Hi,yes it doesn't look like an issue with packetfence but has i said you can use
tshark -i eth0 -f "port 389" -w ldap.pcap and open this file with wireshark to see exactly what is the answer of the ldap server. Regards Fabrice Le 2015-03-25 20:38, Steven Jones a écrit :
Hi, I have tried to connect with jxplorer to 2012r2 to look at the OUs etc and failed but the same jxplorer config (except changing the IP address) works with 2003r2. So it is'nt packetfence I suspect. regards Steven ________________________________ From: Durand fabrice <[email protected]> Sent: Thursday, 26 March 2015 1:11 p.m. To: [email protected] Subject: Re: [PacketFence-users] inline manual / cli setip guide by example. Scope is this: http://www.idevelopment.info/data/LDAP/LDAP_Resources/SEARCH_Setting_the_SCOPE_Parameter.shtml But first try something like this: basedn=DC=vuw,DC=ac,DC=nz scope=sub btw you can use adsiedit.msc on the AD server or ldapsearch on pf side to have the correct info.(i use that all the times) Also there is an example there: https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Administration_Guide.asciidoc#example To debug ldap issue i always use 'tshark -i eth0 -f "port 389"' to see what is wrong. Regards Fabrice Le 2015-03-25 19:55, Steven Jones a écrit : AD. I dont understand what "scope" is either, neither does our AD person, LOL. I have tried just about every conceivable permutation, no joy. regards Steven ________________________________ From: Durand fabrice <[email protected]><mailto:[email protected]> Sent: Thursday, 26 March 2015 12:27 p.m. To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] inline manual / cli setip guide by example. Le 2015-03-25 19:14, Steven Jones a écrit : 8><---- Other option if you have an Active Directory then you are able to configure it (Configuration -> Sources -> AD) and add it to the source list of the inline_test portal to use it. 8><---- So I am trying to do that and failing. In fact packetfence do a bind with the bind dn /password and do a search for the user in the AD (so a user with read access is enought) then try a bind with the username/password provided on the portal. What is the minimum permissions I can give the user? bear in mind the password is stored in plain text so a full read / write domain admin account would be absolutely crazy. Anyway I have given the user a full domain account and cannot bind so I assume I simply cannot convert the AD, output from the authentication.conf file is, binddn=CN=svc_packetf_ReadAD,CN=Users,DC=staff,DC=vuw,DC=ac,DC=nz basedn=CN=Users,DC=staff,DC=vuw,DC=ac,DC=nz usernameattribute=svc_packetf_ReadAD is it an active directory or an LDAP server ? in AD it should be something like that: Username Attribute= sAMAccountName Regards Fabrice ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]><mailto:[email protected]><mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
