Re: [PacketFence-users] FortiGate External portal issue

Wed, 20 Jan 2021 04:53:17 -0800 

Hello Cristian,

Probably because the Fortigate is not sending all the normal radius attributes.

Could you show the radius request sent by the Fortigate?

Thanks,

Ludovic Zammit
[email protected] <mailto:[email protected]> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) 
and PacketFence (http://packetfence.org <http://packetfence.org/>) 




> On Dec 2, 2020, at 6:24 AM, Cristian Mammoli via PacketFence-users 
> <[email protected]> wrote:
> 
> Hi, following this post 
> https://www.mail-archive.com/[email protected]/msg15338.html
>  
> <https://www.mail-archive.com/[email protected]/msg15338.html>
>  I managed to get it (almost) working
> The final missing piece is the fact that when the Firewall tries to 
> autheticate the device using the username/password provided by post is sets
> NAS-Port-Type => Virtual
> This confuses packetfence which thinks this is a CLI connection and REJECTS it
> 
> Commenting out this section ./pf/Connection.pm
>         if ($nas_port_type =~ /^virtual/i) {
>             $self->transport("Virtual");
>             $self->isCLI($TRUE);
>         }
> 
> The type falls back to Wired and Packetfence accepts the credentials
> 
> How can I rewrite/suppress/ignore the Nas-Port-Type attribute or force the 
> connection type to not be considered CLI?
> -- 
> Cristian Mammoli 
> Network and Computer Systems Administrator
> 
> T. +39 0731719822 
> www.apra.it <https://www.apra.it/>
> <jkkjgfdpbcnhgnfi.png>
>  <https://www.apra.it/>
> <ehlhicjclnjclamk.png>
> 
> Avviso sulla tutela di informazioni riservate. Questo messaggio รจ stato 
> spedito da Apra spa o da una delle aziende del Gruppo. Esso e gli eventuali 
> allegati, potrebbero contenere informazioni di carattere estremamente 
> riservato e confidenziale. Qualora non foste i destinatari designati, 
> vogliate cortesemente informarci immediatamente con lo stesso mezzo ed 
> eliminare il messaggio e i relativi eventuali allegati, senza trattenerne 
> copia.
> 
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to