Univention Bugzilla – Bug 44919
(4.2) Add logging to ucs-school-ntlm-auth
Last modified: 2017-10-05 16:43:39 CEST
Also implement this in UCS@school 4.2
+++ This bug was initially created as a clone of Bug #44918 +++
Debugging of ucs-school-ntlm-auth is hard since there is no feedback other than success/failed.
So we need some kind of logging for support/professional service/development.
A new UCR variable has been added to specify a logging file name for the auth helper ucs-school-ntlm-auth: freeradius/conf/auth-type/mschap/authhelper-logfile
ucr set freeradius/conf/auth-type/mschap/authhelper-logfile=/tmp/mschap.log
invoke-rc.d freeradius restart
The debugging output should help to identify
- in which WLAN groups the user is member of
- if WLAN is enabled for the group with highest priority
- if the sambaNTPassword value could be fetched
- if the user is disabled via sambaAcctFlags
- if the password is wrong (→ none of the above errors)
It is not intended to use this logging feature for continuous logging (too much output, no automatic permission handling for the logfile).
Patches have been ported from UCS@school 4.1R2 to UCS@school 4.2 (unfortunately with bug numbers of 4.1R2):
r82483 | Bug #44918: fixed wrong argument in UCR template
r82482 | Bug #44918: several fixes
r82481 | Bug #44918: update changelog entry
r82480 | Bug #44918: escape filename if neccessary
r82479 | Bug #44918: revamp debugging output
r82478 | Bug #44918: add UCR variable for enabling debugging of NTLM auth helper
r82477 | Bug #44918: switch from @%@BCWARNING=@%@ to @%@UCRWARNING=@%@
r82476 | Bug #44918: fixed typo in README
r82475 | Bug #44918: add some basic logging for debugging
Had to reopen this bug: the maxPriority comparison was wrong
10561ec84b | Bug #44918/44919: added changelog entry
10a9e2eb01 | Bug #44918/44919: renamed maxPriority to maxPriorityGroup
2ab20d7492 | Bug #44918/44919: fixed comparison in ucs-school-ntlm-auth
3cf52e95c9 | Bug #44919: advisory update
UCS@school 4.2 v3 has been released.
If this error occurs again, please clone this bug.