Hi Jabang, it depend if the NAS send this information in accounting request. Check the callingstationid if you find the mac address.
Regards Fabrice Le 2016-01-14 21:48, jabang konate a écrit :
hai gays. any idea?On Thu, Jan 14, 2016 at 1:29 PM, jabang konate <[email protected] <mailto:[email protected]>> wrote:hai fabrice, i know the log for radius accounting. the log accounting is in database tables radacct. but if i try query, select * from radacct where username='ldapuser'; Empty set (0.00 sec) theres no record for that user. On Thu, Jan 14, 2016 at 1:21 PM, jabang konate <[email protected] <mailto:[email protected]>> wrote: thanks fabrice for your guidence. its works. i remove radius source and change to ldap server. may i ask next question,? if im login using source ldap server, will radius accounting record bandwidth for that user? if yes, where can i see that log user accounting. ? because next case i want to make violation based bandwidth and user cannot login after several day. sorry for my bad english. please give some advice. On Tue, Jan 12, 2016 at 1:29 AM, Fabrice DURAND <[email protected] <mailto:[email protected]>> wrote: Hello Jabang, can you explain me what you want to configure because when i see the log and the configuration your setup is not correct. First what you have to check is the password attribute in your ldap server, is it in clear text or in NTHASH format ? Next you ldap configuration is correct but not on the packetfence side, in the auth source you have to configure an ldap source and remove your radius source. And finally do you have a trace of the radius request ? (/usr/sbin/radiusd -d /usr/local/pf/raddb/ -n auth -X). Regards Fabrice Le 2016-01-11 10:03, jabang konate a écrit : > thanks fabrice for fast response. > yeah i know, but i already config freeradius to lookup ldap server. > here my config on /us/local/pf/raddb/modules/ldap. > > ldap openldap{ > server = "ldap.iss.edu <http://ldap.iss.edu> <http://ldap.iss.edu>" > identity = "cn=aplikasiRadius.iss.edu <http://aplikasiRadius.iss.edu> > <http://aplikasiRadius.iss.edu>,ou=managemen,dc=iss,dc=edu" > password = radiusitb167 > basedn = "ou=people,dc=iss,dc=edu" > filter = "(uid=%u)" > #base_filter = "(objectclass=radiusprofile)" > ldap_connections_number = 5 > timeout = 4 > timelimit = 3 > net_timeout = 1 > } > > > file /usr/local/pf/conf/raddb > authorize { > suffix > ntdomain > %%multi_domain%% > eap { > ok = return > } > openldap > files > } > im following administrator guide packetfence at page 38. > > authentication i want to config looks like this. > - freeradius must lookup to openldap if user login > > > > > On Mon, Jan 11, 2016 at 6:41 PM, Fabrice Durand <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > Hello Jabang, > > You authenticate against localhostradius and not against a ldap3] > Calling > match with empty/invalid rule class. Defaulting to 'authentication' > (pf::authentication::match) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] > Matched > rule (staff) in source localhostradius, returning actions. > (pf::Authentication::Source::match) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] > Instantiate profile default > (pf::Portal::ProfileFactory::_from_profile) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] > re-evaluating access (manage_register called) > (pf::enforcement::reevaluate_access) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] is > currentlog connected at (172.16.9.228) ifIndex 0 in VLAN 700 > (pf::enforcement::_should_we_reassign_vlan) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] > Instantiate profile default > (pf::Portal::ProfileFactory::_from_profile) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] > Connection > type is WIRELESS_MAC_AUTH. Getting role from node_info > (pf::vlan::getNormalVlan) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] > Username > was defined "c4420203e103" - returning role 'staff' > (pf::vlan::getNormalVlan) > Jan 11 01:27:25 httpd.portal(2441) WARN: [mac:c4:42:02:03:e1:03] No > parameter staffVlan found in conf/switches.conf for the switch > 172.16.9.228 > (pf::Switch::getVlanByName) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] PID: > "sasa", Status: reg Returned VLAN: (undefined), Role: staff > (pf::vlan::fetchVlanForNode) > Jan 11 01:27:25 httpd.portal(2441) INFO: [mac:c4:42:02:03:e1:03] > switch > port is (172.16.9.228) ifIndex unknown connection type: WiFi MAC Auth > (pf::enforcement::_vlan_reevaluation) > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03] > Instantiate profile default > (pf::Portal::ProfileFactory::_from_profile) > Jan 11 01:27:25 httpd.portal(3235) INFO: [mac:c4:42:02:03:e1:03] > Instantiate profile default > (pf::Portal::ProfileFactory::_from_profile) > Jan 11 01:27:26 httpd.webservices(2189) INFO: [mac:c4:42:02:03:e1:03] > [c4:42:02:03:e1:03] DesAssociating mac on switch (172.16.9.228) > (pf::api::desAssociate) > Jan 11 01:27:26 httpd.webservices(2189) INFO: [mac:c4:42:02:03:e1:03] > deauthenticating (pf::Switch::radiusDisconnect) > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] handling > radius autz request: from switch_ip => (172.16.9.228), > connection_type => > Wireless-802.11-NoEAP,switch_mac => (38:ff:36:42:23:08), mac => > [c4:42:02:03:e1:03], port => 0, username => "c4420203e103", ssid > => captive > (pf::radius::authorize) > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] > Instantiate > profile default (pf::Portal::ProfileFactory::_from_profile) > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] > Connection > type is WIRELESS_MAC_AUTH. Getting role from node_info > (pf::vlan::getNormalVlan) > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] > Username was > defined "c4420203e103" - returning role 'staff' > (pf::vlan::getNormalVlan) > Jan 11 01:27:26 httpd.aaa(2143) WARN: [mac:c4:42:02:03:e1:03] No > parameter > staffVlan found in conf/switches.conf for the switch 172.16.9.228 > (pf::Switch::getVlanByName) > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] PID: > "sasa", > Status: reg Returned VLAN: (undefined), Role: staff > (pf::vlan::fetchVlanForNode) > Jan 11 01:27:26 httpd.aaa(2143) INFO: [mac:c4:42:02:03:e1:03] > (172.16.9.228) Returning ACCEPT with VLAN and role > (pf::Switch::returnRadiusAccessAccept) > > > please give me some advice. i stucked . > i just want is to make packetfence auth based openldap user through > freeradius, because later i want try limit quota.> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>> This > email has been sent from a virus-free computer protected by Avast. > www.avast.com <http://www.avast.com> <http://www.avast.com>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>> <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > -- Fabrice Durand [email protected] <mailto:[email protected]> :: +1.514.447.4918 <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> This email has been sent from a virus-free computer protected by Avast. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
