HI leonardo, Im not sure what you're trying to do... but for plain radius authentication you should use a simple radius server and that's it. In most cases, pf is meant to be used to do 802.1x when acting as a radius server. PF developers, please correct me if I'm wrong.
In most case, PF will not authenticate users but rather mac addresses over radius so again, im not sure if your use case is supported. To be honest, if you;'re trying to do un-supported things, you should really try them out in your lab and try to figure out how the system works, doing packet captures, etc... On Tue, Jun 14, 2022 at 7:15 AM <leonardo.i...@itsinformatica.it> wrote: > very kind Diego, > > I understand what you say. > > But suppose I want to use local pf users for authentication and the > TP-Link controller Omada is compatible with pf. > > Then a captive portal appears to the user connected via wifi, for whose > authentication Omada will contact a server radius (pf). > > I have a number of questions to ask yourself: > > > > For communication with the NAS, does the pf radius use pap or chap? > > > > pf's radius is listening on port 1812, right? > > > > Always assuming that Omada is compatible with pf, the operating scheme on > pf is: > > > > - On the managing interface (which is the only interface of pf) I select > 'radius' as "additionnal listening daemon ". > > > > - does the controller have to be inserted as a switch? if yes, I click on > new switch \ default \ and then apart from the "Secret Passphrase "(between > ilo radius pf and nas Omada) which must be entered in the tab radius, and > the ip address of Omada in the "Controller IP Address" field, what else > should I enter in that switch part? > > > > - Then always in pf, I create a connection profile with source local. How > can I indicate in this connection profile that it refers to the request > radius? > > > > Thanks always > > > > *Da:* Diego Garcia del Rio <garc...@gmail.com> > *Inviato:* lunedì 13 giugno 2022 23:37 > *A:* leonardo.i...@itsinformatica.it > *Cc:* packetfence-users <packetfence-users@lists.sourceforge.net>; > P.Thirunavukkarasu <drthir...@tanuvas.org.in> > *Oggetto:* Re: PacketFence in radius enforcement > > > > Hi Leonardo, > > > > TPLink is not one of the supported vendors for wifi. Not sure what you're > trying to achieve. Would PF just be a radius server for authentication? Im > not 100% sure you can use it that way, as you'd still have to configure the > "switch" to be a particular model / brand / vendor > > > > You can find the supported models here: > > > https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html > > > > For example, you won't be able to use it to do any sort of authentication > against google in this way. You'd need google's LDAP authentication as well > as PAP for the password to be sent in cleartext to the LDAP server. > Google's web auth will not work at all as PF is not seeing the password in > any part of the exchange. > > > > Best regards > > > > On Mon, Jun 13, 2022 at 8:14 AM <leonardo.i...@itsinformatica.it> wrote: > > Hello, > > I have a Tp-Link Omada wifi controller on which I want to implement a > local captive portal but with authentication through an External Radius > Server. > > In practice, the Omada one will be used for the captive portal and > PacketFence in radius enforcement will be used for the External Radius > Server. > > > > ** Omada side ** > > It first asks me to choose between PAP and CHAP as Authentication Mode, I > will choose CHAP for obvious security reasons. > > Furthermore, you are asked to create a radius profile in which you are > asked for the following information: > > "Enable VLAN Assignment for Wireless Network": yes / no > > "Authentication Server IP": I guess pf's ip > > "Authentication Port": Port 1812 is proposed > > "Authentication Password": > > "RADIUS Accounting": yes / no > > > > ** Pf side ** > > On the managing interface (which is the only interface of pf) I have > selected 'radius' as "additionnal listening daemon". > > And then? > > What do I set in Configuration \ System Configuration \ Radius? > > If I want to use a certain source for the user database how do I set the > connection profile to attach it to the listening radius on the management > interface? > > > > Thank you > >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users