Hi Will,
sorry for the delay.
Here the correct syntax (without spaces).
update {
&control:Tmp-Integer-2 :=
"%{myad:ldap:///dc=district,dc=acme,dc=com?badPwdCount?sub?sAMAccountName=%{Stripped-User-Name}}";
}
btw you will need to add a REALM in configuration -> Realms and restart
radius.
Regards
Fabrice
Le 2016-07-26 à 09:47, Will Halsall a écrit :
Hi Fabrice
This is the output of ‘radiusd -X -d /usr/local/pf/raddb -n auth’ the
showing the error I am getting:
including configuration file
/usr/local/pf/raddb/sites-enabled/packetfence-tunne l
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel[76]: Expecting
section start brace '{' after "&control: Tmp-Integer-2"
Errors reading or parsing /usr/local/pf/raddb/auth.conf
Thanks
WillH
*From:*Fabrice Durand [mailto:fdur...@inverse.ca]
*Sent:* Tuesday, July 26, 2016 1:30 PM
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] question re feature #1246
Hello Will,
can you give me the radius debug ?
Regards
Fabrice
Le 2016-07-26 à 07:22, Will Halsall a écrit :
Hi Fabrice,
I cannot get the syntax of the following command to work for me
would it be possible to advise on the correct syntax to use in the
authorize section of packetfence-tunnel.
*Add a test in authorize*
**
*update {*
*&control: Tmp-Integer-2 :=
"%{myad:ldap:///dc=district,dc=acme,dc=com
<ldap://dc=district,dc=acme,dc=com>? badPwdCount?sub?uid=%u}"*
*}*
Thanks
Will halsall
*From:*Fabrice Durand [mailto:fdur...@inverse.ca]
*Sent:* Thursday, June 23, 2016 2:24 PM
*To:* packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Subject:* Re: [PacketFence-users] question re feature #1246
Hello Will,
unfortunatly not yet but not really complicate to add.
First you need to define your ldap server in freeradius :
ldap myad {
server = "ldap.acme.com"
identity = "uid=admin,dc=acme,dc=com"
password = "password"
basedn = "dc=district,dc=acme,dc=com"
filter = "(uid=%{mschap:User-Name})"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
keepalive {
# LDAP_OPT_X_KEEPALIVE_IDLE
idle = 60
# LDAP_OPT_X_KEEPALIVE_PROBES
probes = 3
# LDAP_OPT_X_KEEPALIVE_INTERVAL
interval = 3
}
}
Then in /usr/local/pf/raddb/sites-available/packetfence-tunnel
Add a test in authorize
update {
&control: Tmp-Integer-2 :=
"%{myad:ldap:///dc=district,dc=acme,dc=com
<ldap://dc=district,dc=acme,dc=com>? badPwdCount?sub?uid=%u}"
}
if (%{Tmp-Integer-2} > "3") {
reject
}
I did not test but the logic is there.
Regards
Fabrice
Le 2016-06-23 08:08, Will Halsall a écrit :
Hi Folks,
Did feature #1246 ‘Avoid accounts being locked due to password
changes in AD’ make it into PF6.1.1? as option 3 would be very
useful for us?
Thanks
WillH
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and
confidential information.
If it has come to you in error, please contact the sender as
soon as possible,
and note that you must take no action based on the content,
nor must you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of
e-mails sent and
received, but will not do so routinely.
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential
information.
If it has come to you in error, please contact the sender as soon
as possible,
and note that you must take no action based on the content, nor
must you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails
sent and
received, but will not do so routinely.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential
information.
If it has come to you in error, please contact the sender as soon as
possible,
and note that you must take no action based on the content, nor must
you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
