Closed hofq closed 2 years ago
Krzmbrzl
commented
2 years ago Hm - I have never used docker-compose nor have I ever touched that LDAP-thingy, so I'm afraid that I'm not too much of a help here xD
@azlux do you have any ideas on this? @Natenom do you happen to have any experience with LDAP?
hofq
commented
2 years ago My Current Issue is related to the connection between the mumble server and LDAPauth via ice.
I have tried so far: Murmur [Container] -> LDAPauth [Directly on Linux VM] ✔ Murmur [Directly on Linux VM] -> LDAPauth [Directly on Linux VM] ✔ Murmur [Container] -> LDAPauth [Container] ❌
I Really have Issues if the IP of the LDAP Authenticator and the Murmur Server is not the Same.
Krzmbrzl
commented
2 years ago What about the case Murmur [Directly on Linux VM] -> LDAPauth [Container] ? Does that also fail?
hofq
commented
2 years ago I have not tested that since the Static Server is discontinued. If it makes sense i would try it.
Krzmbrzl
commented
2 years ago Yeah well it would be more in order to complete the test-case set than as a suggested workaround. I was just curious what the outcome would be. Maybe that could hint as to where the problem lies.
azlux
commented
2 years ago If you have a custom config file, you should use the MUMBLE_CUSTOM_CONFIG_FILE variable : https://github.com/mumble-voip/mumble-docker#additional-variables I think your real issue is the image don't take your custom config
hofq
commented
2 years ago Okay, i try to change it on my VM.
https://github.com/mumble-voip/mumble/blob/d16ad421d496aefdc68468d1e64425a086d0a32a/scripts/murmur.ini#L65 Do i have to enter here the IP/Hostname of the Authenticator or does it work with an Wildcard or CIDR?
Krzmbrzl
commented
2 years ago I doubt that it would work with a wildcard as the ICE interface expects a concrete address to bind to (afaik)... I might be wrong though :eyes:
Kissaki
commented
2 years ago https://doc.zeroc.com/display/Ice34/Proxy+and+Endpoint+Syntax#ProxyandEndpointSyntax-AddressSyntax
0.0.0.0 should work as a IPv4 wildcard. :: for IPv6. * may too; I’m not entirely sure whether the server is considered a “proxy” in ice context.
Kissaki
commented
2 years ago Given that Mumble in container, ldap auth on host works, I don’t see why it’d be a config file not being used issue?
In your posted configuration I see LDAP docker conf has EXPOSE 6502. Doesn’t that mean it’d expect it as an outgoing port, and may not identify it as an incoming port of the network?
hofq
commented
2 years ago Never used the Ice Protocol before. I tried it vice versa but it didn't worked. Has anyone of you time to run a Quick Test with my Setup? I really tried much, but either the Authenticator can't connect at all or i get the Error that the Address is already allocated.
azlux
commented
2 years ago I've added a docker-compose example into the wiki : https://github.com/mumble-voip/mumble-docker/wiki
If you want to use the nework for ice, you should use :
ice="tcp -h 0.0.0.0 -p 6502" into the config
AND into the docker-compose (not the dockerfile)
EXPOSE:
- 6502to allow other containers to reach this port.
hofq
commented
2 years ago 2022-05-11 10:36:20,914 INFO Shutdown complete
2022-05-11 10:42:58,510 INFO Starting LDAP mumble authenticator
2022-05-11 10:42:58,512 DEBUG Using shared ice secret
2022-05-11 10:42:58,512 INFO Connecting to Ice server (10.10.10.189:6502)
2022-05-11 10:42:58.513692 LDAPauth.py: error: Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/Ice/__init__.py", line 1548, in doMain
status = self.run(args)
File "/app/LDAPauth.py", line 226, in run
if not self.initializeIceConnection():
File "/app/LDAPauth.py", line 264, in initializeIceConnection
adapter = ice.createObjectAdapterWithEndpoints('Callback.Client', 'tcp -h %s' % cfg.ice.host)
File "/usr/local/lib/python3.10/site-packages/Ice/__init__.py", line 934, in createObjectAdapterWithEndpoints
adapter = self._impl.createObjectAdapterWithEndpoints(name, endpoints)
Ice.SocketException: Ice.SocketException:
Cannot assign requested address;Ice configuration
[ice]
host = 10.10.10.xxx
port = 6502
slice = Murmur.ice
secret = ******************************
watchdog = 30version: "3.7"
services:
murmur:
environment:
- MUMBLE_CUSTOM_CONFIG_FILE=/data/murmur.ini
image: mumblevoip/mumble-server:latest
volumes:
- $PWD/conf/murmur.ini:/data/murmur.ini:ro
- $PWD/murmur.sqlite:/data/murmur.sqlite:rw
- $PWD/log/murmur.log:/data/murmur.log:rw
hostname: murmur
expose:
- 6502
ports:
- 64738:64738
- 64738:64738/udp
- 6502:6502/tcp
- 6502:6502/udp
murmur-ldap:
build: ./mumble-scripts/Authenticators/LDAP
hostname: murmur-ldap
depends_on:
- "murmur"
volumes:
- $PWD/conf/LDAPauth.ini:/app/LDAPauth.ini:ro
- $PWD/log/LDAPauth.log:/var/log/murmur/LDAPauth.log:rw
- $PWD/mumble/src/murmur/Murmur.ice:/app/Murmur.ice:romurmur-murmur-1 | Using manually specified config file at /data/murmur.ini
murmur-murmur-1 | All MUMBLE_CONFIG variables will be ignored
murmur-murmur-1 | Running Mumble server as uid=1000 gid=1000
murmur-murmur-1 | "/data" has the following permissions set:
murmur-murmur-1 | drwxr-xr-x, owner: "mumble" (UID: 1000), group: "mumble" (GID: 1000)
murmur-murmur-1 | Command run to start the service : /usr/bin/mumble-server -fg -ini /data/murmur.ini
murmur-murmur-1 | Starting...
murmur-murmur-1 | <X>2022-05-11 10:42:56.343 SSL: OpenSSL version is 'OpenSSL 1.1.1f 31 Mar 2020'
murmur-murmur-1 | <W>2022-05-11 10:42:56.344 Initializing settings from /data/murmur.ini (basepath /data)
murmur-murmur-1 | <W>2022-05-11 10:42:56.652 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
murmur-murmur-1 | <W>2022-05-11 10:42:56.690 ServerDB: Opened SQLite database /data/murmur.sqlite
murmur-murmur-1 | <W>2022-05-11 10:42:56.691 ServerDB: Using SQLite's default rollback journal.
murmur-murmur-1 | <W>2022-05-11 10:42:56.693 MurmurIce: Endpoint "tcp -h 192.168.0.2 -p 6502 -t 60000" running
murmur-murmur-1 | <W>2022-05-11 10:42:56.693 Murmur 1.4.230 (1.4.230) running on Linux: Ubuntu 20.04.4 LTS [x64]: Booting servers
murmur-murmur-1 | <W>2022-05-11 10:42:56.697 1 => Server listening on 0.0.0.0:64738
murmur-murmur-1 | <W>2022-05-11 10:42:57.072 1 => Registration needs nonempty 'registername', 'registerpassword' and 'registerurl', must have an empty 'password' and allowed pings.
murmur-murmur-1 | <W>2022-05-11 10:43:01.847 Killing running servers
murmur-murmur-1 | <W>2022-05-11 10:43:01.852 1 => Stopped
murmur-murmur-1 | <W>2022-05-11 10:43:01.852 Shutting down
murmur-murmur-1 | <W>2022-05-11 10:43:01.853 MurmurIce: Shutdown completeIn firewalld i Opened Port 6502 tcp and udp. on the Port there is something. I don't know why the Authenticator won't connect and if it's a Docker or Authenticator Issue.
[root@MUMBLE murmur]# telnet 10.10.10.XXX 6502
Trying 10.10.10.XXX...
Connected to 10.10.10.XXX.
Escape character is '^]'.
IcePmurmur-murmur-1 |
2022-05-11 10:42:56.693 MurmurIce: Endpoint "tcp -h 192.168.0.2 -p 6502 -t 60000" running
Here i used the Wildcard. The log just shows a random local IP
azlux
commented
2 years ago Ok I start to understand the issue you have, Ice use a open port on mumble-server to register a callback on specific port
So BOTH ice client and ice server need open ports :
Easy way : network_mode : "service:murmur" into the docker-compose.yaml for your service murmur-ldap.
Hard way: expose 6502 on mumble-server and the other port mumble-ldap (and use the name of container instead of fixed IP). But I don't know if you can choose the callback port on your script (look like 6502 too regarding to your logs, but not sure). If you are on a separate network bridge you can expose (0-65535) (the doc allow that : --expose list = Expose a port or a range of ports)
hofq
commented
2 years ago Network mode does it.
I think the Authenticator Configuration needs a better seperation between Host and Client Variables.
Hi, thanks for the Re-Release!
I am currently struggeling with the Mumble LDAP Authenticator. The Server is currently Running 1 Release behind on Static x86. In this Setup, i Build murmur & the LDAP Authenticator from the Git Tag of the Latest Release.
I have used the following Configs, but it doesn't seem to work.
The LDAP seems to can't connect to the murmur server and i cant figure out why. I have tried switching up the IPs (172.16.238.2 / 172.16.238.3) but that doesn't help at all.
docker-compose.yaml
LDAPauth.ini
LDAPauth Dockerfile
murmur.ini
Could you Provide Official examples on how to set it up?