Yeah.. No go. Im not doing this in tunnel. This is for requests going out to eduroam.
The end goal is to end up getting the user a valid role in PF for external eduroam users. I had this working before in vlan/custom.pm before other changes were implemented that caused it to not work the way we wanted it to anymore. Right now, the best I can do is manually assign a vlan attribute from RADIUS. On Tue, Sep 6, 2016 at 10:42 AM, Fabrice Durand <[email protected]> wrote: > Looks like it works for me. > > btw it should be: "update request { Realm := DEFAULT }" in > packetfence-tunnel in post-auth before rest. > > Fabrice > > > > Le 2016-09-06 à 09:13, Fabrice Durand a écrit : > > Ok i will try it on my side. > > Le 2016-09-06 à 08:47, Tim DeNike a écrit : > > [realmdefault] > filter = radius_request > attribute = User-Name > operator = is > value = [email protected] > > Works > > [realmdefault] > filter = radius_request > attribute = Realm > operator = is > value = DEFAULT > > Does not. > > I did try filter = radius_reply as well... Are you saying I need to use > the freeradius internal mappings like radius_reply.Realm? > > On Tue, Sep 6, 2016 at 8:41 AM, Fabrice Durand <[email protected]> wrote: > >> The filter is something like that ? : >> >> [DEFAULT] >> filter = radius_request.Realm >> operator = is >> value = DEFAULT >> >> >> >> >> Le 2016-09-06 à 08:32, Tim DeNike a écrit : >> >> Even if I manually defined it by update reply { Realm := DEFAULT } in the >> post-auth section before calling packetfence module, it still wouldn't >> match. It showed in the radius audit log, but just wouldn't match. >> >> On Tue, Sep 6, 2016 at 8:28 AM, Fabrice Durand <[email protected]> >> wrote: >> >>> Hello Tim, >>> >>> you can use raddebug (raddebug -f /usr/local/pf/var/run/radiusd.sock) to >>> check if the realm attribute is there. >>> >>> But if it's DEFAULT, it's probably undefined. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> >>> Le 2016-09-05 à 19:13, Tim DeNike a écrit : >>> > Fwiw. This is for eduroam and is being proxied to 2 local externally >>> > facing radius servers that in turn send it to eduroam. >>> > >>> > Sent from my iPhone >>> > >>> >> On Sep 5, 2016, at 6:47 PM, Tim DeNike <[email protected]> wrote: >>> >> >>> >> I'm trying to get a vlan filter to work by matching an ssid and radius >>> >> attribute Realm is DEFAULT in order auto register and assign a >>> >> role/duration. For some reason I just can't get it to match the Realm >>> >> in the radius reply. Is there some trick to it? >>> >> >>> >> Sent from my iPhone >>> > ------------------------------------------------------------ >>> ------------------ >>> > _______________________________________________ >>> > PacketFence-users mailing list >>> > [email protected] >>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> -- >>> Fabrice Durand >>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>> PacketFence (http://packetfence.org) >>> >>> >>> ------------------------------------------------------------ >>> ------------------ >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> ------------------------------------------------------------------------------ >> _______________________________________________ PacketFence-users >> mailing list [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > ------------------------------------------------------------ > ------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
