Bug 44919 - (4.2) Add logging to ucs-school-ntlm-auth
(4.2) Add logging to ucs-school-ntlm-auth
Product: UCS@school
Classification: Unclassified
Component: Radius
UCS@school 4.2
Other Linux
: P5 normal (vote)
: UCS@school 4.2 v3
Assigned To: Sönke Schwardt-Krummrich
Florian Best
Depends on: 44918
Blocks: 45482 45490
  Show dependency treegraph
Reported: 2017-06-30 17:59 CEST by Sönke Schwardt-Krummrich
Modified: 2017-10-05 16:43 CEST (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2017-06-30 17:59:19 CEST
Also implement this in UCS@school 4.2

+++ This bug was initially created as a clone of Bug #44918 +++

Debugging of ucs-school-ntlm-auth is hard since there is no feedback other than success/failed.

So we need some kind of logging for support/professional service/development.
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2017-08-24 21:27:43 CEST
A new UCR variable has been added to specify a logging file name for the auth helper ucs-school-ntlm-auth: freeradius/conf/auth-type/mschap/authhelper-logfile

ucr set freeradius/conf/auth-type/mschap/authhelper-logfile=/tmp/mschap.log
invoke-rc.d freeradius restart

The debugging output should help to identify
- in which WLAN groups the user is member of
- if WLAN is enabled for the group with highest priority
- if the sambaNTPassword value could be fetched
- if the user is disabled via sambaAcctFlags
- if the password is wrong (→ none of the above errors)

It is not intended to use this logging feature for continuous logging (too much output, no automatic permission handling for the logfile).

Patches have been ported from UCS@school 4.1R2 to UCS@school 4.2 (unfortunately with bug numbers of 4.1R2):

ucs-school-radius-802.1x (6.0.1-1):
r82483 | Bug #44918: fixed wrong argument in UCR template
r82482 | Bug #44918: several fixes
r82481 | Bug #44918: update changelog entry
r82480 | Bug #44918: escape filename if neccessary
r82479 | Bug #44918: revamp debugging output
r82478 | Bug #44918: add UCR variable for enabling debugging of NTLM auth helper
r82477 | Bug #44918: switch from @%@BCWARNING=@%@ to @%@UCRWARNING=@%@
r82476 | Bug #44918: fixed typo in README
r82475 | Bug #44918: add some basic logging for debugging

Package: ucs-school-radius-802.1x
Version: 6.0.1-1A~
Branch: ucs_4.2-0
Scope: ucs-school-4.2
Comment 2 Florian Best univentionstaff 2017-08-31 11:02:28 CEST
OK: logging
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2017-09-08 15:08:23 CEST
Had to reopen this bug: the maxPriority comparison was wrong

ucs-school-radius-802.1x (6.0.1-2):
10561ec84b | Bug #44918/44919: added changelog entry
10a9e2eb01 | Bug #44918/44919: renamed maxPriority to maxPriorityGroup
2ab20d7492 | Bug #44918/44919: fixed comparison in ucs-school-ntlm-auth

Package: ucs-school-radius-802.1x
Version: 6.0.1-2A~
Branch: ucs_4.2-0
Scope: ucs-school-4.2
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2017-09-08 15:26:29 CEST
3cf52e95c9 | Bug #44919: advisory update
Comment 5 Florian Best univentionstaff 2017-09-08 16:33:36 CEST
Comment 6 Sönke Schwardt-Krummrich univentionstaff 2017-09-12 13:17:19 CEST
UCS@school 4.2 v3 has been released.


If this error occurs again, please clone this bug.