Re: [PacketFence-users] packetfence+eduroam can't connect from other university.

[Durand fabrice via PacketFence-users]

Hello Jabang,

instead of conf/radiusd/eduroam , do it in 
https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/packetfence-tunnel.example#L257

You can see in the trace that the request is sent to packetfence-tunnel, 
so you need to bypass the rest module if the request is coming from the 
eduroam server.

Let me know if it works now.

Regards
Fabrice

Le 2018-06-24 à 23:48, jabang konate via PacketFence-users a écrit :
hello durand.

203.100.23.60, yes that ip address  is my flr eduroam server.

after define my flr eduroam server in file 
/usr/local/pf/raddb/client.conf like this:
client eduroam_flr_server_1 {
        ipaddr = 203.100.23.60
        shortname = eduroam_tlrs1
        secret = {secret}
        virtual_server = eduroam
}

and add

if ( "%{client:shortname}" !~ /eduroam_tlrs/ ) {
    rest
}

in conf/radiusd/eduroam.

im still unable to connect, the error still same.
(513) Thu Jun 21 14:52:47 2018: ERROR: rest: 
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch 
is not managed by 
PacketFence","control:PacketFence-Request-Time":1529567567}.

attch my eduroam log and eduroam configuration.


On Sat, Jun 23, 2018 at 9:32 PM, Durand fabrice via PacketFence-users 
<packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net>> wrote:

    Hello Jabang,

    Does 203.100.23.60 is the eduroam server ?

    did you defined 203.100.23.60 as a client in freeradius ?

    Like this :

    client eduroam_flr_server_1 {
            ipaddr = 203.100.23.60
            secret = <secret>
        nastype = 'eduroam_flr'
    }


    If yes then you will need to do a little bit of unlang to bypass
    packetfence when the request is coming from the eduroam server.

    The idea is to define the client like this:


    client eduroam_flr_server_1 {
            ipaddr = 203.100.23.60
            shortname = eduroam_tlrs1
            secret = <secret>
            virtual_server = eduroam
    }

    Then in
    
https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/eduroam.example#L335
    
<https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/eduroam.example#L335>
    (conf/radiusd/eduroam in your setup)

    if ( "%{client:shortname}" !~ /eduroam_tlrs/ ) {
        rest
    }
    #rest

    So when a request will come from the eduroam server then the
    request will use the eduroam virtual server and in unlang if the
    request is from eduroam then bypass rest (packetfence).

    Btw it should be something integrated to PacketFence by default.

    Regards
    Fabrice




    Le 2018-06-22 à 04:17, jabang konate via PacketFence-users a écrit :
    hi all

    i try to configure packetfence act as eduroam server.
    i have problem, all my local user or realm can't connect from
    other university.
    after debugging i realize all radius request from other
    university access point is rejected, i see this log in freeradius.


    ERROR: rest:
    {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch
    is not managed by
    PacketFence","control:PacketFence-Request-Time":1529567567}

    after that i try to add some access point to packetfence switch
    configuration, and then i can connect.

    do i need add all access point in eduroam federation? or i miss 
    configuration in eduroam integration with packetfence.

    attach my radius-eduroam log file.

    thanks.


    
------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org!http://sdm.link/slashdot


    _______________________________________________
    PacketFence-users mailing list
    PacketFence-users@lists.sourceforge.net
    <mailto:PacketFence-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users
    <https://lists.sourceforge.net/lists/listinfo/packetfence-users>


    
------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org! http://sdm.link/slashdot
    _______________________________________________
    PacketFence-users mailing list
    PacketFence-users@lists.sourceforge.net
    <mailto:PacketFence-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users
    <https://lists.sourceforge.net/lists/listinfo/packetfence-users>




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users