thanks fabrice for your guidence.
its works.
i remove radius source and change to ldap server.
may i ask next question,? if im login using source ldap server, will radius
accounting record bandwidth for that user? if yes, where can i see that log
user accounting. ?
because next case i want to make violation based bandwidth and user cannot
login after several day.
sorry for my bad english. please give some advice.
On Tue, Jan 12, 2016 at 1:29 AM, Fabrice DURAND <[email protected]> wrote:
> Hello Jabang,
>
> can you explain me what you want to configure because when i see the log
> and the configuration your setup is not correct.
>
>
> First what you have to check is the password attribute in your ldap
> server, is it in clear text or in NTHASH format ?
> Next you ldap configuration is correct but not on the packetfence side,
> in the auth source you have to configure an ldap source and remove your
> radius source.
>
> And finally do you have a trace of the radius request ?
> (/usr/sbin/radiusd -d /usr/local/pf/raddb/ -n auth -X).
>
> Regards
> Fabrice
>
>
> Le 2016-01-11 10:03, jabang konate a écrit :
> > thanks fabrice for fast response.
> > yeah i know, but i already config freeradius to lookup ldap server.
> > here my config on /us/local/pf/raddb/modules/ldap.
> >
> > ldap openldap{
> > server = "ldap.iss.edu <http://ldap.iss.edu>"
> > identity = "cn=aplikasiRadius.iss.edu
> > <http://aplikasiRadius.iss.edu>,ou=managemen,dc=iss,dc=edu"
> > password = radiusitb167
> > basedn = "ou=people,dc=iss,dc=edu"
> > filter = "(uid=%u)"
> > #base_filter = "(objectclass=radiusprofile)"
> > ldap_connections_number = 5
> > timeout = 4
> > timelimit = 3
> > net_timeout = 1
> > }
> >
> >
> > file /usr/local/pf/conf/raddb
> > authorize {
> > suffix
> > ntdomain
> > %%multi_domain%%
> > eap {
> > ok = return
> > }
> > openldap
> > files
> > }
> > im following administrator guide packetfence at page 38.
> >
> > authentication i want to config looks like this.
> > - freeradius must lookup to openldap if user login
> >
> >
> >
> >
> > On Mon, Jan 11, 2016 at 6:41 PM, Fabrice Durand <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> >
> > Hello Jabang,
> >
> > You authenticate against localhostradius and not against a ldap3]
> > Calling
> > match with empty/invalid rule class. Defaulting to 'authentication'
> > (pf::authentication::match)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
> > Matched
> > rule (staff) in source localhostradius, returning actions.
> > (pf::Authentication::Source::match)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
> > Instantiate profile default
> > (pf::Portal::ProfileFactory::_from_profile)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
> > re-evaluating access (manage_register called)
> > (pf::enforcement::reevaluate_access)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] is
> > currentlog connected at (172.16.9.228) ifIndex 0 in VLAN 700
> > (pf::enforcement::_should_we_reassign_vlan)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
> > Instantiate profile default
> > (pf::Portal::ProfileFactory::_from_profile)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
> > Connection
> > type is WIRELESS_MAC_AUTH. Getting role from node_info
> > (pf::vlan::getNormalVlan)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
> > Username
> > was defined "c4420203e103" - returning role 'staff'
> > (pf::vlan::getNormalVlan)
> > Jan 11 01:27:25 httpd.portal(2441) WARN: [mac:c4:42:02:03:e1:03] No
> > parameter staffVlan found in conf/switches.conf for the switch
> > 172.16.9.228
> > (pf::Switch::getVlanByName)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] PID:
> > "sasa", Status: reg Returned VLAN: (undefined), Role: staff
> > (pf::vlan::fetchVlanForNode)
> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
> > switch
> > port is (172.16.9.228) ifIndex unknown connection type: WiFi MAC Auth
> > (pf::enforcement::_vlan_reevaluation)
> > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03]
> > Instantiate profile default
> > (pf::Portal::ProfileFactory::_from_profile)
> > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03]
> > Instantiate profile default
> > (pf::Portal::ProfileFactory::_from_profile)
> > Jan 11 01:27:26 httpd.webservices(2189) INFO: [mac:c4:42:02:03:e1:03]
> > [c4:42:02:03:e1:03] DesAssociating mac on switch (172.16.9.228)
> > (pf::api::desAssociate)
> > Jan 11 01:27:26 httpd.webservices(2189) INFO: [mac:c4:42:02:03:e1:03]
> > deauthenticating (pf::Switch::radiusDisconnect)
> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
> handling
> > radius autz request: from switch_ip => (172.16.9.228),
> > connection_type =>
> > Wireless-802.11-NoEAP,switch_mac => (38:ff:36:42:23:08), mac =>
> > [c4:42:02:03:e1:03], port => 0, username => "c4420203e103", ssid
> > => captive
> > (pf::radius::authorize)
> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
> > Instantiate
> > profile default (pf::Portal::ProfileFactory::_from_profile)
> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
> > Connection
> > type is WIRELESS_MAC_AUTH. Getting role from node_info
> > (pf::vlan::getNormalVlan)
> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
> > Username was
> > defined "c4420203e103" - returning role 'staff'
> > (pf::vlan::getNormalVlan)
> > Jan 11 01:27:26 httpd.aaa(2143) WARN: [mac:c4:42:02:03:e1:03] No
> > parameter
> > staffVlan found in conf/switches.conf for the switch 172.16.9.228
> > (pf::Switch::getVlanByName)
> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] PID:
> > "sasa",
> > Status: reg Returned VLAN: (undefined), Role: staff
> > (pf::vlan::fetchVlanForNode)
> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
> > (172.16.9.228) Returning ACCEPT with VLAN and role
> > (pf::Switch::returnRadiusAccessAccept)
> >
> >
> > please give me some advice. i stucked .
> > i just want is to make packetfence auth based openldap user through
> > freeradius, because later i want try limit quota.
> > <
> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >
> > This
> > email has been sent from a virus-free computer protected by Avast.
> > www.avast.com <http://www.avast.com>
> > <
> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
> >
> > <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> >
> >
>
>
> --
> Fabrice Durand
> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (
> http://packetfence.org)
>
>
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
This
email has been sent from a virus-free computer protected by Avast.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#-1810761378_DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
