Omada Controller 3.0.2 for Linux (including new tpeap v1.4)
Update 2020-04-30: Omada EAP Controller 3.2.10 community version has just been released.
There is now a .deb-package available for easy installation on Debian, Raspbian and any other Debian-based Linux. The steps below are not necessary anymore for the installation of Omada Controller using the dpkg package manager.
The following (now obsolete) post is still here for reference only:
Hello world!
TP-Link just released the latest version of Omada Controller 3.0.2. Thanks to a tip from forum user humor_amarillo I got my hands on it early. So here it is, baked in just no time: The community version of
Omada EAP Controller 3.0.2 for Linux
Last update: 2018-08-28 22:40
What's new in this version?
- Cloud support. See the official release notes on the TP-Link website.
- Auto-backup, but the Windows-way. See below for the Linux-way to do backups.
- From what I saw so far, the directory structure has been cleaned up. Photoshop file with icons from v2.7.0 has been removed from the images directory.
- GUI now seems much more cleaner, too. Well done, TP-Link!
- EAP Controller starts ~30% faster compared with v2.7.0.
- All steps in the initial wizard now can be skipped! Finally my feature request was honored, thanks to R&D very much!
What's new in the Linux release?
- Logo now shows »Community version« below the TP-Link logo, so you can recognize it better.
- Two new options for tpeap:
- dump lets you dump the database as well as the maps and keystores.
- restore lets you restore a database dump including maps and previous keystores.
- A surprise (see below).
Update #1: New tpeap 1.4 has been released (see this post for more details).
For your convenience, I have attached the new tpeap script v1.4 to this posting, too. It might be handy for doing a backup of your v2.7.0 installation, which can be easily restored in EAP Controller 3.0.2.
Update #2: The tpeap 1.4 just has been added to the TAR archive with Omada Controller 3.0.2. If you download the TAR archive as described below, you will get the new tpeap script already - no need to install it twice.
Standard disclaimer, as usual: Use at your own risk.
This community version (cv for short) is neither released nor supported by TP-Link and it still needs some testing.
Installation of the Linux version
— If you want to install the Linux version for the first time, please see this post first, replace the instructions in step 2 there with the instructions in the same step 2 in this post below and proceed with the remaining steps here when you have installed all the pre-requisites (eapc role account, Java JRE, mongodb database).
— If you already have installed Omada EAP Controller 2.7.0cv on your Linux system, just read on.
Step 1: Make a backup
Obviously, to make a backup, the old EAP Controller needs to be running. Download the tpeap script attached to this posting and install it (you can safely overwrite the old tpeap version in the 2.7.0cv Controller):
cp tpeap /opt/tplink/EAPController/bin/
Next, create a backup. You need to specify a directory for the database dump (else it uses the directory EAPC_HOME/backup):
tpeap dump /tmp/backup
tpeap will create the directory, copy your maps and keystore to it, and then execute mongodump, which dumps the database in binary BSON format into the backup archive. Now you can safely stop the EAP Controller.
Step 2: Download and extract the software
Download the TAR archive from https://rent-a-guru.de/ftp/eapc-3.0.2.tar.gz
Check the SHA256 sum:
$ sha256sum -b eapc-3.0.2.tar.gz
2b9c9ce54a3bc698b25901f1234aef79e3d1e51703a9af1dcaa8360c4b407f66 *eapc-3.0.2.tar.gz
9638bb2ed43d58169a33b52ea2be1d48482fae68a5d93028f162ff66f2b0c4ea *eapc-3.0.2.tar.gz
$
Step 3: Set up the EAP Controller
Installation is straight-forward: Extract the TAR archive as root in /opt/tplink, remove the symlink EAPController pointing to version 2.7.0cv and create a new one pointing to the EAPController-3.0.2 directory just extracted from the TAR archive. Easy, isn't it?
cd /opt/tplink
tar xvzf /your-download-dir/eapc-3.0.2.tar.gz
rm EAPController
ln -s EAPController-3.0.2 EAPController
Do a quick check wether the permissions and ownership has been set correctly (complete dialog shown here):
# ls -ld /opt/tplink/EAPController-3.0.2
drwxr-xr-x 13 eapc eapc 4096 Aug 21 05:53 /opt/tplink/EAPController-3.0.2
# ls -l /opt/tplink/EAPController-3.0.2
total 12
drwxr-xr-x 2 root root 6 Aug 21 05:27 backup
drwxr-xr-x 2 root root 55 Aug 21 02:11 bin
drwxr-xr-x 6 eapc eapc 55 Aug 21 05:53 data
drwxr-x--- 2 root eapc 39 Aug 21 01:30 keystore
drwxr-xr-x 2 root root 4096 Aug 21 01:30 lib
drwxr-xr-x 2 eapc eapc 58 Aug 21 05:53 logs
drwxr-xr-x 2 root root 22 Aug 21 03:18 man
drwxr-x--- 2 root eapc 4096 Aug 21 01:30 properties
drwxr-xr-x 2 root root 36 Aug 21 05:36 webapps
drwxr-xr-x 3 eapc eapc 32 Aug 21 05:53 work
#
Two more things: Install the symlink to the Java JRE:
cd /opt/tplink/EAPController
ln -s /where-your-JRE-lives/ jre
and the manpage of tpeap (you find it in the man subdirectory):
cp man/tpeap.man /usr/share/man/man8/tpeap.8
gzip -v --best /usr/share/man/man8/tpeap.8
My JRE resides under /opt/jvm, so it looks like this:
# ls -l jre
lrwxrwxrwx 1 root root 21 Aug 21 05:53 jre -> /opt/jvm/jre1.8.0_181
Important note for users of Ubuntu and probably other distros, too:
If your mongodb version is >= 3.6 you need to edit the argument list EAPC uses to start the mongod daemon. The option --nohttpinterface, which is set by EAPC, has been removed in mongodb version 3.6 and newer.
Find out your mongod version:
mongod --version
To get rid of the --nohttpinterface option, you will have to delete it from the file mongodb.properties:
cd /opt/tplink/EAPController/properties
cp mongod.properties ../mongod.properties.ORIG
sed -i 's/^\(eap.mongod.args=.*\) --nohttpinterface \(.*\)$/\1 \2/' mongodb.properties
Of course, you can use any other editor, too.
Last step: fire up the new Controller
tpeap -w start
Now restore the database saved in step 1:
tpeap restore /tmp/backup
Enjoy!
Uh, and if you want to see what probably comes next to a Linux server near you:
The color-intense theme awesome with FontAwesome icons - no more image files needed, clean layout for EAPC 2.7.0cv.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
DaltonGrat wrote
My raspbian Stretch Lite has no Java and mongo installed. Trying to install it gives several errors. I will try to install Raspbian again and start all over
Hi DaltonGrat,
yes, try the full Raspbian system and disable or de-install packages you don't need later (e.g. graphics). This ensures that you have everything needed for Omada Controller. Alternatively, consider use of the stand-alone Omada Controller hardware (OC200). It's a bit more expensive compared to RasPi, but works out of the box.
- Copy Link
- Report Inappropriate Content
The OC200 is the best option for a newbie like me, I know...
But I allready have 2 raspberry pi from former projects so I will try installing the full Raspbian first.
With the full version of Raspbian I don't need to install Java, jsvc and mongodb manually?
Do I need to set up a role account?
Is it possible to download a ready-to-use raspbian image with omada controller software?
Thank you for your help and patience.
- Copy Link
- Report Inappropriate Content
DaltonGrat wrote
With the full version of Raspbian I don't need to install Java, jsvc and mongodb manually?
Do I need to set up a role account?
Is it possible to download a ready-to-use raspbian image with omada controller software?
The full Raspbian 9.6 includes Oracle's JRE, jsvc and mongodb already. No need to install any of those packages (at least on my RasPi 3 B those packages came pre-installed with Raspbian 9). AFAIK if you install later you have the choice between the JRE from OpenJDK and Oracle JRE. Choose the latter for Omada Controller.
If you use my deb package you don't need to set up a role account. It does this automatically before installing the files. For the ready-to-use Raspbian see the official repository - when I downloaded the full image, it was Raspbian/Debian 9.6 after updating the distro using apt-get.
- Copy Link
- Report Inappropriate Content
Thank you for the effort you put in making this community version of the EAP Controller software. In the end we decided not to use it, because it turned out to be very simple to run the official software on a Raspberry Pi and in that case we'd prefer to run unedited software ;)
Version 3.0.5 also seems to be released almost two months ago. Although I do not understand why it does not show up on all language websites. The Dutch website is stuck on 3.0.2, while the English website does show 3.0.5.
We've written a blogpost detailing the linux commands we used, if anybody is interested: https://dreambyte.nl/2018/12/27/installing-eap-controller-on-raspberry-pi/. We've included a small headsup to this topic, as it was helpful to read. Thanks a bunch!
Edit:
Just to be clear, we're not saying there is anything wrong with the community version. It is probably awesome software.
We're just saying that running the official version provided by TP-Link is so easy we prefered to do that, and we documented how we did it.
- Copy Link
- Report Inappropriate Content
jobhh wrote
... and in that case we'd prefer to run unedited software ;)
Just to make it clear: The community version of Omada Controller is completely unedited except for the removal of x86 binaries (which make the official distribution architecture-dependent and unable to run on Raspbian or any other ARM CPU) and improvements to the start-stop script tpeap (added missing privilege separation).
It uses exactly the same, unaltered Java code as in the corresponding TP-Link official versions (2.5, 2.6, 2.7, 3.0). What has been edited is an optional alternative theme for the web UI (mainly CSS styles) in version 2.7.0 of EAP Controller - and only in v2.7.0, for which TP-Link did not provide an official Linux version long time until late 2018.
Please don't make false claims here.
We've written a blogpost detailing the linux commands we used ...
The Raspbian package of the community version does all those steps you described in your blog post, but in an automatic manner (pre-install scripts). This package had been requested by people who have only little knowledge of the shell.
I personally don't use the Controller on RasPi at all (in fact I bought a Pi only for porting); we use the Controller since v2.4 on our own hardware based on AMD GX-412TC SoC, which is fully x86-64 compatible - and yes, I still replace the start-stop script and outdated embedded JRE/mongod binaries even in TP-Link's x86 version in favour of the official Java/mongodb software from the Oracle and Debian repositories because of their latest security fixes.
It's just this replacement of the embedded binaries, which did constitute the community version and which was long time the only Linux version available after the v2.4.8 desaster. Reason for the community version was my early fix of a serious security hole (a Java root exploit), which finally has been included (the fix!) by TP-Link since v2.7.0.
Starting with the official version 2.7.0 there is no reason to use the community version - except if you want a ready-to-use install package for the Pi or an improved tpeap script for all Linux platforms -, because all official versions now will include the community version's privilege separation in their tpeap/control.sh by using jsvc.
I still run my own x86 version with newer Java/mongod software and an improved tpeap script (now renamed to omadactl), but won't publish it anymore, because I finally reached my goal of having TP-Link add privilege separation nearly one year (!) after hackers took over several Internet servers through Java holes in the official EAP Controller.
Thus, there is and will be no v3.0.5 community version and I have re-gained my spare time.
- Copy Link
- Report Inappropriate Content
With your instructions I finally got it working!
Thank you for your help.
- Copy Link
- Report Inappropriate Content
Thus, there is and will be no v3.0.5 community version and I have re-gained my spare time.
So sad
But of course I am happy to hear you have spare time again!
- Copy Link
- Report Inappropriate Content
Hi DaltonGrat,
glad to hear that it works. Enjoy it!
AlienMindbender, don't worry! If there is enough interest, I will make the new omadactl script available as an independent .deb package.
It's just that a) it makes not much sense to create installable packages since there is an official one now and b) there is no hurry anymore to fix the privilege escalation bug after TP-Link finally took privilege separation in. This means one has to install two separate packages in the future: the official one from TP-Link and mine with omadactl, which then corrects everything to make the Controller run on any CPU architecture again.
Biggest advantage of this soultion is that I don't have to adapt the package to each new version. Secondly, I don't have to explain over and over again that the community version included the same Java code as TP-Link's version.
But I still wait for the 3.1 version of Omada Controller, which was announced for December – only two and a half days left.
- Copy Link
- Report Inappropriate Content
We never meant to imply there is something wrong with the community version. I've edited our post to reflect this.
P.S.
I don't know how to quote on the TP-Link forums yet :p
Edit:
As you've decided to have some spare time, I've created a seperate topic not to further clutter this community version topic: https://community.tp-link.com/en/business/forum/topic/152609
- Copy Link
- Report Inappropriate Content
Thank you for your work and scripts! I encountered some issues but finally got it working on my pi.
I couldn't use full Raspbian Stretch because the image was too large for my sd card... So after installing Stretch Lite I had to install java and mongodb myself (Oracle and openJDK version both worked with Omada!). Then used the Omada controller deb package from this thread. Omada didn't automatically start. Had to change the java setting to -client. Manually started omadactl and it worked! Then rebooted the Pi, but Omada didn't start automatically... My solution was to add omadactl to rc.local. Now it auto starts on boot. Is this solution ok or not advised?
It takes my Pi 1 B+ more than 10 minutes to launch, every time! I don't care that much, but I wouldn't expect any program to take that much time to launch, even on a B+ ...
So for any one interested, these were my steps:
$ sudo apt-get install oracle-java8-jdk
$ sudo apt-get install jsvc
$ sudo apt-get install mongodb
$ ftp ftp.rent-a-guru.de
Name: ftp
Password: "yourmail"
ftp> cd /private
ftp> bin
ftp> get omada-controller_3.0.2-2_all.deb
ftp> quit
$ sudo dpkg -i omada-controller_3.0.2-2_all.deb
$ sudo nano /usr/bin/omadactl
Change in file:
JAVA_OPTS="-server ...
to:
JAVA_OPTS="-client ...
And to get omadactl to auto start on boot:
$ sudo nano /etc/rc.local
Add to end of file but before "exit 0":
sudo omadactl -w start &
- Copy Link
- Report Inappropriate Content
Information
Helpful: 8
Views: 60030
Replies: 109