hai fabrice, i know the log for radius accounting. the log accounting is
in database tables radacct. but if i try query,
select * from radacct where username='ldapuser';
Empty set (0.00 sec)
theres no record for that user.
On Thu, Jan 14, 2016 at 1:21 PM, jabang konate <[email protected]>
wrote:
> thanks fabrice for your guidence.
> its works.
> i remove radius source and change to ldap server.
> may i ask next question,? if im login using source ldap server, will
> radius accounting record bandwidth for that user? if yes, where can i see
> that log user accounting. ?
>
> because next case i want to make violation based bandwidth and user cannot
> login after several day.
>
> sorry for my bad english. please give some advice.
>
>
> On Tue, Jan 12, 2016 at 1:29 AM, Fabrice DURAND <[email protected]>
> wrote:
>
>> Hello Jabang,
>>
>> can you explain me what you want to configure because when i see the log
>> and the configuration your setup is not correct.
>>
>>
>> First what you have to check is the password attribute in your ldap
>> server, is it in clear text or in NTHASH format ?
>> Next you ldap configuration is correct but not on the packetfence side,
>> in the auth source you have to configure an ldap source and remove your
>> radius source.
>>
>> And finally do you have a trace of the radius request ?
>> (/usr/sbin/radiusd -d /usr/local/pf/raddb/ -n auth -X).
>>
>> Regards
>> Fabrice
>>
>>
>> Le 2016-01-11 10:03, jabang konate a écrit :
>> > thanks fabrice for fast response.
>> > yeah i know, but i already config freeradius to lookup ldap server.
>> > here my config on /us/local/pf/raddb/modules/ldap.
>> >
>> > ldap openldap{
>> > server = "ldap.iss.edu <http://ldap.iss.edu>"
>> > identity = "cn=aplikasiRadius.iss.edu
>> > <http://aplikasiRadius.iss.edu>,ou=managemen,dc=iss,dc=edu"
>> > password = radiusitb167
>> > basedn = "ou=people,dc=iss,dc=edu"
>> > filter = "(uid=%u)"
>> > #base_filter = "(objectclass=radiusprofile)"
>> > ldap_connections_number = 5
>> > timeout = 4
>> > timelimit = 3
>> > net_timeout = 1
>> > }
>> >
>> >
>> > file /usr/local/pf/conf/raddb
>> > authorize {
>> > suffix
>> > ntdomain
>> > %%multi_domain%%
>> > eap {
>> > ok = return
>> > }
>> > openldap
>> > files
>> > }
>> > im following administrator guide packetfence at page 38.
>> >
>> > authentication i want to config looks like this.
>> > - freeradius must lookup to openldap if user login
>> >
>> >
>> >
>> >
>> > On Mon, Jan 11, 2016 at 6:41 PM, Fabrice Durand <[email protected]
>> > <mailto:[email protected]>> wrote:
>> >
>> >
>> > Hello Jabang,
>> >
>> > You authenticate against localhostradius and not against a ldap3]
>>
>> > Calling
>> > match with empty/invalid rule class. Defaulting to 'authentication'
>> > (pf::authentication::match)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> > Matched
>> > rule (staff) in source localhostradius, returning actions.
>> > (pf::Authentication::Source::match)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> > Instantiate profile default
>> > (pf::Portal::ProfileFactory::_from_profile)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> > re-evaluating access (manage_register called)
>> > (pf::enforcement::reevaluate_access)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] is
>> > currentlog connected at (172.16.9.228) ifIndex 0 in VLAN 700
>> > (pf::enforcement::_should_we_reassign_vlan)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> > Instantiate profile default
>> > (pf::Portal::ProfileFactory::_from_profile)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> > Connection
>> > type is WIRELESS_MAC_AUTH. Getting role from node_info
>> > (pf::vlan::getNormalVlan)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> > Username
>> > was defined "c4420203e103" - returning role 'staff'
>> > (pf::vlan::getNormalVlan)
>> > Jan 11 01:27:25 httpd.portal(2441) WARN: [mac:c4:42:02:03:e1:03] No
>> > parameter staffVlan found in conf/switches.conf for the switch
>> > 172.16.9.228
>> > (pf::Switch::getVlanByName)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> PID:
>> > "sasa", Status: reg Returned VLAN: (undefined), Role: staff
>> > (pf::vlan::fetchVlanForNode)
>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>> > switch
>> > port is (172.16.9.228) ifIndex unknown connection type: WiFi MAC
>> Auth
>> > (pf::enforcement::_vlan_reevaluation)
>> > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03]
>> > Instantiate profile default
>> > (pf::Portal::ProfileFactory::_from_profile)
>> > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03]
>> > Instantiate profile default
>> > (pf::Portal::ProfileFactory::_from_profile)
>> > Jan 11 01:27:26 httpd.webservices(2189) INFO:
>> [mac:c4:42:02:03:e1:03]
>> > [c4:42:02:03:e1:03] DesAssociating mac on switch (172.16.9.228)
>> > (pf::api::desAssociate)
>> > Jan 11 01:27:26 httpd.webservices(2189) INFO:
>> [mac:c4:42:02:03:e1:03]
>> > deauthenticating (pf::Switch::radiusDisconnect)
>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>> handling
>> > radius autz request: from switch_ip => (172.16.9.228),
>> > connection_type =>
>> > Wireless-802.11-NoEAP,switch_mac => (38:ff:36:42:23:08), mac =>
>> > [c4:42:02:03:e1:03], port => 0, username => "c4420203e103", ssid
>> > => captive
>> > (pf::radius::authorize)
>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>> > Instantiate
>> > profile default (pf::Portal::ProfileFactory::_from_profile)
>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>> > Connection
>> > type is WIRELESS_MAC_AUTH. Getting role from node_info
>> > (pf::vlan::getNormalVlan)
>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>> > Username was
>> > defined "c4420203e103" - returning role 'staff'
>> > (pf::vlan::getNormalVlan)
>> > Jan 11 01:27:26 httpd.aaa(2143) WARN: [mac:c4:42:02:03:e1:03] No
>> > parameter
>> > staffVlan found in conf/switches.conf for the switch 172.16.9.228
>> > (pf::Switch::getVlanByName)
>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] PID:
>> > "sasa",
>> > Status: reg Returned VLAN: (undefined), Role: staff
>> > (pf::vlan::fetchVlanForNode)
>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>> > (172.16.9.228) Returning ACCEPT with VLAN and role
>> > (pf::Switch::returnRadiusAccessAccept)
>> >
>> >
>> > please give me some advice. i stucked .
>> > i just want is to make packetfence auth based openldap user through
>> > freeradius, because later i want try limit quota.
>> > <
>> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>> >
>> > This
>> > email has been sent from a virus-free computer protected by Avast.
>> > www.avast.com <http://www.avast.com>
>> > <
>> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>> >
>> > <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>> >
>> >
>>
>>
>> --
>> Fabrice Durand
>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> This
> email has been sent from a virus-free computer protected by Avast.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> <#-1334612653_-1810761378_DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
