Hello Fabrice, Thanks for the response.
I think they are in nt-format, I have the “ntPassword” on my sandbox ldap server. Is that what you’re referring to? Regards, On Thu, 5 Sep 2019 at 8:38 PM Fabrice Durand via PacketFence-users < [email protected]> wrote: > Hello Patrick, > > you need to store the password in clear text or nthash format. > > Regards > > Fabrice > > > Le 19-09-05 à 03 h 33, Patrick Bituin via PacketFence-users a écrit : > > Hello Team, > > I've followed what the guide says on this link: > https://packetfence.org/doc/PacketFence_Installation_Guide.html#_eap_authentication_against_openldap > > > But apparently, it didn't work for me. I've also followed some of the > previous conversation/tips on > www.mail-archive.com/[email protected] regarding on > the issues and still no luck. > > My equipments are: > Unifi AP AC Pro > Unifi Controller v5.10.26 > Latest Packetfence ZEN > Cisco Switch 2960x > > Ldap server is phpLDAPadmin > > > I also did some testing with Active Directory, and it all went well. Easy > peasy. Is there a way I can make it work with our openldap server? Would > really appreciate your help on this. > > > Here are some of my configs: > /mods-available/ldap > > > ldap { > server = "ldap.cloudstaff.com" > identity = "uid=csldap,dc=cloudstaff,dc=com" > password = 'HDZ+r8BC!4m6Qrk' > password_header = "{ssha}" > password_attribute = userPassword > basedn = "dc=cloudstaff,dc=com" > #filter = "(uid=%{mschap:User-Name})" > filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" > ldap_connections_number = 5 > timeout = 4 > timelimit = 3 > net_timeout = 1 > tls { > } > dictionary_mapping = ${confdir}/ldap.attrmap > edir_account_policy_check = no > > keepalive { > # LDAP_OPT_X_KEEPALIVE_IDLE > idle = 60 > > # LDAP_OPT_X_KEEPALIVE_PROBES > probes = 3 > > # LDAP_OPT_X_KEEPALIVE_INTERVAL > interval = 3 > } > } > > > /conf/radiusd/packetfence-tunnel > > > # -*- text -*- > ###################################################################### > # > # This is a virtual server that handles *only* inner tunnel > # requests for EAP-TTLS and PEAP types. > # > # $Id: c250afa30a78fe9ff7a97b6c9b8a7c3a419a6946 $ > # > ###################################################################### > > server packetfence-tunnel { > > > # Authorization. First preprocess (hints and huntgroups files), > # then realms, and finally look in the "users" file. > # > # The order of the realm modules will determine the order that > # we try to find a matching realm. > # > # Make *sure* that 'preprocess' comes before any realm if you > # need to setup hints for the remote radius server > authorize { > # TTLS does not send an EAP-Message to be parsed so the eap module > # cannot assign the EAP-Type > if ( outer.EAP-Type == TTLS) { > update request { > &EAP-Type := TTLS > } > } > packetfence-set-realm-if-machine > packetfence-set-tenant-id > # > # Take a User-Name, and perform some checks on it, for spaces and > other > # invalid characters. If the User-Name appears invalid, reject > the > # request. > # > # See policy.d/filter for the definition of the filter_username > policy. > # > filter_username > > > # > # If the users are logging in with an MS-CHAP-Challenge > # attribute for authentication, the mschap module will find > # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' > # to the request, which will cause the server to then use > # the mschap module for authentication. > > # Uncomment if you need to reject user who already failed > ntlm_auth (see packetfence-cache-ntlm-hit too) > # packetfence-control-ntlm-failure > > mschap > > # > # If you are using multiple kinds of realms, you probably > # want to set "ignore_null = yes" for all of them. > # Otherwise, when the first style of realm doesn't match, > # the other styles won't be checked. > # > # Note that proxying the inner tunnel authentication means > # that the user MAY use one identity in the outer session > # (e.g. "anonymous", and a different one here > # (e.g. "[email protected]"). The inner session will then be > # proxied elsewhere for authentication. If you are not > # careful, this means that the user can cause you to forward > # the authentication to another RADIUS server, and have the > # accounting logs *not* sent to the other server. This makes > # it difficult to bill people for their network activity. > # > suffix > ntdomain > > %%userPrincipalName%% > > %%multi_domain%% > > %%redis_ntlm_cache_fetch%% > > %%authorize_filter%% > # > # The "suffix" module takes care of stripping the domain > # (e.g. "@example.com") from the User-Name attribute, and the > # next few lines ensure that the request is not proxied. > # > # If you want the inner tunnel request to be proxied, delete > # the next few lines. > # > update control { > &Proxy-To-Realm := LOCAL > } > > # > # This module takes care of EAP-MSCHAPv2 authentication. > # > # It also sets the EAP-Type attribute in the request > # attribute list to the EAP type from the packet. > # > # The example below uses module failover to avoid querying all > # of the following modules if the EAP module returns "ok". > # Therefore, your LDAP and/or SQL servers will not be queried > # for the many packets that go back and forth to set up TTLS > # or PEAP. The load on those servers will therefore be reduced. > # > eap { > ok = return > } > > # > # Read the 'users' file > #files > > # Check if PacketFence local (SQL) authentication is enabled. > # Run the packetfence-local-auth policy if it is. > rewrite_called_station_id > > # Uncomment the following line to enable local PEAP authentication > packetfence-local-auth > > > > # > # The ldap module reads passwords from the LDAP database. > ldap > if (ok){ > update control { > &MS-CHAP-Use-NTLM-Auth := No > } > } > # > # Or if you want to cache the password (ex: Novell eDirectory > using Universal Password) uncomment the following > #update control { > # Cache-Status-Only = 'yes' > #} > #cache_password > #if (notfound) { > # -ldap > #} > #cache_password > > > # > # If no other module has claimed responsibility for > # authentication, then try to use PAP. This allows the > # other modules listed above to add a "known good" password > # to the request, and to do nothing else. The PAP module > # will then see that password, and use it to do PAP > # authentication. > # > # This module should be listed last, so that the other modules > # get a chance to set Auth-Type for themselves. > # > pap > } > > > # Authentication. > # > # > # This section lists which modules are available for authentication. > # Note that it does NOT mean 'try each module in order'. It means > # that a module from the 'authorize' section adds a configuration > # attribute 'Auth-Type := FOO'. That authentication type is then > # used to pick the appropriate module from the list below. > # > > # In general, you SHOULD NOT set the Auth-Type attribute. The server > # will figure it out on its own, and will do the right thing. The > # most common side effect of erroneously setting the Auth-Type > # attribute is that one authentication method will work, but the > # others will not. > # > # The common reasons to set the Auth-Type attribute by hand > # is to either forcibly reject the user, or forcibly accept him. > # > authenticate { > # > # PAP authentication, when a back-end database listed > # in the 'authorize' section supplies a password. The > # password can be clear-text, or encrypted. > Auth-Type PAP { > pap > } > > # > # Most people want CHAP authentication > # A back-end database listed in the 'authorize' section > # MUST supply a CLEAR TEXT password. Encrypted passwords > # won't work. > Auth-Type CHAP { > chap > } > > # > # MSCHAP authentication > Auth-Type MS-CHAP { > packetfence # increment the StatsD counter > # If there is already an NT-Password populated in the > control, we'll try it > # In the event it fails, it will fallback to an ntlm_auth > call below > if(&control:NT-Password && &control:NT-Password != "") { > mschap_local { > reject = 2 > } > if (reject || fail) { > packetfence-mschap-authenticate > } > } > else { > packetfence-mschap-authenticate > } > } > > # Uncomment it if you want to use ldap for authentication > # > # Note that this means "check plain-text password against > # the ldap database", which means that EAP won't work, > # as it does not supply a plain-text password. > # > # We do NOT recommend using this. LDAP servers are databases. > # They are NOT authentication servers. FreeRADIUS is an > # authentication server, and knows what to do with authentication. > # LDAP servers do not. > # > # Auth-Type LDAP { > # ldap > # } > # > # > # Allow EAP authentication. > eap > } > > ###################################################################### > # > # There are no accounting requests inside of EAP-TTLS or PEAP > # tunnels. > # > ###################################################################### > > > # Session database, used for checking Simultaneous-Use. Either the radutmp > # or rlm_sql module can handle this. > # The rlm_sql module is *much* faster > session { > radutmp > > # > # See "Simultaneous Use Checking Queries" in sql.conf > # sql > } > > > # Post-Authentication > # Once we KNOW that the user has been authenticated, there are > # additional steps we can take. > # > # Note that the last packet of the inner-tunnel authentication > # MAY NOT BE the last packet of the outer session. So updating > # the outer reply MIGHT work, and sometimes MIGHT NOT. The > # exact functionality depends on both the inner and outer > # authentication methods. > # > # If you need to send a reply attribute in the outer session, > # the ONLY safe way is to set "use_tunneled_reply = yes", and > # then update the inner-tunnel reply. > post-auth { > packetfence-set-tenant-id > if !( ("%{client:shortname}" =~ /eduroam_tlrs/) || > (&request:PacketFence-SHortName && &request:PacketFence-ShortName =~ > /eduroam_tlrs/)) { > rest > } > update { > &request:User-Password := "******" > } > if (&control:PacketFence-Authorization-Status == "deny") { > packetfence-audit-log-reject > reject > } else { > packetfence-audit-log-accept > } > > # > # Un-comment the following if you have set > # 'edir_account_policy_check = yes' in the ldap module > sub-section of > # the 'modules' section. > # > #ldap > > > > # > # These attributes are for the inner session only. > # They MUST NOT be sent in the outer reply. > # > # If you uncomment the previous block and leave > # this one commented out, WiFi WILL NOT WORK, > # because the client will get two MS-MPPE-keys > # > update outer.session-state { > &MS-MPPE-Encryption-Policy !* ANY > &MS-MPPE-Encryption-Types !* ANY > &MS-MPPE-Send-Key !* ANY > &MS-MPPE-Recv-Key !* ANY > &Message-Authenticator !* ANY > &EAP-Message !* ANY > &Proxy-State !* ANY > } > > # > # Access-Reject packets are sent through the REJECT sub-section > of the > # post-auth section. > # > # Add the ldap module name (or instance) if you have set > # 'edir_account_policy_check = yes' in the ldap module > configuration > # > Post-Auth-Type REJECT { > # Uncomment if you need to limit failed ntlm > authentication (see packetfence-control-ntlm-failure too) > # packetfence-cache-ntlm-hit > packetfence-set-tenant-id > update { > &request:User-Password := "******" > } > packetfence-audit-log-reject > attr_filter.access_reject > > # > # Let the outer session know which module failed, and why. > # > update outer.session-state { > &Module-Failure-Message := > &request:Module-Failure-Message > } > } > } > > # > # When the server decides to proxy a request to a home server, > # the proxied request is first passed through the pre-proxy > # stage. This stage can re-write the request, or decide to > # cancel the proxy. > # > # Only a few modules currently have this method. > # > pre-proxy { > # Uncomment the following line if you want to change attributes > # as defined in the preproxy_users file. > # files > > # Uncomment the following line if you want to filter requests > # sent to remote servers based on the rules defined in the > # 'attrs.pre-proxy' file. > # attr_filter.pre-proxy > > # If you want to have a log of packets proxied to a home > # server, un-comment the following line, and the > # 'detail pre_proxy_log' section, above. > # pre_proxy_log > } > > # > # When the server receives a reply to a request it proxied > # to a home server, the request may be massaged here, in the > # post-proxy stage. > # > post-proxy { > > # If you want to have a log of replies from a home server, > # un-comment the following line, and the 'detail post_proxy_log' > # section, above. > # post_proxy_log > > # Uncomment the following line if you want to filter replies from > # remote proxies based on the rules defined in the 'attrs' file. > # attr_filter.post-proxy > > # > # If you are proxying LEAP, you MUST configure the EAP > # module, and you MUST list it here, in the post-proxy > # stage. > # > # You MUST also use the 'nostrip' option in the 'realm' > # configuration. Otherwise, the User-Name attribute > # in the proxied request will not match the user name > # hidden inside of the EAP packet, and the end server will > # reject the EAP request. > # > eap > } > > } # inner-tunnel server block > > server packetfence-tunnel-fast { > > > # Authorization. First preprocess (hints and huntgroups files), > # then realms, and finally look in the "users" file. > # > # The order of the realm modules will determine the order that > # we try to find a matching realm. > # > # Make *sure* that 'preprocess' comes before any realm if you > # need to setup hints for the remote radius server > authorize { > # > # Take a User-Name, and perform some checks on it, for spaces and > other > # invalid characters. If the User-Name appears invalid, reject > the > # request. > # > # See policy.d/filter for the definition of the filter_username > policy. > # > filter_username > > > # > # If the users are logging in with an MS-CHAP-Challenge > # attribute for authentication, the mschap module will find > # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' > # to the request, which will cause the server to then use > # the mschap module for authentication. > mschap > > # > # If you are using multiple kinds of realms, you probably > # want to set "ignore_null = yes" for all of them. > # Otherwise, when the first style of realm doesn't match, > # the other styles won't be checked. > # > # Note that proxying the inner tunnel authentication means > # that the user MAY use one identity in the outer session > # (e.g. "anonymous", and a different one here > # (e.g. "[email protected]"). The inner session will then be > # proxied elsewhere for authentication. If you are not > # careful, this means that the user can cause you to forward > # the authentication to another RADIUS server, and have the > # accounting logs *not* sent to the other server. This makes > # it difficult to bill people for their network activity. > # > suffix > ntdomain > > %%multi_domain%% > > %%redis_ntlm_cache_fetch%% > > # > # The "suffix" module takes care of stripping the domain > # (e.g. "@example.com") from the User-Name attribute, and the > # next few lines ensure that the request is not proxied. > # > # If you want the inner tunnel request to be proxied, delete > # the next few lines. > # > update control { > &Proxy-To-Realm := LOCAL > } > > # > # This module takes care of EAP-MSCHAPv2 authentication. > # > # It also sets the EAP-Type attribute in the request > # attribute list to the EAP type from the packet. > # > # The example below uses module failover to avoid querying all > # of the following modules if the EAP module returns "ok". > # Therefore, your LDAP and/or SQL servers will not be queried > # for the many packets that go back and forth to set up TTLS > # or PEAP. The load on those servers will therefore be reduced. > # > eap { > ok = return > } > > # > # Read the 'users' file > #files > > # Check if PacketFence local (SQL) authentication is enabled. > # Run the packetfence-local-auth policy if it is. > rewrite_called_station_id > > # Uncomment the following line to enable local PEAP authentication > # packetfence-local-auth > > > > # > # The ldap module reads passwords from the LDAP database. > #-ldap > #if (ok) { > # update control { > # &MS-CHAP-Use-NTLM-Auth := No > #} > # > # Or if you want to cache the password (ex: Novell eDirectory > using Universal Password) uncomment the following > #update control { > # Cache-Status-Only = 'yes' > #} > #cache_password > #if (notfound) { > # -ldap > #} > #cache_password > > > # > # If no other module has claimed responsibility for > # authentication, then try to use PAP. This allows the > # other modules listed above to add a "known good" password > # to the request, and to do nothing else. The PAP module > # will then see that password, and use it to do PAP > # authentication. > # > # This module should be listed last, so that the other modules > # get a chance to set Auth-Type for themselves. > # > pap > } > > > # Authentication. > # > # > # This section lists which modules are available for authentication. > # Note that it does NOT mean 'try each module in order'. It means > # that a module from the 'authorize' section adds a configuration > # attribute 'Auth-Type := FOO'. That authentication type is then > # used to pick the appropriate module from the list below. > # > > # In general, you SHOULD NOT set the Auth-Type attribute. The server > # will figure it out on its own, and will do the right thing. The > # most common side effect of erroneously setting the Auth-Type > # attribute is that one authentication method will work, but the > # others will not. > # > # The common reasons to set the Auth-Type attribute by hand > # is to either forcibly reject the user, or forcibly accept him. > # > authenticate { > # > # PAP authentication, when a back-end database listed > # in the 'authorize' section supplies a password. The > # password can be clear-text, or encrypted. > Auth-Type PAP { > pap > } > > # > # Most people want CHAP authentication > # A back-end database listed in the 'authorize' section > # MUST supply a CLEAR TEXT password. Encrypted passwords > # won't work. > Auth-Type CHAP { > chap > } > > # > # MSCHAP authentication > Auth-Type MS-CHAP { > packetfence # increment the StatsD counter > packetfence-mschap-authenticate > } > > # Uncomment it if you want to use ldap for authentication > # > # Note that this means "check plain-text password against > # the ldap database", which means that EAP won't work, > # as it does not supply a plain-text password. > # > # We do NOT recommend using this. LDAP servers are databases. > # They are NOT authentication servers. FreeRADIUS is an > # authentication server, and knows what to do with authentication. > # LDAP servers do not. > # > # Auth-Type LDAP { > # ldap > # } > > # > # Allow EAP authentication. > eap > } > > ###################################################################### > # > # There are no accounting requests inside of EAP-TTLS or PEAP > # tunnels. > # > ###################################################################### > > > # Session database, used for checking Simultaneous-Use. Either the radutmp > # or rlm_sql module can handle this. > # The rlm_sql module is *much* faster > session { > radutmp > > # > # See "Simultaneous Use Checking Queries" in sql.conf > # sql > } > > > # Post-Authentication > # Once we KNOW that the user has been authenticated, there are > # additional steps we can take. > # > # Note that the last packet of the inner-tunnel authentication > # MAY NOT BE the last packet of the outer session. So updating > # the outer reply MIGHT work, and sometimes MIGHT NOT. The > # exact functionality depends on both the inner and outer > # authentication methods. > # > # If you need to send a reply attribute in the outer session, > # the ONLY safe way is to set "use_tunneled_reply = yes", and > # then update the inner-tunnel reply. > post-auth { > packetfence-set-tenant-id > rest > update { > &request:User-Password := "******" > } > if (&control:PacketFence-Authorization-Status == "deny") { > packetfence-audit-log-reject > reject > } else { > packetfence-audit-log-accept > } > > # > # Un-comment the following if you have set > # 'edir_account_policy_check = yes' in the ldap module > sub-section of > # the 'modules' section. > # > #ldap > > > > # > # These attributes are for the inner session only. > # They MUST NOT be sent in the outer reply. > # > # If you uncomment the previous block and leave > # this one commented out, WiFi WILL NOT WORK, > # because the client will get two MS-MPPE-keys > # > update outer.session-state { > &MS-MPPE-Encryption-Policy !* ANY > &MS-MPPE-Encryption-Types !* ANY > &MS-MPPE-Send-Key !* ANY > &MS-MPPE-Recv-Key !* ANY > &Message-Authenticator !* ANY > &EAP-Message !* ANY > &Proxy-State !* ANY > } > > # > # Access-Reject packets are sent through the REJECT sub-section > of the > # post-auth section. > # > # Add the ldap module name (or instance) if you have set > # 'edir_account_policy_check = yes' in the ldap module > configuration > # > Post-Auth-Type REJECT { > packetfence-set-tenant-id > update { > &request:User-Password := "******" > } > packetfence-audit-log-reject > attr_filter.access_reject > > # > # Let the outer session know which module failed, and why. > # > update outer.session-state { > &Module-Failure-Message := > &request:Module-Failure-Message > } > } > } > > # > # When the server decides to proxy a request to a home server, > # the proxied request is first passed through the pre-proxy > # stage. This stage can re-write the request, or decide to > # cancel the proxy. > # > # Only a few modules currently have this method. > # > pre-proxy { > # Uncomment the following line if you want to change attributes > # as defined in the preproxy_users file. > # files > > # Uncomment the following line if you want to filter requests > # sent to remote servers based on the rules defined in the > # 'attrs.pre-proxy' file. > # attr_filter.pre-proxy > > # If you want to have a log of packets proxied to a home > # server, un-comment the following line, and the > # 'detail pre_proxy_log' section, above. > # pre_proxy_log > } > > # > # When the server receives a reply to a request it proxied > # to a home server, the request may be massaged here, in the > # post-proxy stage. > # > post-proxy { > > # If you want to have a log of replies from a home server, > # un-comment the following line, and the 'detail post_proxy_log' > # section, above. > # post_proxy_log > > # Uncomment the following line if you want to filter replies from > # remote proxies based on the rules defined in the 'attrs' file. > # attr_filter.post-proxy > > # > # If you are proxying LEAP, you MUST configure the EAP > # module, and you MUST list it here, in the post-proxy > # stage. > # > # You MUST also use the 'nostrip' option in the 'realm' > # configuration. Otherwise, the User-Name attribute > # in the proxied request will not match the user name > # hidden inside of the EAP packet, and the end server will > # reject the EAP request. > # > eap > } > > } # inner-tunnel server block > > > Error Logs: > *radius.log* > > Sep 4 01:52:04 PacketFence-ZEN auth[1620]: Need 7 more connections to > reach 10 spares > Sep 4 01:52:04 PacketFence-ZEN auth[1620]: rlm_sql (sql): Opening > additional connection (7), 1 of 61 pending slots used > Sep 4 01:52:04 PacketFence-ZEN auth[1620]: Need 3 more connections to > reach min connections (5) > Sep 4 01:52:04 PacketFence-ZEN auth[1620]: rlm_ldap (ldap): Opening > additional connection (7), 1 of 8 pending slots used > Sep 4 01:52:05 PacketFence-ZEN auth[1620]: (72) mschap: ERROR: Program > returned code (1) and output 'Reading winbind reply failed! (0xc0000001)' > Sep 4 01:52:05 PacketFence-ZEN auth[1620]: Need 6 more connections to > reach 10 spares > Sep 4 01:52:05 PacketFence-ZEN auth[1620]: rlm_sql (sql): Opening > additional connection (8), 1 of 60 pending slots used > Sep 4 01:52:05 PacketFence-ZEN auth[1620]: (72) Login incorrect > (mschap: Program returned code (1) and output 'Reading winbind reply > failed! (0xc0000001)'): [patrickb] (from client 10.4.200.52 port 0 cli > 88:6b:6e:37:63:07 via TLS tunnel) > Sep 4 01:52:05 PacketFence-ZEN auth[1620]: [mac:88:6b:6e:37:63:07] > Rejected user: patrickb > Sep 4 01:52:05 PacketFence-ZEN auth[1620]: (73) Login incorrect > (eap_peap: The users session was previously rejected: returning reject > (again.)): [patrickb] (from client 10.4.200.52 port 0 cli 88:6b:6e:37:63:07) > > *unifi ap logs* > > Thu Sep 5 15:30:44 2019 daemon.info hostapd: ath4: STA fe:ec:da:f8:18:87 > DRIVER: Sead AUTH addr=88:6b:6e:37:63:07 status_code=0 > Thu Sep 5 15:30:44 2019 daemon.info hostapd: ath4: STA 88:6b:6e:37:63:07 > IEEE 802.11: associated > Thu Sep 5 15:30:44 2019 user.info libubnt[26089]: wevent[26089]: > wevent.ubnt_custom_event(): EVENT_STA_JOIN ath4: 88:6b:6e:37:63:07 / 1 > Thu Sep 5 15:30:44 2019 kern.warn kernel: [531998.408007] > ieee80211_ioctl_set_ratelimit: node with aid 1 and mac 88:6b:6e:37:63:07 > has been tagged non rate-limiting > Thu Sep 5 15:30:44 2019 kern.warn kernel: [531998.817154] [wifi1] FWLOG: > [7904215] RATE: ChainMask 3, phymode 1044489, ni_flags 0x02233006, > vht_mcs_set 0xfffa, ht_mcs_set 0xffff, legacy_rate_set 0xffc0401 > Thu Sep 5 15:30:45 2019 daemon.warn hostapd: ath4: STA 88:6b:6e:37:63:07 > IEEE 802.1X: authentication failed - EAP type: 25 (PEAP) > Thu Sep 5 15:30:45 2019 user.info libubnt[26089]: wevent[26089]: > wevent.ubnt_custom_event(): EVENT_STA_LEAVE ath4: 88:6b:6e:37:63:07 / 1 > Thu Sep 5 15:30:45 2019 kern.warn kernel: [531999.817245] [wifi1] FWLOG: > [7905564] WAL_DBGID_SET_HW_FILTER ( 0x4380c4 ) > Thu Sep 5 15:30:50 2019 daemon.info hostapd: ath4: STA 88:6b:6e:37:63:07 > IEEE 802.11: deauthenticated due to local deauth request > Thu Sep 5 15:30:54 2019 user.info : stahtd[26090]: > [STA-TRACKER].stahtd_dump_event(): > {"assoc_delta":"10000","mac":"88:6b:6e:37:63:07","event_type":"failure","message_type":"STA_ASSOC_TRACKER","vap":"ath4","radius_auth_status":"failure","wpa_auth_failures":"1","assoc_status":"0","radius_auth_delta":"1310000","auth_delta":"0","event_id":"2","auth_ts":"531998.307935"} > > > > Also, is radius vlan also possible on open network with Unifi? thank you > so much! > > -- > > Patrick Bituin > > Network Security Team > > PH: +639062012879 > > LinkedIn: View my profile > <http://www.linkedin.com/in/patrick-bituin-1670b4115/> > > Skype: patrickb > > www.cloudstaff.com > > [email protected] <[email protected]?subject=Hello!> > > <https://www.cloudstaff.com/> > <http://www.linkedin.com/company/2271585?trk=tyah> > <https://www.facebook.com/pages/Cloudstaff/482248108531645> > <https://www.google.com/+CloudstaffIncAngeles> > <https://twitter.com/Cloud_Staff> > <https://www.youtube.com/channel/UCye5np9S2NaP_9UHpbEBnfA> > > The information contained in this email and any attachments may be > confidential. This email and any attachments are also subject to copyright. > No part of them may be reproduced, adapted or transmitted without the > written permission of the copyright owner. If you are not the intended > recipient, any use, interference with, disclosure or copying of this > information is unauthorised and prohibited. If you have received this email > in error, please immediately advise the sender by return email and delete > the message from your system. Email communications may be stored for > archival purposes. > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Patrick Bituin Network Security Team PH: +639062012879 LinkedIn: View my profile <http://www.linkedin.com/in/patrick-bituin-1670b4115/> Skype: patrickb www.cloudstaff.com [email protected] <[email protected]?subject=Hello!> <https://www.cloudstaff.com/> <http://www.linkedin.com/company/2271585?trk=tyah> <https://www.facebook.com/pages/Cloudstaff/482248108531645> <https://www.google.com/+CloudstaffIncAngeles> <https://twitter.com/Cloud_Staff> <https://www.youtube.com/channel/UCye5np9S2NaP_9UHpbEBnfA> The information contained in this email and any attachments may be confidential. This email and any attachments are also subject to copyright. No part of them may be reproduced, adapted or transmitted without the written permission of the copyright owner. If you are not the intended recipient, any use, interference with, disclosure or copying of this information is unauthorised and prohibited. If you have received this email in error, please immediately advise the sender by return email and delete the message from your system. Email communications may be stored for archival purposes.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
