Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mikrotik login radius, does not find or does not authenticate user login winbox. #659

Open
luanscps opened this issue Sep 11, 2022 · 4 comments
Open

mikrotik login radius, does not find or does not authenticate user login winbox. #659

luanscps opened this issue Sep 11, 2022 · 4 comments

Comments

@luanscps
Copy link

My settings are these:
° keycloak radius plugin installed quarks. (ubuntu 20.04.3) ( external server )
running: /opt/keycloak-radius# bin/kc.sh start --hostname=mydomain.cloud --hostname-strict-backchannel=true --https-port=8443
° configured https tls and hostname external ip ( no proxy ).
° radius over TLS configured as radsec port 1812 ,1813.
° configured "mikrotik-radius-plugin" only for login mikrotik
° user created for login test

My Mikrotik
° Routerboard RB750GR3 version 6.49.6 (stable)
° configured radius radsec, accouting AAA

The mistake:
when i go to login by winbox i get the following error in keycloak terminal.
errorterminal

[com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-1) failed with message: java.lang.NullPointerException
2022-09-11 12:38:15,706 ERROR [com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-2) failed with message: java.lang.NullPointerException
at org.keycloak.events.EventBuilder.(EventBuilder.java:55)
at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createEvent(EventLoggerUtils.java:32)
at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createMasterEvent(EventLoggerUtils.java:23)
at com.github.vzakharchenko.radius.radius.handlers.protocols.AbstractAuthProtocol.isValid(AbstractAuthProtocol.java:94)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelRead0(AuthHandler.java:108)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.lambda$channelReadRadius$0(AuthHandler.java:126)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelReadRadius(AuthHandler.java:124)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.directRead(AuthHandler.java:159)
at com.github.vzakharchenko.radsec.handlers.RadSecHandler.lambda$channelReadRadius$0(RadSecHandler.java:42)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250)
at com.github.vzakharchenko.radsec.handlers.RadSecHandler.channelReadRadius(RadSecHandler.java:36)
at com.github.vzakharchenko.radius.radius.handlers.AbstractThreadRequestHandler.lambda$channelRead0$0(AbstractThreadRequestHandler.java:18)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)

STATUS RADIUS ROUTERBOARD

radiusmikrotikstatus2

I don't know where I'm going wrong.
@dductrung
Copy link

My settings are these: ° keycloak radius plugin installed quarks. (ubuntu 20.04.3) ( external server ) running: /opt/keycloak-radius# bin/kc.sh start --hostname=mydomain.cloud --hostname-strict-backchannel=true --https-port=8443 ° configured https tls and hostname external ip ( no proxy ). ° radius over TLS configured as radsec port 1812 ,1813. ° configured "mikrotik-radius-plugin" only for login mikrotik ° user created for login test

My Mikrotik ° Routerboard RB750GR3 version 6.49.6 (stable) ° configured radius radsec, accouting AAA

The mistake: when i go to login by winbox i get the following error in keycloak terminal. errorterminal

[com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-1) failed with message: java.lang.NullPointerException
2022-09-11 12:38:15,706 ERROR [com.github.vzakharchenko.radius.radius.handlers.AuthHandler] (pool-3-thread-2) failed with message: java.lang.NullPointerException
at org.keycloak.events.EventBuilder.(EventBuilder.java:55)
at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createEvent(EventLoggerUtils.java:32)
at com.github.vzakharchenko.radius.event.log.EventLoggerUtils.createMasterEvent(EventLoggerUtils.java:23)
at com.github.vzakharchenko.radius.radius.handlers.protocols.AbstractAuthProtocol.isValid(AbstractAuthProtocol.java:94)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelRead0(AuthHandler.java:108)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.lambda$channelReadRadius$0(AuthHandler.java:126)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.channelReadRadius(AuthHandler.java:124)
at com.github.vzakharchenko.radius.radius.handlers.AuthHandler.directRead(AuthHandler.java:159)
at com.github.vzakharchenko.radsec.handlers.RadSecHandler.lambda$channelReadRadius$0(RadSecHandler.java:42)
at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:250)
at com.github.vzakharchenko.radsec.handlers.RadSecHandler.channelReadRadius(RadSecHandler.java:36)
at com.github.vzakharchenko.radius.radius.handlers.AbstractThreadRequestHandler.lambda$channelRead0$0(AbstractThreadRequestHandler.java:18)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)

STATUS RADIUS ROUTERBOARD

radiusmikrotikstatus2

I don't know where I'm going wrong.

I have same problem :(

@luanscps
Copy link
Author

I just solved it by doing a fresh install
maybe to some configuration that I went wrong

the problem may be involved in the radius authentication issue
radsec or udp protocol.

@dductrung
Copy link

I just solved it by doing a fresh install maybe to some configuration that I went wrong

the problem may be involved in the radius authentication issue radsec or udp protocol.

I still have this problem even fresh install with maven or docker. Can you write a guide for install and config keycloak and mikrotik?
i have error when create new client with client type radius-protocol
image

Here is my Dockerfile and docker-compose:
Dockerfile
FROM vassio/keycloak-radius-plugin:latest as builder
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
ENV KC_DB=postgres
#RUN /opt/radius/scripts/docker-radius-entrypoint.sh build --db=postgres
RUN /opt/keycloak/bin/kc.sh build --db=postgres
FROM vassio/keycloak-radius-plugin:latest
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
WORKDIR /opt/keycloak
EXPOSE 8080
EXPOSE 9990
EXPOSE 1812/udp
EXPOSE 1813/udp
ENTRYPOINT [ "/opt/radius/scripts/docker-radius-entrypoint.sh" ]

docker-compose
services:
keycloak:
image: keycloak-custom:latest
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KEYCLOAK_HOSTNAME: keycloak
KC_PROXY: edge
KC_HOSTNAME_STRICT_HTTPS: 'true'
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB: postgres
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: keycloak
RADIUS_SHARED_SECRET: secret
RADIUS_UDP: 'true'
RADIUS_UDP_AUTH_PORT: 1812
RADIUS_UDP_ACCOUNT_PORT: 1813
RADIUS_RADSEC: 'false'
RADIUS_DICTIONARY: ''
RADIUS_RADSEC_PRIVATEKEY: /config/private.key
RADIUS_RADSEC_CERTIFICATE: /config/public.crt
RADIUS_COA: 'false'
RADIUS_COA_PORT: 3799
"keycloak.profile.feature.upload_scripts": enabled
ports:
- "8080:8080" # UI
- "8190:8190" # DEBUG
- "1812:1812/udp" # RADIUS
- "1813:1813/udp" # RADIUS
depends_on:
- postgres
restart: always
entrypoint: sh /opt/radius/scripts/docker-entrypoint.sh start --http-port=8080 --http-enabled=true --hostname-strict-https=false --hostname-strict=false

postgres:
image: postgres:14.2-alpine
volumes:
- ./postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
restart: always

@Startvy
Copy link

Startvy commented Feb 23, 2023

I found out that we need to use realm id instead of realm name

I just export realm configuration to get id

image

image

and paste it to MikroTik radius Realm field

image

@akunzai akunzai mentioned this issue Feb 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix the realm-name retrieval akunzai/keycloak-radius-plugin
3 participants
@luanscps @Startvy @dductrung