Hi Francois, I think I got it working with sql (I used a completely separate mysql db). I will post config when fully tested.
Quick question: For the wireless AP eap settings - do I point them at the packetfence freeradius ports or this new virtual site one? Regards, Junaid On Fri, Sep 23, 2011 at 11:00 PM, Francois Gaudreault <[email protected]> wrote: > You might be able to use the actual sql.conf (make sure to put the right > db info in there). There are some table that you will need to import in > the PacketFence database, such as radcheck, but it might work. > > Good luck! > > On 11-09-23 5:55 PM, Junaid wrote: >> Hi Francois, >> I tested your fix and it worked with radtest. Thank you again! >> I'm going to try and look into a way to modify your fix for sql so I >> can get a web front-end going. >> >> Regards, >> Junaid >> >> On Fri, Sep 23, 2011 at 4:57 PM, Francois Gaudreault >> <[email protected]> wrote: >>> The RADIUS server that comes with PF is NOT designed to perform >>> authentication for users, only for devices (mac auth, 802.1x). You should >>> have an infrastructure RADIUS that does user authentication. >>> >>> Now, if you want to use the RADIUS server that comes with PF, you will need >>> to tweak things a little bit. You will need to overload the files module to >>> point to another user file (see /etc/raddb/modules/files, you have an >>> example), and create a new virtual-server in your RADIUS server to serve >>> that new module name (so instead of files, use second_files). >>> >>> So rapidly, try that : >>> >>> /etc/raddb/modules/files, add : >>> files portal_users { >>> usersfile = ${confdir}/portal_users >>> } >>> >>> /etc/raddb/portal_users : >>> packet Cleartext-Password := "fence" >>> >>> /etc/raddb/radiusd.conf, add : >>> listen { >>> ipaddr = * >>> port = 1814 >>> type = auth >>> virtual_server = packetfence-portal >>> } >>> >>> /etc/raddb/sites-enabled/packetfence-portal: >>> server packetfence-portal { >>> >>> authorize { >>> suffix >>> preprocess >>> eap { >>> ok = return >>> } >>> portal_users >>> expiration >>> logintime >>> } >>> >>> authenticate { >>> Auth-Type PAP { >>> pap >>> } >>> } >>> >>> preacct { >>> } >>> >>> accounting { >>> } >>> >>> session { >>> radutmp >>> } >>> >>> post-auth { >>> exec >>> Post-Auth-Type REJECT { >>> attr_filter.access_reject >>> } >>> } >>> >>> pre-proxy { >>> } >>> >>> post-proxy { >>> eap >>> } >>> } >>> >>> And finally, in our radius.pm, make sure to point it to port 1814. >>> >>> Let me know how it works for you... >>> >>> >>> On 11-09-23 11:12 AM, Junaid wrote: >>> >>> Hello, >>> Just installed packetfence 3.0 >>> I am using radius for authentication but it seems to allow any >>> username or password on the captive portal screen? >>> Sorry I don't have much radius experience. >>> Does that have something to do with >>> >>> /etc/raddb/users >>> Add the following lines where we define that non EAP-messages should, >>> by default, lead to an >>> authentication acceptance >>> DEFAULT EAP-Message !* "", Auth-Type := Accept >>> >>> Regards, >>> Junaid >>> >>> ------------------------------------------------------------------------------ >>> All of the data generated in your IT infrastructure is seriously valuable. >>> Why? It contains a definitive record of application performance, security >>> threats, fraudulent activity, and more. Splunk takes this data and makes >>> sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy2 >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> >>> -- >>> Francois Gaudreault, ing. jr >>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >>> (www.packetfence.org) >>> >>> ------------------------------------------------------------------------------ >>> All of the data generated in your IT infrastructure is seriously valuable. >>> Why? It contains a definitive record of application performance, security >>> threats, fraudulent activity, and more. Splunk takes this data and makes >>> sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy2 >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2dcopy2 >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
