Bug 1356063 - "ipa radiusproxy-add" command needs to prompt to enter secret key
Summary: "ipa radiusproxy-add" command needs to prompt to enter secret key
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Keywords: Regression, TestBlocker
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-13 10:56 UTC by Varun Mylaraiah
Modified: 2016-11-04 05:57 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-11-04 05:57:44 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Varun Mylaraiah 2016-07-13 10:56:51 UTC
Description of problem:
"ipa radiusproxy-add" command needs to prompt to enter secret key

Version-Release number of selected component (if applicable):
ipa-server-4.4.0-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
# ipa radiusproxy-add
RADIUS proxy server name: testproxy01
Server: 127.0.0.1
ipa: ERROR: 'ipatokenradiussecret' is required

Actual results:
ipa: ERROR: 'ipatokenradiussecret' is required

Expected results:
It should prompt to enter Secret

Example:
RADIUS proxy server name: testproxy01
Server: 127.0.0.1
Secret: 
Enter Secret again to verify:

Additional info:
There is no way to enter "Secret" in CLI

# ipa radiusproxy-add --help
Usage: ipa [global-options] radiusproxy-add NAME [options]
 
Add a new RADIUS proxy server.
Options:
  -h, --help      show this help message and exit
  --desc=STR      A description of this RADIUS proxy server
  --server=STR    The hostname or IP (with or without port)
  --timeout=INT   The total timeout across all retries (in seconds)
  --retries=INT   The number of times to retry authentication
  --userattr=STR  The username attribute on the user object
  --setattr=STR   Set an attribute to a name/value pair. Format is attr=value.
                  For multi-valued attributes, the command replaces the values
                  already present.
  --addattr=STR   Add an attribute/value pair. Format is attr=value. The
                  attribute must be part of the schema.
  --all           Retrieve and print all attributes from the server. Affects
                  command output.
  --raw           Print entries as stored on the server. Only affects output
                  format.

Comment 3 Petr Vobornik 2016-07-13 14:01:29 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6078

Comment 4 Martin Babinsky 2016-07-14 10:34:19 UTC
Varun,

this is certainly a regression and requires quick resolution but I fail to see the reason for this bug to be marked as TestBlocker.

Can you provide some justification?

Comment 5 Varun Mylaraiah 2016-07-15 13:44:46 UTC
Hi Martin ,

I am not able to test 'Autentication Indicatior' RFE feature as I am not able to add user with Radius authentication (2FA).  This is the reason I have marked it as test blocker.

Comment 8 Varun Mylaraiah 2016-07-22 12:20:13 UTC
Verified

# rpm -qa ipa-server
ipa-server-4.4.0-3.el7.x86_64

# ipa radiusproxy-add
RADIUS proxy server name: testproxy01
Server: 127.0.0.1
Secret: 
Enter Secret again to verify: 
---------------------------------------
Added RADIUS proxy server "testproxy01"
---------------------------------------
  RADIUS proxy server name: testproxy01
  Server: 127.0.0.1
  Secret: <xxxxxxxxx>

Comment 10 errata-xmlrpc 2016-11-04 05:57:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.