Omada Controller 3.0.2 for Linux (including new tpeap v1.4)
Update 2020-04-30: Omada EAP Controller 3.2.10 community version has just been released.
There is now a .deb-package available for easy installation on Debian, Raspbian and any other Debian-based Linux. The steps below are not necessary anymore for the installation of Omada Controller using the dpkg package manager.
The following (now obsolete) post is still here for reference only:
Hello world!
TP-Link just released the latest version of Omada Controller 3.0.2. Thanks to a tip from forum user humor_amarillo I got my hands on it early. So here it is, baked in just no time: The community version of
Omada EAP Controller 3.0.2 for Linux
Last update: 2018-08-28 22:40
What's new in this version?
- Cloud support. See the official release notes on the TP-Link website.
- Auto-backup, but the Windows-way. See below for the Linux-way to do backups.
- From what I saw so far, the directory structure has been cleaned up. Photoshop file with icons from v2.7.0 has been removed from the images directory.
- GUI now seems much more cleaner, too. Well done, TP-Link!
- EAP Controller starts ~30% faster compared with v2.7.0.
- All steps in the initial wizard now can be skipped! Finally my feature request was honored, thanks to R&D very much!
What's new in the Linux release?
- Logo now shows »Community version« below the TP-Link logo, so you can recognize it better.
- Two new options for tpeap:
- dump lets you dump the database as well as the maps and keystores.
- restore lets you restore a database dump including maps and previous keystores.
- A surprise (see below).
Update #1: New tpeap 1.4 has been released (see this post for more details).
For your convenience, I have attached the new tpeap script v1.4 to this posting, too. It might be handy for doing a backup of your v2.7.0 installation, which can be easily restored in EAP Controller 3.0.2.
Update #2: The tpeap 1.4 just has been added to the TAR archive with Omada Controller 3.0.2. If you download the TAR archive as described below, you will get the new tpeap script already - no need to install it twice.
Standard disclaimer, as usual: Use at your own risk.
This community version (cv for short) is neither released nor supported by TP-Link and it still needs some testing.
Installation of the Linux version
— If you want to install the Linux version for the first time, please see this post first, replace the instructions in step 2 there with the instructions in the same step 2 in this post below and proceed with the remaining steps here when you have installed all the pre-requisites (eapc role account, Java JRE, mongodb database).
— If you already have installed Omada EAP Controller 2.7.0cv on your Linux system, just read on.
Step 1: Make a backup
Obviously, to make a backup, the old EAP Controller needs to be running. Download the tpeap script attached to this posting and install it (you can safely overwrite the old tpeap version in the 2.7.0cv Controller):
cp tpeap /opt/tplink/EAPController/bin/
Next, create a backup. You need to specify a directory for the database dump (else it uses the directory EAPC_HOME/backup):
tpeap dump /tmp/backup
tpeap will create the directory, copy your maps and keystore to it, and then execute mongodump, which dumps the database in binary BSON format into the backup archive. Now you can safely stop the EAP Controller.
Step 2: Download and extract the software
Download the TAR archive from https://rent-a-guru.de/ftp/eapc-3.0.2.tar.gz
Check the SHA256 sum:
$ sha256sum -b eapc-3.0.2.tar.gz
2b9c9ce54a3bc698b25901f1234aef79e3d1e51703a9af1dcaa8360c4b407f66 *eapc-3.0.2.tar.gz
9638bb2ed43d58169a33b52ea2be1d48482fae68a5d93028f162ff66f2b0c4ea *eapc-3.0.2.tar.gz
$
Step 3: Set up the EAP Controller
Installation is straight-forward: Extract the TAR archive as root in /opt/tplink, remove the symlink EAPController pointing to version 2.7.0cv and create a new one pointing to the EAPController-3.0.2 directory just extracted from the TAR archive. Easy, isn't it?
cd /opt/tplink
tar xvzf /your-download-dir/eapc-3.0.2.tar.gz
rm EAPController
ln -s EAPController-3.0.2 EAPController
Do a quick check wether the permissions and ownership has been set correctly (complete dialog shown here):
# ls -ld /opt/tplink/EAPController-3.0.2
drwxr-xr-x 13 eapc eapc 4096 Aug 21 05:53 /opt/tplink/EAPController-3.0.2
# ls -l /opt/tplink/EAPController-3.0.2
total 12
drwxr-xr-x 2 root root 6 Aug 21 05:27 backup
drwxr-xr-x 2 root root 55 Aug 21 02:11 bin
drwxr-xr-x 6 eapc eapc 55 Aug 21 05:53 data
drwxr-x--- 2 root eapc 39 Aug 21 01:30 keystore
drwxr-xr-x 2 root root 4096 Aug 21 01:30 lib
drwxr-xr-x 2 eapc eapc 58 Aug 21 05:53 logs
drwxr-xr-x 2 root root 22 Aug 21 03:18 man
drwxr-x--- 2 root eapc 4096 Aug 21 01:30 properties
drwxr-xr-x 2 root root 36 Aug 21 05:36 webapps
drwxr-xr-x 3 eapc eapc 32 Aug 21 05:53 work
#
Two more things: Install the symlink to the Java JRE:
cd /opt/tplink/EAPController
ln -s /where-your-JRE-lives/ jre
and the manpage of tpeap (you find it in the man subdirectory):
cp man/tpeap.man /usr/share/man/man8/tpeap.8
gzip -v --best /usr/share/man/man8/tpeap.8
My JRE resides under /opt/jvm, so it looks like this:
# ls -l jre
lrwxrwxrwx 1 root root 21 Aug 21 05:53 jre -> /opt/jvm/jre1.8.0_181
Important note for users of Ubuntu and probably other distros, too:
If your mongodb version is >= 3.6 you need to edit the argument list EAPC uses to start the mongod daemon. The option --nohttpinterface, which is set by EAPC, has been removed in mongodb version 3.6 and newer.
Find out your mongod version:
mongod --version
To get rid of the --nohttpinterface option, you will have to delete it from the file mongodb.properties:
cd /opt/tplink/EAPController/properties
cp mongod.properties ../mongod.properties.ORIG
sed -i 's/^\(eap.mongod.args=.*\) --nohttpinterface \(.*\)$/\1 \2/' mongodb.properties
Of course, you can use any other editor, too.
Last step: fire up the new Controller
tpeap -w start
Now restore the database saved in step 1:
tpeap restore /tmp/backup
Enjoy!
Uh, and if you want to see what probably comes next to a Linux server near you:
The color-intense theme awesome with FontAwesome icons - no more image files needed, clean layout for EAPC 2.7.0cv.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hii,
i have the same java version as you, but i have always the same error while i will start the tpeap
Can you help me pls
thanks for you reply
- Copy Link
- Report Inappropriate Content
Grbz wrote
i have the same java version as you, but i have always the same error while i will start the tpeap
Hi,
see https://issues.jboss.org/browse/JBEWS-103. You probably have OpenJDK or some other JRE installed. Make sure it's the Oracle JRE, check with this command:
$ update-java-alternatives -l
jdk-8-oracle-arm32-vfp-hflt 318 /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt
$
If this doesn't help, change JAVA_OPTS in /usr/bin/omadactl (old name: tpeap) from -server to -client.
See also post #6 in this thread, there is a new .deb-package with the latest version of Omada Controller 3.1.13 available.
- Copy Link
- Report Inappropriate Content
Grbz wrote
I didnt download the .deb file. Only the omadacontrollerv3.1.4 _linux_x86.tar.gz. Must i download the .deb file?
No, you don't need the .deb-ackage, but have to set up the controller manually then. See the thread I linked to, user g2_ufo described the steps to do manually if you don't want to use my .deb-package. The TAR archive provided by TP-Link does not run out-of-the-box on Raspbian's ARM architecture, since the official Omada Controller includes x86 binaries (that's what x86 means in the name of the TAR farchive file).
- Copy Link
- Report Inappropriate Content
$ update-java-alternatives -l
jdk-8-oracle-arm32-vfp-hflt 318 /usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt
$
i have the same as you.
ee also post #6 in this thread, there is a new .deb-package with the latest version of Omada Controller 3.1.13 available.
i have installed the .deb-package, every command i run out, step by step.
but i have now the error of JAVA again : Starting Omada Controller.Cannot find any VM in Java Home /opt/tplink/EAPController/jre.
- Copy Link
- Report Inappropriate Content
Seems to me that you have screwed up things by installing the x86 version. My .deb-package does not require the JRE in TP-Link's official version.
I suggest to remove the package (use dpkg --purge), un-install the x86 version (either using the script provided by TP-Link or manually - if the latter, remove all tpeap links to control.sh in /etc/init.d, /etc/rc*.d and /usr/bin, too) and try again. Make sure that the Raspbian JRE is working, just run /usr/bin/java -version to check.
My .deb-package just needs a working JRE, the jsvc utility and the mongodb as provided by Raspbian.
- Copy Link
- Report Inappropriate Content
R1D2 , will you add support for Omada Controller 3.1.13(Linux) in the future?
- Copy Link
- Report Inappropriate Content
WoDkaBE wrote
R1D2 , will you add support for Omada Controller 3.1.13(Linux) in the future?
Hello @WoDkaBE,
it's out there already, please see this post. However, it's a .deb package, not a TAR archive and as such it will override previous .deb package versions on installation.
Right now I'm waiting for the Linux version of 3.2, which just appeared for Windoze. Win Java files can't be used anymore for the Linux version since TP-Link checks for the platform it is running on in the main start procedure (introduced in v3.0).
If I were TP-Link, I would combine both platform versions into only one (can be done easily!) and get rid of the Apache Commons Daemon, which isn't needed if one uses standard Unix/Linux tools for Privilege Separation as the community versions did up to v2.7.0. This would allow to use Java classes files from Win also on Linux and there would be no delay in publishing a version for both OSes.
- Copy Link
- Report Inappropriate Content
Questionmark wrote
Maybe you should officially suggest combining the Windows and Linux version. It sounds like a great idea to me! They just might listen. By now, they should know that you know what you are talking about...
Hi Questionmark,
thanks for your kind suggestion, but I did suggest the best way to add privilege separation to R&D in last three years many times.
In fact, EAP Controller for Linux community versions 2.4 to 2.7 have been sharing the same Java classes with Windows until privilege separation had been added in v3.0.1. The way this was done caused the split of the main start class (and only this is of interest here, there are still other classes which can be left platform-specific) into two different main classes, one for Windows and one for Linux. It's a long story, if you are interested in, read on.
Only days after the first Linux release of EAP Controller (v2.4.2) was published, I noticed missing privilege separation in the software (it was running as a root process), which is a big security threat to any OS. I did inform TP-Link immediately. You can even find forum posts about this security hole still here in the forum archive. But it needed several hacked Internet servers and take-overs through well-known holes in EAP-Controller's embedded Java many months later until TP-Link did recognize the ramifications of using a broken RMI method in the JRE together with lacking privilege separation.
One of the compromised servers was supported by me back then and thus I could learn the cracker's method for exploiting a server. Finally, I was able to proof my claims by creating a script to exploit public servers running EAP Controller, to become root and be able to remotely modify any file on the compromised system. Eventually, after learning about this proof-of-concept, TP-Link's R&D did implement the missing privilege separation in official v3.0.1 and did update the Java code to not require Java RMI (Remote Method Invocation) anymore.
So far, so good.
But they implemented privilege separation using the Apache Commons Daemon instead of standard Unix/Linux tools like start-stop-daemon, daemonize etc. as suggested by the fix in my inofficial Linux versions of EAP Controller v2.5 and 2.6, which already did have privilege separation months before v3 came out (I hadn't time to wait for R&D, sorry). Instead they choosed ACD/jsvc - which, BTW, also has vulnerability reports - and thus needed to add the OS query in the EAP Controller's main class, now becoming actually two classes, one for Linux and one for Windows. Although TP-Link did add some fixes from my script to their control.sh script, they did not implement the simple, error-proof, good old Unix method of privilege separation available in Linux too, which I did sent to R&D more than only once.
This choice of ACD is the reason why we can't just take over the Windows classes to Linux anymore to create an own community version controller as soon as the Windows release appears. It's just this one query in the main class and ACD which needs to be removed to make the Win Java classes of EAP Controller work on Linux, too. Of course, there are many other places where EAP Controller queries for the platform and those queries absolutely make sense there (e.g. for calling netstat or a listing of the process table, they differ between Windows and Linux), but it's the query in the main class which is the problem here.
Maybe you understand why I won't suggest it anymore - I already did so, but TP-Link did choose ACD, albeit their Java does not need to acquire root prvileges, but just to release root privileges from the start script. Thus, the ACD/jsvc method in the Java layer is IMHO the wrong method to fix this, at least if you want to keep the Java code portable.
Anyway, I still add my own script to and remove the embedded JRE from each official Linux version as soon as it is available and I have some time to build a package.
- Copy Link
- Report Inappropriate Content
Hi AlienMind.
I installed Omada_3.2.1.0_x86_64.qpkg on my TS-251 Qnap Nas one hour ago, but it doesn't run.
When I tap the app, it opens the same IP of nas port 18888. I have opened the port in my router (TCP & UDP), but nothing has changed. (see image above)
I think you have installed a Linux version in your Nas. Isn't it?
Is it easy to do (I'm not an expert).
Where can I find a guide (or tutorial for doing this)?
Thank you
Luca
- Copy Link
- Report Inappropriate Content
Information
Helpful: 9
Views: 59406
Replies: 109