Hi Francois, Thank you very much! Yes the problem with the place we are deploying it is that they have no Active Directory or radius or any kind of user management for that network. The people who are using the network - some are staff there all year, some are students for most of the year and some are students only there for 1 month. Because of that I need some kind web interface to add users/passwords.
I was going to use local authentication (user.conf) with some kind of htpasswd frontend (like webmin) to create/change password/delete users. Would this still work for wireless devices? I also considered radius with sql database + a web frontend like dialupadmin or daloradius. Is that possible now that pf 3.0 has some kind of sql configuration files? The guest manager looks to be very close to what I want - can it be adjusted for longer access durations that 5 days? Sorry for bombarding you with questions. Thanks again for answering the original one. Regards, Junaid On Fri, Sep 23, 2011 at 4:57 PM, Francois Gaudreault <[email protected]> wrote: > The RADIUS server that comes with PF is NOT designed to perform > authentication for users, only for devices (mac auth, 802.1x). You should > have an infrastructure RADIUS that does user authentication. > > Now, if you want to use the RADIUS server that comes with PF, you will need > to tweak things a little bit. You will need to overload the files module to > point to another user file (see /etc/raddb/modules/files, you have an > example), and create a new virtual-server in your RADIUS server to serve > that new module name (so instead of files, use second_files). > > So rapidly, try that : > > /etc/raddb/modules/files, add : > files portal_users { > usersfile = ${confdir}/portal_users > } > > /etc/raddb/portal_users : > packet Cleartext-Password := "fence" > > /etc/raddb/radiusd.conf, add : > listen { > ipaddr = * > port = 1814 > type = auth > virtual_server = packetfence-portal > } > > /etc/raddb/sites-enabled/packetfence-portal: > server packetfence-portal { > > authorize { > suffix > preprocess > eap { > ok = return > } > portal_users > expiration > logintime > } > > authenticate { > Auth-Type PAP { > pap > } > } > > preacct { > } > > accounting { > } > > session { > radutmp > } > > post-auth { > exec > Post-Auth-Type REJECT { > attr_filter.access_reject > } > } > > pre-proxy { > } > > post-proxy { > eap > } > } > > And finally, in our radius.pm, make sure to point it to port 1814. > > Let me know how it works for you... > > > On 11-09-23 11:12 AM, Junaid wrote: > > Hello, > Just installed packetfence 3.0 > I am using radius for authentication but it seems to allow any > username or password on the captive portal screen? > Sorry I don't have much radius experience. > Does that have something to do with > > /etc/raddb/users > Add the following lines where we define that non EAP-messages should, > by default, lead to an > authentication acceptance > DEFAULT EAP-Message !* "", Auth-Type := Accept > > Regards, > Junaid > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
