Ok, it works!! Now I can add the RADIUS and Kerberos source from the Web
Interface, but I can't configure it! The Web Interface shows me this error
when I try to save the configuration in a new source RADIUS:
"Error! Error writing authentication configuration"
And again, nothing is reported in the httpd.admin.log file..
This is my configuration of /usr/local/pf/raddb/sites-enabled/packetfence
server packetfence {
authorize {
suffix
preprocess
eap {
ok = return
}
files
expiration
logintime
update request {
FreeRADIUS-Client-IP-Address := "%{Packet-Src-IP-Address}"
}
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
sql
attr_filter.accounting_response
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
}
session {
radutmp
}
post-auth {
exec
skip packetfence if we have already treated it in the inner-tunnel
if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
update control {
PacketFence-RPC-Server = ${rpc_host}
PacketFence-RPC-Port = ${rpc_port}
PacketFence-RPC-User = ${rpc_user}
PacketFence-RPC-Pass = ${rpc_pass}
PacketFence-RPC-Proto = ${rpc_proto}
}
packetfence
}
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
}
There is some misconfiguration?
The file authentication.conf is the same to that of the previous mail..
Thanks a lot for the help,
Regards.
Rosario Ippolito
2015-02-06 17:28 GMT+01:00 Rosario Ippolito <[email protected]>:
> Thanks for the prompt reply, but unfortunately for this weekend I will
> not be in lab.. :-(
>
> Monday I shall give you a complete answer!
>
> Again thanks you very much, and congratulations on the excellent work and
> support!
> Best regards,
>
> Rosario Ippolito
> Il 06/feb/2015 15:24 "Fabrice DURAND" <[email protected]> ha scritto:
>
> Hello Rosario,
>>
>> Can you run /usr/local/pf/addons/pf-maint.pl and restart packetfence and
>> retry ?
>>
>> Regards
>> Fabrice
>>
>> Le 2015-02-06 06:45, Rosario Ippolito a écrit :
>> > Hi all,
>> > I have updated PacketFence to 4.6 version. In the 4.5 version I had
>> > setup a Radius authentication with flat file, Users, and I have added
>> > the authentication source from the Web Interface in the Configuration
>> > -> Sources -> Add Source, and it worked fine, so I added the Rule to
>> > the Radius source and I can manage them from there. After updating I
>> > can't add anymore a Radius Source, Web Interface says
>> >
>> > "Error! An error occured while contacting the server. Please try again
>> > later."
>> >
>> > But, I have the configuration of the past Radius in the
>> > authentication.conf file :
>> >
>> > #[packetfence]
>> > #description=Authenticate against the local RADIUS server
>> > #secret=testing123
>> > #port=1812
>> > #type=RADIUS
>> > #host=192.168.1.5
>> >
>> > #[packetfence rule Staff]
>> > #description=Staff Vlan
>> > #match=any
>> > #action0=set_role=Staff
>> > #action1=set_unreg_date=2015-01-30
>> > #condition0=username,equals,robib
>> > #condition1=username,equals,NicZ
>> >
>> > #[packetfence rule Student]
>> > #description=Student Vlan
>> > #match=all
>> > #action0=set_role=Student
>> > #action1=set_access_duration=1D
>> >
>> > [local]
>> > description=Local Users
>> > type=SQL
>> >
>> > [file1]
>> > description=Legacy Source
>> > path=/usr/local/pf/conf/admin.conf
>> > type=Htpasswd
>> >
>> > [file1 rule admins]
>> > description=All admins
>> > match=all
>> > action0=set_access_level=ALL
>> >
>> > [sms]
>> > description=SMS-based registration
>> >
>> sms_carriers=100056,100057,100061,100058,100059,100060,100062,100063,100071,100064,100116,100066,100117,100112,100067,100065,100068,100069,100070,100118,100115,100072,100073,100074,100075,100076,100077,100085,100086,100080,100079,100081,100083,100082,100084,100087,100088,100111,100089,100090,100091,100092,100093,100094,100095,100096,100098,100097,100099,100100,100101,100113,100102,100103,100104,100106,100105,100107,100108,100109,100114,100110,100078
>> > type=SMS
>> > create_local_account=no
>> >
>> > [sms rule catchall]
>> > description=
>> > match=all
>> > action0=set_role=guest
>> > action1=set_access_duration=1D
>> >
>> > [email]
>> > description=Email-based registration
>> > email_activation_timeout=10m
>> > type=Email
>> > allow_localdomain=yes
>> > create_local_account=no
>> >
>> > [email rule catchall]
>> > description=
>> > match=all
>> > action0=set_role=guest
>> > action1=set_access_duration=1D
>> >
>> > [sponsor]
>> > description=Sponsor-based registration
>> > type=SponsorEmail
>> > allow_localdomain=yes
>> > create_local_account=no
>> >
>> > [sponsor rule catchall]
>> > description=
>> > match=all
>> > action0=set_role=guest
>> > action1=set_access_duration=1D
>> >
>> > [null]
>> > description=Null Source
>> > type=Null
>> > email_required=no
>> >
>> > if I uncomment the old Radius section, the "packetfence" source of the
>> > Radius appear, and it works fine, but when i try to acces to it the
>> > same alert is show
>> >
>> > "Error! An error occured while contacting the server. Please try again
>> > later."
>> >
>> > Nothing about this is reported in the httpd.admin.log file..
>> > there may be problems with the old configuration, once I have done the
>> > update?
>> >
>> > Thanks to everybody in advance,
>> > Kind regards,
>> >
>> > Rosario Ippolito
>> >
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Dive into the World of Parallel Programming. The Go Parallel Website,
>> > sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> > hub for all things parallel software development, from weekly thought
>> > leadership blogs to news, videos, case studies, tutorials and more.
>> Take a
>> > look and join the conversation now. http://goparallel.sourceforge.net/
>> >
>> >
>> > _______________________________________________
>> > PacketFence-users mailing list
>> > [email protected]
>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Fabrice Durand
>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
