Le 16/10/2014 15:38, Derek Wuelfrath a écrit :
> Hello Denis,
>
> Do you mind sharing both sites-enabled/packetfence and
> sites-enabled/packetfence-tunnel ?
>
Of course, these files are quite standard, I just modified authorize
section il packetfence-tunnel, and it worked perfectly for establishing
802.1x connexion.
>> So, where do I need to rewrite User-Name for passing it to PacketFence,
>> in radius conf files ? in packetfence.pm ?
> That kind of stuff should be done in sites-enabled/* since FreeRADIUS already
> have all the modules to do that.
The problem is that I wasn't able to find where things are passed to PF
for the setvlan process, I tried many places, without success...
Thanks,
Denis.
>
-------------------------------------------------------------------
server packetfence-tunnel {
authorize {
suffix
ntdomain
if (User-Name =~ /host\/(.*)/i) {
update request {
Stripped-User-Name = "%{1}$";
}
}
eap {
ok = return
}
files
ldap
expiration
logintime
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
session {
radutmp
}
post-auth {
exec
if ( User-Name =~ /^[^\\]+[\\]+([^\\]+)/ ) {
update request {
User-Name := "%{1}";
}
}
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
} # packetfence-tunnel server block
--------------------------------------------------------
# packetfence
server packetfence {
authorize {
suffix
preprocess
eap {
ok = return
}
files
expiration
logintime
update request {
FreeRADIUS-Client-IP-Address := "%{Packet-Src-IP-Address}"
}
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
sql
attr_filter.accounting_response
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
}
session {
}
post-auth {
exec
# skip packetfence if we have already treated it in the
inner-tunnel
if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
}
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
}
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
