Closed hofq closed 2 years ago
Hm - I have never used docker-compose nor have I ever touched that LDAP-thingy, so I'm afraid that I'm not too much of a help here xD
@azlux do you have any ideas on this? @Natenom do you happen to have any experience with LDAP?
My Current Issue is related to the connection between the mumble server and LDAPauth via ice.
I have tried so far: Murmur [Container] -> LDAPauth [Directly on Linux VM] ✔ Murmur [Directly on Linux VM] -> LDAPauth [Directly on Linux VM] ✔ Murmur [Container] -> LDAPauth [Container] ❌
I Really have Issues if the IP of the LDAP Authenticator and the Murmur Server is not the Same.
What about the case Murmur [Directly on Linux VM] -> LDAPauth [Container] ? Does that also fail?
I have not tested that since the Static Server is discontinued. If it makes sense i would try it.
Yeah well it would be more in order to complete the test-case set than as a suggested workaround. I was just curious what the outcome would be. Maybe that could hint as to where the problem lies.
If you have a custom config file, you should use the MUMBLE_CUSTOM_CONFIG_FILE variable : https://github.com/mumble-voip/mumble-docker#additional-variables I think your real issue is the image don't take your custom config
Okay, i try to change it on my VM.
https://github.com/mumble-voip/mumble/blob/d16ad421d496aefdc68468d1e64425a086d0a32a/scripts/murmur.ini#L65 Do i have to enter here the IP/Hostname of the Authenticator or does it work with an Wildcard or CIDR?
I doubt that it would work with a wildcard as the ICE interface expects a concrete address to bind to (afaik)... I might be wrong though :eyes:
https://doc.zeroc.com/display/Ice34/Proxy+and+Endpoint+Syntax#ProxyandEndpointSyntax-AddressSyntax
0.0.0.0
should work as a IPv4 wildcard. ::
for IPv6. *
may too; I’m not entirely sure whether the server is considered a “proxy” in ice context.
Given that Mumble in container, ldap auth on host works, I don’t see why it’d be a config file not being used issue?
In your posted configuration I see LDAP docker conf has EXPOSE 6502
. Doesn’t that mean it’d expect it as an outgoing port, and may not identify it as an incoming port of the network?
Never used the Ice Protocol before. I tried it vice versa but it didn't worked. Has anyone of you time to run a Quick Test with my Setup? I really tried much, but either the Authenticator can't connect at all or i get the Error that the Address is already allocated.
I've added a docker-compose example into the wiki : https://github.com/mumble-voip/mumble-docker/wiki
If you want to use the nework for ice, you should use :
ice="tcp -h 0.0.0.0 -p 6502"
into the config
AND into the docker-compose (not the dockerfile)
EXPOSE:
- 6502
to allow other containers to reach this port.
2022-05-11 10:36:20,914 INFO Shutdown complete
2022-05-11 10:42:58,510 INFO Starting LDAP mumble authenticator
2022-05-11 10:42:58,512 DEBUG Using shared ice secret
2022-05-11 10:42:58,512 INFO Connecting to Ice server (10.10.10.189:6502)
2022-05-11 10:42:58.513692 LDAPauth.py: error: Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/Ice/__init__.py", line 1548, in doMain
status = self.run(args)
File "/app/LDAPauth.py", line 226, in run
if not self.initializeIceConnection():
File "/app/LDAPauth.py", line 264, in initializeIceConnection
adapter = ice.createObjectAdapterWithEndpoints('Callback.Client', 'tcp -h %s' % cfg.ice.host)
File "/usr/local/lib/python3.10/site-packages/Ice/__init__.py", line 934, in createObjectAdapterWithEndpoints
adapter = self._impl.createObjectAdapterWithEndpoints(name, endpoints)
Ice.SocketException: Ice.SocketException:
Cannot assign requested address
;Ice configuration
[ice]
host = 10.10.10.xxx
port = 6502
slice = Murmur.ice
secret = ******************************
watchdog = 30
version: "3.7"
services:
murmur:
environment:
- MUMBLE_CUSTOM_CONFIG_FILE=/data/murmur.ini
image: mumblevoip/mumble-server:latest
volumes:
- $PWD/conf/murmur.ini:/data/murmur.ini:ro
- $PWD/murmur.sqlite:/data/murmur.sqlite:rw
- $PWD/log/murmur.log:/data/murmur.log:rw
hostname: murmur
expose:
- 6502
ports:
- 64738:64738
- 64738:64738/udp
- 6502:6502/tcp
- 6502:6502/udp
murmur-ldap:
build: ./mumble-scripts/Authenticators/LDAP
hostname: murmur-ldap
depends_on:
- "murmur"
volumes:
- $PWD/conf/LDAPauth.ini:/app/LDAPauth.ini:ro
- $PWD/log/LDAPauth.log:/var/log/murmur/LDAPauth.log:rw
- $PWD/mumble/src/murmur/Murmur.ice:/app/Murmur.ice:ro
murmur-murmur-1 | Using manually specified config file at /data/murmur.ini
murmur-murmur-1 | All MUMBLE_CONFIG variables will be ignored
murmur-murmur-1 | Running Mumble server as uid=1000 gid=1000
murmur-murmur-1 | "/data" has the following permissions set:
murmur-murmur-1 | drwxr-xr-x, owner: "mumble" (UID: 1000), group: "mumble" (GID: 1000)
murmur-murmur-1 | Command run to start the service : /usr/bin/mumble-server -fg -ini /data/murmur.ini
murmur-murmur-1 | Starting...
murmur-murmur-1 | <X>2022-05-11 10:42:56.343 SSL: OpenSSL version is 'OpenSSL 1.1.1f 31 Mar 2020'
murmur-murmur-1 | <W>2022-05-11 10:42:56.344 Initializing settings from /data/murmur.ini (basepath /data)
murmur-murmur-1 | <W>2022-05-11 10:42:56.652 MetaParams: TLS cipher preference is "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA"
murmur-murmur-1 | <W>2022-05-11 10:42:56.690 ServerDB: Opened SQLite database /data/murmur.sqlite
murmur-murmur-1 | <W>2022-05-11 10:42:56.691 ServerDB: Using SQLite's default rollback journal.
murmur-murmur-1 | <W>2022-05-11 10:42:56.693 MurmurIce: Endpoint "tcp -h 192.168.0.2 -p 6502 -t 60000" running
murmur-murmur-1 | <W>2022-05-11 10:42:56.693 Murmur 1.4.230 (1.4.230) running on Linux: Ubuntu 20.04.4 LTS [x64]: Booting servers
murmur-murmur-1 | <W>2022-05-11 10:42:56.697 1 => Server listening on 0.0.0.0:64738
murmur-murmur-1 | <W>2022-05-11 10:42:57.072 1 => Registration needs nonempty 'registername', 'registerpassword' and 'registerurl', must have an empty 'password' and allowed pings.
murmur-murmur-1 | <W>2022-05-11 10:43:01.847 Killing running servers
murmur-murmur-1 | <W>2022-05-11 10:43:01.852 1 => Stopped
murmur-murmur-1 | <W>2022-05-11 10:43:01.852 Shutting down
murmur-murmur-1 | <W>2022-05-11 10:43:01.853 MurmurIce: Shutdown complete
In firewalld i Opened Port 6502 tcp and udp. on the Port there is something. I don't know why the Authenticator won't connect and if it's a Docker or Authenticator Issue.
[root@MUMBLE murmur]# telnet 10.10.10.XXX 6502
Trying 10.10.10.XXX...
Connected to 10.10.10.XXX.
Escape character is '^]'.
IceP
murmur-murmur-1 |
2022-05-11 10:42:56.693 MurmurIce: Endpoint "tcp -h 192.168.0.2 -p 6502 -t 60000" running
Here i used the Wildcard. The log just shows a random local IP
Ok I start to understand the issue you have, Ice use a open port on mumble-server to register a callback on specific port
So BOTH ice client and ice server need open ports :
Easy way : network_mode : "service:murmur"
into the docker-compose.yaml for your service murmur-ldap.
Hard way: expose 6502 on mumble-server and the other port mumble-ldap (and use the name of container instead of fixed IP). But I don't know if you can choose the callback port on your script (look like 6502 too regarding to your logs, but not sure). If you are on a separate network bridge you can expose (0-65535) (the doc allow that : --expose list = Expose a port or a range of ports
)
Network mode does it.
I think the Authenticator Configuration needs a better seperation between Host and Client Variables.
Hi, thanks for the Re-Release!
I am currently struggeling with the Mumble LDAP Authenticator. The Server is currently Running 1 Release behind on Static x86. In this Setup, i Build murmur & the LDAP Authenticator from the Git Tag of the Latest Release.
I have used the following Configs, but it doesn't seem to work.
The LDAP seems to can't connect to the murmur server and i cant figure out why. I have tried switching up the IPs (172.16.238.2 / 172.16.238.3) but that doesn't help at all.
docker-compose.yaml
LDAPauth.ini
LDAPauth Dockerfile
murmur.ini
Could you Provide Official examples on how to set it up?