Hello Jabang,
so i am not sure what you try to do with the ldap module.
You have 3 scenarios:
1: a user from your university connect on the ssid eduroam from your
university. (the ap/controller use the port 11812)
You need to configure the local realm (let's say myuniversity.org) in
the eduroam authentication source and configure ldap in packetfence-tunnel.
So when this user will try to connect on the eduroam ssid with
u...@myuniversity.org then the eduroam virtual server will detect the
realm myuniversity.org and forward the request to packetfence virtual
server (sites-enabled/packetfence then site-enabled/packetfence-tunnel).
And in packetfence-tunnel you have something like that:
```
authorize {
suffix
ntdomain
eap {
ok = return
}
files
ldap
if (ok) {
update control {
&MS-CHAP-Use-NTLM-Auth := No
}
}
}
```
2: u...@myuniversity.org is in travel and connect on the ssid eduroam in
montreal university
The local montreal radius server will forward to eduroam and eduroam
will forward to your packetfence server on the port 1812 (you need to
configure that on the eduroam side).
3: u...@univmontreal.org is connecting on your ssid eduroam, the realm
in unknow then the request will be forwarded to eduroam then eduroam
forward to the montreal radius server.
Is it what you want to do ?
Regards
Fabrice
Le 2018-05-23 à 12:57, jabang konate via PacketFence-users a écrit :
Thanks Fabrice, let me clear my goals first. i'm still confuse which
file i must to configure packetfence-tunnel or eduroam file in
sites-available.
my packetfence will be act as manage eduroam user so i will use port
11812 in my access point.
here's my step how i configure my eduroam in packetfence.
1. setting my local REALM.
2. configure exclusive source eduroam, add my local realm at step 1.
then create authentication rules "catch all" role default access
duration 12 hours.
3. add switch configuration
4. configure ldap module in freeradius
5. configure file packetfence-tunnel ? or eduroam ?
6. restart freeradius and iptables
in step 5 im still confuse if i'm using 11812 so i must configure
eduroam file or still packetfence-tunnel ?
On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
If it's a server for eduroam (like the eduroam servers use this
server for your domain) then 1812, if it's to manage eduroam user
how connect on a eduroam ssid then 11812.
Also what you can do in packetfence-tunnel
# The ldap module reads passwords from the LDAP database.
ldap
if (ok) {
update control {
&MS-CHAP-Use-NTLM-Auth := No
}
}
Regards
Fabrice
Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit :
thanks for your reply fabrice.
here i attach my packetfence-tunnel file.
and which port should i use for my access point 1812 or 11812 in
radius configuration for eduroam?
thank you
On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Jabang,
can you paste your packetfence-tunnel file ?
Regards
Fabrice
Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a
écrit :
my packetfence server version is 8.0.1 and i want to
configure packetfence as an eduroam server with openldap as
user database,
then i look into documentation eduroam section from
packetfence and EAP Authentication against OpenLDAP.
when im try to login with my laptop, i always get access reject.
from log i see i can connect with my ldap server, then i see
error like this
(7) Wed May 23 14:32:55 2018: ERROR: mschap: Program
returned code (1) and output 'Reading winbind reply failed!
(0xc0000001)'
(7) Wed May 23 14:32:55 2018: Debug: mschap: External script
failed
(7) Wed May 23 14:32:55 2018: ERROR: mschap: External script
says: Reading winbind reply failed! (0xc0000001)
is it the root cause why i alwayas get access reject?
then i check winbindd service is not running, but i cant
start winbindd service
(Service 'winbindd' is not managed by PacketFence.
Therefore, no action will be performed)
attach my radius log.
please give me some advice.
thank you
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
