Omada EAP controller for Linux

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada EAP controller for Linux

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada EAP controller for Linux
Omada EAP controller for Linux
2018-04-03 19:33:10
Model :

Hardware Version :

Firmware Version :

ISP :

Is there a projected release date for the Linux version of the Omada EAP controller (2.6)?
  0      
  0      
#1
Options
48 Reply
Re:Omada EAP controller for Linux
2018-04-14 06:39:59
New Windows version released. Where's the Linux love?
  0  
  0  
#2
Options
Re:Omada EAP controller for Linux
2018-05-08 22:38:08
It would be nice to know if they plan on continuing to update the Linux version... It's disappointing that it hasn't been updated in a while.
  0  
  0  
#3
Options
Re:Omada EAP controller for Linux
2018-05-11 01:02:06
I'd like to push this thread up as a Linux version of Omada controller 2.6 would be awesome...
  0  
  0  
#4
Options
Re:Omada EAP controller for Linux
2018-05-12 05:09:44
It would be helpful if you could open a ticket with support, too, asking for the Linux version of Omada Controller 2.6.x. It makes not much sense to request the Linux version here in the user's forum.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#5
Options
Re:Omada EAP controller for Linux
2018-05-12 05:39:11
I did send an email request about this to support. If I ever hear anything I will post back here. Just wondering if others here had any information.
  0  
  0  
#6
Options
Re:Omada EAP controller for Linux
2018-05-13 07:18:08

newlinux wrote

I did send an email request about this to support.


That's great.

Just wondering if others here had any information.


I have no information of release dates, but I was being told that the most annoying bugs in Omada Controller I did report will be fixed not before Linux version 2.7, so I'll wait until then. However, the more people demand the Linux version, the faster it should be released (I hope so at least).

Still wondering wether there are really so many users who use Windoze in business applications (wish them good luck then! ;)).
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#7
Options
Re:Omada EAP controller for Linux
2018-05-17 15:08:05
+1 also waiting on a new release of the Omada controller on Linux
  0  
  0  
#8
Options
Omada EAP Controller 2.6.1 for Linux
2018-05-25 22:15:55 - last edited 2018-08-03 01:31:21

Hi guys!

I've waited long enough for TP-Link to release a newer version of EAP Controller for Linux, so I grabbed the new V2.6.1 just released for Windows and ported it to Linux for myself. I make this version available in the hope you will enjoy and probably help to test it further, so we can move on with new APs such as EAP225-Outdoor, which requires Controller v2.6.x.

I did wait for v2.6.1 because this version is supposed to fix multiple security bugs already being openly discussed such as CVE-2018-10164, CVE-2018-10165, CVE-2018-10166, CVE-2018-10167 and CVE-2018-10168.

But be warned: Although my setup of EAP Controller introduces privilege separation to fix a nasty root exploit in versions 2.4.x to v2.6.x I discovered and reported to TP-Link already last year, it still might be vulnerable, although my version will not allow to remotely change files outside the EAPController directory tree as do other versions. So, please read the following advice:

- If you are familiar with Linux firewalls and know what you do, you can run EAP Controller on public servers, but you have to block all EAPC ports not needed from the outside (read this twice!).

- If you want to be on the safe side without any special firewall setup, use EAP Controller only in private LANs, not on public servers.

Standard disclaimer: This software is no official release, it's a "fan-made movie". ;) By using it, you agree that there is no warranty, no support, not even a promise that the software fits for any purpose except academic research, LOL. Use on your own risk, but for your own fun! Fasten seat bells when running it.

Since the forum doesn't allow uploads anymore and I can't attach files to this post, here is how to download the EAP Controller v2.6.1 for Linux by anon FTP:

 

Update #2: The community version of Omada Controller 2.7.0 for Linux is here. It is supposed that TP-Link fixed all the known bugs mentioned above, while tpeap as usual adds Privilege Separation for enhanced security.

 

Update #1: For the new, improved tpeap v1.1, see the post #26 on page 3.


FTP to: ftp.rent-a-guru.de
Username: anonymous
Password: your mail address
Change directory: cd /private
Set bin mode: binary
Get TAR archive: get eapc-2.6.1.tar.gz
Exit from FTP: quit

Note that you will not be able to see a listing of the FTP directory /private nor see any files therein, but you can download the file eapc-2.6.1.tar.gz.

 

SHA256 sum for the file:

8761cd203ba2af53fb5dcf4dc74cc6899db1b3031d2c722ad067957dfa477289 *eapc-2.6.1.tar.gz

Read this recipe first to the end before changing anything in your setup, especially read the paragraph about saving your old config.

Let's go:

To install EAP Controller v2.6.1 I recommend to save your current version first. Rename /opt/tplink/EAPController to /opt/tplink/EAPController-x.y.z, where x, y and z are replaced by the version number of your current software.

IMPORTANT: In order to get right ownership of files you need to create a role account for the EAP Controller user first. I suggest you either create a role account as described below before unpacking the TAR archive in its final installation /opt/tplink/. This way, you don't have to fiddle with right ownership of the files.

To create a role account, execute following command as root:

 

adduser --system --disabled-login --group --no-create-home \
        --home /opt/tplink/EAPController --gecos "EAPC privilege separation" \
        --shell /bin/bash eapc


Next, unpack the TAR archive downloaded by FTP as user root directly in /opt/tplink/ or in any other directory of your choice. It will create two subdirectories, one is EAPController-2.6.1, the other is tpeap, my improved start/stop script for the Controller.

You don't need to use /opt/tplink for the installation, but you need to create a symlink /opt/tplink/EAPController pointing to the actual installation directory such as /whatever/directory/EAPController-2.6.1.

The tpeap script is already installed in the EAP Controller v2.6.1, so you don't need to copy it over, but since there is a nice README and a man page, I did include the complete tpeap package separately. You can install the man page in your online manual - see the man page for the man command to find out the directory name for local man pages.

As explained above, now create a symlink /opt/tplink/EAPController pointing to /opt/tplink/EAPController-2.6.1. This way, you can easily switch back to your old software if you wish to do so by simply changing the symlink.

Next, create a symlink /etc/init.d/tpeap pointing to /opt/tplink/EAPController/bin/tpeap. Run the command update-rc.d tpeap if you want to have EAP Controller started automatically at reboot of your server. For usage of update-rc.d RTFM. Note that I here use the name EAPController, not the actual installation directory. This simplifies future updates significantly and tpeap can even be used to start your old EAP Controller version, if you correct its files ownership as outlined in the README!

If you want, you can install another symlink /usr/bin/tpeap pointing to the start/stop script /opt/tplink/EAPController/bin/tpeap, so you can easily start and stop EAPController by just typing this new command instead of the full path name of the script.

See the README if you are unsure how to create those symlinks.

One more step: If you want to save your old config, copy the content of the data subdirectory over to EAPController-2.6.1. Make sure to not change ownership of files, since eapc needs write permissions to those files! I tested this with a config from v2.5.3, but if you are upgrading from earlier EAP Controller versions, it might fail. In the latter case you might want to make a backup of the settings through the web UI and install it later the same way in v2.6.1. I didn't test this, because I type much faster in the command line than you can even grab your mouse. :)

Note that tpeap will background itself to start/stop the EAP Controller, so don't panic if the controller does not start immediately after tpeap exits. If you want to run tpeap in the foreground as the old tpeap script did, run the new script with option -w. For more options/arguments of tpeap again RTFM.

Note that v2.6.1 needs more time to start up than previous versions needed. If your system is a slow one and tpeap exits too fast, you might to want increase the value of the WAIT_TIME variable in the script.

After start of EAPController connect to it using a web browser as usual.

Sunshine!

PS: If you want to read more about the privilege separation, see the README included in the tpeap distribution or search for my old posts in this forum (search keys: "privilege separation", "eapc", "pharosctl" for the same for Pharos Controller).

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#9
Options
Re:Omada EAP controller for Linux
2018-05-26 00:33:35

R1D2 wrote

Hi guys!I've waited long enough for TP-Link to release a newer version of EAP Controller for Linux, so I grabbed the new V2.6.1 just released for Windows and ported it to Linux for myself. I make this version available in the hope you will enjoy and probably help to test it further, so we can move on with new APs such as EAP225-Outdoor, which requires Controller v2.6.x.I did wait for v2.6.1 because this version is supposed to fix multiple security bugs already being openly discussed such as CVE-2018-10164, CVE-2018-10165, CVE-2018-10166, CVE-2018-10167 and CVE-2018-10168. But be warned: Although my setup of EAP Controller introduces privilege separation to fix a nasty root exploit in versions 2.4.x to v2.6.x I discovered and reported to TP-Link already last year, it still might be vulnerable, although my version will not allow to remotely change files outside the EAPController directory tree as do other versions. So, please read the following advice carefully:- If you are familiar with Linux firewalls and know what you do, you can run EAP Controller on public servers, but you have to block all ports not needed from the outside (read this twice!).- If you want to be on the safe side without any special firewall setup, use EAP Controller only in private LANs, not on public servers (read this again!).Standard disclaimer: This software is no official release, it's a "fan-made movie". ;) By using it, you agree that there is no warranty, no support, not even a promise that the software fits for any purpose except academic research, LOL. Use on your own risk, but for your own fun! Fasten seat bells when running it.Since the forum doesn't allow uploads anymore and I can't attach files to this post, here is how to download the EAP Controller v2.6.1 for Linux by anon FTP:FTP to: ftp.rent-a-guru.deUsername: anonymousPassword: your mail addressChange directory: cd /privateSet bin mode: binaryGet TAR archive: get eapc-2.6.1.tar.gzExit from FTP: quitNote that you will not be able to see a listing of the FTP directory /private nor see any files therein, but you can download the file eapc-2.6.1.tar.gz. Read this recipe first to the end before changing anything in your setup, especially read the paragraph about saving your old config.Let's go:To install EAP Controller v2.6.1 I recommend to save your current version first. Rename /opt/tplink/EAPController to /opt/tplink/EAPController-x.y.z, where x, y and z are replaced by the version number of your current software.Unpack the TAR archive downloaded by FTP as user root either directly in /opt/tplink/ or in any other directory of your choice. It will create two subdirectories, one is EAPController-2.6.1, the other is tpeap, my improved start/stop script for the Controller. The tpeap script is already installed in the EAP Controller v2.6.1, so you don't need to fiddle with it, but since there is a nice README and a man page, I did include it separately. You can install the man page in your online manual - see the man page of man for the name of the directory to install new man pages for local commands.Follow the the first steps in the README and set up a role account (username eapc, group eapc), but ignore the following steps about correcting file ownership. My setup already comes with correct file ownership. You just need to create the new eapc user.Next, install a symlink /opt/tplink/EAPController pointing to /opt/tplink/EAPController-2.6.1. This way, you can easily switch back to your old software if you wish to do so by simply changing the symlink.Now install a symlink /etc/init.d/tpeap pointing to /opt/tplink/EAPController/bin/tpeap. Run the command update-rc.d tpeap if you want to have EAP Controller started automatically at reboot of your server. For usage of update-rc.d again RTFMIf you want, you can install another symlink /usr/bin/tpeap pointing to the start/stop script /opt/tplink/EAPController/bin/tpeap, so you can easily start and stop EAPController by just typing this new command instead of the full path name of the script.See the README if you are unsure how to do create those symlinks.One more step: If you want to save your old config, copy the content of the data subdirectory over to EAPController-2.6.1. Make sure to not change ownership of files, since eapc needs write permissions to those files! I tested this with a config from v2.5.3, but if you are upgrading from earlier EAP Controller versions, it might fail. In the latter case you might want to make a backup of the settings through the web UI and install it later the same way in v2.6.1. I didn't test this, because I type much faster in the command line than you can even grab your mouse. :)Note that tpeap will background itself to start/stop the EAP Controller, so don't panic if the controller does not start immediately after tpeap exits. If you want to run tpeap in the foreground as the old tpeap script did, run the new script with option -w. For more options/arguments of tpeap RTFM.Note that v2.6.1 needs more time to start up than previous versions needed. If your system is a slow one and tpeap exits too fast, you might to want increase the value of the WAIT_TIME variable in the script.After start of EAPController connect to it using a web browser as usual.Sunshine!PS: This new forum setup on a faster server sucks. TP-Link broke the formatting of forum posts, so I'm not going to explain the privilege separation introduced by my tpeap script here in greater detail, sorry. If you want to read more about the privilege separation, see the README included in the tpeap distribution or search for my old posts in this forum (search keys: "privilege separation", "eapc", "pharosctl" for the same for Pharos Controller).
Great, thanks for the port.I will test in a few days.Br,E-raser
  0  
  0  
#10
Options
Pharos Control 2.0.4 for Linux
2018-05-26 04:03:11 - last edited 2018-07-25 08:48:33

And while we're at it:

Find here Pharos Control v2.0.4 for Linux with privilege separation fixing security bugs such as visible admin passwords in the database:

FTP to: ftp.rent-a-guru.de
Username: anonymous
Password: your mail address
Change directory: cd /private
Set bin mode: binary
Get TAR archive: get PharosControl-2.0.4.tar.gz
Exit from FTP: quit

 

SHA256 sum for the file:

8aabd1eff80b5a9c9a58fb0befb0ae71f7beaaa9706a665c6cee9108ed995802 *PharosControl-2.0.4.tar.gz


Same story, same game: you need to create a role account for the Pharos Control server:

adduser --system --disabled-login --group \
        --no-create-home \
        --home /opt/pharoscontrol \
        --gecos "Pharos Control Privilege Separation" \
        --shell /bin/bash pharos

 

Then extract the TAR archive into /opt/tplink, create a symlink PharosControl therein pointing to PharosControl-2.0.4.

Install PharosControl/bin/pharosctl into /etc/init.d and - if you wish - into /usr/bin (again with symlinks) and there you are. A README is included, also a man page for pharosctl.

Note that you need an external Java Runtime Environment to run Pharos Control, for example the latest Oracle JRE (the EAP JRE is not recommended for Pharos Control).

This one was harder to port to Linux, I needed to use the Java class for starting up the server on headless systems from the old version. Also, it still needs testing, but looks fine so far. Update: saving firmware files in the Pharos repository for batch updates doesn't work yet.

More sunshine! ;)

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#11
Options

Information

Helpful: 0

Views: 13769

Replies: 48

Related Articles