Hello Will,
yes but it's not yet available in packetfence 8.2.
If you want to test you can use the following PR
https://github.com/inverse-inc/packetfence/pull/3429 :
cd /usr/local/pf
curl
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3429.diff
| patch -p1 --dry-run
If no error:
curl
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3429.diff
| patch -p1
cp conf/radiusd/ldap_packetfence.conf.example
conf/radiusd/ldap_packetfence.conf
cp conf/radiusd/packetfence-tunnel.example conf/radiusd/packetfence-tunnel
bin/pfcmd pfconfig clear_backend
bin/pfcmd configreload hard
bin/pfcmd service pf restart
After that, check in the admin gui in the realm configuration and select
the ldap source to use to resolve the samaccountname attribute, then
edit the ldap authentication source to select the username attribute to
resolve the samaccountname (userPrincipalName)
So the logic will be the following, you will use the userPrincipalName
attribute to authenticate (w.hals...@farn-ct.ac.uk ) then freeradius
will do a ldap search to find the samaccountname based on the
userprincipalname=w.hals...@farn-ct.ac.uk and do a ntlm_auth with the
result of the search.
The last thing will be to use an ldap source (clone the previous one if
needed) and use userPrincipalName as the user attribute to create some
rules (role/access duration)
Regards
Fabrice
Le 18-11-19 à 09 h 03, Will Halsall via PacketFence-users a écrit :
Hi Fabrice,
Thankyou yes that now works if I use the
<sAMAccountName>@farn-ct.ac.uk <mailto:samaccountn...@farn-ct.ac.uk>
Can I modify this to use the userPrincipalName (mail address)
w.hals...@farn-ct.ac.uk <mailto:w.hals...@farn-ct.ac.uk> by either
using ldap or using ldap with a filter to retrieve the sAMAccountName
Thanks
Will H
*From:*Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>
*Sent:* 14 November 2018 20:08
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand <fdur...@inverse.ca>
*Subject:* Re: [PacketFence-users] Eduroam local login
Hello Will,
i think it's because the username is not stripped on the ntlm_auth call.
Can you strip it in the farn-ct-ac-uk realm config ?
It's like that right now:
realm farn-ct.ac.uk {
nostrip
}
Regards
Fabrice
Le 18-11-14 à 11 h 34, Will Halsall via PacketFence-users a écrit :
Hi Folks
I have configured a Eduroam Exclusive Source and the access point
but am able to login a local user. I have included the radius
eduroam debug logs. Would it be possible for someone to have a
look to see if they can spot what I am doing wrong
Thanks
Will Halsall
<https://www.farn-ct.ac.uk/about/Events>
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential
information.
If it has come to you in error, please contact the sender as soon
as possible,
and note that you must take no action based on the content, nor
must you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails
sent and
received, but will not do so routinely.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
