mikrotik login radius, does not find or does not authenticate user login winbox.

[luanscps]

My settings are these: ° keycloak radius plugin installed quarks. (ubuntu 20.04.3) ( external server ) running: /opt/keycloak-radius# bin/kc.sh start --hostname=mydomain.cloud --hostname-strict-backchannel=true --https-port=8443 ° configured https tls and hostname external ip ( no proxy ). ° radius over TLS configured as radsec port 1812 ,1813. ° configured "mikrotik-radius-plugin" only for login mikrotik ° user created for login test

My Mikrotik ° Routerboard RB750GR3 version 6.49.6 (stable) ° configured radius radsec, accouting AAA

The mistake: when i go to login by winbox i get the following error in keycloak terminal.

[com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-1) failed with message: java.lang.NullPointerException 2022-09-11 12:38:15,706 ERROR [com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-2) failed with message: java.lang.NullPointerException at org.keycloak.events.EventBuilder.(EventBuilder.java:55) at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createEvent(EventLoggerUtils.java:32) at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createMasterEvent(EventLoggerUtils.java:23) at com.github.vzakharchenko.radius.radius.handlers.protocols.AbstractAuthProtocol.isValid(AbstractAuthProtocol.java:94) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelRead0(AuthHandler.java:108) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.lambda$channelReadRadius$0(AuthHandler.java:126) at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelReadRadius(AuthHandler.java:124) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.directRead(AuthHandler.java:159) at com.github.vzakharchenko.radsec.handlers.RadSecHandler.lambda$channelReadRadius$0(RadSecHandler.java:42) at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250) at com.github.vzakharchenko.radsec.handlers.RadSecHandler.channelReadRadius(RadSecHandler.java:36) at com.github.vzakharchenko.radius.radius.handlers.AbstractThreadRequestHandler.lambda$channelRead0$0(AbstractThreadRequestHandler.java:18) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829)

STATUS RADIUS ROUTERBOARD

I don't know where I'm going wrong.

[dductrung]

My settings are these: ° keycloak radius plugin installed quarks. (ubuntu 20.04.3) ( external server ) running: /opt/keycloak-radius# bin/kc.sh start --hostname=mydomain.cloud --hostname-strict-backchannel=true --https-port=8443 ° configured https tls and hostname external ip ( no proxy ). ° radius over TLS configured as radsec port 1812 ,1813. ° configured "mikrotik-radius-plugin" only for login mikrotik ° user created for login test

My Mikrotik ° Routerboard RB750GR3 version 6.49.6 (stable) ° configured radius radsec, accouting AAA

The mistake: when i go to login by winbox i get the following error in keycloak terminal.

[com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-1) failed with message: java.lang.NullPointerException 2022-09-11 12:38:15,706 ERROR [com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-2) failed with message: java.lang.NullPointerException at org.keycloak.events.EventBuilder.(EventBuilder.java:55) at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createEvent(EventLoggerUtils.java:32) at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createMasterEvent(EventLoggerUtils.java:23) at com.github.vzakharchenko.radius.radius.handlers.protocols.AbstractAuthProtocol.isValid(AbstractAuthProtocol.java:94) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelRead0(AuthHandler.java:108) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.lambda$channelReadRadius$0(AuthHandler.java:126) at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelReadRadius(AuthHandler.java:124) at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.directRead(AuthHandler.java:159) at com.github.vzakharchenko.radsec.handlers.RadSecHandler.lambda$channelReadRadius$0(RadSecHandler.java:42) at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250) at com.github.vzakharchenko.radsec.handlers.RadSecHandler.channelReadRadius(RadSecHandler.java:36) at com.github.vzakharchenko.radius.radius.handlers.AbstractThreadRequestHandler.lambda$channelRead0$0(AbstractThreadRequestHandler.java:18) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829)

STATUS RADIUS ROUTERBOARD

I don't know where I'm going wrong.

I have same problem :(

[luanscps]

I just solved it by doing a fresh install maybe to some configuration that I went wrong

the problem may be involved in the radius authentication issue radsec or udp protocol.

[dductrung]

I just solved it by doing a fresh install maybe to some configuration that I went wrong

the problem may be involved in the radius authentication issue radsec or udp protocol.

I still have this problem even fresh install with maven or docker. Can you write a guide for install and config keycloak and mikrotik? i have error when create new client with client type radius-protocol

Here is my Dockerfile and docker-compose: Dockerfile FROM vassio/keycloak-radius-plugin:latest as builder ENV KC_METRICS_ENABLED=true ENV KC_FEATURES=token-exchange ENV KC_DB=postgres

RUN /opt/radius/scripts/docker-radius-entrypoint.sh build --db=postgres

RUN /opt/keycloak/bin/kc.sh build --db=postgres FROM vassio/keycloak-radius-plugin:latest COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/ WORKDIR /opt/keycloak EXPOSE 8080 EXPOSE 9990 EXPOSE 1812/udp EXPOSE 1813/udp ENTRYPOINT [ "/opt/radius/scripts/docker-radius-entrypoint.sh" ]

docker-compose services: keycloak: image: keycloak-custom:latest environment: KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: admin KEYCLOAK_HOSTNAME: keycloak KC_PROXY: edge KC_HOSTNAME_STRICT_HTTPS: 'true' KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak KC_DB: postgres KC_DB_USERNAME: keycloak KC_DB_PASSWORD: keycloak RADIUS_SHARED_SECRET: secret RADIUS_UDP: 'true' RADIUS_UDP_AUTH_PORT: 1812 RADIUS_UDP_ACCOUNT_PORT: 1813 RADIUS_RADSEC: 'false' RADIUS_DICTIONARY: '' RADIUS_RADSEC_PRIVATEKEY: /config/private.key RADIUS_RADSEC_CERTIFICATE: /config/public.crt RADIUS_COA: 'false' RADIUS_COA_PORT: 3799 "keycloak.profile.feature.upload_scripts": enabled ports:

• "8080:8080" # UI
• "8190:8190" # DEBUG
• "1812:1812/udp" # RADIUS
• "1813:1813/udp" # RADIUS depends_on:

• postgres restart: always entrypoint: sh /opt/radius/scripts/docker-entrypoint.sh start --http-port=8080 --http-enabled=true --hostname-strict-https=false --hostname-strict=false

  postgres: image: postgres:14.2-alpine volumes:

• ./postgres_data:/var/lib/postgresql/data environment: POSTGRES_DB: keycloak POSTGRES_USER: keycloak POSTGRES_PASSWORD: keycloak restart: always

[Startvy]

I found out that we need to use realm id instead of realm name

I just export realm configuration to get id

and paste it to MikroTik radius Realm field