First Last Prev Next    This bug is not in your last search results.
Bug 53263 - Broken Config when switching to auth-type ttls
Broken Config when switching to auth-type ttls
Status: NEW
Product: UCS
Classification: Unclassified
Component: Radius
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-17 09:11 CEST by Raoul Borenius
Modified: 2022-01-27 10:35 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Raoul Borenius 2021-05-17 09:11:26 CEST 
Setting

ucr set freeradius/conf/auth-type/mschap=no
ucr set freeradius/conf/auth-type/ttls=yes

creates a broken config:

freeradius[7651]: /etc/freeradius/3.0/mods-enabled/eap[831]: Failed to find 'Auth-Type MS-CHAP' section.  Cannot authenticate users.

Fix:

--- /etc/univention/templates/files/etc/freeradius/3.0/mods-available/eap.orig  2020-11-24 19:45:21.000000000 +0100
+++ /etc/univention/templates/files/etc/freeradius/3.0/mods-available/eap       2021-05-16 16:24:20.532854512 +0200
@@ -860,7 +860,13 @@
        #  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
        #  currently support.
        #
-       mschapv2 {
+@!@
+auth_type = configRegistry.get('freeradius/conf/auth-type/mschap', 'FALSE')
+if auth_type and 'TRUE' == auth_type.upper() or 'YES' == auth_type.upper():
+       print('\t mschapv2 {')
+else:
+       print('\t# mschapv2 {')
+@!@
                #  Prior to version 2.1.11, the module never
                #  sent the MS-CHAP-Error message to the
                #  client.  This worked, but it had issues
@@ -884,7 +890,13 @@
                #  RADIUS server.  Or, some information to uniquely
                #  identify it.
 #              identity = "FreeRADIUS"
-       }
+@!@
+auth_type = configRegistry.get('freeradius/conf/auth-type/mschap', 'FALSE')
+if auth_type and 'TRUE' == auth_type.upper() or 'YES' == auth_type.upper():
+       print('\t}')
+else:
+       print('\t# }')
+@!@
 
        ## EAP-FAST
        #
First Last Prev Next    This bug is not in your last search results.