Open rpppng opened 10 months ago
Restore from backup !
What do I need to restore from the backup?
Problem is that on the new version of Node, authorization using ldap does not work. And I need to understand how to solve this problem. So for update MeshCentral i need these steps: 1) add repository nodesource 2) update nodejs 3) update the meshcentral 4) remove repository nodesource 5) reinstall nodejs from official ubuntu repository
You haven't followed the bug report template so it's missing information off to help other with ur issue
what does ur config.json look like?
If you can run meshcentral OK, then go into the console tab in my server tab, then run info and let us have the output?
Are u sure it's using the correct node version? node --version
How do you startup meshcentral? Via normal node or systemctl?
Have u checked the system.d file is pointing to the correct node version?
{
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
"__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
"__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
"settings": {
"MongoDb": "mongodb://127.0.0.1:27017/meshcentral",
"cert": "ext-ra.c-lan.ru",
"WANonly": true,
"_LANonly": true,
"_sessionKey": "MyReallySecretPassword1",
"port": 64443,
"_agentPort": 64443,
"aliasPort": 443,
"AgentPong": 300,
"_TlsOffload": false,
"_TlsOffload": "127.0.0.1,172.17.0.0/24,172.18.0.0/24",
"TrustedProxy": "127.0.0.1,172.17.0.0/24,172.18.0.0/24",
"redirPort": 64080,
"_redirAliasPort": 80,
"ignoreAgentHashCheck": true,
"_deviceSearchBarGroupName": true,
"userAllowedIP": "127.0.0.1,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8",
"_userAllowedIP": "127.0.0.1,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,89.189.176.195,37.195.148.101"
},
"domains": {
"": {
"_title": "MyServer",
"_title2": "Servername",
"_minify": true,
"_newAccounts": true,
"_userNameIsEmail": true,
"deviceSearchBarGroupName": true,
"deviceSearchBarServerAndClientName": true,
"CertUrl": "https://ext-ra.c-lan.ru:443",
"ManageAllDeviceGroups": [ "bayburin","novikov_mm" ],
"auth": "ldap",
"ldapOptions": {
"url": "ldaps://srv-dc-01.kisnsk.local:636/",
"bindDN": "CN=outsource-ad,OU=Почтовые УЗ и группы распространения,OU=c-lan,DC=kisnsk,DC=local",
"bindCredentials": "P@ssw0rd",
"searchBase": "OU=Users,OU=Отдел аутсорсинга,OU=c-lan,DC=kisnsk,DC=local",
"searchFilter": "(sAMAccountName={{username}})"
},
"ldapUserKey": "sAMAccountName",
"passwordRequirements": {
"_force2factor": true,
"_email2factor": false
}
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
"email": "myemail@mydomain.com",
"names": "myserver.mydomain.com",
"production": false
},
"_smtp": {
"host": "mail.c-lan.ru",
"port": 25,
"from": "meshcentral@alertto2705.c-lan.ru",
"_user": "meshcentral@alertto2705.c-lan.ru",
"tls": false,
"verifyEmail": false
}
}
> info
{
"meshVersion": "v1.1.16",
"nodeVersion": "v12.22.9",
"runMode": "WAN mode",
"productionMode": true,
"database": "MongoDB",
"dbChangeStream": false,
"dbBulkOperations": false,
"platform": "linux",
"arch": "x64",
"pid": 2334,
"uptime": 909966.463965662,
"cpuUsage": {
"user": 16600860531,
"system": 1751752482
},
"memoryUsage": {
"rss": 402051072,
"heapTotal": 80588800,
"heapUsed": 71285744,
"external": 54821798,
"arrayBuffers": 53307442
},
"warnings": [
{
"msg": "MeshCentral will require Node v16 or above in the future, your current version is v12.22.9."
},
{
"msg": "Agent hash checking is being skipped, this is unsafe.",
"id": 9
}
]
}
# /etc/systemd/system/meshcentral.service
[Unit]
Description=MeshCentral Server
[Service]
Type=simple
LimitNOFILE=1000000
ExecStart=/usr/bin/node /home/kis/mc/node_modules/meshcentral/meshcentral
WorkingDirectory=/home/kis/mc
Environment=NODE_ENV=production
User=kis
Group=kis
Restart=always
# Restart service after 10 seconds if node service crashes
RestartSec=10
# Set port permissions capability
AmbientCapabilities=cap_net_bind_service
[Install]
WantedBy=multi-user.target
Now my node version is v12.22.9 because i revert it back. But when authorisation not working node --version output is v.20.x I can try again update node to v20 from deb.nodesource.com and show "info" output from server console. should i do it? btw, i have cyrillic in ldap options, mb something wrong with cyrillin in v20 node? but ok in v12
I found what the problem is. It is not possible to perform authorization through ldaps, but it passes through ldap. Any ideas why authorization works correctly on the old version of NodeJS?
We have just discovered a bug with 1.1.22 with external authentication. Fix be merged soon, so try 1.1.21 for the time being. Also use node 18 or above! We no longer support < 16 due to a dependency update which now requires node 16 or above
Edit. You also don't say what meshcentral version you are using so how can we debug ur issue without knowing what version you are using
The version of MeshaCentral was different (1.1.21 for example), I have been observing this problem for the last monthes and described the steps to reproduce it, among other things. on all versions there were problems with authorization via LDAP with node from nodesource repository.
As soon as the node version returned to 12 (Ubuntu repository), authorization began to work.
Yesterday I checked problem again after update mc to 1.1.22.
With "--debug ldap" i saw problem is that the latest version is complaining about the certificate.
ldap LDAP Error: Error: unable to verify the first certificate
Then I edit config from ldaps 636 to ldap 389 and authorization worked fine.
I think it's not an MC problem, but maybe you can help with this.
Cant login to meshcentral after update nodejs from ubuntu repo to new version node by deb.nodesource.com
My config was: Ubuntu 22.04 Nodejs 12.22.9 from ubuntu rep mongodb
steps: 1) remove nodejs 12 2) add deb.nodesource repository 3) install nodejs 20 after that my ldap users cant login to meshcentral seems like a incorrect password when i start "node meshcentral --user xxxxxx" it's working
then i remove nodejs 20, remove nodesource repository then install nodejs 12.22.9 again and meshcentral working my users (ldap) can authenticate
how can i fix this?