Hi Fabrice,
Thank you very much for your help it seems to work a dream. I had created my ldap relm /usr/local/pf/raddb/mods-enabled/ as you specified and you can see when you start radiusd in debug mode it binds to the server but I will try making a realm as you have advised Thank you again for your help this will solve a lot of user problems for me when password expire. WillH From: Fabrice Durand [mailto:[email protected]] Sent: Friday, July 29, 2016 2:19 PM To: [email protected] Subject: Re: [PacketFence-users] question re feature #1246 Hi Will, sorry for the delay. Here the correct syntax (without spaces). update { &control:Tmp-Integer-2 := "%{myad:ldap:///dc=district,dc=acme,dc=com?badPwdCount?sub?sAMAccountName=%<ldap://dc=district,dc=acme,dc=com?badPwdCount?sub?sAMAccountName=%25>{Stripped-User-Name}}" } btw you will need to add a REALM in configuration -> Realms and restart radius. Regards Fabrice Le 2016-07-26 à 09:47, Will Halsall a écrit : Hi Fabrice This is the output of 'radiusd -X -d /usr/local/pf/raddb -n auth' the showing the error I am getting: including configuration file /usr/local/pf/raddb/sites-enabled/packetfence-tunne l /usr/local/pf/raddb/sites-enabled/packetfence-tunnel[76]: Expecting section start brace '{' after "&control: Tmp-Integer-2" Errors reading or parsing /usr/local/pf/raddb/auth.conf Thanks WillH From: Fabrice Durand [mailto:[email protected]] Sent: Tuesday, July 26, 2016 1:30 PM To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] question re feature #1246 Hello Will, can you give me the radius debug ? Regards Fabrice Le 2016-07-26 à 07:22, Will Halsall a écrit : Hi Fabrice, I cannot get the syntax of the following command to work for me would it be possible to advise on the correct syntax to use in the authorize section of packetfence-tunnel. Add a test in authorize update { &control: Tmp-Integer-2 := "%{myad:ldap:///dc=district,dc=acme,dc=com<ldap://dc=district,dc=acme,dc=com>? badPwdCount?sub?uid=%u}" } Thanks Will halsall From: Fabrice Durand [mailto:[email protected]] Sent: Thursday, June 23, 2016 2:24 PM To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] question re feature #1246 Hello Will, unfortunatly not yet but not really complicate to add. First you need to define your ldap server in freeradius : ldap myad { server = "ldap.acme.com" identity = "uid=admin,dc=acme,dc=com" password = "password" basedn = "dc=district,dc=acme,dc=com" filter = "(uid=%{mschap:User-Name})" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { } dictionary_mapping = ${confdir}/ldap.attrmap edir_account_policy_check = no keepalive { # LDAP_OPT_X_KEEPALIVE_IDLE idle = 60 # LDAP_OPT_X_KEEPALIVE_PROBES probes = 3 # LDAP_OPT_X_KEEPALIVE_INTERVAL interval = 3 } } Then in /usr/local/pf/raddb/sites-available/packetfence-tunnel Add a test in authorize update { &control: Tmp-Integer-2 := "%{myad:ldap:///dc=district,dc=acme,dc=com<ldap://dc=district,dc=acme,dc=com>? badPwdCount?sub?uid=%u}" } if (%{Tmp-Integer-2} > "3") { reject } I did not test but the logic is there. Regards Fabrice Le 2016-06-23 08:08, Will Halsall a écrit : Hi Folks, Did feature #1246 'Avoid accounts being locked due to password changes in AD' make it into PF6.1.1? as option 3 would be very useful for us? Thanks WillH This message is intended only for the use of the person(s) to whom it is addressed, and may contain privileged and confidential information. If it has come to you in error, please contact the sender as soon as possible, and note that you must take no action based on the content, nor must you copy, distribute, or show the content to any other person. In accordance with its legal obligations, Farnborough College of Technology reserves the right to monitor the content of e-mails sent and received, but will not do so routinely. ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) This message is intended only for the use of the person(s) to whom it is addressed, and may contain privileged and confidential information. If it has come to you in error, please contact the sender as soon as possible, and note that you must take no action based on the content, nor must you copy, distribute, or show the content to any other person. In accordance with its legal obligations, Farnborough College of Technology reserves the right to monitor the content of e-mails sent and received, but will not do so routinely. ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) This message is intended only for the use of the person(s) to whom it is addressed, and may contain privileged and confidential information. If it has come to you in error, please contact the sender as soon as possible, and note that you must take no action based on the content, nor must you copy, distribute, or show the content to any other person. In accordance with its legal obligations, Farnborough College of Technology reserves the right to monitor the content of e-mails sent and received, but will not do so routinely. ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) This message is intended only for the use of the person(s) to whom it is addressed, and may contain privileged and confidential information. If it has come to you in error, please contact the sender as soon as possible, and note that you must take no action based on the content, nor must you copy, distribute, or show the content to any other person. In accordance with its legal obligations, Farnborough College of Technology reserves the right to monitor the content of e-mails sent and received, but will not do so routinely.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
