hai gays.
any idea?
On Thu, Jan 14, 2016 at 1:29 PM, jabang konate <[email protected]>
wrote:
> hai fabrice, i know the log for radius accounting. the log accounting is
> in database tables radacct. but if i try query,
> select * from radacct where username='ldapuser';
> Empty set (0.00 sec)
> theres no record for that user.
>
> On Thu, Jan 14, 2016 at 1:21 PM, jabang konate <[email protected]>
> wrote:
>
>> thanks fabrice for your guidence.
>> its works.
>> i remove radius source and change to ldap server.
>> may i ask next question,? if im login using source ldap server, will
>> radius accounting record bandwidth for that user? if yes, where can i see
>> that log user accounting. ?
>>
>> because next case i want to make violation based bandwidth and user
>> cannot login after several day.
>>
>> sorry for my bad english. please give some advice.
>>
>>
>> On Tue, Jan 12, 2016 at 1:29 AM, Fabrice DURAND <[email protected]>
>> wrote:
>>
>>> Hello Jabang,
>>>
>>> can you explain me what you want to configure because when i see the log
>>> and the configuration your setup is not correct.
>>>
>>>
>>> First what you have to check is the password attribute in your ldap
>>> server, is it in clear text or in NTHASH format ?
>>> Next you ldap configuration is correct but not on the packetfence side,
>>> in the auth source you have to configure an ldap source and remove your
>>> radius source.
>>>
>>> And finally do you have a trace of the radius request ?
>>> (/usr/sbin/radiusd -d /usr/local/pf/raddb/ -n auth -X).
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2016-01-11 10:03, jabang konate a écrit :
>>> > thanks fabrice for fast response.
>>> > yeah i know, but i already config freeradius to lookup ldap server.
>>> > here my config on /us/local/pf/raddb/modules/ldap.
>>> >
>>> > ldap openldap{
>>> > server = "ldap.iss.edu <http://ldap.iss.edu>"
>>> > identity = "cn=aplikasiRadius.iss.edu
>>> > <http://aplikasiRadius.iss.edu>,ou=managemen,dc=iss,dc=edu"
>>> > password = radiusitb167
>>> > basedn = "ou=people,dc=iss,dc=edu"
>>> > filter = "(uid=%u)"
>>> > #base_filter = "(objectclass=radiusprofile)"
>>> > ldap_connections_number = 5
>>> > timeout = 4
>>> > timelimit = 3
>>> > net_timeout = 1
>>> > }
>>> >
>>> >
>>> > file /usr/local/pf/conf/raddb
>>> > authorize {
>>> > suffix
>>> > ntdomain
>>> > %%multi_domain%%
>>> > eap {
>>> > ok = return
>>> > }
>>> > openldap
>>> > files
>>> > }
>>> > im following administrator guide packetfence at page 38.
>>> >
>>> > authentication i want to config looks like this.
>>> > - freeradius must lookup to openldap if user login
>>> >
>>> >
>>> >
>>> >
>>> > On Mon, Jan 11, 2016 at 6:41 PM, Fabrice Durand <[email protected]
>>> > <mailto:[email protected]>> wrote:
>>> >
>>> >
>>> > Hello Jabang,
>>> >
>>> > You authenticate against localhostradius and not against a ldap3]
>>>
>>> > Calling
>>> > match with empty/invalid rule class. Defaulting to 'authentication'
>>> > (pf::authentication::match)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> > Matched
>>> > rule (staff) in source localhostradius, returning actions.
>>> > (pf::Authentication::Source::match)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> > Instantiate profile default
>>> > (pf::Portal::ProfileFactory::_from_profile)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> > re-evaluating access (manage_register called)
>>> > (pf::enforcement::reevaluate_access)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] is
>>> > currentlog connected at (172.16.9.228) ifIndex 0 in VLAN 700
>>> > (pf::enforcement::_should_we_reassign_vlan)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> > Instantiate profile default
>>> > (pf::Portal::ProfileFactory::_from_profile)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> > Connection
>>> > type is WIRELESS_MAC_AUTH. Getting role from node_info
>>> > (pf::vlan::getNormalVlan)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> > Username
>>> > was defined "c4420203e103" - returning role 'staff'
>>> > (pf::vlan::getNormalVlan)
>>> > Jan 11 01:27:25 httpd.portal(2441) WARN: [mac:c4:42:02:03:e1:03] No
>>> > parameter staffVlan found in conf/switches.conf for the switch
>>> > 172.16.9.228
>>> > (pf::Switch::getVlanByName)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> PID:
>>> > "sasa", Status: reg Returned VLAN: (undefined), Role: staff
>>> > (pf::vlan::fetchVlanForNode)
>>> > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03]
>>> > switch
>>> > port is (172.16.9.228) ifIndex unknown connection type: WiFi MAC
>>> Auth
>>> > (pf::enforcement::_vlan_reevaluation)
>>> > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03]
>>> > Instantiate profile default
>>> > (pf::Portal::ProfileFactory::_from_profile)
>>> > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03]
>>> > Instantiate profile default
>>> > (pf::Portal::ProfileFactory::_from_profile)
>>> > Jan 11 01:27:26 httpd.webservices(2189) INFO:
>>> [mac:c4:42:02:03:e1:03]
>>> > [c4:42:02:03:e1:03] DesAssociating mac on switch (172.16.9.228)
>>> > (pf::api::desAssociate)
>>> > Jan 11 01:27:26 httpd.webservices(2189) INFO:
>>> [mac:c4:42:02:03:e1:03]
>>> > deauthenticating (pf::Switch::radiusDisconnect)
>>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>>> handling
>>> > radius autz request: from switch_ip => (172.16.9.228),
>>> > connection_type =>
>>> > Wireless-802.11-NoEAP,switch_mac => (38:ff:36:42:23:08), mac =>
>>> > [c4:42:02:03:e1:03], port => 0, username => "c4420203e103", ssid
>>> > => captive
>>> > (pf::radius::authorize)
>>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>>> > Instantiate
>>> > profile default (pf::Portal::ProfileFactory::_from_profile)
>>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>>> > Connection
>>> > type is WIRELESS_MAC_AUTH. Getting role from node_info
>>> > (pf::vlan::getNormalVlan)
>>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>>> > Username was
>>> > defined "c4420203e103" - returning role 'staff'
>>> > (pf::vlan::getNormalVlan)
>>> > Jan 11 01:27:26 httpd.aaa(2143) WARN: [mac:c4:42:02:03:e1:03] No
>>> > parameter
>>> > staffVlan found in conf/switches.conf for the switch 172.16.9.228
>>> > (pf::Switch::getVlanByName)
>>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] PID:
>>> > "sasa",
>>> > Status: reg Returned VLAN: (undefined), Role: staff
>>> > (pf::vlan::fetchVlanForNode)
>>> > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03]
>>> > (172.16.9.228) Returning ACCEPT with VLAN and role
>>> > (pf::Switch::returnRadiusAccessAccept)
>>> >
>>> >
>>> > please give me some advice. i stucked .
>>> > i just want is to make packetfence auth based openldap user through
>>> > freeradius, because later i want try limit quota.
>>> > <
>>> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >
>>> > This
>>> > email has been sent from a virus-free computer protected by Avast.
>>> > www.avast.com <http://www.avast.com>
>>> > <
>>> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail
>>> >
>>> > <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>> >
>>> >
>>>
>>>
>>> --
>>> Fabrice Durand
>>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>>> PacketFence (http://packetfence.org)
>>>
>>>
>>
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>> This
>> email has been sent from a virus-free computer protected by Avast.
>> www.avast.com
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>> <#1351612486_-1334612653_-1810761378_DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
