Hello,
in fact it work but you need to define another radius port for that and
in the switch config it's not possible.
So yes Murilo is true, you need to wait for the 8.3 release where you
will be able to configure PacketFence as a proxy to the eduroam radius
server.
Regards
Fabrice
Le 18-11-30 à 14 h 01, Murilo Calegari via PacketFence-users a écrit :
Hi, Peter,
I think eduroam as a Radius source isn't working yet, just as a Login
source (via portal). There's an open pull request at Github which adds
supports for Radius proxy and, I hope so, Eduroam login via RADIUS.
Regards,
Murilo
Em sex, 30 de nov de 2018 13:53, Peter Eriksson via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> escreveu:
I’ve been using eduroam (among a couple of other sources) as a
system to authenticate users when connecting to our switches with
PacketFence for a couple of years now using an older version of PF.
Now I’m in the process of upgrading to the latest and greatest
version (8.2) and thought I’d do things the “official” way (as
much as is possible). One confusing thing is how to set up eduroam
with the PF servers…
If one does a google search for “packetfence eduroam” the first
result is a FAQ entry:
https://packetfence.org/support/faq/packetfence-and-eduroam.html
However I’m not sure how much the information in that text still
is valid…?
Anyway, I tried to add an “Exclusive” Authentication Source for
Eduroam via the web GUI but it doesn’t seem to get used when a
computer configured for 802.1x authentication connects to a Switch
configured for the same.
(I can see the RADIUS request reaching the Packetfence server, but
no outgoing RADIUS request to the eduroam servers seems to happen)
so I’m guessing this is not the right way to do it.
‘authentication.conf’ parts:
[liu-eduroam]
description=LiU Eduroam RADIUS Servers
type=Eduroam
server1_address=IPADDRESS2
server1_port=1812
server2_address=IPADDRESS1
server2_port=1812
radius_secret=SUPERDUPERSECRET
auth_listening_port=11812
monitor=1
reject_realm=
local_realm=
set_access_level_action=
[liu-eduroam rule liu_staff]
description=LiU Staff
class=authentication
condition0=username,ends,@liu.se <http://liu.se>
action0=set_role=liu-employee-user
action1=set_access_duration=1D
[liu-eduroam rule liu_students]
description=LiU Students
class=authentication
condition0=username,matches regexp,^[a-z]+[0-9][0-9][0-9]@liu\.se$
condition1=username,matches
regexp,^[a-z]+[0-9][0-9][0-9]@student\.liu\.se$
action0=set_role=liu-student-user
action1=set_access_duration=12h
The raddb/proxy.conf.inc file generated looks like it contains the
eduroam server parts, but (compared to the text in the FAQ) the
“realm DEFAULT” part is empty. Perhaps an “auth_pool =
eduroam_auth_pool” needs to be added somehow? (And perhaps more)?
Any suggestions?
- Peter
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
