First Last Prev Next    This bug is not in your last search results.
Bug 46531 - [4.3] ucs-school-ntlm-auth uses the master to authenticate in @school environments instead of local slave
[4.3] ucs-school-ntlm-auth uses the master to authenticate in @school environ...
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Radius
UCS@school 4.2
Other Linux
: P5 normal (vote)
: UCS@school 4.3 v2
Assigned To: Daniel Tröder
Jürn Brodersen
:
Depends on:
Blocks: 46756
  Show dependency treegraph
 
Reported: 2018-03-07 15:29 CET by Christina Scheinig
Modified: 2018-04-06 22:02 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.103
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018030621000751
Bug group (optional):
Max CVSS v3 score:

Attachments
Patch to suppress using the master (364 bytes, patch)
2018-03-07 15:29 CET, Christina Scheinig 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2018-03-07 15:29:39 CET 
Created attachment 9443 [details]
Patch to suppress using the master

In a customer school environment, the master was not reachable.
The login via wifi did not work, though the radius-server was reachable and was configured to authenticate against the local slave ldap.

In /etc/freeradius/modules/ldap the school-slave is configured

But in /usr/bin/ucs-school-ntlm-auth

ldapConnection = univention.uldap.getMachineConnection() is used. 
→ getMachineConnection() always uses the master if ldap_master=False is not passed.
Comment 1 Christina Scheinig univentionstaff 2018-03-08 09:08:08 CET 
The customer reported that the patch fixed the situation in the environment
Comment 2 Daniel Tröder univentionstaff 2018-03-28 16:23:19 CEST 
[4.3 36a2c127] Bug #46531: use local LDAP server
[4.3 b3ca85f0] Bug #46531: advisory
[4.3 c551da5e] Bug #46531: advisory fix

ucs-school-radius-802.1x (7.0.0-7)
Comment 3 Jürn Brodersen univentionstaff 2018-04-03 15:49:23 CEST 
Test: 72_radius_authentication -> OK
YAML -> OK

-> Verified
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2018-04-06 22:02:21 CEST 
UCS@school 4.3 v2 has been released.

https://docs.software-univention.de/changelog-ucsschool-4.3v2-de.html

If this error occurs again, please clone this bug.
First Last Prev Next    This bug is not in your last search results.