[PacketFence-users] Inline Layer 2 and Inline Layer 3
We are trying to setup the PF captive portal ONLY in inline mode for the wireless network on our Campus. I have a couple of questions: 1. What is the difference between inline layer 2 and inline layer 3? 2. Is it possible to have routed networks behind the inline interface? We currently have a routed network and require the Internet traffic to pass through inline interface. Regards, Kevin -- Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
run_dir = /var/run/radiusd libdir = /usr/lib64/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes allow_vulnerable_openssl = no } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = status-server ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Loading Clients client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 nastype = other } Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com I am now officially stumped. Are there any other files that I should be checking in order to get this sorted? Rich: I do not know enough about Linux or Samba for the error messages to be much use. Is there something in particular that I should be looking for? Carla On Wed, Jun 4, 2014 at 4:30 PM, Louis Munro lmu...@inverse.ca wrote: Hi Carla, No, this file is not part of PacketFence. I doubt that is really the issue. That file is mostly used to authenticate local users. I believe pam.d/common-auth is only on Debian (and maybe Ubuntu) so if you have a RedHat based system that will not apply in any case. What you are trying to achieve is authentication of external (i.e. RADIUS) users via ntlm_auth. All FreeRadius really cares about is the return code from ntlm_auth. I have never had to change pam settings to get ntlm_auth working. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-04, at 15:27 , Carla Nurse packeth...@gmail.com wrote: Louis, I am currently working with the Samba mail list. One person has indicated it may be a lack of a file /etc/pam.d/common-auth. Is this file usually found on PacketFence? And if so, can you give me an idea of the configuration required for it? Carla On Mon, Jun 2, 2014 at 5:17 PM, Carla Nurse packeth...@gmail.com wrote: Louis, I will check with them and see if there is anything that can be done. I will continue to work on the configuration during that time. Thank you for your assistance. Carla On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote: wbinfo -u should return the list of users in the domain. This would seem to indicate an issue with either the rights of the user doing the query or the AD configuration. You might be better helped by the samba mailing list as this issue is really more with winbind/AD than with PacketFence. Best regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote: Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Frederic: I checked the setting and it is already set to yes. That was a little disappointing, I was hoping it would be the solution to my problem. Thank you for your assistance. Louis, I ran the command as you suggested. It is currently indicating an error reading the radiusd.conf. Additionally, I also checked the web admin and realised that most of my services have stopped working and I can't get them back up. The only ones that are up are httpd.admin and memcached. [root@pf-zen-esx ~]# radiusd -d /usr/local/pf/raddb -X radiusd: FreeRADIUS Version 2.2.5, for host x86_64-redhat-linux-gnu, built on Apr 29 2014 at 09:18:14 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /usr/local/pf/raddb/radiusd.conf including configuration file /usr/local/pf/raddb/proxy.conf including configuration file /usr/local/pf/raddb/clients.conf including files in directory /usr/local/pf/raddb/modules/ including configuration file /usr/local/pf/raddb/modules/pap including configuration file /usr/local/pf/raddb/modules/pam including configuration file /usr/local/pf/raddb/modules/smsotp including configuration file /usr/local/pf/raddb/modules/sradutmp including configuration file /usr/local/pf/raddb/modules/redis including configuration file /usr/local/pf/raddb/modules/linelog including configuration file /usr/local/pf/raddb/modules/sql_log including configuration file /usr/local/pf/raddb/modules/ippool including configuration file /usr/local/pf/raddb/modules/mac2vlan including configuration file /usr/local/pf/raddb/modules/replicate including configuration file /usr/local/pf/raddb/modules/logintime including configuration file /usr/local/pf/raddb/modules/mschap /usr/local/pf/raddb/modules/mschap[15]: Parse error: Unterminated string Errors reading or parsing /usr/local/pf/raddb/radiusd.conf On Thu, Jun 5, 2014 at 9:21 AM, Louis Munro lmu...@inverse.ca wrote: On 2014-06-05, at 6:53 , Carla Nurse packeth...@gmail.com wrote: OKay, so I think I know why the tests weren't working. The radiusd service isn't running. [root@pf-zen-esx ~]# service radiusd status radiusd is stopped [root@pf-zen-esx ~]# service radiusd start Starting radiusd: [FAILED] When I run the radiusd -X command, the end indicates that it is Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed). I tried to update it using the yum install openssl 1.0.1g but that failed. Indicating that the package was not available. Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com Hi Carla, The service is not supposed to be running. FreeRADIUS is managed by PacketFence, not initd. This is unsurprising and will probably happen even if you update libssl. The issue is that you are not running radiusd with the correct arguments. You should be doing it this way: # radiusd -d /usr/local/pf/raddb -X But don't expect that to fix your ntlm_auth problem. FreeRADIUS depends on ntlm_auth, not the other way around. You still have to get ntlm_auth working before FreeRADIUS will do Active Directory authentication. Have you considered the possibility that the issue is on the AD server? Also, make sure you have DNS working correctly. tcpdump ca be your friend to see what is going on between your server and AD. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu
Re: [PacketFence-users] Radtest Fail
Hi Louis, I had copied that straight from the documentation. But I was able to get that resolved. Now I am getting a different error: WARNING: No such configuration item rpc_server /usr/local/pf/raddb/sites-enabled/packetfence-soh[4]: Reference ${rpc_server} not found On Thu, Jun 5, 2014 at 9:44 AM, Louis Munro lmu...@inverse.ca wrote: Carla, On 2014-06-05, at 9:35 , Carla Nurse packeth...@gmail.com wrote: /usr/local/pf/raddb/modules/mschap[15]: Parse error: Unterminated string Errors reading or parsing /usr/local/pf/raddb/radiusd.conf You messed up the raddb/modules/mschap configuration file. Find your unterminated string and fix it, most likely by adding a single or double quote. -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Hi all, I was able to get the ntlm_auth to work. Thank you for your assistance. I'm now going to try the radtest. Hopefully that works as well. On Thu, Jun 5, 2014 at 10:07 AM, Carla Nurse packeth...@gmail.com wrote: Hi Louis, I had copied that straight from the documentation. But I was able to get that resolved. Now I am getting a different error: WARNING: No such configuration item rpc_server /usr/local/pf/raddb/sites-enabled/packetfence-soh[4]: Reference ${rpc_server} not found On Thu, Jun 5, 2014 at 9:44 AM, Louis Munro lmu...@inverse.ca wrote: Carla, On 2014-06-05, at 9:35 , Carla Nurse packeth...@gmail.com wrote: /usr/local/pf/raddb/modules/mschap[15]: Parse error: Unterminated string Errors reading or parsing /usr/local/pf/raddb/radiusd.conf You messed up the raddb/modules/mschap configuration file. Find your unterminated string and fix it, most likely by adding a single or double quote. -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Louis, I am currently working with the Samba mail list. One person has indicated it may be a lack of a file /etc/pam.d/common-auth. Is this file usually found on PacketFence? And if so, can you give me an idea of the configuration required for it? Carla On Mon, Jun 2, 2014 at 5:17 PM, Carla Nurse packeth...@gmail.com wrote: Louis, I will check with them and see if there is anything that can be done. I will continue to work on the configuration during that time. Thank you for your assistance. Carla On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote: wbinfo -u should return the list of users in the domain. This would seem to indicate an issue with either the rights of the user doing the query or the AD configuration. You might be better helped by the samba mailing list as this issue is really more with winbind/AD than with PacketFence. Best regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote: Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
I am now officially stumped. Are there any other files that I should be checking in order to get this sorted? Rich: I do not know enough about Linux or Samba for the error messages to be much use. Is there something in particular that I should be looking for? Carla On Wed, Jun 4, 2014 at 4:30 PM, Louis Munro lmu...@inverse.ca wrote: Hi Carla, No, this file is not part of PacketFence. I doubt that is really the issue. That file is mostly used to authenticate local users. I believe pam.d/common-auth is only on Debian (and maybe Ubuntu) so if you have a RedHat based system that will not apply in any case. What you are trying to achieve is authentication of external (i.e. RADIUS) users via ntlm_auth. All FreeRadius really cares about is the return code from ntlm_auth. I have never had to change pam settings to get ntlm_auth working. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-04, at 15:27 , Carla Nurse packeth...@gmail.com wrote: Louis, I am currently working with the Samba mail list. One person has indicated it may be a lack of a file /etc/pam.d/common-auth. Is this file usually found on PacketFence? And if so, can you give me an idea of the configuration required for it? Carla On Mon, Jun 2, 2014 at 5:17 PM, Carla Nurse packeth...@gmail.com wrote: Louis, I will check with them and see if there is anything that can be done. I will continue to work on the configuration during that time. Thank you for your assistance. Carla On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote: wbinfo -u should return the list of users in the domain. This would seem to indicate an issue with either the rights of the user doing the query or the AD configuration. You might be better helped by the samba mailing list as this issue is really more with winbind/AD than with PacketFence. Best regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote: Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Radtest Fail
I am trying to setup the RADIUS server using Active Directory and got to the radtest test. The LDAP connect, bind and search is successful but the radtest is failing. I keep getting the error message: [root@pf-zen-esx ~]# radtest dd Abcd1234 localhost:18120 12 testing123 radclient:: Failed to find IP address for pf-zen-esx radclient: Nothing to send. So far, I have: 1. Checked to make sure that the SQL password is working using the command *mysql -u pf -p *and checked the sql.conf file which is included below. [root@pf-zen-esx ~]# mysql -u pf -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. sql { database = mysql driver = rlm_sql_${database} server = %%db_host%% port = %%db_port%% login = %%db_username%% password = %%db_password%% radius_db = %%db_database%% acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = radusergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 lifetime = 0 max_queries = 0 readclients = yes nas_table = radius_nas $INCLUDE sql/${database}/packetfence.conf } 2. Created a symbolic link *ln -s ../sites-available/packetfence|ln -s ../sites-available/packetfence-tunnel* 3. And based on another thread on this page, I checked my radiusd.conf file to see if $INCLUDE sql.conf was located. It was there. I have attached the radiusd.conf file. prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = %%install_dir%%/var sbindir = /usr/sbin logdir = %%install_dir%%/logs raddbdir = %%install_dir%%/var/radiusd radacctdir = %%install_dir%%/logs/radacct name = radiusd confdir = ${raddbdir} run_dir = ${localstatedir}/run db_dir = ${raddbdir} libdir = /usr/lib%%arch%%/freeradius pidfile = ${run_dir}/${name}.pid rpc_user = %%rpc_user%% rpc_pass = %%rpc_pass%% rpc_port = 9090 rpc_server = 127.0.0.1 rpc_proto = http user = pf group = pf max_request_time = 30 cleanup_delay = 5 max_requests = 2 listen { type = auth ipaddr = %%management_ip%% port = 0 virtual_server = packetfence } listen { ipaddr = %%management_ip%% port = 0 type = acct virtual_server = packetfence } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions= yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = yes auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes # On Centos, even if the openssl lib has been patched, freeradius refuse to start. Make sure you update openssl. allow_vulnerable_openssl = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf $INCLUDE sql.conf } instantiate { exec expr expiration logintime raw } $INCLUDE policy.conf $INCLUDE sites-enabled/ Is there anything else that can be done? Thank you, Carla -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
I went through the setup as recommended by Louis. I was able to get the machine on the domain. When I run the ntlm_auth command, I encounter the following error message: [root@pf-zen-esx ~]# ntlm_auth --username * password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) I didn't try the radtest command as yet, as I figured I should get this one sorted out first. On Mon, Jun 2, 2014 at 10:25 AM, Carla Nurse packeth...@gmail.com wrote: I am trying to setup the RADIUS server using Active Directory and got to the radtest test. The LDAP connect, bind and search is successful but the radtest is failing. I keep getting the error message: [root@pf-zen-esx ~]# radtest dd Abcd1234 localhost:18120 12 testing123 radclient:: Failed to find IP address for pf-zen-esx radclient: Nothing to send. So far, I have: 1. Checked to make sure that the SQL password is working using the command *mysql -u pf -p *and checked the sql.conf file which is included below. [root@pf-zen-esx ~]# mysql -u pf -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. sql { database = mysql driver = rlm_sql_${database} server = %%db_host%% port = %%db_port%% login = %%db_username%% password = %%db_password%% radius_db = %%db_database%% acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = radusergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 lifetime = 0 max_queries = 0 readclients = yes nas_table = radius_nas $INCLUDE sql/${database}/packetfence.conf } 2. Created a symbolic link *ln -s ../sites-available/packetfence|ln -s ../sites-available/packetfence-tunnel* 3. And based on another thread on this page, I checked my radiusd.conf file to see if $INCLUDE sql.conf was located. It was there. I have attached the radiusd.conf file. prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = %%install_dir%%/var sbindir = /usr/sbin logdir = %%install_dir%%/logs raddbdir = %%install_dir%%/var/radiusd radacctdir = %%install_dir%%/logs/radacct name = radiusd confdir = ${raddbdir} run_dir = ${localstatedir}/run db_dir = ${raddbdir} libdir = /usr/lib%%arch%%/freeradius pidfile = ${run_dir}/${name}.pid rpc_user = %%rpc_user%% rpc_pass = %%rpc_pass%% rpc_port = 9090 rpc_server = 127.0.0.1 rpc_proto = http user = pf group = pf max_request_time = 30 cleanup_delay = 5 max_requests = 2 listen { type = auth ipaddr = %%management_ip%% port = 0 virtual_server = packetfence } listen { ipaddr = %%management_ip%% port = 0 type = acct virtual_server = packetfence } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions= yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = yes auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes # On Centos, even if the openssl lib has been patched, freeradius refuse to start. Make sure you update openssl. allow_vulnerable_openssl = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf $INCLUDE sql.conf } instantiate { exec expr expiration logintime raw } $INCLUDE policy.conf $INCLUDE sites-enabled/ Is there anything else that can be done? Thank you, Carla -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Hi, I ran the command you gave me: [root@pf-zen-esx ~]# net ads testjoin Join is OK It has indicated that the join is okay. We do have multiple domain controllers. Are you indicating I may need to wait for replication? On Mon, Jun 2, 2014 at 2:27 PM, Louis Munro lmu...@inverse.ca wrote: Has the machine been joined to the domain correctly? Try this command to make sure: # net ads testjoin Also, do you have multiple Domain Controller servers? On 2014-06-02, at 13:59 , Carla Nurse packeth...@gmail.com wrote: I went through the setup as recommended by Louis. I was able to get the machine on the domain. When I run the ntlm_auth command, I encounter the following error message: [root@pf-zen-esx ~]# ntlm_auth --username * password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) I didn't try the radtest command as yet, as I figured I should get this one sorted out fir Correct. This has to work before FreeRADIUS will correctly authenticate AD users. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: Hi, I ran the command you gave me: [root@pf-zen-esx ~]# net ads testjoin Join is OK It has indicated that the join is okay. We do have multiple domain controllers. Are you indicating I may need to wait for replication? No. I was just wondering if the join could be incorrect because you could be pointing to the wrong server. Since the join seems ok, I would looking into what info you might no be able to get from the domain. does wbinfo -u return the list of users? -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Louis, I will check with them and see if there is anything that can be done. I will continue to work on the configuration during that time. Thank you for your assistance. Carla On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote: wbinfo -u should return the list of users in the domain. This would seem to indicate an issue with either the rights of the user doing the query or the AD configuration. You might be better helped by the samba mailing list as this issue is really more with winbind/AD than with PacketFence. Best regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote: Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Captive Portal Settings Missing?
I have started to configure the Packetfence ZEN VM (version 4.1.0) and I have encountered a problem. The documentation refers to: · Trappings Redirect URL under Configuration · Captive Portal IP under Configuration But I don’t see these options. Is there a problem with my set up? Or a bug in the system? (The only thing I request is that you don’t tell me that I have to start over…) Any assistance that you can provide would be greatly appreciated. -- Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users