That's correct. You need to point it to the packetfence (aka default) freeradius port (1812). Don't forget to tweak the mschap module.
On 11-09-25 6:21 PM, Junaid wrote: > Hi Francois, > I think I got it working with sql (I used a completely separate mysql > db). I will post config when fully tested. > > Quick question: > > For the wireless AP eap settings - do I point them at the packetfence > freeradius ports or this new virtual site one? > > Regards, > Junaid > > On Fri, Sep 23, 2011 at 11:00 PM, Francois Gaudreault > <[email protected]> wrote: >> You might be able to use the actual sql.conf (make sure to put the right >> db info in there). There are some table that you will need to import in >> the PacketFence database, such as radcheck, but it might work. >> >> Good luck! >> >> On 11-09-23 5:55 PM, Junaid wrote: >>> Hi Francois, >>> I tested your fix and it worked with radtest. Thank you again! >>> I'm going to try and look into a way to modify your fix for sql so I >>> can get a web front-end going. >>> >>> Regards, >>> Junaid >>> >>> On Fri, Sep 23, 2011 at 4:57 PM, Francois Gaudreault >>> <[email protected]> wrote: >>>> The RADIUS server that comes with PF is NOT designed to perform >>>> authentication for users, only for devices (mac auth, 802.1x). You should >>>> have an infrastructure RADIUS that does user authentication. >>>> >>>> Now, if you want to use the RADIUS server that comes with PF, you will need >>>> to tweak things a little bit. You will need to overload the files module >>>> to >>>> point to another user file (see /etc/raddb/modules/files, you have an >>>> example), and create a new virtual-server in your RADIUS server to serve >>>> that new module name (so instead of files, use second_files). >>>> >>>> So rapidly, try that : >>>> >>>> /etc/raddb/modules/files, add : >>>> files portal_users { >>>> usersfile = ${confdir}/portal_users >>>> } >>>> >>>> /etc/raddb/portal_users : >>>> packet Cleartext-Password := "fence" >>>> >>>> /etc/raddb/radiusd.conf, add : >>>> listen { >>>> ipaddr = * >>>> port = 1814 >>>> type = auth >>>> virtual_server = packetfence-portal >>>> } >>>> >>>> /etc/raddb/sites-enabled/packetfence-portal: >>>> server packetfence-portal { >>>> >>>> authorize { >>>> suffix >>>> preprocess >>>> eap { >>>> ok = return >>>> } >>>> portal_users >>>> expiration >>>> logintime >>>> } >>>> >>>> authenticate { >>>> Auth-Type PAP { >>>> pap >>>> } >>>> } >>>> >>>> preacct { >>>> } >>>> >>>> accounting { >>>> } >>>> >>>> session { >>>> radutmp >>>> } >>>> >>>> post-auth { >>>> exec >>>> Post-Auth-Type REJECT { >>>> attr_filter.access_reject >>>> } >>>> } >>>> >>>> pre-proxy { >>>> } >>>> >>>> post-proxy { >>>> eap >>>> } >>>> } >>>> >>>> And finally, in our radius.pm, make sure to point it to port 1814. >>>> >>>> Let me know how it works for you... >>>> >>>> >>>> On 11-09-23 11:12 AM, Junaid wrote: >>>> >>>> Hello, >>>> Just installed packetfence 3.0 >>>> I am using radius for authentication but it seems to allow any >>>> username or password on the captive portal screen? >>>> Sorry I don't have much radius experience. >>>> Does that have something to do with >>>> >>>> /etc/raddb/users >>>> Add the following lines where we define that non EAP-messages should, >>>> by default, lead to an >>>> authentication acceptance >>>> DEFAULT EAP-Message !* "", Auth-Type := Accept >>>> >>>> Regards, >>>> Junaid >>>> >>>> ------------------------------------------------------------------------------ >>>> All of the data generated in your IT infrastructure is seriously valuable. >>>> Why? It contains a definitive record of application performance, security >>>> threats, fraudulent activity, and more. Splunk takes this data and makes >>>> sense of it. IT sense. And common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy2 >>>> _______________________________________________ >>>> Packetfence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>>> >>>> -- >>>> Francois Gaudreault, ing. jr >>>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >>>> (www.packetfence.org) >>>> >>>> ------------------------------------------------------------------------------ >>>> All of the data generated in your IT infrastructure is seriously valuable. >>>> Why? It contains a definitive record of application performance, security >>>> threats, fraudulent activity, and more. Splunk takes this data and makes >>>> sense of it. IT sense. And common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy2 >>>> _______________________________________________ >>>> Packetfence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> ------------------------------------------------------------------------------ >>> All of the data generated in your IT infrastructure is seriously valuable. >>> Why? It contains a definitive record of application performance, security >>> threats, fraudulent activity, and more. Splunk takes this data and makes >>> sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy2 >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> -- >> Francois Gaudreault, ing. jr >> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >> (www.packetfence.org) >> >> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2dcopy2 >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2dcopy2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
