Hello Will,
it looks to be a sort of warning:
Wed Nov 21 15:01:01 2018 : Debug: (14) if (Realm == "eduroam") {
Wed Nov 21 15:01:01 2018 : ERROR: (14) Failed retrieving values
required to evaluate condition
So Realm is empty in this case.
I don't think it will cause an issue.
Regards
Fabrice
Le 18-11-21 à 10 h 10, Will Halsall via PacketFence-users a écrit :
Hi Fabrice,
Have include the logs for user 00000...@farn-ct.ac.uk this test user
had the same results.
Thanks
*From:*Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>
*Sent:* 21 November 2018 14:44
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Fabrice Durand <fdur...@inverse.ca>
*Subject:* Re: [PacketFence-users] Eduroam local login
Hello Will,
it's not enough, i need to see the raddebug for this user.
Regards
Fabrice
Le 18-11-21 à 07 h 05, Will Halsall via PacketFence-users a écrit :
Hi Fabrie,
The patch worked fine and users can now authenticate with their
userPrincilalName . the only thing to note is that there is one
error in the radius Auth log entry as follows:
Module-Failure-Message = "Failed retrieving values required to
evaluate condition"
SQL-User-Name = 20217...@farn-ct.ac.uk <mailto:20217...@farn-ct.ac.uk>
Also the node status in the audit log is N/A as follows:
40:33:1a:47:ab:1e N/A 0 20217...@farn-ct.ac.uk
<mailto:20217...@farn-ct.ac.uk>
2018-11-21 11:42:14 172.16.36.30 Wireles
Thanks for your help
WillH
*From:*Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net>
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* 20 November 2018 04:35
*To:* packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Cc:* Durand fabrice <fdur...@inverse.ca> <mailto:fdur...@inverse.ca>
*Subject:* Re: [PacketFence-users] Eduroam local login
Hello Will,
yes but it's not yet available in packetfence 8.2.
If you want to test you can use the following PR
https://github.com/inverse-inc/packetfence/pull/3429
<https://github.com/inverse-inc/packetfence/pull/3429> :
cd /usr/local/pf
curl
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3429.diff
| patch -p1 --dry-run
If no error:
curl
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3429.diff
| patch -p1
cp conf/radiusd/ldap_packetfence.conf.example
conf/radiusd/ldap_packetfence.conf
cp conf/radiusd/packetfence-tunnel.example
conf/radiusd/packetfence-tunnel
bin/pfcmd pfconfig clear_backend
bin/pfcmd configreload hard
bin/pfcmd service pf restart
After that, check in the admin gui in the realm configuration and
select the ldap source to use to resolve the samaccountname
attribute, then edit the ldap authentication source to select the
username attribute to resolve the samaccountname (userPrincipalName)
So the logic will be the following, you will use the
userPrincipalName attribute to authenticate
(w.hals...@farn-ct.ac.uk <mailto:w.hals...@farn-ct.ac.uk> ) then
freeradius will do a ldap search to find the samaccountname based
on the userprincipalname=w.hals...@farn-ct.ac.uk
<mailto:userprincipalname=w.hals...@farn-ct.ac.uk> and do a
ntlm_auth with the result of the search.
The last thing will be to use an ldap source (clone the previous
one if needed) and use userPrincipalName as the user attribute to
create some rules (role/access duration)
Regards
Fabrice
Le 18-11-19 à 09 h 03, Will Halsall via PacketFence-users a écrit :
Hi Fabrice,
Thankyou yes that now works if I use the
<sAMAccountName>@farn-ct.ac.uk
<mailto:samaccountn...@farn-ct.ac.uk>
Can I modify this to use the userPrincipalName (mail address)
w.hals...@farn-ct.ac.uk <mailto:w.hals...@farn-ct.ac.uk> by
either using ldap or using ldap with a filter to retrieve the
sAMAccountName
Thanks
Will H
*From:*Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net>
<mailto:packetfence-users@lists.sourceforge.net>
*Sent:* 14 November 2018 20:08
*To:* packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>
*Cc:* Fabrice Durand <fdur...@inverse.ca>
<mailto:fdur...@inverse.ca>
*Subject:* Re: [PacketFence-users] Eduroam local login
Hello Will,
i think it's because the username is not stripped on the
ntlm_auth call.
Can you strip it in the farn-ct-ac-uk realm config ?
It's like that right now:
realm farn-ct.ac.uk {
nostrip
}
Regards
Fabrice
Le 18-11-14 à 11 h 34, Will Halsall via PacketFence-users a
écrit :
Hi Folks
I have configured a Eduroam Exclusive Source and the
access point but am able to login a local user. I have
included the radius eduroam debug logs. Would it be
possible for someone to have a look to see if they can
spot what I am doing wrong
Thanks
Will Halsall
<https://www.farn-ct.ac.uk/about/Events>
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and
confidential information.
If it has come to you in error, please contact the sender
as soon as possible,
and note that you must take no action based on the
content, nor must you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough
College of
Technology reserves the right to monitor the content of
e-mails sent and
received, but will not do so routinely.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
