hi fabrice. i already try the code and it work well. i try with limit 1 node per user with DEFAULT role.
but i have something strange. when user rejected/denied by the packetfence, i saw user will be in REJECT role. and then i try to deregister the first device from nodes tab, then i try again with my second device with REJECT role and i still can't connect with my network and still with REJECT role. i must configure manual in nodes tab to apply role DEFAULT to my REJECT device, and then try to reconnect again to get acess to network. is it normal ? here my packetfence log. On Wed, May 30, 2018 at 7:42 PM, Fabrice Durand via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Jabang, > > thanks for testing it. > > Also for the limitation, i did some work on that not a long time ago and > it should be fixed by https://patch-diff.githubusercontent.com/raw/ > inverse-inc/packetfence/pull/3236.diff > > Can you test it too and let me know. > > Regards > > Fabrice > > > > Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit : > > hi fabrice > thanks a lot and great work. > > now i can login with my local realm and remote realm from other university. > > i have another question,is it possible to limit device node per user in > eduroam? > i try with default role to limit 2 devices, but when third devices login > with the same username , user can still login but with blank role in > packetfence web. > > > > > > > On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Hello Jabang, >> >> can you try that: >> >> https://github.com/inverse-inc/packetfence/compare/fix/eduro >> am_standalone.diff >> >> Regards >> >> Fabrice >> >> >> >> Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit : >> >> hi fabrice, >> ok i will wait for patch >> >> thank you >> >> On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users < >> packetfence-users@lists.sourceforge.net> wrote: >> >>> Ok there is a bug, i need to fix it. >>> >>> >>> >>> Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit : >>> >>> hi fabrice. >>> >>> 10.18.23.60 is ip National Roaming Operator eduroam in my Country. >>> >>> attach my eduroam config file. >>> >>> >>> On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> wrote: >>> >>>> What is 10.18.23.60 ? >>>> >>>> can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam >>>> ? >>>> >>>> Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit : >>>> >>>> Hi fabrice, >>>> today i try again with my packetfence. >>>> >>>> in packetfence-tunnel configuration i change configuration like >>>> this, >>>> if (update) { >>>> update control { >>>> &MS-CHAP-Use-NTLM-Auth := No >>>> } >>>> } >>>> } >>>> because from the output i don't see "ok", and then now i can login with >>>> my ldap account but with port 1812 in my access point, but not using port >>>> 11812. >>>> if i'm using 11812 my request always forward to Realm eduroam my home >>>> server, and not forward the request to packetfence virtual server >>>> (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as >>>> you said in scenario 1. >>>> >>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after >>>> "@" >>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm " >>>> xyz.ac.id" for User-Name = "testu...@xyz.ac.id" >>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id" >>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name >>>> = "testuser" >>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id" >>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is >>>> LOCAL >>>> (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok >>>> (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has >>>> destination realm set. Ignoring >>>> (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop >>>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) { >>>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) -> TRUE >>>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) { >>>> (1) Thu May 24 11:06:15 2018: Debug: update control { >>>> (1) Thu May 24 11:06:15 2018: Debug: } # update control = noop >>>> (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/) = >>>> noop >>>> (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding >>>> "if" was taken >>>> (1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be >>>> proxied to Realm eduroam. Not doing EAP. >>>> (1) Thu May 24 11:06:15 2018: Debug: [eap] = noop >>>> >>>> attach my radiusd-eduroam.sock log and picture of my configurutiaon >>>> exclusive source eduroam . >>>> >>>> Regards. >>>> >>>> >>>> On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via PacketFence-users >>>> <packetfence-users@lists.sourceforge.net> wrote: >>>> >>>>> >>>>> >>>>> Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a écrit : >>>>> >>>>> Hi fabrice. >>>>> >>>>> Thanks for speedy response. >>>>> >>>>> > so i am not sure what you try to do with the ldap module. >>>>> ldap module for configuration user with openldap right? i read in EAP >>>>> Authentication against OpenLDAP. >>>>> >>>>> yes, the only difference is that you have to disable NTLM-Auth if ldap >>>>> return ok to avoid "ERROR: mschap: Program returned code (1) and output >>>>> 'Reading winbind reply failed! (0xc0000001)'". >>>>> >>>>> >>>>> >>>>> > You have 3 scenarios: >>>>> yes i want like that, >>>>> >>>>> I will try again and will share the results on this topic. >>>>> >>>>> thank you for your advice fabrice. >>>>> >>>>> >>>>> On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via PacketFence-users >>>>> <packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>>> Hello Jabang, >>>>>> >>>>>> so i am not sure what you try to do with the ldap module. >>>>>> >>>>>> You have 3 scenarios: >>>>>> >>>>>> 1: a user from your university connect on the ssid eduroam from your >>>>>> university. (the ap/controller use the port 11812) >>>>>> You need to configure the local realm (let's say myuniversity.org) >>>>>> in the eduroam authentication source and configure ldap in >>>>>> packetfence-tunnel. >>>>>> So when this user will try to connect on the eduroam ssid with >>>>>> u...@myuniversity.org then the eduroam virtual server will detect >>>>>> the realm myuniversity.org and forward the request to packetfence >>>>>> virtual server (sites-enabled/packetfence then >>>>>> site-enabled/packetfence-tunnel). >>>>>> And in packetfence-tunnel you have something like that: >>>>>> >>>>>> ``` >>>>>> authorize { >>>>>> suffix >>>>>> ntdomain >>>>>> eap { >>>>>> ok = return >>>>>> } >>>>>> files >>>>>> ldap >>>>>> if (ok) { >>>>>> update control { >>>>>> &MS-CHAP-Use-NTLM-Auth := No >>>>>> } >>>>>> } >>>>>> } >>>>>> ``` >>>>>> >>>>>> 2: u...@myuniversity.org is in travel and connect on the ssid >>>>>> eduroam in montreal university >>>>>> The local montreal radius server will forward to eduroam and eduroam >>>>>> will forward to your packetfence server on the port 1812 (you need to >>>>>> configure that on the eduroam side). >>>>>> >>>>>> 3: u...@univmontreal.org is connecting on your ssid eduroam, the >>>>>> realm in unknow then the request will be forwarded to eduroam then >>>>>> eduroam >>>>>> forward to the montreal radius server. >>>>>> >>>>>> Is it what you want to do ? >>>>>> >>>>>> Regards >>>>>> Fabrice >>>>>> >>>>>> >>>>>> >>>>>> Le 2018-05-23 à 12:57, jabang konate via PacketFence-users a écrit : >>>>>> >>>>>> Thanks Fabrice, let me clear my goals first. i'm still confuse which >>>>>> file i must to configure packetfence-tunnel or eduroam file in >>>>>> sites-available. >>>>>> my packetfence will be act as manage eduroam user so i will use port >>>>>> 11812 in my access point. >>>>>> >>>>>> here's my step how i configure my eduroam in packetfence. >>>>>> 1. setting my local REALM. >>>>>> 2. configure exclusive source eduroam, add my local realm at step 1. >>>>>> then create authentication rules "catch all" role default access duration >>>>>> 12 hours. >>>>>> 3. add switch configuration >>>>>> 4. configure ldap module in freeradius >>>>>> 5. configure file packetfence-tunnel ? or eduroam ? >>>>>> 6. restart freeradius and iptables >>>>>> >>>>>> in step 5 im still confuse if i'm using 11812 so i must configure >>>>>> eduroam file or still packetfence-tunnel ? >>>>>> >>>>>> >>>>>> >>>>>> On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via >>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >>>>>> >>>>>>> If it's a server for eduroam (like the eduroam servers use this >>>>>>> server for your domain) then 1812, if it's to manage eduroam user how >>>>>>> connect on a eduroam ssid then 11812. >>>>>>> >>>>>>> >>>>>>> Also what you can do in packetfence-tunnel >>>>>>> >>>>>>> >>>>>>> # The ldap module reads passwords from the LDAP database. >>>>>>> ldap >>>>>>> if (ok) { >>>>>>> update control { >>>>>>> &MS-CHAP-Use-NTLM-Auth := No >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit : >>>>>>> >>>>>>> thanks for your reply fabrice. >>>>>>> here i attach my packetfence-tunnel file. >>>>>>> >>>>>>> and which port should i use for my access point 1812 or 11812 in >>>>>>> radius configuration for eduroam? >>>>>>> thank you >>>>>>> >>>>>>> On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via >>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >>>>>>> >>>>>>>> Hello Jabang, >>>>>>>> >>>>>>>> can you paste your packetfence-tunnel file ? >>>>>>>> Regards >>>>>>>> >>>>>>>> Fabrice >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit : >>>>>>>> >>>>>>>> my packetfence server version is 8.0.1 and i want to configure >>>>>>>> packetfence as an eduroam server with openldap as user database, >>>>>>>> then i look into documentation eduroam section from packetfence and >>>>>>>> EAP Authentication against OpenLDAP. >>>>>>>> >>>>>>>> when im try to login with my laptop, i always get access reject. >>>>>>>> >>>>>>>> from log i see i can connect with my ldap server, then i see error >>>>>>>> like this >>>>>>>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: Program returned code >>>>>>>> (1) and output 'Reading winbind reply failed! (0xc0000001)' >>>>>>>> (7) Wed May 23 14:32:55 2018: Debug: mschap: External script failed >>>>>>>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: External script says: >>>>>>>> Reading winbind reply failed! (0xc0000001) >>>>>>>> >>>>>>>> is it the root cause why i alwayas get access reject? >>>>>>>> then i check winbindd service is not running, but i cant start >>>>>>>> winbindd service >>>>>>>> (Service 'winbindd' is not managed by PacketFence. Therefore, no >>>>>>>> action will be performed) >>>>>>>> >>>>>>>> attach my radius log. >>>>>>>> please give me some advice. >>>>>>>> thank you >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> Check out the vibrant tech community on one of the world's most >>>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing >>>>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------ >>>>>>>> ------------------ >>>>>>>> Check out the vibrant tech community on one of the world's most >>>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Check out the vibrant tech community on one of the world's most >>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing >>>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>>>>>> www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------ >>>>>>> ------------------ >>>>>>> Check out the vibrant tech community on one of the world's most >>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Check out the vibrant tech community on one of the world's most >>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing >>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>>> -- >>>>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>>>>> www.inverse.ca >>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>>> (http://packetfence.org) >>>>>> >>>>>> >>>>>> ------------------------------------------------------------ >>>>>> ------------------ >>>>>> Check out the vibrant tech community on one of the world's most >>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Check out the vibrant tech community on one of the world's most >>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing >>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> -- >>>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> ------------------------------------------------------------ >>>>> ------------------ >>>>> Check out the vibrant tech community on one of the world's most >>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing >>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>>> -- >>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> ------------------------------------------------------------ >>>> ------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> -- >>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> ------------------------------------------------------------ >>> ------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> >> >> _______________________________________________ >> PacketFence-users mailing >> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> -- >> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
packetfence.log
Description: Binary data
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
