search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.39k stars 291 forks source link

Feature/118 smb multi thread #8335

Closed stgmsa closed 3 weeks ago

stgmsa commented 1 month ago

Description

introduce the multi machine account support for NTLM Auth API

Impacts

NEW Package(s) required

python gunicorn python redis

Delete branch after merge

YES

Checklist

Enhancements

parallel ntlm auth API supported

E-ThanG commented 2 weeks ago

I'm unable to start the ntlm-auth-api on 14.1 after this was merged. The file config_loader.py is definitely there on the host. Not sure why it's saying it isn't available to the container. I can't say what actually is in the container though. I tried adding to the Dockerfile to copy everything from the bin/pyntlm_auth/ during build. Then rebuilt the container and deleted the old images. Didn't change a thing, I don't know much about docker though.

2024-11-08T23:19:47.545270-08:00 boomer ntlm-auth-api-domain[675753]: Running with args --sig-proxy=true --rm --name=ntlm-auth-api-OITAD --add-host=containers-gateway.internal:host-gateway -h boomer  -v /var/lib/mysql:/var/lib/mysql -v /etc/sudoers:/etc/sudoers -v /etc/sudoers.d/:/etc/sudoers.d/ -v /usr/local/fingerbank/conf:/usr/local/fingerbank/conf -v /usr/local/fingerbank/db:/usr/local/fingerbank/db -v /usr/local/pf/var/run:/usr/local/pf/var/run -ePF_UID=996 -e PF_GID=995 -eFINGERBANK_UID=999 -e FINGERBANK_GID=996 -eIS_A_CLASSIC_PF_CONTAINER=yes -eTZ=America/Los_Angeles -v /usr/local/pf/conf:/usr/local/pf/conf -v /usr/local/pf/logs:/usr/local/pf/logs -v /usr/local/pf/var/conf:/usr/local/pf/var/conf -v /var/log:/var/log:ro -p 5000:5000 -e LISTEN=5000 -e IDENTIFIER=OITAD
2024-11-08T23:19:47.568669-08:00 boomer ntlm-auth-api-domain[675764]: Error response from daemon: No such container: ntlm-auth-api-OITAD
2024-11-08T23:19:47.568669-08:00 boomer ntlm-auth-api-domain[675764]: Error response from daemon: No such container: 1
2024-11-08T23:19:48.290363-08:00 boomer ntlm-auth-api-domain[675773]: Failed to read config file: /usr/local/pf/bin/pyntlm_auth/gunicorn.conf.py
2024-11-08T23:19:48.291090-08:00 boomer ntlm-auth-api-domain[675773]: Traceback (most recent call last):
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "/usr/lib/python3/dist-packages/gunicorn/app/base.py", line 111, in get_config_from_filename
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:    spec.loader.exec_module(mod)
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "/usr/local/pf/bin/pyntlm_auth/gunicorn.conf.py", line 6, in <module>
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:    import config_loader
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]: ModuleNotFoundError: No module named 'config_loader'
stgmsa commented 2 weeks ago

I'm unable to start the ntlm-auth-api on 14.1 after this was merged. The file config_loader.py is definitely there on the host. Not sure why it's saying it isn't available to the container. I can't say what actually is in the container though. I tried adding to the Dockerfile to copy everything from the bin/pyntlm_auth/ during build. Then rebuilt the container and deleted the old images. Didn't change a thing, I don't know much about docker though.

2024-11-08T23:19:47.545270-08:00 boomer ntlm-auth-api-domain[675753]: Running with args --sig-proxy=true --rm --name=ntlm-auth-api-OITAD --add-host=containers-gateway.internal:host-gateway -h boomer  -v /var/lib/mysql:/var/lib/mysql -v /etc/sudoers:/etc/sudoers -v /etc/sudoers.d/:/etc/sudoers.d/ -v /usr/local/fingerbank/conf:/usr/local/fingerbank/conf -v /usr/local/fingerbank/db:/usr/local/fingerbank/db -v /usr/local/pf/var/run:/usr/local/pf/var/run -ePF_UID=996 -e PF_GID=995 -eFINGERBANK_UID=999 -e FINGERBANK_GID=996 -eIS_A_CLASSIC_PF_CONTAINER=yes -eTZ=America/Los_Angeles -v /usr/local/pf/conf:/usr/local/pf/conf -v /usr/local/pf/logs:/usr/local/pf/logs -v /usr/local/pf/var/conf:/usr/local/pf/var/conf -v /var/log:/var/log:ro -p 5000:5000 -e LISTEN=5000 -e IDENTIFIER=OITAD
2024-11-08T23:19:47.568669-08:00 boomer ntlm-auth-api-domain[675764]: Error response from daemon: No such container: ntlm-auth-api-OITAD
2024-11-08T23:19:47.568669-08:00 boomer ntlm-auth-api-domain[675764]: Error response from daemon: No such container: 1
2024-11-08T23:19:48.290363-08:00 boomer ntlm-auth-api-domain[675773]: Failed to read config file: /usr/local/pf/bin/pyntlm_auth/gunicorn.conf.py
2024-11-08T23:19:48.291090-08:00 boomer ntlm-auth-api-domain[675773]: Traceback (most recent call last):
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "/usr/lib/python3/dist-packages/gunicorn/app/base.py", line 111, in get_config_from_filename
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:    spec.loader.exec_module(mod)
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "<frozen importlib._bootstrap_external>", line 940, in exec_module
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:  File "/usr/local/pf/bin/pyntlm_auth/gunicorn.conf.py", line 6, in <module>
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]:    import config_loader
2024-11-08T23:19:48.291200-08:00 boomer ntlm-auth-api-domain[675773]: ModuleNotFoundError: No module named 'config_loader'

Hi @E-ThanG Thanks for the feedback, seems to be a dependency / FS issue. We'll investigate and will reach you back soon.

E-ThanG commented 2 weeks ago

I was able to get it to start by adding sys.path.append("/usr/local/pf/bin/pyntlm_auth") to gunicorn.conf.py just before it imports config_loader. It also needed python3-redis added to the Dockerfile.

Now that it starts, it still won't work. It's complaining that "[WARNING] failed to bind machine account: no available accounts, retrying."

I tried with 0, 1, 2, and 8 accounts. It creates them in AD but can't seem to use them. It's trying with the account hostname$ and with hostname-0$.

2024-11-10T19:53:58.340448-08:00 boomer ntlm-auth-api-domain[74418]: [2024-11-10 19:53:58 -0800] [8] [INFO] deal machine account test for: BOOMER$ with password 'xxx'
2024-11-10T19:53:58.460697-08:00 boomer ntlm-auth-api-domain[74418]: [2024-11-10 19:53:58 -0800] [9] [INFO] deal machine account test for: BOOMER-0$ with password 'xxx'