Hi Francois, Thanks again. What do you mean by tweak the mschap module? I installed the packetfence freeradius rpm.
Regards, Junaid On Mon, Sep 26, 2011 at 1:35 PM, Francois Gaudreault <[email protected]> wrote: > That's correct. You need to point it to the packetfence (aka default) > freeradius port (1812). Don't forget to tweak the mschap module. > > On 11-09-25 6:21 PM, Junaid wrote: >> Hi Francois, >> I think I got it working with sql (I used a completely separate mysql >> db). I will post config when fully tested. >> >> Quick question: >> >> For the wireless AP eap settings - do I point them at the packetfence >> freeradius ports or this new virtual site one? >> >> Regards, >> Junaid >> >> On Fri, Sep 23, 2011 at 11:00 PM, Francois Gaudreault >> <[email protected]> wrote: >>> You might be able to use the actual sql.conf (make sure to put the right >>> db info in there). There are some table that you will need to import in >>> the PacketFence database, such as radcheck, but it might work. >>> >>> Good luck! >>> >>> On 11-09-23 5:55 PM, Junaid wrote: >>>> Hi Francois, >>>> I tested your fix and it worked with radtest. Thank you again! >>>> I'm going to try and look into a way to modify your fix for sql so I >>>> can get a web front-end going. >>>> >>>> Regards, >>>> Junaid >>>> >>>> On Fri, Sep 23, 2011 at 4:57 PM, Francois Gaudreault >>>> <[email protected]> wrote: >>>>> The RADIUS server that comes with PF is NOT designed to perform >>>>> authentication for users, only for devices (mac auth, 802.1x). You should >>>>> have an infrastructure RADIUS that does user authentication. >>>>> >>>>> Now, if you want to use the RADIUS server that comes with PF, you will >>>>> need >>>>> to tweak things a little bit. You will need to overload the files module >>>>> to >>>>> point to another user file (see /etc/raddb/modules/files, you have an >>>>> example), and create a new virtual-server in your RADIUS server to serve >>>>> that new module name (so instead of files, use second_files). >>>>> >>>>> So rapidly, try that : >>>>> >>>>> /etc/raddb/modules/files, add : >>>>> files portal_users { >>>>> usersfile = ${confdir}/portal_users >>>>> } >>>>> >>>>> /etc/raddb/portal_users : >>>>> packet Cleartext-Password := "fence" >>>>> >>>>> /etc/raddb/radiusd.conf, add : >>>>> listen { >>>>> ipaddr = * >>>>> port = 1814 >>>>> type = auth >>>>> virtual_server = packetfence-portal >>>>> } >>>>> >>>>> /etc/raddb/sites-enabled/packetfence-portal: >>>>> server packetfence-portal { >>>>> >>>>> authorize { >>>>> suffix >>>>> preprocess >>>>> eap { >>>>> ok = return >>>>> } >>>>> portal_users >>>>> expiration >>>>> logintime >>>>> } >>>>> >>>>> authenticate { >>>>> Auth-Type PAP { >>>>> pap >>>>> } >>>>> } >>>>> >>>>> preacct { >>>>> } >>>>> >>>>> accounting { >>>>> } >>>>> >>>>> session { >>>>> radutmp >>>>> } >>>>> >>>>> post-auth { >>>>> exec >>>>> Post-Auth-Type REJECT { >>>>> attr_filter.access_reject >>>>> } >>>>> } >>>>> >>>>> pre-proxy { >>>>> } >>>>> >>>>> post-proxy { >>>>> eap >>>>> } >>>>> } >>>>> >>>>> And finally, in our radius.pm, make sure to point it to port 1814. >>>>> >>>>> Let me know how it works for you... >>>>> >>>>> >>>>> On 11-09-23 11:12 AM, Junaid wrote: >>>>> >>>>> Hello, >>>>> Just installed packetfence 3.0 >>>>> I am using radius for authentication but it seems to allow any >>>>> username or password on the captive portal screen? >>>>> Sorry I don't have much radius experience. >>>>> Does that have something to do with >>>>> >>>>> /etc/raddb/users >>>>> Add the following lines where we define that non EAP-messages should, >>>>> by default, lead to an >>>>> authentication acceptance >>>>> DEFAULT EAP-Message !* "", Auth-Type := Accept >>>>> >>>>> Regards, >>>>> Junaid >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> All of the data generated in your IT infrastructure is seriously valuable. >>>>> Why? It contains a definitive record of application performance, security >>>>> threats, fraudulent activity, and more. Splunk takes this data and makes >>>>> sense of it. IT sense. And common sense. >>>>> http://p.sf.net/sfu/splunk-d2dcopy2 >>>>> _______________________________________________ >>>>> Packetfence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> >>>>> -- >>>>> Francois Gaudreault, ing. jr >>>>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >>>>> (www.packetfence.org) >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> All of the data generated in your IT infrastructure is seriously valuable. >>>>> Why? It contains a definitive record of application performance, security >>>>> threats, fraudulent activity, and more. Splunk takes this data and makes >>>>> sense of it. IT sense. And common sense. >>>>> http://p.sf.net/sfu/splunk-d2dcopy2 >>>>> _______________________________________________ >>>>> Packetfence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> ------------------------------------------------------------------------------ >>>> All of the data generated in your IT infrastructure is seriously valuable. >>>> Why? It contains a definitive record of application performance, security >>>> threats, fraudulent activity, and more. Splunk takes this data and makes >>>> sense of it. IT sense. And common sense. >>>> http://p.sf.net/sfu/splunk-d2dcopy2 >>>> _______________________________________________ >>>> Packetfence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> -- >>> Francois Gaudreault, ing. jr >>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >>> (www.packetfence.org) >>> >>> >>> ------------------------------------------------------------------------------ >>> All of the data generated in your IT infrastructure is seriously valuable. >>> Why? It contains a definitive record of application performance, security >>> threats, fraudulent activity, and more. Splunk takes this data and makes >>> sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-d2dcopy2 >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2dcopy2 >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
