Changing Null to a internal auth source and mapping the DEFAULT realm to the null source "eduroam" accomplished what I wanted.
On Tue, Sep 6, 2016 at 12:46 PM, Tim DeNike <[email protected]> wrote: > Yeah.. No go. Im not doing this in tunnel. This is for requests going > out to eduroam. > > The end goal is to end up getting the user a valid role in PF for external > eduroam users. I had this working before in vlan/custom.pm before other > changes were implemented that caused it to not work the way we wanted it to > anymore. > > Right now, the best I can do is manually assign a vlan attribute from > RADIUS. > > On Tue, Sep 6, 2016 at 10:42 AM, Fabrice Durand <[email protected]> > wrote: > >> Looks like it works for me. >> >> btw it should be: "update request { Realm := DEFAULT }" in >> packetfence-tunnel in post-auth before rest. >> >> Fabrice >> >> >> >> Le 2016-09-06 à 09:13, Fabrice Durand a écrit : >> >> Ok i will try it on my side. >> >> Le 2016-09-06 à 08:47, Tim DeNike a écrit : >> >> [realmdefault] >> filter = radius_request >> attribute = User-Name >> operator = is >> value = [email protected] >> >> Works >> >> [realmdefault] >> filter = radius_request >> attribute = Realm >> operator = is >> value = DEFAULT >> >> Does not. >> >> I did try filter = radius_reply as well... Are you saying I need to use >> the freeradius internal mappings like radius_reply.Realm? >> >> On Tue, Sep 6, 2016 at 8:41 AM, Fabrice Durand <[email protected]> >> wrote: >> >>> The filter is something like that ? : >>> >>> [DEFAULT] >>> filter = radius_request.Realm >>> operator = is >>> value = DEFAULT >>> >>> >>> >>> >>> Le 2016-09-06 à 08:32, Tim DeNike a écrit : >>> >>> Even if I manually defined it by update reply { Realm := DEFAULT } in >>> the post-auth section before calling packetfence module, it still wouldn't >>> match. It showed in the radius audit log, but just wouldn't match. >>> >>> On Tue, Sep 6, 2016 at 8:28 AM, Fabrice Durand <[email protected]> >>> wrote: >>> >>>> Hello Tim, >>>> >>>> you can use raddebug (raddebug -f /usr/local/pf/var/run/radiusd.sock) >>>> to >>>> check if the realm attribute is there. >>>> >>>> But if it's DEFAULT, it's probably undefined. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> >>>> Le 2016-09-05 à 19:13, Tim DeNike a écrit : >>>> > Fwiw. This is for eduroam and is being proxied to 2 local externally >>>> > facing radius servers that in turn send it to eduroam. >>>> > >>>> > Sent from my iPhone >>>> > >>>> >> On Sep 5, 2016, at 6:47 PM, Tim DeNike <[email protected]> wrote: >>>> >> >>>> >> I'm trying to get a vlan filter to work by matching an ssid and >>>> radius >>>> >> attribute Realm is DEFAULT in order auto register and assign a >>>> >> role/duration. For some reason I just can't get it to match the Realm >>>> >> in the radius reply. Is there some trick to it? >>>> >> >>>> >> Sent from my iPhone >>>> > ------------------------------------------------------------ >>>> ------------------ >>>> > _______________________________________________ >>>> > PacketFence-users mailing list >>>> > [email protected] >>>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> -- >>>> Fabrice Durand >>>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>> PacketFence (http://packetfence.org) >>>> >>>> >>>> ------------------------------------------------------------ >>>> ------------------ >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> -- >>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ PacketFence-users >>> mailing list [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> ------------------------------------------------------------ >> ------------------ >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
