remove old diverts
[4.3-0 49dcba95bc] Bug #46263: ensure radius knows the ldap secret to be able to bind
[4.3-0 418eb5b99c] Bug #46263: changelog

Note: 49dcba95bc should fix the jenkins tests
Comment 8 Jürn Brodersen univentionstaff 2018-03-02 18:08:26 CET
e4c9f7f0: fix 01_base/26check_logfiles_general
Comment 9 Stefan Gohmann univentionstaff 2018-03-04 21:33:06 CET
Update and newly installed systems works. The automated tests are successful on my test systems but they fail in Jenkins. I've created Bug #46478.
Comment 10 Stefan Gohmann univentionstaff 2018-03-14 14:38:50 CET
UCS 4.3 has been released:
 https://docs.software-univention.de/release-notes-4.3-0-en.html
 https://docs.software-univention.de/release-notes-4.3-0-de.html

If this error occurs again, please use "Clone This Bug".
Comment 11 Jürn Brodersen univentionstaff 2019-02-19 17:49:59 CET
*** Bug 46187 has been marked as a duplicate of this bug. ***