Hello Durand fabrice,
i added to both file eduroam and packetfence tunnel and it work now.
thanks for your help.
i will go to next project external captive portal packetfence with ruckus
integration.
On Mon, Jun 25, 2018 at 6:51 PM, Durand fabrice via PacketFence-users <
[email protected]> wrote:
> Hello Jabang,
>
> instead of conf/radiusd/eduroam , do it in https://github.com/inverse-
> inc/packetfence/blob/devel/conf/radiusd/packetfence-tunnel.example#L257
> You can see in the trace that the request is sent to packetfence-tunnel,
> so you need to bypass the rest module if the request is coming from the
> eduroam server.
>
> Let me know if it works now.
>
> Regards
> Fabrice
>
>
> Le 2018-06-24 à 23:48, jabang konate via PacketFence-users a écrit :
>
> hello durand.
>
> 203.100.23.60, yes that ip address is my flr eduroam server.
>
> after define my flr eduroam server in file /usr/local/pf/raddb/client.conf
> like this:
> client eduroam_flr_server_1 {
> ipaddr = 203.100.23.60
> shortname = eduroam_tlrs1
> secret = {secret}
> virtual_server = eduroam
> }
>
> and add
>
> if ( "%{client:shortname}" !~ /eduroam_tlrs/ ) {
> rest
> }
>
> in conf/radiusd/eduroam.
>
> im still unable to connect, the error still same.
> (513) Thu Jun 21 14:52:47 2018: ERROR: rest: {"control:PacketFence-
> Authorization-Status":"allow","Reply-Message":"Switch is not managed by
> PacketFence","control:PacketFence-Request-Time":1529567567}.
>
> attch my eduroam log and eduroam configuration.
>
>
> On Sat, Jun 23, 2018 at 9:32 PM, Durand fabrice via PacketFence-users <
> [email protected]> wrote:
>
>> Hello Jabang,
>>
>> Does 203.100.23.60 is the eduroam server ?
>>
>> did you defined 203.100.23.60 as a client in freeradius ?
>>
>> Like this :
>>
>> client eduroam_flr_server_1 {
>> ipaddr = 203.100.23.60
>> secret = <secret>
>> nastype = 'eduroam_flr'
>> }
>>
>> If yes then you will need to do a little bit of unlang to bypass
>> packetfence when the request is coming from the eduroam server.
>>
>> The idea is to define the client like this:
>>
>>
>> client eduroam_flr_server_1 {
>> ipaddr = 203.100.23.60
>> shortname = eduroam_tlrs1
>> secret = <secret>
>> virtual_server = eduroam
>> }
>>
>> Then in https://github.com/inverse-inc/packetfence/blob/devel/conf/
>> radiusd/eduroam.example#L335 (conf/radiusd/eduroam in your setup)
>>
>> if ( "%{client:shortname}" !~ /eduroam_tlrs/ ) {
>> rest
>> }
>> #rest
>>
>> So when a request will come from the eduroam server then the request will
>> use the eduroam virtual server and in unlang if the request is from eduroam
>> then bypass rest (packetfence).
>>
>> Btw it should be something integrated to PacketFence by default.
>>
>> Regards
>> Fabrice
>>
>>
>>
>>
>> Le 2018-06-22 à 04:17, jabang konate via PacketFence-users a écrit :
>>
>> hi all
>>
>> i try to configure packetfence act as eduroam server.
>> i have problem, all my local user or realm can't connect from other
>> university.
>> after debugging i realize all radius request from other university access
>> point is rejected, i see this log in freeradius.
>>
>>
>> ERROR: rest:
>> {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch
>> is not managed by PacketFence","control:PacketFe
>> nce-Request-Time":1529567567}
>>
>> after that i try to add some access point to packetfence switch
>> configuration, and then i can connect.
>>
>> do i need add all access point in eduroam federation? or i miss
>> configuration in eduroam integration with packetfence.
>>
>> attach my radius-eduroam log file.
>>
>> thanks.
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
