Hi Fabrice,
It all looks so easy when you know how. I will implement this in about two
weeks when we move to PF6
Thanks
WillH
From: Fabrice Durand [mailto:[email protected]]
Sent: Thursday, June 23, 2016 2:24 PM
To: [email protected]
Subject: Re: [PacketFence-users] question re feature #1246
Hello Will,
unfortunatly not yet but not really complicate to add.
First you need to define your ldap server in freeradius :
ldap myad {
server = "ldap.acme.com"
identity = "uid=admin,dc=acme,dc=com"
password = "password"
basedn = "dc=district,dc=acme,dc=com"
filter = "(uid=%{mschap:User-Name})"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
keepalive {
# LDAP_OPT_X_KEEPALIVE_IDLE
idle = 60
# LDAP_OPT_X_KEEPALIVE_PROBES
probes = 3
# LDAP_OPT_X_KEEPALIVE_INTERVAL
interval = 3
}
}
Then in /usr/local/pf/raddb/sites-available/packetfence-tunnel
Add a test in authorize
update {
&control: Tmp-Integer-2 :=
"%{myad:ldap:///dc=district,dc=acme,dc=com<ldap://dc=district,dc=acme,dc=com>?
badPwdCount?sub?uid=%u}"
}
if (%{Tmp-Integer-2} > "3") {
reject
}
I did not test but the logic is there.
Regards
Fabrice
Le 2016-06-23 08:08, Will Halsall a écrit :
Hi Folks,
Did feature #1246 'Avoid accounts being locked due to password changes in AD'
make it into PF6.1.1? as option 3 would be very useful for us?
Thanks
WillH
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
