Hello Anne, When you are connecting from another University / Eduroam SSID, the incoming connection would come from the Eduroam servers so, you will need to have a public IP address that sent out the radius authentication to your PF on port 1812 and not 11812.
Local SSID radius -> 11812 Eduroam online servers -> Public IP:1812 -> PacketFence management:1812 Create a connection profile with a realm eduroam. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jan 25, 2023, at 8:10 AM, Anne Dijkstra <ab.dijks...@noorderpoort.nl> > wrote: > > Hi Ludovic, > > Thanks, that was the trick 🙂 I accidentally configured the internal eduroam > source instead of the exclusive source haha. > > I have only 1 issue for now: > The domain is ubboemmius.net <http://ubboemmius.net/>, and is configured in > the realm default. This realm is added to the eduroam ' exclusive source'. > That means when I connecting to eduroam as an AD user (local user), they use > the default realm. That is working for now. > > But when I connecting with an account from an other organization to our > eduroam SSID, the logging has error with reason 'chrooted_mschap: Program > returned code (1) and output 'The attempted logon is invalid. This is either > due to a bad username or authentication information. (0xc000006d)' > It looks like the Radius request does not proxy to eduroam. > The name of the SSID is "UE-eduroam" because It's a test SSID and when I set > the name of the SSID to 'eduroam' everyone is connecting ;p > > This is the log: > > <image.png> > > This is the eduroam connection profile: > > <image.png> > > And this is the exclusive authentication source: > <image.png> > > > So: > > AD user on our eduroam: Works > AD user @ another school: Works > User from another school on our eduroam: Not working > > > Any ideas? 🙂 > > Met vriendelijke groet, > > > > Anne Dijkstra > > > Noorderpoort > Dienst Facilities > Postbus 169 > 9700 AD Groningen > Muntinglaan 3 > 9727 JT Groningen > > T > +31 88 230 9204 > E > ab.dijks...@noorderpoort.nl <mailto:ab.dijks...@noorderpoort.nl> > I > www.noorderpoort.nl > <https://urldefense.com/v3/__http://www.noorderpoort.nl/__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4qCg02EAw$> > Van: Zammit, Ludovic > Verzonden: Dinsdag, 24 Januari, 2023 18:06 > Aan: PacketFence-users > CC: Tomasz Karczewski; Anne Dijkstra > Onderwerp: Re: [PacketFence-users] Eduroam port 11812 not working > > Hello Anne, > > Make sure you configured the Eduroam source in PF and attached it to a > connection profile. > > https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_eduroam > <https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_eduroam> > > Don’t to forget to restart radiusd so all services would be there to listen > on 11812 > > /usr/local/pf/bin/pfcmd service radiusd restart > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal Lead > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4p5DPzTNg$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4okj8h1XA$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4qYyJ5wig$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4qUX-LREw$> > >> On Jan 24, 2023, at 7:08 AM, Anne Dijkstra via PacketFence-users >> <packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >> >> Hi Tomasz, >> >> Thank you for your reply. >> Now the eduroam ext source is configured with port 11812 and I set port >> 11812 in our WiFi controller. >> But as I mentioned in my previous e-mail, when I make an authentication >> request from the WiFi controller to Packetfence on port 11812, it does >> nothing. The WiFi controller has error "Connection time out". >> When I start TCPdump on the Packetfence server I only see incoming packets >> from the WiFi controller, but no reply. >> So it looks like Packetfence does not reply on port 11812. >> >> Thank you! >> >> Met vriendelijke groet, >> >> >> Anne Dijkstra >> >> Van: puz...@man.olsztyn.pl <mailto:puz...@man.olsztyn.pl> namens Tomasz >> Karczewski >> Verzonden: Dinsdag, 24 Januari, 2023 08:55 >> Aan: packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net> >> CC: Anne Dijkstra >> Onderwerp: RE: [*Suspicious Email*] [PacketFence-users] Eduroam port 11812 >> not working >> >> 1812 is for external eduroam servers. >> 11812 is for network devices (NAS). >> >> Tomasz Karczewski >> Administrator Sieci >> >> >> >> tkarczew...@man.olsztyn.pl <mailto:tkarczew...@man.olsztyn.pl> >> http://www.man.olsztyn.pl >> <https://urldefense.com/v3/__http://www.man.olsztyn.pl/__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4q3nNcg5w$> >> http://www.uwm.edu.pl >> <https://urldefense.com/v3/__http://www.uwm.edu.pl/__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4qIGxbRPw$> >> tel. (89) 523 45 55 fax. (89) 523 43 47 >> >> Ośrodek Eksploatacji i Zarządzania >> Miejską Siecią Komputerową OLMAN w Olsztynie >> Uniwersytet Warmińsko-Mazurski w Olsztynie >> >> From: Anne Dijkstra via PacketFence-users >> <packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net>> >> Sent: Saturday, January 21, 2023 5:54 PM >> To: packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net> >> Cc: Anne Dijkstra <ab.dijks...@noorderpoort.nl >> <mailto:ab.dijks...@noorderpoort.nl>> >> Subject: [*Suspicious Email*] [PacketFence-users] Eduroam port 11812 not >> working >> >> Good evening everyone, >> >> We are replacing our Microsoft NPS Servers with Packetfence. All is working >> :) but we are running into a problem with eduroam. >> I followed the manual exactly. So I created a internal source (the eduroam >> servers), an external source and connection profiles. >> If I understand correctly, I must use port 11812 for the eduroam external >> source and add Packetfence radius server IP with port 11812 to the WiFi >> controller. >> But when I make an authentication request from the WiFi controller to >> Packetfence on port 11812, it does nothing. The WiFi controller has error >> "Connection time out". >> When I start TCPdump on the Packetfence server I only see incoming packets >> from the WiFi controller, but no reply. >> Moreover, the incoming eduroam packets from the world to our environment is >> working (So an employee or student on an eduroam location that is not ours). >> >> I hope you can help me! >> Thanks for your replies. >> >> >> Regards, >> >> Anne Dijkstra >> >> >> Noorderpoort aanvaardt geen aansprakelijkheid voor de inhoud en aan deze >> mail kunnen geen rechten worden ontleend. >> Noorderpoort aanvaardt geen aansprakelijkheid voor de inhoud en aan deze >> mail kunnen geen rechten worden >> ontleend._______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> <mailto:PacketFence-users@lists.sourceforge.net> >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!QVpMY9H-dxt4-zlpId-d2QNnHRX_0srCBCQkb6B47hAy-646c7BL1hWNHzqZXCdk5CehMznfZnTgta5woLG7TXWWCMBMsGAMFytwdw$ >> >> <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!QVpMY9H-dxt4-zlpId-d2QNnHRX_0srCBCQkb6B47hAy-646c7BL1hWNHzqZXCdk5CehMznfZnTgta5woLG7TXWWCMBMsGAMFytwdw$> >> > > Noorderpoort aanvaardt geen aansprakelijkheid voor de inhoud en aan deze mail > kunnen geen rechten worden ontleend.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
