Hello Jabang,
thanks for testing it.
Also for the limitation, i did some work on that not a long time ago and
it should be fixed by
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3236.diff
Can you test it too and let me know.
Regards
Fabrice
Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit :
hi fabrice
thanks a lot and great work.
now i can login with my local realm and remote realm from other
university.
i have another question,is it possible to limit device node per user
in eduroam?
i try with default role to limit 2 devices, but when third devices
login with the same username , user can still login but with blank
role in packetfence web.
On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Jabang,
can you try that:
https://github.com/inverse-inc/packetfence/compare/fix/eduroam_standalone.diff
<https://github.com/inverse-inc/packetfence/compare/fix/eduroam_standalone.diff>
Regards
Fabrice
Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :
hi fabrice,
ok i will wait for patch
thank you
On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Ok there is a bug, i need to fix it.
Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a
écrit :
hi fabrice.
10.18.23.60 is ip National Roaming Operator eduroam in my
Country.
attach my eduroam config file.
On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
What is 10.18.23.60 ?
can you share with me your file
/usr/local/pf/raddb/sites-enabled/eduroam ?
Le 2018-05-24 à 00:46, jabang konate via
PacketFence-users a écrit :
Hi fabrice,
today i try again with my packetfence.
in packetfence-tunnel configuration i change
configuration like this,
if (update) {
update control {
&MS-CHAP-Use-NTLM-Auth := No
}
}
}
because from the output i don't see "ok", and then now
i can login with my ldap account but with port 1812 in
my access point, but not using port 11812.
if i'm using 11812 my request always forward to Realm
eduroam my home server, and not forward the request to
packetfence virtual server (sites-enabled/packetfence
then site-enabled/packetfence-tunnel) as you said in
scenario 1.
(1) Thu May 24 11:06:15 2018: Debug: suffix: Checking
for suffix after "@"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up
realm "xyz.ac.id <http://xyz.ac.id>" for User-Name =
"testu...@xyz.ac.id <mailto:testu...@xyz.ac.id>"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Found
realm "xyz.ac.id <http://xyz.ac.id>"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding
Stripped-User-Name = "testuser"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding
Realm = "xyz.ac.id <http://xyz.ac.id>"
(1) Thu May 24 11:06:15 2018: Debug: suffix:
Authentication realm is LOCAL
(1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
(1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request
already has destination realm set. Ignoring
(1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name
=~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name
=~ /@/) -> TRUE
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name
=~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug: update control {
(1) Thu May 24 11:06:15 2018: Debug: } # update
control = noop
(1) Thu May 24 11:06:15 2018: Debug: } # if
(User-Name =~ /@/) = noop
(1) Thu May 24 11:06:15 2018: Debug: ... skipping
else: Preceding "if" was taken
(1) Thu May 24 11:06:15 2018: Debug: eap: Request is
supposed to be proxied to Realm eduroam. Not doing EAP.
(1) Thu May 24 11:06:15 2018: Debug: [eap] = noop
attach my radiusd-eduroam.sock log and picture of my
configurutiaon exclusive source eduroam .
Regards.
On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via
PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Le 2018-05-23 à 13:36, jabang konate via
PacketFence-users a écrit :
Hi fabrice.
Thanks for speedy response.
> so i am not sure what you try to do with the
ldap module.
ldap module for configuration user with openldap
right? i read in EAP Authentication against OpenLDAP.
yes, the only difference is that you have to
disable NTLM-Auth if ldap return ok to avoid
"ERROR: mschap: Program returned code (1) and
output 'Reading winbind reply failed! (0xc0000001)'".
> You have 3 scenarios:
yes i want like that,
I will try again and will share the results on
this topic.
thank you for your advice fabrice.
On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand
via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
Hello Jabang,
so i am not sure what you try to do with the
ldap module.
You have 3 scenarios:
1: a user from your university connect on the
ssid eduroam from your university. (the
ap/controller use the port 11812)
You need to configure the local realm (let's
say myuniversity.org
<http://myuniversity.org>) in the eduroam
authentication source and configure ldap in
packetfence-tunnel.
So when this user will try to connect on the
eduroam ssid with u...@myuniversity.org
<mailto:u...@myuniversity.org> then the
eduroam virtual server will detect the realm
myuniversity.org <http://myuniversity.org> and
forward the request to packetfence virtual
server (sites-enabled/packetfence then
site-enabled/packetfence-tunnel).
And in packetfence-tunnel you have something
like that:
```
authorize {
suffix
ntdomain
eap {
ok = return
}
files
ldap
if (ok) {
update control {
&MS-CHAP-Use-NTLM-Auth := No
}
}
}
```
2: u...@myuniversity.org
<mailto:u...@myuniversity.org> is in travel
and connect on the ssid eduroam in montreal
university
The local montreal radius server will forward
to eduroam and eduroam will forward to your
packetfence server on the port 1812 (you need
to configure that on the eduroam side).
3: u...@univmontreal.org
<mailto:u...@univmontreal.org> is connecting
on your ssid eduroam, the realm in unknow then
the request will be forwarded to eduroam then
eduroam forward to the montreal radius server.
Is it what you want to do ?
Regards
Fabrice
Le 2018-05-23 à 12:57, jabang konate via
PacketFence-users a écrit :
Thanks Fabrice, let me clear my goals first.
i'm still confuse which file i must to
configure packetfence-tunnel or eduroam file
in sites-available.
my packetfence will be act as manage eduroam
user so i will use port 11812 in my access point.
here's my step how i configure my eduroam in
packetfence.
1. setting my local REALM.
2. configure exclusive source eduroam, add my
local realm at step 1. then create
authentication rules "catch all" role default
access duration 12 hours.
3. add switch configuration
4. configure ldap module in freeradius
5. configure file packetfence-tunnel ? or
eduroam ?
6. restart freeradius and iptables
in step 5 im still confuse if i'm using 11812
so i must configure eduroam file or still
packetfence-tunnel ?
On Wed, May 23, 2018 at 10:55 PM, Fabrice
Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
If it's a server for eduroam (like the
eduroam servers use this server for your
domain) then 1812, if it's to manage
eduroam user how connect on a eduroam
ssid then 11812.
Also what you can do in packetfence-tunnel
# The ldap module reads passwords
from the LDAP database.
ldap
if (ok) {
update control {
&MS-CHAP-Use-NTLM-Auth := No
}
}
Regards
Fabrice
Le 2018-05-23 à 11:38, jabang konate via
PacketFence-users a écrit :
thanks for your reply fabrice.
here i attach my packetfence-tunnel file.
and which port should i use for my
access point 1812 or 11812 in radius
configuration for eduroam?
thank you
On Wed, May 23, 2018 at 7:33 PM, Fabrice
Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
Hello Jabang,
can you paste your
packetfence-tunnel file ?
Regards
Fabrice
Le 2018-05-23 à 04:08, jabang konate
via PacketFence-users a écrit :
my packetfence server version is
8.0.1 and i want to configure
packetfence as an eduroam server
with openldap as user database,
then i look into documentation
eduroam section from packetfence
and EAP Authentication against
OpenLDAP.
when im try to login with my
laptop, i always get access reject.
from log i see i can connect with
my ldap server, then i see error
like this
(7) Wed May 23 14:32:55 2018:
ERROR: mschap: Program returned
code (1) and output 'Reading
winbind reply failed! (0xc0000001)'
(7) Wed May 23 14:32:55 2018:
Debug: mschap: External script failed
(7) Wed May 23 14:32:55 2018:
ERROR: mschap: External script
says: Reading winbind reply failed!
(0xc0000001)
is it the root cause why i alwayas
get access reject?
then i check winbindd service is
not running, but i cant start
winbindd service
(Service 'winbindd' is not managed
by PacketFence. Therefore, no
action will be performed)
attach my radius log.
please give me some advice.
thank you
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the
world's most
engaging tech sites,
Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community
on one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the
world's most
engaging tech sites,
Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca
<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu) and PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on
one of the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's
most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> ::
+1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu)
and PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of
the world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918
(x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the
world's most
engaging tech sites, Slashdot.org!
http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918
(x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the
world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
