Hi fabrice.
Thanks for speedy response.
> so i am not sure what you try to do with the ldap module.
ldap module for configuration user with openldap right? i read in EAP
Authentication against OpenLDAP.
> You have 3 scenarios:
yes i want like that,
I will try again and will share the results on this topic.
thank you for your advice fabrice.
On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:
> Hello Jabang,
>
> so i am not sure what you try to do with the ldap module.
>
> You have 3 scenarios:
>
> 1: a user from your university connect on the ssid eduroam from your
> university. (the ap/controller use the port 11812)
> You need to configure the local realm (let's say myuniversity.org) in the
> eduroam authentication source and configure ldap in packetfence-tunnel.
> So when this user will try to connect on the eduroam ssid with
> u...@myuniversity.org then the eduroam virtual server will detect the
> realm myuniversity.org and forward the request to packetfence virtual
> server (sites-enabled/packetfence then site-enabled/packetfence-tunnel).
> And in packetfence-tunnel you have something like that:
>
> ```
> authorize {
> suffix
> ntdomain
> eap {
> ok = return
> }
> files
> ldap
> if (ok) {
> update control {
> &MS-CHAP-Use-NTLM-Auth := No
> }
> }
> }
> ```
>
> 2: u...@myuniversity.org is in travel and connect on the ssid eduroam in
> montreal university
> The local montreal radius server will forward to eduroam and eduroam will
> forward to your packetfence server on the port 1812 (you need to configure
> that on the eduroam side).
>
> 3: u...@univmontreal.org is connecting on your ssid eduroam, the realm in
> unknow then the request will be forwarded to eduroam then eduroam forward
> to the montreal radius server.
>
> Is it what you want to do ?
>
> Regards
> Fabrice
>
>
>
> Le 2018-05-23 à 12:57, jabang konate via PacketFence-users a écrit :
>
> Thanks Fabrice, let me clear my goals first. i'm still confuse which file
> i must to configure packetfence-tunnel or eduroam file in sites-available.
> my packetfence will be act as manage eduroam user so i will use port 11812
> in my access point.
>
> here's my step how i configure my eduroam in packetfence.
> 1. setting my local REALM.
> 2. configure exclusive source eduroam, add my local realm at step 1. then
> create authentication rules "catch all" role default access duration 12
> hours.
> 3. add switch configuration
> 4. configure ldap module in freeradius
> 5. configure file packetfence-tunnel ? or eduroam ?
> 6. restart freeradius and iptables
>
> in step 5 im still confuse if i'm using 11812 so i must configure eduroam
> file or still packetfence-tunnel ?
>
>
>
> On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> If it's a server for eduroam (like the eduroam servers use this server
>> for your domain) then 1812, if it's to manage eduroam user how connect on a
>> eduroam ssid then 11812.
>>
>>
>> Also what you can do in packetfence-tunnel
>>
>>
>> # The ldap module reads passwords from the LDAP database.
>> ldap
>> if (ok) {
>> update control {
>> &MS-CHAP-Use-NTLM-Auth := No
>> }
>> }
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit :
>>
>> thanks for your reply fabrice.
>> here i attach my packetfence-tunnel file.
>>
>> and which port should i use for my access point 1812 or 11812 in radius
>> configuration for eduroam?
>> thank you
>>
>> On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Jabang,
>>>
>>> can you paste your packetfence-tunnel file ?
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit :
>>>
>>> my packetfence server version is 8.0.1 and i want to configure
>>> packetfence as an eduroam server with openldap as user database,
>>> then i look into documentation eduroam section from packetfence and EAP
>>> Authentication against OpenLDAP.
>>>
>>> when im try to login with my laptop, i always get access reject.
>>>
>>> from log i see i can connect with my ldap server, then i see error like
>>> this
>>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: Program returned code (1)
>>> and output 'Reading winbind reply failed! (0xc0000001)'
>>> (7) Wed May 23 14:32:55 2018: Debug: mschap: External script failed
>>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: External script says:
>>> Reading winbind reply failed! (0xc0000001)
>>>
>>> is it the root cause why i alwayas get access reject?
>>> then i check winbindd service is not running, but i cant start winbindd
>>> service
>>> (Service 'winbindd' is not managed by PacketFence. Therefore, no action
>>> will be performed)
>>>
>>> attach my radius log.
>>> please give me some advice.
>>> thank you
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
