Hello Jordan,
yes you can do that on the captive portal.
You just need to create a connection profile with a rule that match per
example the ssid and assign it the authentication source you want to use
(in first position the student one and the in 2nd position the staff one).
The other option should be to do EAP-TTLS/PAP for the student and
configure Freeradius to talk to G suite via ldap. (I don't have a G
suite account so i can't test but it should work).
Regards
Fabrice
Le 19-10-11 à 22 h 11, Jordan Dare a écrit :
Hi Durand,
Thanks for your reply.
Is it possible to have it check the student source first, then if it
fails go to AD? or something like that? G Suite doesn't normally do
802.1x, but they have an LDAP server you can authenticate against
which is what I'm trying to do.
Thanks!
On Fri, Oct 11, 2019 at 5:45 PM Durand fabrice via PacketFence-users
<[email protected]> wrote:
Hello Jordan,
the error message is related to ntlm, so it mean that it try to
authenticate the student account on the AD.
When it fail in freeradius then the radius request doesn't reach the
packetfence code to test the authentication sources with the rules.
So you need to find a way to authenticate your student with 802.1x and
is it possible to do 802.1x with G suite ?
Regards
Fabrice
Le 19-10-03 à 16 h 23, Jordan Dare via PacketFence-users a écrit :
Hi all,
I'm having issues getting a wireless profile to use the secondary LDAP
source instead of the Active Directory source when authentication
fails.
What I have is our internal AD server that has all staff accounts,
etc. And an stunnel proxy to G-Suite LDAP which contains our student
accounts.
What I want to happen is if authentication fails for the first Active
Directory source, it then tries the stunnel G Suite LDAP, however it
seems to hit the AD source, get a "authentication failed", and then
stop there.
Here's what the "RADIUS" tab on the failed authentication shows:
Module-Failure-Message = "chrooted_mschap: Program returned code (1)
and output 'The attempted logon is invalid. This is either due to a
bad username or authentication information. (0xc000006d)'"
Module-Failure-Message = "chrooted_mschap: External script says: The
attempted logon is invalid. This is either due to a bad username or
authentication information. (0xc000006d)"
Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect"
User-Password = "******"
Module-Failure-Message = "Failed retrieving values required to
evaluate condition"
Thanks.
--
Jordan Dare
Information Technology Specialist
Morgan Hill Unified School District
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
