Release 2017.1.10 is a small update to OpenNMS Meridian 2017.1.9.
It contains a critical RADIUS fix as well as a number of smaller enhancements.

The codename for 2017.1.10 is Capital meridian.

Breaking Changes

A security issue in the RadiusAuthenticatinProvider has been fixed (Issue NMS-10212).
This requires changes to the radius.xml file located in ${OPENNMS_HOME}/jetty-webapps/opennms/WEB-INF/spring-security.d.
Now instead of providing a bean for the authTypeClass property, it is sufficient to just provide the class name:

Before:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="
   http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security
     http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 <beans:bean id="externalAuthenticationProvider"
             class="org.opennms.protocols.radius.springsecurity.RadiusAuthenticationProvider">
   <!-- ... -->
   <beans:property name="authTypeClass">
     <beans:bean class="net.jradius.client.auth.PAPAuthenticator"/>
   </beans:property>
   <!-- ... -->
 </beans:bean>
</beans:beans>

After:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="
   http://www.springframework.org/schema/beans
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
   http://www.springframework.org/schema/security
     http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 <beans:bean id="externalAuthenticationProvider" class="org.opennms.protocols.radius.springsecurity.RadiusAuthenticationProvider">
   <!-- ... -->
   <beans:property name="authTypeClass" value="net.jradius.client.auth.PAPAuthenticator"/>
   <!-- ... -->
 </beans:bean>
</beans:beans>

 

Supported values for authTypeClass are:

  • net.jradius.client.auth.TunnelAuthenticator
  • net.jradius.client.auth.PAPAuthenticator
  • net.jradius.client.auth.EAPMSCHAPv2Authenticator
  • net.jradius.client.auth.MSCHAPv2Authenticator
  • net.jradius.client.auth.EAPMD5Authenticator
  • net.jradius.client.auth.CHAPAuthenticator
  • net.jradius.client.auth.MSCHAPv1Authenticator
  • net.jradius.client.auth.RadiusAuthenticator
  • net.jradius.client.auth.EAPAuthenticator

If no value is provided net.jradius.client.auth.PAPAuthenticator is used.

Bug
  • VMWare-Center-Monitoring make for every virtual machine a login/logout (Issue NMS-8204)
  • LDAPMonitor causes Errors in ldap logfiles (Issue NMS-8891)
  • The KSC Dashlet for the Ops-Board is not working (Issue NMS-10191)
  • Radius Login Problem (Issue NMS-10212)
  • Trapd does not validate config against XSD (Issue NMS-10242)
  • Drools correlation engine do not always respond to targeted reloadDaemonConfig events (Issue NMS-10257)
  • DefaultProvisionService logs noisily for monitored service having state "N" (Issue NMS-10291)
Enhancement
  • Failed to run Jasper report local_Serial-Interface-Utilization-Summary: Key receive rate is duplicated in pie dataset (Issue NMS-9875)

Jump to section

About the Author: RangerRick

Principal Software Engineer. Manages the release process of OpenNMS Horizon and Meridian, and a bunch of other stuff.
Published On: August 16th, 2018Last Updated: August 16th, 20182 min readTags: ,