Bug 44919 – (4.2) Add logging to ucs-school-ntlm-auth

Bug 44919 - (4.2) Add logging to ucs-school-ntlm-auth


Summary:	(4.2) Add logging to ucs-school-ntlm-auth

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Radius
Version:	UCS@school 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.2 v3
Assigned To:	Sönke Schwardt-Krummrich
QA Contact:	Florian Best

URL:
Keywords:

Depends on:	44918
Blocks:	45482 45490
	Show dependency tree / graph

Reported:	2017-06-30 17:59 CEST by Sönke Schwardt-Krummrich
Modified:	2017-10-05 16:43 CEST (History)
CC List:	0 users

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2017-06-30 17:59:19 CEST

Also implement this in UCS@school 4.2

+++ This bug was initially created as a clone of Bug #44918 +++

Debugging of ucs-school-ntlm-auth is hard since there is no feedback other than success/failed.

So we need some kind of logging for support/professional service/development.

Comment 1 Sönke Schwardt-Krummrich

2017-08-24 21:27:43 CEST

A new UCR variable has been added to specify a logging file name for the auth helper ucs-school-ntlm-auth: freeradius/conf/auth-type/mschap/authhelper-logfile

ucr set freeradius/conf/auth-type/mschap/authhelper-logfile=/tmp/mschap.log
invoke-rc.d freeradius restart

The debugging output should help to identify
- in which WLAN groups the user is member of
- if WLAN is enabled for the group with highest priority
- if the sambaNTPassword value could be fetched
- if the user is disabled via sambaAcctFlags
- if the password is wrong (→ none of the above errors)

It is not intended to use this logging feature for continuous logging (too much output, no automatic permission handling for the logfile).


Patches have been ported from UCS@school 4.1R2 to UCS@school 4.2 (unfortunately with bug numbers of 4.1R2):

ucs-school-radius-802.1x (6.0.1-1):
r82483 | Bug #44918: fixed wrong argument in UCR template
r82482 | Bug #44918: several fixes
r82481 | Bug #44918: update changelog entry
r82480 | Bug #44918: escape filename if neccessary
r82479 | Bug #44918: revamp debugging output
r82478 | Bug #44918: add UCR variable for enabling debugging of NTLM auth helper
r82477 | Bug #44918: switch from @%@BCWARNING=@%@ to @%@UCRWARNING=@%@
r82476 | Bug #44918: fixed typo in README
r82475 | Bug #44918: add some basic logging for debugging

Package: ucs-school-radius-802.1x
Version: 6.0.1-1A~4.2.0.201708242117
Branch: ucs_4.2-0
Scope: ucs-school-4.2

Comment 2 Florian Best

2017-08-31 11:02:28 CEST

OK: logging
OK: YAML

Comment 3 Sönke Schwardt-Krummrich

2017-09-08 15:08:23 CEST

Had to reopen this bug: the maxPriority comparison was wrong

ucs-school-radius-802.1x (6.0.1-2):
10561ec84b | Bug #44918/44919: added changelog entry
10a9e2eb01 | Bug #44918/44919: renamed maxPriority to maxPriorityGroup
2ab20d7492 | Bug #44918/44919: fixed comparison in ucs-school-ntlm-auth

Package: ucs-school-radius-802.1x
Version: 6.0.1-2A~4.2.0.201709081449
Branch: ucs_4.2-0
Scope: ucs-school-4.2

Comment 4 Sönke Schwardt-Krummrich

2017-09-08 15:26:29 CEST

ucs-school-radius-802.1x.yaml:
3cf52e95c9 | Bug #44919: advisory update

Comment 5 Florian Best

2017-09-08 16:33:36 CEST

OK

Comment 6 Sönke Schwardt-Krummrich

2017-09-12 13:17:19 CEST

UCS@school 4.2 v3 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.2v3-de.html

If this error occurs again, please clone this bug.