Hi, Peter, I think eduroam as a Radius source isn't working yet, just as a Login source (via portal). There's an open pull request at Github which adds supports for Radius proxy and, I hope so, Eduroam login via RADIUS.
Regards, Murilo Em sex, 30 de nov de 2018 13:53, Peter Eriksson via PacketFence-users < packetfence-users@lists.sourceforge.net> escreveu: > I’ve been using eduroam (among a couple of other sources) as a system to > authenticate users when connecting to our switches with PacketFence for a > couple of years now using an older version of PF. > > Now I’m in the process of upgrading to the latest and greatest version > (8.2) and thought I’d do things the “official” way (as much as is > possible). One confusing thing is how to set up eduroam with the PF servers… > > If one does a google search for “packetfence eduroam” the first result is > a FAQ entry: > > https://packetfence.org/support/faq/packetfence-and-eduroam.html > > However I’m not sure how much the information in that text still is valid…? > > Anyway, I tried to add an “Exclusive” Authentication Source for Eduroam > via the web GUI but it doesn’t seem to get used when a computer configured > for 802.1x authentication connects to a Switch configured for the same. > (I can see the RADIUS request reaching the Packetfence server, but no > outgoing RADIUS request to the eduroam servers seems to happen) so I’m > guessing this is not the right way to do it. > > ‘authentication.conf’ parts: > > [liu-eduroam] > description=LiU Eduroam RADIUS Servers > type=Eduroam > server1_address=IPADDRESS2 > server1_port=1812 > server2_address=IPADDRESS1 > server2_port=1812 > radius_secret=SUPERDUPERSECRET > auth_listening_port=11812 > monitor=1 > reject_realm= > local_realm= > set_access_level_action= > > > [liu-eduroam rule liu_staff] > description=LiU Staff > class=authentication > condition0=username,ends,@liu.se > action0=set_role=liu-employee-user > action1=set_access_duration=1D > > [liu-eduroam rule liu_students] > description=LiU Students > class=authentication > condition0=username,matches regexp,^[a-z]+[0-9][0-9][0-9]@liu\.se$ > condition1=username,matches regexp,^[a-z]+[0-9][0-9][0-9]@student\.liu\.se$ > action0=set_role=liu-student-user > action1=set_access_duration=12h > > > > The raddb/proxy.conf.inc file generated looks like it contains the eduroam > server parts, but (compared to the text in the FAQ) the “realm DEFAULT” > part is empty. Perhaps an “auth_pool = eduroam_auth_pool” needs to be added > somehow? (And perhaps more)? > > Any suggestions? > > - Peter > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
