hello.
im new user in packetfence. i had stuck 2 day for configuration radius +
openldap on packetfence.
im using packetfence latest version 5.5.2 operating system centos 6.5
first problem.
i follow administrator guide packetfence at page 38. "Next in
/usr/local/pf/raddb/sites-available/packetfence-tunnel add in the authorize
section: "
theres no file packetfence-tunnel, so i copied from
/usr/local/pf/conf/packetfence-tunnel to directory
/usr/local/pf/raddb/sites-available/.
second problem.
after i finish the configuration and run debug radiusd theres no error,
but if i try radtest command even with wrong password the respons reply
from radius always access-accept.
# radtest jack jaringan x.x.23.67:18120 12 testing123
Sending Access-Request of id 167 to x.x.23.67 port 18120
User-Name = "jack"
User-Password = "jaringan"
NAS-IP-Address = 127.0.0.1
NAS-Port = 12
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host x.x.23.67 port 18120, id=167,
length=20
# radtest jack jaringan123 x.x.23.67:18120 12 testing123
Sending Access-Request of id 156 to x.x.23.67 port 18120
User-Name = "jack"
User-Password = "jaringan123"
NAS-IP-Address = 127.0.0.1
NAS-Port = 12
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host x.x.23.67 port 18120, id=156,
length=20
here log for radius debug while radtest:
rad_recv: Access-Request packet from host x.x23.67 port 38706, id=167,
length=75
User-Name = "jack"
User-Password = "jaringan"
NAS-IP-Address = 127.0.0.1
NAS-Port = 12
Message-Authenticator = 0x122c5024460340265a7bedc1f6f16337
# Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "jack", skipping NULL due to config.
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 5
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [jack] (from client localhost port 12)
# Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 167 to x.x23.67 port 38706
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 167 with timestamp +55
Ready to process requests.
rad_recv: Access-Request packet from host x.x23.67 port 48279, id=156,
length=75
User-Name = "jack"
User-Password = "jaringan123"
NAS-IP-Address = 127.0.0.1
NAS-Port = 12
Message-Authenticator = 0x71b949c2c074b564fad4c1c1716ade1e
# Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "jack", skipping NULL due to config.
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 5
++[files] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [jack] (from client localhost port 12)
# Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 156 to x.x23.67 port 48279
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 156 with timestamp +161
Ready to process requests.
- from the log output i think radiusd doesnt try to browse ldap user. but
why radiusd always reply access-accept even theres no user jack or wrong
password for jack?
please give me some advice
sorry for my bad english
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
This
email has been sent from a virus-free computer protected by Avast.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
