First Last Prev Next    This bug is not in your last search results.
Bug 47899 - Include univention-check-radius-access in ucs-school-radius-802.1x
Include univention-check-radius-access in ucs-school-radius-802.1x
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Radius
UCS@school 4.3
Other Linux
: P5 normal (vote)
: UCS@school 4.4 v1
Assigned To: Jürn Brodersen
Sönke Schwardt-Krummrich
https://help.univention.com/t/problem...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-02 12:52 CEST by Valentin Heidelberger
Modified: 2019-03-12 11:01 CET (History)
5 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018102521000201
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Valentin Heidelberger univentionstaff 2018-10-02 12:52:44 CEST 
"univention-radius" includes a tool called univention-check-radius-access. This tool is handy to quickly check if a certain user has RADIUS access.
It is not present in UCS@school because U@S includes the package "ucs-school-radius-802.1x", which does not contain univention-check-radius-access, and not "univention-radius"-

I think we should provide univention-check-radius-access with "ucs-school-radius-802.1x" as well.
Comment 1 Christina Scheinig univentionstaff 2018-10-26 11:49:34 CEST 
This would really be nice to have, with this tool the internetconnection is checked too. This would have saved us some time in troubleshooting.
Comment 2 Jürn Brodersen univentionstaff 2019-02-19 12:01:29 CET 
univention-check-radius-access schould work 4.4

I don't think the qa has a high priority -> Target Milestone
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2019-02-27 14:24:42 CET 
root@master140:~# univention-radius-check-access --username=user4
      INFO: [user=user4; mac=None] Loglevel set to: 4
     DEBUG: [user=user4; mac=None] Given username: "user4"
     DEBUG: [user=user4; mac=None] Given stationId: "None"
     DEBUG: [user=user4; mac=None] Loading proxy rules from UCR
     DEBUG: [user=user4; mac=None] Loaded user_to_group {'mamu': ['gsMitte-1A', 'schueler-gsmitte', 'Domain Users gsMitte'], 'demo_student': ['Domain Users DEMOSCHOOL', 'DEMOSCHOOL-Democlass', 'schueler-demoschool'], 'demo_teacher': ['Domain Users DEMOSCHOOL', 'lehrer-demoschool'], 'demo_admin': ['Domain Users DEMOSCHOOL', 'mitarbeiter-demoschool']}
     DEBUG: [user=user4; mac=None] Loaded group_info {'gsMitte-1A': (7, False), 'schueler-gsmitte': (5, True), 'lehrer-demoschool': (0, True)}
     DEBUG: [user=user4; mac=None] Checking proxy rules network access
     DEBUG: [user=user4; mac=None] DENY: No proxy rules for user user4 found
      INFO: [user=user4; mac=None] Proxy rules deny username attempt to login
     DEBUG: [user=user4; mac=None] Checking ldap network access for user
     DEBUG: [user=user4; mac=None] DENY 'uid=user4,cn=users,dc=nstx,dc=local'
     DEBUG: [user=user4; mac=None] -> DENY 'cn=Domain Users,cn=groups,dc=nstx,dc=local'
     DEBUG: [user=user4; mac=None] -> -> DENY 'cn=Users,cn=Builtin,dc=nstx,dc=local'
     DEBUG: [user=user4; mac=None] -> DENY 'cn=grpA,cn=groups,dc=nstx,dc=local'
     DEBUG: [user=user4; mac=None] -> -> ALLOW 'cn=grpB,cn=groups,dc=nstx,dc=local'
      INFO: [user=user4; mac=None] LDAP settings allow attempt to login
     DEBUG: [user=user4; mac=None] MAC filtering is disabled by radius/mac/whitelisting.
      INFO: [user=user4; mac=None] User is allowed to use RADIUS
     DEBUG: [user=user4; mac=None] --- Thus access is ALLOWED.


I suggest to increase the log level of the radius ntlm helper tool and log actual auth requests on the fly.

OK: code change
OK: functional test
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2019-03-12 11:01:12 CET 
UCS@school 4.4 v1 has been released.

https://docs.software-univention.de/release-notes-ucsschool-4.4v1-de.html

If this error occurs again, please clone this bug.
First Last Prev Next    This bug is not in your last search results.