Re: [PacketFence-users] EAP-TTLS showing as connection type "Wireless-802.11-NoEAP"

2017-08-23 Thread Matt Munro via PacketFence-users 
Hi Louis,

Patch did the trick :)

Regards
Matt

On Wed, Aug 23, 2017 at 2:58 AM, Louis Munro  wrote:

> Hi Matt,
> Can you try this patch please?
>
> https://github.com/louismunro/packetfence/commit/
> 9231fb76249289cfcfbe2db25524e2d4206fd001.diff
>
> Apply it like this:
>
> # cd /usr/local/pf
> # wget -Ofix.patch https://github.com/louismunro/packetfence/commit/
> 9231fb76249289cfcfbe2db25524e2d4206fd001.diff
> # patch -p1 < fix.patch
> # cp conf/radiusd/packetfence-tunnel{.example,}
> # systemctl restart packetfence-radiusd-auth
>
>
> The issue seems to stem from a missing EAP-Type attribute inside the TLS
> tunnel when using TTLS.
> Please let us know if that helps.
>
> Regards,
> --
> Louis Munro
> lmu...@inverse.ca  ::  www.inverse.ca
> +1.514.447.4918 x125 <(514)%20447-4918>  :: +1 (866) 353-6153 x125
> <(866)%20353-6153>
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On Aug 22, 2017, at 01:45, Matt Munro via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hi Fabrice,
>
> I've attached the results of raddebug, only modified to remove the
> password.
>
> Thanks
>
> [image: Sacred Heart College]
> Matt Munro
> Network Administrator
> Brighton Road, Somerton Park SA 5044
> t: (08) 83502711
> e: mattmu...@shc.sa.edu.au
> www.shc.sa.edu.au
> CRICOS Provider No. 00626K
>
> On Tue, Aug 22, 2017 at 9:53 AM, Durand fabrice via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Matt,
>>
>> can you provide the result of raddebug -f var/run/radius.sock ?
>>
>> The answer will be in this debug and you will probably have to add some
>> unlang code in packetfence-tunnel.
>>
>> Regards
>>
>> Fabrice
>>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] EAP-TTLS showing as connection type "Wireless-802.11-NoEAP"

2017-08-22 Thread Louis Munro via PacketFence-users 
Hi Matt,
Can you try this patch please?

https://github.com/louismunro/packetfence/commit/9231fb76249289cfcfbe2db25524e2d4206fd001.diff
 


Apply it like this:

# cd /usr/local/pf
# wget -Ofix.patch 
https://github.com/louismunro/packetfence/commit/9231fb76249289cfcfbe2db25524e2d4206fd001.diff
 

# patch -p1 < fix.patch
# cp conf/radiusd/packetfence-tunnel{.example,}
# systemctl restart packetfence-radiusd-auth


The issue seems to stem from a missing EAP-Type attribute inside the TLS tunnel 
when using TTLS.
Please let us know if that helps.

Regards,
--
Louis Munro
lmu...@inverse.ca   ::  www.inverse.ca 

+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) and 
PacketFence (www.packetfence.org )

> On Aug 22, 2017, at 01:45, Matt Munro via PacketFence-users 
>  wrote:
> 
> Hi Fabrice,
> 
> I've attached the results of raddebug, only modified to remove the password.
> 
> Thanks
> 
> 
> Matt Munro
> Network Administrator
> Brighton Road, Somerton Park SA 5044
> t: (08) 83502711
> e: mattmu...@shc.sa.edu.au 
> www.shc.sa.edu.au 
> CRICOS Provider No. 00626K
> 
> On Tue, Aug 22, 2017 at 9:53 AM, Durand fabrice via PacketFence-users 
>  > wrote:
> Hello Matt,
> 
> can you provide the result of raddebug -f var/run/radius.sock ?
> 
> The answer will be in this debug and you will probably have to add some 
> unlang code in packetfence-tunnel.
> Regards
> 
> Fabrice
> 



signature.asc
Description: Message signed with OpenPGP
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] EAP-TTLS showing as connection type "Wireless-802.11-NoEAP"

2017-08-21 Thread Durand fabrice via PacketFence-users 

Hello Matt,

can you provide the result of raddebug -f var/run/radius.sock ?

The answer will be in this debug and you will probably have to add some 
unlang code in packetfence-tunnel.


Regards

Fabrice





Le 2017-08-21 à 19:27, Matt Munro via PacketFence-users a écrit :

Hi all,

I've installed a ZEN 7.2 VM to learn and investigate implementation at 
my work and all is going pretty well expect for this issue I can't 
work out. If I set the wireless client to connect as PEAP-MSCHAPv2 
then it is correctly showing as Wireless-802.11-EAP. Because of this 
the connection profile I have set to do AutoReg on 802.1x doesn't work 
if using EAP-TTLS. Obviously I can just use PEAP-MSCHAPv2 and disable 
EAP-TTLS but I'd like to work out why this oddity is happening.


The Following is from packetfence.log
EAP-TTLS-PAP
Aug 22 08:37:24 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2823) 
INFO: [mac:e4:42:a6:02:18:59] handling radius autz request: from 
switch_ip => (172.17.0.10), connection_type => 
Wireless-802.11-NoEAP,switch_mac => (34:db:fd:43:5d:70), mac => 
[e4:42:a6:02:18:59], port => 13, username => "mattmunro", ssid => 
shc-test-network (pf::radius::authorize)


PEAP-MSCHAPv2
Aug 22 08:42:01 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2823) 
INFO: [mac:e4:42:a6:02:18:59] handling radius autz request: from 
switch_ip => (172.17.0.10), connection_type => 
Wireless-802.11-EAP,switch_mac => (34:db:fd:43:5d:70), mac => 
[e4:42:a6:02:18:59], port => 13, username => "mattmunro", ssid => 
shc-test-network (pf::radius::authorize)


Only changes I've made to the freeradius conf is adding the LDAP 
module conf for eDirectory and uncommenting the ldap cache password 
example and the authorize section 
in /usr/local/pf/conf/radiusd/packetfence-tunnel


Regards
Matt




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] EAP-TTLS showing as connection type "Wireless-802.11-NoEAP"

2017-08-21 Thread Matt Munro via PacketFence-users 
Hi all,

I've installed a ZEN 7.2 VM to learn and investigate implementation at my
work and all is going pretty well expect for this issue I can't work out.
If I set the wireless client to connect as PEAP-MSCHAPv2 then it is
correctly showing as Wireless-802.11-EAP. Because of this the connection
profile I have set to do AutoReg on 802.1x doesn't work if using EAP-TTLS.
Obviously I can just use PEAP-MSCHAPv2 and disable EAP-TTLS but I'd like to
work out why this oddity is happening.

The Following is from packetfence.log
EAP-TTLS-PAP
Aug 22 08:37:24 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2823)
INFO: [mac:e4:42:a6:02:18:59] handling radius autz request: from switch_ip
=> (172.17.0.10), connection_type => Wireless-802.11-NoEAP,switch_mac =>
(34:db:fd:43:5d:70), mac => [e4:42:a6:02:18:59], port => 13, username =>
"mattmunro", ssid => shc-test-network (pf::radius::authorize)

PEAP-MSCHAPv2
Aug 22 08:42:01 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2823)
INFO: [mac:e4:42:a6:02:18:59] handling radius autz request: from switch_ip
=> (172.17.0.10), connection_type => Wireless-802.11-EAP,switch_mac =>
(34:db:fd:43:5d:70), mac => [e4:42:a6:02:18:59], port => 13, username =>
"mattmunro", ssid => shc-test-network (pf::radius::authorize)

Only changes I've made to the freeradius conf is adding the LDAP module
conf for eDirectory and uncommenting the ldap cache password example and
the authorize section in /usr/local/pf/conf/radiusd/packetfence-tunnel

Regards
Matt
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users