Univention Bugzilla – Bug 46806
[4.3] ucs-school-ntlm-auth is case sensitive for wlan access for hostnames
Last modified: 2018-06-04 15:27:43 CEST
Bug for UCS@school 4.3 +++ This bug was initially created as a clone of Bug #45684 +++ UCS@school 4.1 R2 v13 / paedML 7 Unfortunately the ucs-school-ntlm-auth is case sensitive for wlan access for hostnames. The customer reported the issue and we reproduced the bug for following use cases: Case 1: 1. Create machine account "C06laptpo" 2. Joined the windows client Case 2: 1. Joined the windows client "c06laptpo" 2. Machine account "C06LAPTPO" will be automatically created For both machine accounts the wlan access failed because the windows clients send "host/c06laptpo.paedml-linux.lokal" and ucs-school-ntlm-auth-script failed with "user not found in any relevant group - access denied". Log attached. But both machine accounts had all necessary WLAN-Requirements according to https://www.univention.de/2017/10/wlan-fuer-schultraeger-byod-gyod/ 3.1 Internet rule with wlan=true 3.2 Created class 3.3 Added machine account to class 3.4 Assigned internet rule to class Using c06laptpo worked like a charm! Case 1: 1. Create machine account "c06laptpo" 2. Joined the windows client The problem seems in loadInfo() during parsing of group membership.
An internal comparison when assigning user/host names to WLAN groups was case-sensitive, which meant that access to the WLAN was not granted if the user/host name was spelled incorrectly. The existing test cases 72_radius_authentication and 72_radius_machine_authentication have been extended and are now checking with given username, lowercase username, uppercase username and random case username. 0e08c72a Bug #46806: Merge branch 'sschwardt/46806/43/radius_hostnames' into 4.3 a5b721d6 Bug #46806: add changelog entry 60697637 Bug #46806: check if radius authentication also works with camel case usernames/hostnames 9d7c35fd Bug #46806: add advisory f6548867 Bug #46806: add changelog entry c8c28384 Bug #46806: remove case-sensitivity of hostnames/usernames in ucs-school-ntlm-auth Package: ucs-school-radius-802.1x Version: 7.0.0-8A~4.3.0.201804111426 Branch: ucs_4.3-0 Scope: ucs-school-4.3 Package: ucs-test-ucsschool Version: 4.0.4-83A~4.2.0.201804111425 Branch: ucs_4.2-0 Scope: ucs-school-4.2
The radius identity is not case sensitive anymore -> OK YAML change: [4.3 98d9f4e8] Bug #46806: YAML -> Verified
UCS@school 4.3 v3 has been released. https://docs.software-univention.de/changelog-ucsschool-4.3v3-de.html If this error occurs again, please clone this bug.