Hi Francois, I tested your fix and it worked with radtest. Thank you again! I'm going to try and look into a way to modify your fix for sql so I can get a web front-end going.
Regards, Junaid On Fri, Sep 23, 2011 at 4:57 PM, Francois Gaudreault <[email protected]> wrote: > The RADIUS server that comes with PF is NOT designed to perform > authentication for users, only for devices (mac auth, 802.1x). You should > have an infrastructure RADIUS that does user authentication. > > Now, if you want to use the RADIUS server that comes with PF, you will need > to tweak things a little bit. You will need to overload the files module to > point to another user file (see /etc/raddb/modules/files, you have an > example), and create a new virtual-server in your RADIUS server to serve > that new module name (so instead of files, use second_files). > > So rapidly, try that : > > /etc/raddb/modules/files, add : > files portal_users { > usersfile = ${confdir}/portal_users > } > > /etc/raddb/portal_users : > packet Cleartext-Password := "fence" > > /etc/raddb/radiusd.conf, add : > listen { > ipaddr = * > port = 1814 > type = auth > virtual_server = packetfence-portal > } > > /etc/raddb/sites-enabled/packetfence-portal: > server packetfence-portal { > > authorize { > suffix > preprocess > eap { > ok = return > } > portal_users > expiration > logintime > } > > authenticate { > Auth-Type PAP { > pap > } > } > > preacct { > } > > accounting { > } > > session { > radutmp > } > > post-auth { > exec > Post-Auth-Type REJECT { > attr_filter.access_reject > } > } > > pre-proxy { > } > > post-proxy { > eap > } > } > > And finally, in our radius.pm, make sure to point it to port 1814. > > Let me know how it works for you... > > > On 11-09-23 11:12 AM, Junaid wrote: > > Hello, > Just installed packetfence 3.0 > I am using radius for authentication but it seems to allow any > username or password on the captive portal screen? > Sorry I don't have much radius experience. > Does that have something to do with > > /etc/raddb/users > Add the following lines where we define that non EAP-messages should, > by default, lead to an > authentication acceptance > DEFAULT EAP-Message !* "", Auth-Type := Accept > > Regards, > Junaid > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
