The RADIUS server that comes with PF is NOT designed to perform
authentication for users, only for devices (mac auth, 802.1x). You
should have an infrastructure RADIUS that does user authentication.
Now, if you want to use the RADIUS server that comes with PF, you will
need to tweak things a little bit. You will need to overload the files
module to point to another user file (see /etc/raddb/modules/files, you
have an example), and create a new virtual-server in your RADIUS server
to serve that new module name (so instead of files, use second_files).
So rapidly, try that :
*/etc/raddb/modules/files*, add :
files portal_users {
usersfile = ${confdir}/portal_users
}
*/etc/raddb/portal_users :*
packet Cleartext-Password := "fence"
*/etc/raddb/radiusd.conf*, add :
listen {
ipaddr = *
port = 1814
type = auth
virtual_server = packetfence-portal
}
/*etc/raddb/sites-enabled/packetfence-portal:*
server packetfence-portal {
authorize {
suffix
preprocess
eap {
ok = return
}
portal_users
expiration
logintime
}
authenticate {
Auth-Type PAP {
pap
}
}
preacct {
}
accounting {
}
session {
radutmp
}
post-auth {
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
}
And finally, in our radius.pm, make sure to point it to port 1814.
Let me know how it works for you...
On 11-09-23 11:12 AM, Junaid wrote:
Hello,
Just installed packetfence 3.0
I am using radius for authentication but it seems to allow any
username or password on the captive portal screen?
Sorry I don't have much radius experience.
Does that have something to do with
/etc/raddb/users
Add the following lines where we define that non EAP-messages should,
by default, lead to an
authentication acceptance
DEFAULT EAP-Message !* "", Auth-Type := Accept
Regards,
Junaid
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
