Re: [PacketFence-users] LDAP

2018-05-31 Thread Jason 'XenoPhage' Frisvold via PacketFence-users 
This is intended to be temporary anyway, so will push through with this since I 
have it at least partially working.

---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools."
- The Hitchhikers Guide to the Galaxy

> On May 31, 2018, at 11:54, Ludovic Marcotte via PacketFence-users 
>  wrote:
> 
> On 2018-05-31 11:49 AM, Jason 'XenoPhage' Frisvold via PacketFence-users 
> wrote:
> 
>> 802.1x would be for enhanced security, but we’re limited to either cleartext 
>> or a crappy hash?  I understand this isn’t your issue…  Still sucks though.
> Alternatively you can use Samba4 instead of OpenLDAP and use ntlm_auth just 
> like you would do with AD. Samba4 also includes a LDAP service.
> 
> --
> Ludovic Marcotte
> lmarco...@inverse.ca  ::  +1.514.755.3630  ::  http://inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://sogo.nu), PacketFence 
> (http://packetfence.org) and Fingerbank (http://fingerbank.org)
> 
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users



signature.asc
Description: Message signed with OpenPGP
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] LDAP

2018-05-31 Thread Jason 'XenoPhage' Frisvold via PacketFence-users 
Yuck.

802.1x would be for enhanced security, but we’re limited to either cleartext or 
a crappy hash?  I understand this isn’t your issue…  Still sucks though.

---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law

> On May 29, 2018, at 21:16, Durand fabrice via PacketFence-users 
>  wrote:
> 
> Hello Jason,
> Is it for 802.1x ?
> 
> If yes then it should be a clear text password or a nthash. 
> (http://deployingradius.com/documents/protocols/compatibility.html)
> And you will need to configure radius with something like that: 
> https://github.com/inverse-inc/packetfence/tree/devel/addons/nthash_AD_attribute#freeradius-configuration.
> 
> If it's not for 802.1x then a simple bind is enough and it doesn't really 
> matter the hash you will use.
> Regards
> 
> Fabrice
> 
> 
> 
> Le 2018-05-29 à 17:38, Jason 'XenoPhage' Frisvold via PacketFence-users a 
> écrit :
>> Docker to the rescue.  Was able to get a simple openLDAP container up and 
>> running pretty quickly.  Using phpLdapAdmin to get the initial stuff set up, 
>> then I’ll nuke that container with fire.  :)
>> 
>> So, with LDAP in place, what sort of hash do I need to use within LDAP in 
>> order to make everything with with Packetfence?  Can I use something like 
>> SHA512 or, better yet, blowfish?  Or do I have to use something else?  How 
>> do I specify what I’m using within Packetfence?
>> 
>> From what I remember, this was tied to RADIUS.  I think it had to match 
>> whatever RADIUS was using, but I can’t remember how to get that information.
>> 
>> Thanks,
>> 
>> ---
>> Jason 'XenoPhage' Frisvold
>> 
>> xenoph...@godshell.com
>> 
>> ---
>> 
>> "A common mistake that people make when trying to design something
>> completely foolproof is to underestimate the ingenuity of complete
>> fools."
>> - The Hitchhikers Guide to the Galaxy
>> 
>> 
>>> On May 24, 2018, at 09:50, David Harvey via PacketFence-users 
>>> 
>>>  wrote:
>>> 
>>> Not sure how much the standalone 389 directory lets you do from it's admin 
>>> interface, but a simple FreeIPA install (which includes 389) is also pretty 
>>> quick and easy to setup, and has a very comprehensive interface.  It may 
>>> contain way more features than you want though!
>>> Alternatively, I know QNAP NAS' have some builtin LDAP server bits, as I  
>>> imagine other NAS' would do, so if you have one on premise may be worth 
>>> checking out..
>>> 
>>> On Wed, May 23, 2018 at 11:38 PM, Durand fabrice via PacketFence-users
>>> 
>>>  wrote:
>>> I think about this one
>>> http://directory.fedoraproject.org/
>>>  who is coming with an admin interface.
>>> 
>>> 
>>> https://www.ehowstuff.com/setup-389-directory-server-on-centos-7/
>>> 
>>> 
>>> Le 2018-05-23 à 15:56, Jason 'XenoPhage' Frisvold via PacketFence-users a 
>>> écrit :
>>> 
 Hi all,
 
I’m looking for a quick and simple LDAP install I can use with 
 packetfence as a temporary authentication source.  Before I stand up an 
 openldap server, or perhaps openldap in a container, is anyone using 
 something that’s quicker to stand up and get running?  I’d love something 
 with an interface I can use to add users, change passwords, etc.
 
 Thanks,
 
 ---
 Jason 'XenoPhage' Frisvold
 
 
 xenoph...@godshell.com
 
 
 ---
 
 "Any sufficiently advanced magic is indistinguishable from technology."
 - Niven's Inverse of Clarke's Third Law
 
 
 
 
 
 --
 Check out the vibrant tech community on one of the world's most
 engaging tech sites, Slashdot.org!
 
 http://sdm.link/slashdot
 
 
 
 __
 _
 PacketFence-users mailing list
 
 
 PacketFence-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org!
>>> http://sdm.link/slashdot
>>> 
>>> ___
>>> PacketFence-users mailing list
>>> 
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> 
>>> 
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org!
>>> http://sdm.link/slashdot___
>>> 
>>> PacketFence-users mailing list
>>> 
>>> PacketFence-users@lists.sourceforge.net
>>>

Re: [PacketFence-users] Radius => The server is not configured to listen on any ports. Cannot start

2018-05-31 Thread Fabrice Durand via PacketFence-users 

Configure it to listen on a port...


Le 2018-05-31 à 08:57, Annibal Abreu via PacketFence-users a écrit :

radiusd:  Opening IP addresses and Ports 
The server is not configured to listen on any ports. Cannot start

Annibal





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Installation by using VM

2018-05-31 Thread Fabrice Durand via PacketFence-users 
If you want to do 802.1x yes, if you want to use your ad as an 
authentication source yes.


Btw it's not mandatory to have an AD.

But for network that packetfence manage (registration/isolation/inline) 
you need to use the dhcp/dns from packetfence.



Le 2018-05-31 à 00:03, AdvBaxter a écrit :


Hi,

I fixed it my ownself.. the setting not disappear.

Just clarify, do I need Server AD to work with pf? As I have own dhcp 
server from router.


Thank you.

*From:*Durand fabrice via PacketFence-users 


*Sent:* Thursday, 31 May 2018 10:43 AM
*To:* AdvBaxter via PacketFence-users 


*Cc:* Durand fabrice 
*Subject:* Re: [PacketFence-users] Installation by using VM

Hum really strange, before doing the shutdown can you check the 
pf.conf file to see if your configuration is there and after restart 
cna you check it again ?


Le 2018-05-29 à 22:59, AdvBaxter via PacketFence-users a écrit :

Hi,

I’m using packetfence VM Workstation.

Once I shutdown the VM or restart the VM, the packetfence that I
configure disappear. Do I need to have windows server 2012 for AD?
As all my dhcp is done on router.

Thank you.

Best Regards





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org!http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net


https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] New PF install trouble joining child domain

2018-05-31 Thread Sallee, Jake via PacketFence-users 
All:

I'm setting up a new PFv8.1 cluster and I am at the point where I am joining 
the individual servers to the domains we have.

The main / parent domain join went perfectly, but I am unable to join the child 
domain.  Here is the error :

Failed to join domain: Failed to set machine spn: Constraint violation
Do you have sufficient permissions to create machine accounts?

Google-ing the error says to make sure the join account has the correct 
privileges, I am assuming it does as the account is a domain admin.  
Interestingly enough the computer account DOES get created in AD complete with 
GUID and SID.

The winbindd log is spaming the following MANY time per second:

May 30 16:11:50 NAC-PFv8-01 winbindd[95903]: [2018/05/30 21:11:50.730648,  0] 
../source3/winbindd/winbindd_cache.c:3170(initialize_winbindd_cache)
May 30 16:11:50 NAC-PFv8-01 winbindd[95903]:  initialize_winbindd_cache: 
clearing cache and re-creating with version number 2
May 30 16:11:50 NAC-PFv8-01 winbindd[95903]: [2018/05/30 21:11:50.735636,  0] 
../source3/winbindd/winbindd_util.c:891(init_domain_list)
May 30 16:11:50 NAC-PFv8-01 winbindd[95903]:  Could not fetch our SID - did we 
join?
May 30 16:11:50 NAC-PFv8-01 winbindd[95903]: [2018/05/30 21:11:50.735686,  0] 
../source3/winbindd/winbindd.c:1404(winbindd_register_handlers)
May 30 16:11:50 NAC-PFv8-01 winbindd[95903]:  unable to initialize domain list

Any ideas?

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Radius => The server is not configured to listen on any ports. Cannot start

2018-05-31 Thread Annibal Abreu via PacketFence-users 
radiusd:  Opening IP addresses and Ports 
The server is not configured to listen on any ports.  Cannot start

Annibal
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] [new install] can not send email to requestors.

2018-05-31 Thread Dominix Pub. via PacketFence-users 
I have made the change. but I can only test by tomorrow morning (in 12
hours).

Le mer. 30 mai 2018 à 16:37, Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :

> Can you edit /usr/local/pf/lib/pf/config/util.pm
>
> Then change the send_mime_lite like that and restart packetfence and retry
> (and send the logs).
>
> sub send_mime_lite {
> my ($mime, @args) = @_;
> use Data::Dumper;
> get_logger->warn(Dumper @args);
> my $result = $FALSE;
> eval {
> $mime->send(
> 'sub',
> \_using_smtp_callback,
> @args
> );
> $result = $mime->last_send_successful();
> };
> if ($@) {
> my $to = $mime->{_extracted_to};
> my $msg = "Can't send email to '$to' :'$@'";
> $msg =~ s/\n//g;
> get_logger->error($msg);
> }
> else {
> $result = $result ? $TRUE : $FALSE;
> }
> return $result;
> }
>
> If there is not evidences then we will have to debug
> send_using_smtp_callback function.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-05-30 à 20:57, Dominix Public Relation via PacketFence-users a
> écrit :
>
> so, has there is a strong dependency on perl-libnet-3.10.1 I could not
> just remove it.
> I am on Centos7, with all yum update applyed.
> So I just removed the file related to perl-libnet in
> /usr/share/perl5/vendor_perl/
> like :
> unalias rm
> rpm -ql perl-libnet |awk '/Net\//{print "rm "$1}'
>
> now all my registration send a correct message throught my MTA and I can
> see it is send in /var/log/maillog.
> my solution is clearly a hack, and may not be recommended, but it works.
>
>
>
> Le mar. 29 mai 2018 à 21:44, Dominix Public Relation <
> dominix@gmail.com> a écrit :
>
>> there is no special char in the test I do. may be in the template file ?
>> How do I check ?
>>
>> Le mar. 29 mai 2018 à 15:08, Durand fabrice via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> a écrit :
>>
>>> Hello,
>>>
>>> i think the issue is an encoding issue.
>>>
>>> Can you just try to remove specific char and retry ?
>>>
>>> I will do a test on my side too.
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>>
>>> Le 2018-05-29 à 16:16, Dominix Public Relation via PacketFence-users a
>>> écrit :
>>>
>>> when sending an email I got these error in the maillog
>>> all details converge to this error : Wide character in syswrite at
>>> /usr/share/perl5/vendor_perl/Net/Cmd.pm line 212.'
>>> (pf::config::util::send_mime_lite)
>>>
>>>
>>> May 25 09:42:28 pf-wifi postfix/smtpd[1699]: connect from
>>> localhost[127.0.0.1]
>>> May 25 09:42:28 pf-wifi postfix/smtpd[1699]: E82042520469:
>>> client=localhost[127.0.0.1]
>>> May 25 09:42:28 pf-wifi postfix/smtpd[1699]: lost connection after DATA
>>> (351 bytes) from localhost[127.0.0.1]
>>> May 25 09:42:28 pf-wifi postfix/smtpd[1699]: disconnect from
>>> localhost[127.0.0.1]
>>>
>>>
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> WARN: [mac:unknown] Unable to match MAC address to IP '203.185.170.105'
>>> (pf::ip4log::ip2mac)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> WARN: [mac:d4:ae:05:0d:be:f9] Unable to match MAC address to IP
>>> '203.185.170.105' (pf::ip4log::ip2mac)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> INFO: [mac:d4:ae:05:0d:be:f9] Instantiate profile default
>>> (pf::Connection::ProfileFactory::_from_profile)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> WARN: [mac:d4:ae:05:0d:be:f9] modify of non-existent person
>>> test-table...@xxx.pf attempted - person added
>>> (pf::person::person_modify)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> INFO: [mac:d4:ae:05:0d:be:f9] User test-table...@xxx.pf has
>>> authenticated on the portal. (Class::MOP::Class:::after)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> INFO: [mac:d4:ae:05:0d:be:f9] new activation code successfully generated
>>> (pf::activation::create)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> INFO: [mac:d4:ae:05:0d:be:f9] Instantiate profile default
>>> (pf::Connection::ProfileFactory::_from_profile)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> ERROR: [mac:d4:ae:05:0d:be:f9] Can't send email to 'test-table...@xxx.pf'
>>> :'Wide character in syswrite at /usr/share/perl5/vendor_perl/Net/Cmd.pm
>>> line 212.' (pf::config::util::send_mime_lite)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> INFO: [mac:d4:ae:05:0d:be:f9] User test-table...@xxx.pf has
>>> authenticated on the portal. (Class::MOP::Class:::after)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal: httpd.portal(31805)
>>> WARN: [mac:d4:ae:05:0d:be:f9] Calling match with empty/invalid rule class.
>>> Defaulting to 'authentication' (pf::authentication::match)
>>> May 25 09:42:28 pf-wifi packetfence_httpd.portal:

Re: [PacketFence-users] Installation by using VM

2018-05-31 Thread AdvBaxter via PacketFence-users 
Hi,

 

I fixed it my ownself.. the setting not disappear. 

Just clarify, do I need Server AD to work with pf? As I have own dhcp server
from router. 

 

Thank you.

 

 

From: Durand fabrice via PacketFence-users
 
Sent: Thursday, 31 May 2018 10:43 AM
To: AdvBaxter via PacketFence-users

Cc: Durand fabrice 
Subject: Re: [PacketFence-users] Installation by using VM

 

Hum really strange, before doing the shutdown can you check the pf.conf file
to see if your configuration is there and after restart cna you check it
again ?

 

Le 2018-05-29 à 22:59, AdvBaxter via PacketFence-users a écrit :

Hi,

 

I’m using packetfence VM Workstation.

Once I shutdown the VM or restart the VM, the packetfence that I configure
disappear. Do I need to have windows server 2012 for AD? As all my dhcp is
done on router.

 

Thank you.

 

Best Regards







--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot






___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
 
https://lists.sourceforge.net/lists/listinfo/packetfence-users

 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-31 Thread jabang konate via PacketFence-users 
hi fabrice.

i already try the code and it work well.
i try with limit 1 node per user with DEFAULT role.

but i have something strange.

when user rejected/denied by the packetfence, i saw user will be in REJECT
role.
and then i try to deregister the first device from nodes tab, then i try
again with my second device with REJECT role and i still can't connect with
my network and still with REJECT role.
i must configure manual in nodes tab to apply role DEFAULT to my REJECT
device, and then try to reconnect again to get acess to network.

is it normal ?

here my packetfence log.





On Wed, May 30, 2018 at 7:42 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Jabang,
>
> thanks for testing it.
>
> Also for the limitation, i did some work on that not a long time ago and
> it should be fixed by https://patch-diff.githubusercontent.com/raw/
> inverse-inc/packetfence/pull/3236.diff
>
> Can you test it too and let me know.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit :
>
> hi fabrice
> thanks a lot and great work.
>
> now i can login with my local realm and remote realm from other university.
>
> i have  another question,is it possible to limit device node per user in
> eduroam?
> i try with default role to limit 2 devices, but when third devices login
> with the same username , user can still login but with blank role in
> packetfence web.
>
>
>
>
>
>
> On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Jabang,
>>
>> can you try that:
>>
>> https://github.com/inverse-inc/packetfence/compare/fix/eduro
>> am_standalone.diff
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :
>>
>> hi fabrice,
>> ok i will wait for patch
>>
>> thank you
>>
>> On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Ok there is a bug, i need to fix it.
>>>
>>>
>>>
>>> Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :
>>>
>>> hi fabrice.
>>>
>>> 10.18.23.60 is ip National Roaming Operator  eduroam in my Country.
>>>
>>> attach my eduroam config file.
>>>
>>>
>>> On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 What is 10.18.23.60 ?

 can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam
 ?

 Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :

 Hi fabrice,
 today i try again with my packetfence.

 in packetfence-tunnel configuration i change configuration like
 this,
if (update) {
 update control {
  := No
 }
 }
  }
 because from the output i don't see "ok", and then now i can login with
 my ldap account but with port 1812 in my access point, but not using port
 11812.
 if i'm using 11812 my request always forward to Realm eduroam my home
 server, and not forward the request to packetfence virtual server
 (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as
 you said in scenario 1.

 (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after
 "@"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm "
 xyz.ac.id" for User-Name = "testu...@xyz.ac.id"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name
 = "testuser"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is
 LOCAL
 (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
 (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has
 destination realm set.  Ignoring
 (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
 (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
 (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
 (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
 (1) Thu May 24 11:06:15 2018: Debug:   update control {
 (1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
 (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  =
 noop
 (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding
 "if" was taken
 (1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be
 proxied to Realm eduroam. Not doing EAP.
 (1) Thu May 24 11:06:15 2018: Debug: [eap] = noop

 attach my radiusd-eduroam.sock log and picture of my configurutiaon
 exclusive source eduroam .

 Regards.


 On Thu, May 24, 2018 at 12:49