I've got a fresh freeradius server and I'm trying to set it up with Gsuites LDAP service for authentication using the instructions set here:
https://support.google.com/cloudidentity/answer/9089736?hl=en&ref_topic=9173976#zippy=%2Cfreeradius
Debug mode worked prior to installing and configuring the ldap module. I've gone through and checked my settings, when I start freeradius in debug mode I receive the error:
/etc/freeradius/3.0/mods-enabled/ldap[496]: Failed to link to module 'rlm_options': /usr/lib/freeradius/rlm_options.so: cannot open shared object file: No such file or directory
I'm unclear on what that file is or why it's missing. Searching documentation I haven't found any reference to the file.
Line 496 in the ldap file seems to refer to the options { breadcrumb section.
Curious if anybody can point me in the right direction, or if I just comment out the options section.
Related
I'm hoping some of you may be able to help me with setting up SSL on my fuseki server. I've been battling with it for a few days now and am running out of possible solutions!
OS: RHEL 8.5 (Ootpa)
Fuseki: Version 4.2.0
Currently running as system service with:
ExecStart=/home/fuseki/apache-jena-fuseki-4.2.0/fuseki-server -v -tdb2 -update -config=/home/fuseki/fuseki_data/config.ttl
This is the manual I've been working with- https://jena.apache.org/documentation/fuseki2/fuseki-data-access-control.html
The following are the provided arguments to add in the startup sequence of fuseki-server.
–https=SETUP [Name of file for certificate details.]
& –httpsPort=PORT [The port for https. Default: 3043]
The --https argument names a file in JSON which includes the name of
the certificate file and password for the certificate.
The issue is that no matter how I phrase the arguments the process returns "fuseki-server[9469]: Unknown argument: https" in the journalctl logs.
I have tried -https=dir, --https=dir, & -httpsConf=dir (where dir is the directory to my cert_details.json file).
Based on the docs https should have native support but when I check fuseki-server -help there is no mention of an https argument. I have created a .jks from my cert, have set the correct file permissions, and have allowed 3043.
I have also located the block of code in fuseki that resolves the keystore and passwd from the .json file (which led me to try using -httpsConf=)
private void setHttpsCert(String filename) {
try {
JsonObject httpsConf = JSON.read(filename);
Path path = Path.of(filename).toAbsolutePath();
String keystore = httpsConf.get("keystore").getAsString().value();
// Resolve relative to the https setup file.
this.httpsKeystore = path.getParent().resolve(keystore).toString();
this.httpsKeystorePasswd = httpsConf.get("passwd").getAsString().value();
Not sure what I'm missing here. For what it's worth I'm a chemist and I definitely don't know java all that well so it very well could be me being stupid. Any suggestions/knowledge would be greatly appreciated.
there are two ways to get HTTPS+Fuseki:
The document referred to is for the jar file here: https://repo1.maven.org/maven2/org/apache/jena/jena-fuseki-server/4.2.0/jena-fuseki-server-4.2.0.jar, not the jar in the apache-jena-fuseki download. (BTW It does not have the UI.)
The one in the apache-jena-fuseki can be use HTTPS by using a Jetty configuration using --jetty=jetty.xml (https://www.eclipse.org/jetty/documentation/current/jetty-xml-config.html) -- example: https://github.com/apache/jena/blob/main/jena-fuseki2/examples/fuseki-jetty-https.xml (which will need modifying).
I want to construct a 2 factor authentication system using freeRADIUS for proxy and privacyIDEA for authentication in server. I read some documents about freeRADIUS and privacyIDEA, and find that rlm_rest module could be helpful for this. I find this document in privacyIDEA webside:
http://privacyidea.readthedocs.io/en/master/application_plugins/rlm_rest.html#rlm-rest
and it just show how to install rlm_rest module in Ubuntu using apt-get, but my server is CentOS 7. So my first question is:
How to install the required packages of rlm_rest module in CentOS?
After that ,the document shows the configuration steps:
The authentication type needs to be configured in the /etc/freeradius/users file:
DEFAULT Auth-Type := rest
and the site configuration should invoke the module as follows:
authenticate {
Auth-Type rest {
rest
}
digest
unix
}
And I don`t know where I should invoke the “authenticate {…}”module? Does it should be write in /etc/freeradius/users ? This is my second question.
Could you please give me some advice or some references? Any help will be appreciate.
The authenticate section goes to your site configuration.
Also on CentOS this would be located in /etc/raddb/sites-enabled, which is linked to sites-available.
You should consider using the rlm_perl module, since this is more flexible.
http://privacyidea.readthedocs.io/en/master/application_plugins/rlm_perl.html#rlm-perl
I have setup grails 3.2.1. on windows JAVA_HOME and GRAILS_HOME is also set. verified by running grails -version and worked as expected.
But when issue command to create app, it always throw following error
"Error occurred running Grails CLI: unable to find valid certification path to requested target (Use --stacktrace to see the full trace)".
I tried it by disconnecting the internet and come to know its trying to connect to https://repo.grails.org
It seems that some certificates must be in JAVA_HOME/jre/lib/security/cacerts. with this thought I downloaded the SSL certificates from https://repo.grails.org by accessing the URL in browser.
same certificates imported in the JAVA_HOME/jre/lib/security/cacerts but still no change.
I could not find even a single related post over the internet.
when creating Grails app in Netbeans 8, I get the same error.
I don't know if I need any other valid certificate or there is any other problem.
Many thanks in advance for any help on this.
Use the "HTTP version" repository
Add the following configuration in USER_HOME/.grails/settings.groovy:
grails {
profiles {
repositories {
myRepo {
url = "http://repo.grails.org/grails/core/"
}
}
}
}
This problem is due to proxy server. i traced the network log. https://repo.grails.org resolves to proxy ip, I guess, because when i access the ip over htps in browser it presents me a certificate which really not in my keystore, when i add the same in my keystore an "host name mismatch error" is thrown instead of "unable to find valid certification path to requested target".
i tried to run this at my home pc and it worked though there are other issues but good to go with next step to work on Grails.
Thanks
I'm trying to run cometD load testing following the steps listed here. I found out that exec:exec requires a property exec.executable which I'm providing as mvn. I'm seeing the error:
[WARNING] The requested profile "server" could not be activated
because it does not exist.
How do you resolve this?
I have updated the CometD documentation with a section on benchmarking.
I'm working on a symfony project and I need a user access conected to an LDAP server. So I searched for something already done to add to my app and found this plugin that has all I wanted.
So I tried to install with the command $ php symfony plugin:install bhLDAPAuthPlugin
for some reason it throws me this error:
No release avaiable for plugin "bhLDAPAuthPlugin"
I don't really understand what that message means. I've checked the spell of the command (also copied the command given in the page of the plugin) and same error appears. If I had no all requeriments for instalation, other errors would be thrown, right?
PS: If you know some easy way to implement by myself the comunication with LDAP (Microsoft Active Directory) will also be appreciated.
No exactly sure how to solve the error message, perhaps it helps is specifically specify which version you wish to install.
Otherwise there's an easy workaround:
Just download the tgz file from here:
http://www.symfony-project.org/plugins/bhLDAPAuthPlugin/6_0_0
and do
php symfony plugin:install bhLDAPAuthPlugin-etc-etc.tgz