Re: [PacketFence-users] LDAP Source Problem

2018-04-18 Thread Fabrice Durand via PacketFence-users 
Hello Nathan,

does the LDAP server have the password in clear text or in nthash format ?

If it's not the case then it will not work but if it's the case then it
will be similar than an freeradius edirectory configuration.

Regards

Fabrice



Le 2018-04-06 à 10:35, Nathan, Josh via PacketFence-users a écrit :
> OK, I tried defining my LDAP source separately in the mod-available
> section (and of course adding the sym link in mods-enabled).  Made
> sure the references within the packetfence-tunnel file had ldap
> enabled as well.  For what it's worth, I've also moved this to a
> test-bed running PacketFence 7.4.0.
>
> At this point, it seems to at least be attempting the LDAP
> authentication, but the radius logs show:
>
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: rlm_ldap (ldap): Bind
> with uid=adminuser,ou=Users,o=,dc=jumpcloud,dc=com to
> ldaps://ldap.jumpcloud.com:636 
> failed: Can't contact LDAP server
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: rlm_ldap (ldap):
> Opening connection failed (5)
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (79)   Invalid user:
> [josh.nathan] (from client 172.20.242.214/16
>  port 0 cli a8:7c:01:a2:60:6f via TLS
> tunnel)
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   This
> means you need to read the PREVIOUS messages in the debug output
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   to
> find out the reason why the user was rejected
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   Look
> for "reject" or "fail".  Those earlier messages will tell you
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   what
> went wrong, and how to fix the problem
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) Login incorrect
> (eap_peap: The users session was previously rejected: returning
> reject (again.)): [josh.nathan] (from client 172.20.242.214/16
>  port 0 cli a8:7c:01:a2:60:6f)
> Apr  6 14:29:17 PacketFence-ZEN auth[7892]:
> [mac:a8:7c:01:a2:60:6f] Rejected user: josh.nathan
>
>
> Once again, the part that throws me off is that from the admin
> console, the test bind is successful using SSL.  So the message about
> not being able to contact the LDAP server is a little confusing to me.
>
> Any help with next direction to look?  I'm pretty new to trying to use
> LDAP at all, and am testing JumpCloud's LDAP service to see if it
> would be a good fit.
>
>
>   
> Joshua Nathan
> *IT Supervisor*
> Black Forest Academy
>
> p:+49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056
> a:
> w:Hammersteiner Straße 50, 79400 Kandern
> bfacademy.de 
>
>   
>
>
>
> On Wed, Mar 21, 2018 at 4:36 PM, Nathan, Josh
> > wrote:
>
> Hello,
>
> So, I'm having some trouble setting up an LDAP authentication
> source in PacketFence version 6.0.1.
>
> It tests successfully, and doing an ldapsearch test comes back
> without issue.  In fact, from the registration VLAN, through the
> PacketFence Captive Portal it works!
>
> However, with the username and password, it's not connecting to
> our 802.1X (WPA2-Enterprise) wireless network.  It comes back
> saying that the username/password is invalid.  We've been using a
> separate RADIUS database for user management, but actually using
> LDAP is of course a much better option.  I've tried looking at the
> logs, but I'm not readily finding anything.
>
> Why would it work in the captive portal, but not from an 802.1X
> handshake?
>
> I will note that I'm using SSL over port 636, and a self-signed
> certificate in these tests if that makes a difference.
>
> Thanks for helping point me in the right direction!
>
>   
> Joshua Nathan
> *IT Supervisor*
> Black Forest Academy
>
> p:+49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056
> a:
> w:Hammersteiner Straße 50, 79400 Kandern
> bfacademy.de 
>
>   
>
>
>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!

Re: [PacketFence-users] LDAP Source Problem

2018-04-06 Thread Nathan, Josh via PacketFence-users 
OK, I tried defining my LDAP source separately in the mod-available section
(and of course adding the sym link in mods-enabled).  Made sure the
references within the packetfence-tunnel file had ldap enabled as well.
For what it's worth, I've also moved this to a test-bed running PacketFence
7.4.0.

At this point, it seems to at least be attempting the LDAP authentication,
but the radius logs show:

Apr  6 14:29:17 PacketFence-ZEN auth[7892]: rlm_ldap (ldap): Bind with
uid=adminuser,ou=Users,o=,dc=jumpcloud,dc=com to ldaps://
ldap.jumpcloud.com:636 failed: Can't contact LDAP server
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: rlm_ldap (ldap): Opening
connection failed (5)
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (79)   Invalid user:
[josh.nathan] (from client 172.20.242.214/16 port 0 cli a8:7c:01:a2:60:6f
via TLS tunnel)
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   This means you
need to read the PREVIOUS messages in the debug output
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   to find out
the reason why the user was rejected
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   Look for
"reject" or "fail".  Those earlier messages will tell you
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) eap_peap:   what went
wrong, and how to fix the problem
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: (80) Login incorrect (eap_peap:
The users session was previously rejected: returning reject (again.)):
[josh.nathan] (from client 172.20.242.214/16 port 0 cli a8:7c:01:a2:60:6f)
Apr  6 14:29:17 PacketFence-ZEN auth[7892]: [mac:a8:7c:01:a2:60:6f]
Rejected user: josh.nathan


Once again, the part that throws me off is that from the admin console, the
test bind is successful using SSL.  So the message about not being able to
contact the LDAP server is a little confusing to me.

Any help with next direction to look?  I'm pretty new to trying to use LDAP
at all, and am testing JumpCloud's LDAP service to see if it would be a
good fit.


Joshua Nathan
*IT Supervisor*
Black Forest Academy

p: +49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056
a:
w: Hammersteiner Straße 50, 79400 Kandern
bfacademy.de



On Wed, Mar 21, 2018 at 4:36 PM, Nathan, Josh 
wrote:

> Hello,
>
> So, I'm having some trouble setting up an LDAP authentication source in
> PacketFence version 6.0.1.
>
> It tests successfully, and doing an ldapsearch test comes back without
> issue.  In fact, from the registration VLAN, through the PacketFence
> Captive Portal it works!
>
> However, with the username and password, it's not connecting to our 802.1X
> (WPA2-Enterprise) wireless network.  It comes back saying that the
> username/password is invalid.  We've been using a separate RADIUS database
> for user management, but actually using LDAP is of course a much better
> option.  I've tried looking at the logs, but I'm not readily finding
> anything.
>
> Why would it work in the captive portal, but not from an 802.1X handshake?
>
> I will note that I'm using SSL over port 636, and a self-signed
> certificate in these tests if that makes a difference.
>
> Thanks for helping point me in the right direction!
>
> Joshua Nathan
> *IT Supervisor*
> Black Forest Academy
>
> p: +49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056
> a:
> w: Hammersteiner Straße 50, 79400 Kandern
> bfacademy.de
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] LDAP Source Problem

2018-03-21 Thread Nathan, Josh via PacketFence-users 
Hello,

So, I'm having some trouble setting up an LDAP authentication source in
PacketFence version 6.0.1.

It tests successfully, and doing an ldapsearch test comes back without
issue.  In fact, from the registration VLAN, through the PacketFence
Captive Portal it works!

However, with the username and password, it's not connecting to our 802.1X
(WPA2-Enterprise) wireless network.  It comes back saying that the
username/password is invalid.  We've been using a separate RADIUS database
for user management, but actually using LDAP is of course a much better
option.  I've tried looking at the logs, but I'm not readily finding
anything.

Why would it work in the captive portal, but not from an 802.1X handshake?

I will note that I'm using SSL over port 636, and a self-signed certificate
in these tests if that makes a difference.

Thanks for helping point me in the right direction!

Joshua Nathan
*IT Supervisor*
Black Forest Academy

p: +49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056
a:
w: Hammersteiner Straße 50, 79400 Kandern
bfacademy.de
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users