I am new to Freeradius. I configured the freeradius server using container services,
I have installed Freeradius v3.0.21 in Alpine linux.
My container freeradius server is working fine and produce the log. But its missing only one field/attribute "Request-Authenticator = Verified"
in the detail.log. Can anyone please help me on this?
Related
Just installed owncloud using the instructions in https://doc.owncloud.com/server/next/admin_manual/installation/docker/ and when I try to connect to the server from my machine I get the following error message...
You are accessing the server from an untrusted domain.
Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domains" setting in config/config.php. An example configuration is provided in config/config.sample.php or at the documentation.
IK what the error message means and how I would normally fix it in a standard apache setup, but how do I change these in the docker images?
I tried changing the line OWNCLOUD_TRUSTED_DOMAINS in the .env file to a wildcard (originally it said localhost) and that did not help.
I don't now where to look for this particular issue anymore. I have gone numerus time through freeradius configuration and configuration on cisco switch, but I am just unable to find the problem.
My enviroment:
Ubuntu 20.04.5 LTS
FreeRADIUS Version 3.0.20
MariaDB 10.6.11
Cisco C2960X switch
Issue:
I have dot1x configured on Cisco C2960X switch.
On Ubuntu I have freeradius v3 up and running.
Freeradius is able to connact to database, where my users are stored.
I am ussing EAP-TTLS/PAP.
Win10 laptop ethernet card (cable) is configured to use EAP-TTLS/PAP
When trying to connect Win10 laptop over the cable, I am asked to put in the user credentials, afterwards I have to accept the certificate and the authentication is in progress.
In the same time, when looking under Freeradius LOG-s, I get "Login OK" for the user, so user is accepted...great.
But on Win10 laptop authentication fails, allthough Freeradius did accept the user.
When DEBUG-ing Freeradius, everything seems OK:
"Login OK: [user#domain.com] (from client sbl-3 port 50320 cli 38-2C-4A-XX-XX-XX via TLS tunnel)"
When DEBUG-ing C2960x switch, I see an error:
"dot1x-packet:[xxxx.xxxx.xxxx, Gi1/0/19] Added username in dot1x"
"dot1x-packet:[xxxx.xxxx.xxxx, Gi1/0/19] Dot1x did not receive any key data"
"dot1x-ev:[xxxx.xxxx.xxxx, Gi1/0/19] Received Authz fail (result: 2) for the client 0x87000405 (xxxx.xxxx.xxxx)"
"dot1x-sm:[xxxx.xxxx.xxxx, Gi1/0/19] Posting_AUTHZ_FAIL on Client 0x87000405"
But the funny thing is, I have another VM set up with freeradius v2, which connects to the same MariaDB as freeradius v3. With no changes made on C2960X switch (port configuration, aaa etc.) except ofcourse to configure radius server to redirect to another VM (freeradius v2), everything works great. I can se "Login OK" under freeradius LOGs, and Win10 laptop is authenticated and ready to use wired connection.
As it looks like, when using Freeradius v3, I have a problem in the last stage (authorization). But if using Freeradius v2, I have no issue and Win10 laptop is authenticated and ready to use wired connection.
I would really appreciate some help if someone ran into same issue.
Kind Regards, Tomaz
I compared freeradius configuration on both VM, for freeradius v2 and freeradius v3
I debuged freeradius
I debbuged C2960x switch
I recorded traffic with WireShark on Win10 laptop
I have installed Alfresco 6.2 using docker based installation and it's working fine with http.
Now, I have to run same set-up on https and i have to apply self signed certificate for this.
Can someone please provide the steps to generate this self-signed certificate and how to apply it inside docker image.
Any help will be appreciated.
I already did same thing for Alfresco 5.2 without docker, but here I am quite new to docker and not understanding how to do this.
Instead of changing the tomcat certificate I would recommend to setup SSL on nginx or any other reverse proxy. The Tomcat certificate is also used to authenticate Solr. Configuration errors can easily cause the search to stop working.
When using a reverse proxy don't forget to set your external connection in alfresco-global.properties to avoid problems with the CSRF Token Filter. e.g.:
alfresco.context=alfresco
alfresco.host=alfresco.mycompany.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=${alfresco.host}
share.port=${alfresco.port}
share.protocol=${alfresco.protocol}
I created a Weblogic generic container for version 12.1.3 based on the official Docker images from Oracle at https://github.com/oracle/docker-images/tree/master/OracleWebLogic/dockerfiles
Command: buildDockerImage.sh -g -s -v 12.1.3
This creates the image oracle/weblogic:12.1.3-generic
Using a modified version of sample dockerfile for 1213-domain, I built the Weblogic container.
Note: changed the base image to be generic, instead of developer
docker build -t 1213-domain --build-arg ADMIN_PASSWORD="admin123" -f myDockerfile .
Pushed the built image to Amazon ECR and ran the container using the AWS ECS. Configured the port mappings as 0:7001, set memory soft limit as 1024, nothing else changed in default ECS settings. I have an application load balancer in the front, which receives traffic at 443 port and forwards to the containers. In the browser I get a login page for Weblogic, when I enter username as weblogic and password as admin123, I get the error:
Authentication Denied
Interestingly when I go to the container and connect to the weblogic using WLST, it works fine.
[ec2-user#ip-10-99-103-141 ~]$ docker exec -it 458 bash
[oracle#4580238db23f mydomain]$ /u01/oracle/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Jython scans all the jar files it can find at first startup. Depending on the system, this process may take a few minutes to complete, and WLST may not return a prompt right away.
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect("weblogic","admin123","t3://localhost:7001")
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server "AdminServer" that belongs to domain "mydomain".
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
wls:/mydomain/serverConfig>
Any hints on what can be going wrong?
Very interesting indeed. :) .. You are sure there is no special characters or so when you entering the username and password. Try typing the same if you are coping.
Also as backup, since you are able to login to WLST you can try two option.
Resetting the current password of weblogic or try adding new username and password.
below link will help
http://middlewarebuzz.blogspot.com/2013/06/weblogic-password-reset.html
or
http://middlewaremagic.com/weblogic/?p=4962
Here is my whole scenario.
I have a RHEL 7.1 vmware image, with the corporate proxy properly configured, accessing stuff over http or https works properly.
Installed docker-engine, and added the HTTP_PROXY setting to /etc/systemd/system/docker.service.d/http-proxy.conf. I can verify the proxy setting is picked up by executing:
sudo systemctl show docker --property Environment
which will print:
Environment=HTTP_PROXY=http://proxy.mycompany.com:myport/ with real values of course.
Pulling and running docker images works correctly this way.
The goal is to work with the binary distribution of openshift-origin. I downloaded the binaries, and started setting up things as per the walkthrough page on github:
https://github.com/openshift/origin/blob/master/examples/sample-app/README.md
Starting openshift seems to work as I can:
* login via the openshift cli
* create a new project
* even access the web console
But when I try to create an app in the project (also via the cli):
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git
It fails:
error: can't look up Docker image "centos/ruby-22-centos7": Internal error occurred: Get https://registry-1.docker.io/v2/: dial tcp 52.71.246.213:443: connection refused
I can access (without authentication though) this endpoint via the browser on the VM or via WGET.
Hence I believe DOCKER fails to pick up the proxy settings. After some searching I also fear if there are IPTABLES settings missing. Referring to:
https://docs.docker.com/v1.7/articles/networking/
But I don't know if I should fiddle with the IPTABLES settings, should not Docker figure that out itself?
Check your HTTPS_PROXY environment property.