Hi Chris, On 01/10/10 7:58 AM, cg wrote: > Hi, > > Not, I think, a Debian related question - but I can't be certain. PF > was working well, validating against freeRadius, itself validating > against LDAP. I completed the upgrade to 1.9.1 and the radius > authentication stopped working (apparently a known issue according to > the first clause of the UPGRADE doc). I posted a question about that > with no response so far.
I don't remember seeing the error posted. Makes it's kinda of hard to help.. it's been a while already thought.. Anyway, what was your error? in logs/packetfence.log and logs/error_log > So I am dropping radius mediation and having > PF validate directly against LDAP. It's set up as a 'public' server > (within our intranet) so I had to make the following mod to > conf/authentication/ldap.pm to have PF make 'anonymous' access to > LDAP : > > near line 130 - > > from : > my $result = $connection->bind($LDAPBindDN, $LDAPBindPassword); > > to: > my $result = $connection->bind; > > Authentication against LDAP now works fine. > > However, a user logging into the network is now left in the > 'registration' vlan. Previously, using the old PF version and > authentication against radius, the process went to completion and the > user was transferred to the 'regular' vlan. Here, the user is trapped > in 'registration'. I've checked and the switch port has been moved to > the 'regular' vlan but the last step doesn't happen and the user is > left hanging. Authentication modules only return a yes or no (actually a tuple success/error code). I would think that upgrading hosed something in your setup. Remember that Apache runs as user pf, needs to be able to execute pfcmd and flip.pl. pfcmd is setuid/setgid. Most under /usr/local/pf is owned by pf. Check your logs/packetfence.log, logs/error_log and try to find out what's not happening. If the switch VLANs are changed and you suggest it's only the port bounce that is not happening then it could also be because PacketFence somehow thinks that a VoIP device is also connected on that switchport and VoIP is enabled for that switch. Take a look at all that and let me know. Have a good one! -- Olivier Bilodeau obilod...@inverse.ca :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Packetfence-users mailing list Packetfence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
