Thanks! Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>)
> On Jan 21, 2021, at 11:08 AM, Cristian Mammoli via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Here it is: > > User-Name = "84:b1:53:xx:xx:xx" > > User-Password = "******" > > NAS-IP-Address = xx.xx.10.20 > > Service-Type = Login-User > > Called-Station-Id = "70:4c:a5:xx:xx:xx:Test-Guest" > > Calling-Station-Id = "84:b1:53:xx:xx:xx" > > NAS-Identifier = "XXXXX" > > NAS-Port-Type = Virtual > > Acct-Session-Id = "143b7541" > > Event-Timestamp = "Jan 21 2021 16:56:22 CET" > > Connect-Info = "web-auth" > > Fortinet-Vdom-Name = "root" > > Fortinet-SSID = "Test-Guest" > > Fortinet-AP-Name = "FP221ETFxxxxxxxxxx" > > Stripped-User-Name = "84:b1:53:xx:xx:xx" > > Realm = "null" > > FreeRADIUS-Client-IP-Address = xx.xx.10.20 > > Called-Station-SSID = "Test-Guest" > > PacketFence-KeyBalanced = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" > > PacketFence-Radius-Ip = "xx.xx.xx.xx" > > SQL-User-Name = "84:b1:53:xx:xx:xx" > > > Il 21/01/2021 11:40, Cristian Mammoli via PacketFence-users ha scritto: >> Unfortunately we ended up editing FortiGate.pm to force it to consider every >> connection as Wireless >> I don't have the unit and the ap we used to test anymore >> >> I'll try to get in touch with the end user to get a radius dump >> >> Il 20/01/2021 13:51, Ludovic Zammit ha scritto: >>> Hello Cristian, >>> >>> Probably because the Fortigate is not sending all the normal radius >>> attributes. >>> >>> Could you show the radius request sent by the Fortigate? >>> >>> Thanks, >>> Ludovic Zammit >>> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) >>> :: www.inverse.ca <http://www.inverse.ca/> >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>> <http://packetfence.org/>) >>> >>> >>> >>> >>>> On Dec 2, 2020, at 6:24 AM, Cristian Mammoli via PacketFence-users >>>> <packetfence-users@lists.sourceforge.net >>>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>>> >>>> Hi, following this post >>>> https://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg15338.html >>>> >>>> <https://www.mail-archive.com/packetfence-users@lists.sourceforge.net/msg15338.html> >>>> I managed to get it (almost) working >>>> The final missing piece is the fact that when the Firewall tries to >>>> autheticate the device using the username/password provided by post is sets >>>> NAS-Port-Type => Virtual >>>> This confuses packetfence which thinks this is a CLI connection and >>>> REJECTS it >>>> >>>> Commenting out this section ./pf/Connection.pm >>>> if ($nas_port_type =~ /^virtual/i) { >>>> $self->transport("Virtual"); >>>> $self->isCLI($TRUE); >>>> } >>>> >>>> The type falls back to Wired and Packetfence accepts the credentials >>>> >>>> How can I rewrite/suppress/ignore the Nas-Port-Type attribute or force the >>>> connection type to not be considered CLI? >>>> -- >>>> Cristian Mammoli >>>> Network and Computer Systems Administrator >>>> >>>> T. +39 0731719822 >>>> www.apra.it <https://www.apra.it/> >>>> <jkkjgfdpbcnhgnfi.png> >>>> <https://www.apra.it/> >>>> <ehlhicjclnjclamk.png> >>>> >>>> Avviso sulla tutela di informazioni riservate. Questo messaggio è stato >>>> spedito da Apra spa o da una delle aziende del Gruppo. Esso e gli >>>> eventuali allegati, potrebbero contenere informazioni di carattere >>>> estremamente riservato e confidenziale. Qualora non foste i destinatari >>>> designati, vogliate cortesemente informarci immediatamente con lo stesso >>>> mezzo ed eliminare il messaggio e i relativi eventuali allegati, senza >>>> trattenerne copia. >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>> >> >> -- >> Cristian Mammoli >> Network and Computer Systems Administrator >> >> T. +39 0731719822 >> www.apra.it <https://www.apra.it/> >> <fcnahcgpicgnpelh.png> >> <https://www.apra.it/> >> <ngllnafggfdeapac.png> >> >> Avviso sulla tutela di informazioni riservate. Questo messaggio è stato >> spedito da Apra spa o da una delle aziende del Gruppo. Esso e gli eventuali >> allegati, potrebbero contenere informazioni di carattere estremamente >> riservato e confidenziale. Qualora non foste i destinatari designati, >> vogliate cortesemente informarci immediatamente con lo stesso mezzo ed >> eliminare il messaggio e i relativi eventuali allegati, senza trattenerne >> copia. >> >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> <mailto:PacketFence-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > > -- > Cristian Mammoli > Network and Computer Systems Administrator > > T. +39 0731719822 > www.apra.it <https://www.apra.it/> > <pamllkpfoeoahabj.png> > <https://www.apra.it/> > <imgmpcimehgdnmjn.png> > > Avviso sulla tutela di informazioni riservate. Questo messaggio è stato > spedito da Apra spa o da una delle aziende del Gruppo. Esso e gli eventuali > allegati, potrebbero contenere informazioni di carattere estremamente > riservato e confidenziale. Qualora non foste i destinatari designati, > vogliate cortesemente informarci immediatamente con lo stesso mezzo ed > eliminare il messaggio e i relativi eventuali allegati, senza trattenerne > copia. > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
