Bug 45490 - (4.1R2) Traceback in ucs-school-ntlm-auth if stationId is not set
(4.1R2) Traceback in ucs-school-ntlm-auth if stationId is not set
Product: UCS@school
Classification: Unclassified
Component: Radius
UCS@school 4.1 R2
Other Linux
: P5 normal (vote)
: UCS@school 4.1 R2 v14
Assigned To: Sönke Schwardt-Krummrich
Florian Best
Depends on: 44918 44919 45482
  Show dependency treegraph
Reported: 2017-10-05 16:43 CEST by Sönke Schwardt-Krummrich
Modified: 2017-10-16 21:33 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2017-10-05 16:43:39 CEST
+++ This bug was initially created as a clone of Bug #45482 +++

+++ This bug was initially created as a clone of Bug #44919 +++

Also implement this in UCS@school 4.2

+++ This bug was initially created as a clone of Bug #44918 +++

Debugging of ucs-school-ntlm-auth is hard since there is no feedback other than success/failed.

So we need some kind of logging for support/professional service/development.


Unfortunately this changes leads to exceptions if the stationId is null.
Following debug statements fail:

debug('getNTPasswordHash: username=%r  stationId=%r' % (username, stationId.encode('hex')))
debug('getNTPasswordHash: username2=%r  stationId=%r' % (username, stationId.encode('hex')))

The problem here is that any local test fails but this local tests are the first think which I do with customers:
# radtest -t mschap testuser password localhost 10 testing123

So, the radius conf is not reasonable testable anymore.
If I comment the statments the logging output is very nice!
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2017-10-09 21:46:40 CEST
fb8519568bfc | Bug #45490: Merge branch 'sschwardt/45490/41r2/radius-ntlm-auth' into 4.1r2
5146e355599f | Bug #45490: add advisory

ucs-school-radius-802.1x (5.0.1-5):
fb8519568bfc | Bug #45490: Merge branch 'sschwardt/45490/41r2/radius-ntlm-auth' into 4.1r2
f8e67380ac62 | Bug #45490: add changelog entry
917259f5d3b4 | Bug #45490: fix traceback if stationId is not specified

Package: ucs-school-radius-802.1x
Version: 5.0.1-5.21.201710092144
Branch: ucs_4.1-0
Scope: ucs-school-4.1r2
Comment 2 Florian Best univentionstaff 2017-10-10 15:13:21 CEST
OK: fix

/usr/bin/ucs-school-ntlm-auth-suidwrapper --request-nt-key --username='host/foo$bar.domain' --challenge=00 --nt-response=00 --logfile /dev/stdout                                                                                                               
2017-07-27 13:57:36 [22622] main: username = 'host/foo$bar.domain'
2017-07-27 13:57:36 [22622] main: Challenge = '00'
2017-07-27 13:57:36 [22622] main: Response = '00'
2017-07-27 13:57:36 [22622] getNTPasswordHash: username='host/foo$bar.domain'  stationId=''
2017-07-27 13:57:36 [22622] getNTPasswordHash: username2='foo$bar$'  stationId=''
2017-07-27 13:57:36 [22622] getNTPasswordHash: user not found in any relevant group - access denied
2017-07-27 13:57:36 [22622] main: authentication failed
Logon failure (0xc000006d)
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2017-10-16 21:33:07 CEST
UCS@school 4.1 R2 v14 has been released.


If this error occurs again, please clone this bug.