search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.35k stars 286 forks source link

to-10.1-move-radius-configuration-parmeters.pl doesn't handle existing radius_configuration correctly #5671

Closed nqb closed 4 years ago

nqb commented 4 years ago

Describe the bug If you have changed some RADIUS configuration parameters before upgrading to 10.1.0 and you run to-10.1-move-radius-configuration-parmeters.pl, new files under /usr/local/pf/conf/radiusd/are created with wrong values.

Parameters are:

To Reproduce Steps to reproduce the behavior:

  1. Set eap_authentication_types=GTC,MD5,MSCHAPv2,PEAP,TLS,TTLS,PAP in pf.conf
  2. Run to-10.1-move-radius-configuration-parmeters.pl
# cat /usr/local/pf/conf/radiusd/eap_profiles.conf
[default]
eap_authentication_types=1

Expected behavior /usr/local/pf/conf/radiusd/eap_profiles.conf should contain old values of pf.conf

nqb commented 4 years ago

I fixed this issue in 4da38e9a6ac63e13bd26dbc9fb1165b707f5c565.

There was another issue with this script: if ocsp_softfail has been redefined in pf.conf, option was written to /usr/local/pf/conf/radiusd/eap_profiles.conf in place of /usr/local/pf/conf/radiusd/ocsp.conf. Fixed in 574d3fde59c21c345a467bb444b68dcc6f0effb2

nqb commented 4 years ago

I will backport this to maintenance but a patch release will be necessary.