[PacketFence-users] Inline Layer 2 and Inline Layer 3
We are trying to setup the PF captive portal ONLY in inline mode for the wireless network on our Campus. I have a couple of questions: 1. What is the difference between inline layer 2 and inline layer 3? 2. Is it possible to have routed networks behind the inline interface? We currently have a routed network and require the Internet traffic to pass through inline interface. Regards, Kevin -- Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
run_dir = /var/run/radiusd
libdir = /usr/lib64/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
allow_vulnerable_openssl = no
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = status-server
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Loading Clients
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
nastype = other
}
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in
range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com
I am now officially stumped. Are there any other files that I should be
checking in order to get this sorted?
Rich:
I do not know enough about Linux or Samba for the error messages to be much
use. Is there something in particular that I should be looking for?
Carla
On Wed, Jun 4, 2014 at 4:30 PM, Louis Munro lmu...@inverse.ca wrote:
Hi Carla,
No, this file is not part of PacketFence.
I doubt that is really the issue. That file is mostly used to authenticate
local users.
I believe pam.d/common-auth is only on Debian (and maybe Ubuntu) so if you
have a RedHat based system that will not apply in any case.
What you are trying to achieve is authentication of external (i.e. RADIUS)
users via ntlm_auth.
All FreeRadius really cares about is the return code from ntlm_auth.
I have never had to change pam settings to get ntlm_auth working.
Regards,
--
Louis Munro
lmu...@inverse.ca :: www.inverse.ca
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
www.packetfence.org)
On 2014-06-04, at 15:27 , Carla Nurse packeth...@gmail.com wrote:
Louis,
I am currently working with the Samba mail list. One person has indicated
it may be a lack of a file /etc/pam.d/common-auth.
Is this file usually found on PacketFence? And if so, can you give me an
idea of the configuration required for it?
Carla
On Mon, Jun 2, 2014 at 5:17 PM, Carla Nurse packeth...@gmail.com wrote:
Louis,
I will check with them and see if there is anything that can be done. I
will continue to work on the configuration during that time.
Thank you for your assistance.
Carla
On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote:
wbinfo -u should return the list of users in the domain.
This would seem to indicate an issue with either the rights of the user
doing the query or the AD configuration.
You might be better helped by the samba mailing list as this issue is
really more with winbind/AD than with PacketFence.
Best regards,
--
Louis Munro
lmu...@inverse.ca :: www.inverse.ca
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
www.packetfence.org)
On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote:
Hi Louis,
When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo
-p* and the ping to winbindd succeeded.
On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote:
--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and
their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Frederic: I checked the setting and it is already set to yes. That was a little disappointing, I was hoping it would be the solution to my problem. Thank you for your assistance. Louis, I ran the command as you suggested. It is currently indicating an error reading the radiusd.conf. Additionally, I also checked the web admin and realised that most of my services have stopped working and I can't get them back up. The only ones that are up are httpd.admin and memcached. [root@pf-zen-esx ~]# radiusd -d /usr/local/pf/raddb -X radiusd: FreeRADIUS Version 2.2.5, for host x86_64-redhat-linux-gnu, built on Apr 29 2014 at 09:18:14 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /usr/local/pf/raddb/radiusd.conf including configuration file /usr/local/pf/raddb/proxy.conf including configuration file /usr/local/pf/raddb/clients.conf including files in directory /usr/local/pf/raddb/modules/ including configuration file /usr/local/pf/raddb/modules/pap including configuration file /usr/local/pf/raddb/modules/pam including configuration file /usr/local/pf/raddb/modules/smsotp including configuration file /usr/local/pf/raddb/modules/sradutmp including configuration file /usr/local/pf/raddb/modules/redis including configuration file /usr/local/pf/raddb/modules/linelog including configuration file /usr/local/pf/raddb/modules/sql_log including configuration file /usr/local/pf/raddb/modules/ippool including configuration file /usr/local/pf/raddb/modules/mac2vlan including configuration file /usr/local/pf/raddb/modules/replicate including configuration file /usr/local/pf/raddb/modules/logintime including configuration file /usr/local/pf/raddb/modules/mschap /usr/local/pf/raddb/modules/mschap[15]: Parse error: Unterminated string Errors reading or parsing /usr/local/pf/raddb/radiusd.conf On Thu, Jun 5, 2014 at 9:21 AM, Louis Munro lmu...@inverse.ca wrote: On 2014-06-05, at 6:53 , Carla Nurse packeth...@gmail.com wrote: OKay, so I think I know why the tests weren't working. The radiusd service isn't running. [root@pf-zen-esx ~]# service radiusd status radiusd is stopped [root@pf-zen-esx ~]# service radiusd start Starting radiusd: [FAILED] When I run the radiusd -X command, the end indicates that it is Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed). I tried to update it using the yum install openssl 1.0.1g but that failed. Indicating that the package was not available. Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com Hi Carla, The service is not supposed to be running. FreeRADIUS is managed by PacketFence, not initd. This is unsurprising and will probably happen even if you update libssl. The issue is that you are not running radiusd with the correct arguments. You should be doing it this way: # radiusd -d /usr/local/pf/raddb -X But don't expect that to fix your ntlm_auth problem. FreeRADIUS depends on ntlm_auth, not the other way around. You still have to get ntlm_auth working before FreeRADIUS will do Active Directory authentication. Have you considered the possibility that the issue is on the AD server? Also, make sure you have DNS working correctly. tcpdump ca be your friend to see what is going on between your server and AD. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu
Re: [PacketFence-users] Radtest Fail
Hi Louis,
I had copied that straight from the documentation. But I was able to get
that resolved. Now I am getting a different error:
WARNING: No such configuration item rpc_server
/usr/local/pf/raddb/sites-enabled/packetfence-soh[4]: Reference
${rpc_server} not found
On Thu, Jun 5, 2014 at 9:44 AM, Louis Munro lmu...@inverse.ca wrote:
Carla,
On 2014-06-05, at 9:35 , Carla Nurse packeth...@gmail.com wrote:
/usr/local/pf/raddb/modules/mschap[15]: Parse error: Unterminated string
Errors reading or parsing /usr/local/pf/raddb/radiusd.conf
You messed up the raddb/modules/mschap configuration file.
Find your unterminated string and fix it, most likely by adding a single
or double quote.
--
Louis Munro
lmu...@inverse.ca :: www.inverse.ca
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
www.packetfence.org)
--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Hi all,
I was able to get the ntlm_auth to work.
Thank you for your assistance. I'm now going to try the radtest. Hopefully
that works as well.
On Thu, Jun 5, 2014 at 10:07 AM, Carla Nurse packeth...@gmail.com wrote:
Hi Louis,
I had copied that straight from the documentation. But I was able to get
that resolved. Now I am getting a different error:
WARNING: No such configuration item rpc_server
/usr/local/pf/raddb/sites-enabled/packetfence-soh[4]: Reference
${rpc_server} not found
On Thu, Jun 5, 2014 at 9:44 AM, Louis Munro lmu...@inverse.ca wrote:
Carla,
On 2014-06-05, at 9:35 , Carla Nurse packeth...@gmail.com wrote:
/usr/local/pf/raddb/modules/mschap[15]: Parse error: Unterminated string
Errors reading or parsing /usr/local/pf/raddb/radiusd.conf
You messed up the raddb/modules/mschap configuration file.
Find your unterminated string and fix it, most likely by adding a single
or double quote.
--
Louis Munro
lmu...@inverse.ca :: www.inverse.ca
+1.514.447.4918 *125 :: +1 (866) 353-6153
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
www.packetfence.org)
--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Louis, I am currently working with the Samba mail list. One person has indicated it may be a lack of a file /etc/pam.d/common-auth. Is this file usually found on PacketFence? And if so, can you give me an idea of the configuration required for it? Carla On Mon, Jun 2, 2014 at 5:17 PM, Carla Nurse packeth...@gmail.com wrote: Louis, I will check with them and see if there is anything that can be done. I will continue to work on the configuration during that time. Thank you for your assistance. Carla On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote: wbinfo -u should return the list of users in the domain. This would seem to indicate an issue with either the rights of the user doing the query or the AD configuration. You might be better helped by the samba mailing list as this issue is really more with winbind/AD than with PacketFence. Best regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote: Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
I am now officially stumped. Are there any other files that I should be checking in order to get this sorted? Rich: I do not know enough about Linux or Samba for the error messages to be much use. Is there something in particular that I should be looking for? Carla On Wed, Jun 4, 2014 at 4:30 PM, Louis Munro lmu...@inverse.ca wrote: Hi Carla, No, this file is not part of PacketFence. I doubt that is really the issue. That file is mostly used to authenticate local users. I believe pam.d/common-auth is only on Debian (and maybe Ubuntu) so if you have a RedHat based system that will not apply in any case. What you are trying to achieve is authentication of external (i.e. RADIUS) users via ntlm_auth. All FreeRadius really cares about is the return code from ntlm_auth. I have never had to change pam settings to get ntlm_auth working. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-04, at 15:27 , Carla Nurse packeth...@gmail.com wrote: Louis, I am currently working with the Samba mail list. One person has indicated it may be a lack of a file /etc/pam.d/common-auth. Is this file usually found on PacketFence? And if so, can you give me an idea of the configuration required for it? Carla On Mon, Jun 2, 2014 at 5:17 PM, Carla Nurse packeth...@gmail.com wrote: Louis, I will check with them and see if there is anything that can be done. I will continue to work on the configuration during that time. Thank you for your assistance. Carla On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote: wbinfo -u should return the list of users in the domain. This would seem to indicate an issue with either the rights of the user doing the query or the AD configuration. You might be better helped by the samba mailing list as this issue is really more with winbind/AD than with PacketFence. Best regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote: Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Radtest Fail
I am trying to setup the RADIUS server using Active Directory and got to
the radtest test. The LDAP connect, bind and search is successful but the
radtest is failing. I keep getting the error message:
[root@pf-zen-esx ~]# radtest dd Abcd1234 localhost:18120 12 testing123
radclient:: Failed to find IP address for pf-zen-esx
radclient: Nothing to send.
So far, I have:
1. Checked to make sure that the SQL password is working using the
command *mysql
-u pf -p *and checked the sql.conf file which is included below.
[root@pf-zen-esx ~]# mysql -u pf -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
sql {
database = mysql
driver = rlm_sql_${database}
server = %%db_host%%
port = %%db_port%%
login = %%db_username%%
password = %%db_password%%
radius_db = %%db_database%%
acct_table1 = radacct
acct_table2 = radacct
postauth_table = radpostauth
authcheck_table = radcheck
authreply_table = radreply
groupcheck_table = radgroupcheck
groupreply_table = radgroupreply
usergroup_table = radusergroup
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
readclients = yes
nas_table = radius_nas
$INCLUDE sql/${database}/packetfence.conf
}
2. Created a symbolic link *ln -s ../sites-available/packetfence|ln -s
../sites-available/packetfence-tunnel*
3. And based on another thread on this page, I checked my radiusd.conf file
to see if $INCLUDE sql.conf was located. It was there. I have attached the
radiusd.conf file.
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = %%install_dir%%/var
sbindir = /usr/sbin
logdir = %%install_dir%%/logs
raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run
db_dir = ${raddbdir}
libdir = /usr/lib%%arch%%/freeradius
pidfile = ${run_dir}/${name}.pid
rpc_user = %%rpc_user%%
rpc_pass = %%rpc_pass%%
rpc_port = 9090
rpc_server = 127.0.0.1
rpc_proto = http
user = pf
group = pf
max_request_time = 30
cleanup_delay = 5
max_requests = 2
listen {
type = auth
ipaddr = %%management_ip%%
port = 0
virtual_server = packetfence
}
listen {
ipaddr = %%management_ip%%
port = 0
type = acct
virtual_server = packetfence
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions= yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
# On Centos, even if the openssl lib has been patched, freeradius
refuse to start. Make sure you update openssl.
allow_vulnerable_openssl = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
}
instantiate {
exec
expr
expiration
logintime
raw
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
Is there anything else that can be done?
Thank you,
Carla
--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
I went through the setup as recommended by Louis. I was able to get the
machine on the domain. When I run the ntlm_auth command, I encounter the
following error message:
[root@pf-zen-esx ~]# ntlm_auth --username *
password:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
(0xc0da)
I didn't try the radtest command as yet, as I figured I should get this one
sorted out first.
On Mon, Jun 2, 2014 at 10:25 AM, Carla Nurse packeth...@gmail.com wrote:
I am trying to setup the RADIUS server using Active Directory and got to
the radtest test. The LDAP connect, bind and search is successful but the
radtest is failing. I keep getting the error message:
[root@pf-zen-esx ~]# radtest dd Abcd1234 localhost:18120 12 testing123
radclient:: Failed to find IP address for pf-zen-esx
radclient: Nothing to send.
So far, I have:
1. Checked to make sure that the SQL password is working using the command
*mysql
-u pf -p *and checked the sql.conf file which is included below.
[root@pf-zen-esx ~]# mysql -u pf -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
sql {
database = mysql
driver = rlm_sql_${database}
server = %%db_host%%
port = %%db_port%%
login = %%db_username%%
password = %%db_password%%
radius_db = %%db_database%%
acct_table1 = radacct
acct_table2 = radacct
postauth_table = radpostauth
authcheck_table = radcheck
authreply_table = radreply
groupcheck_table = radgroupcheck
groupreply_table = radgroupreply
usergroup_table = radusergroup
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
readclients = yes
nas_table = radius_nas
$INCLUDE sql/${database}/packetfence.conf
}
2. Created a symbolic link *ln -s ../sites-available/packetfence|ln -s
../sites-available/packetfence-tunnel*
3. And based on another thread on this page, I checked my radiusd.conf
file to see if $INCLUDE sql.conf was located. It was there. I have
attached the radiusd.conf file.
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = %%install_dir%%/var
sbindir = /usr/sbin
logdir = %%install_dir%%/logs
raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run
db_dir = ${raddbdir}
libdir = /usr/lib%%arch%%/freeradius
pidfile = ${run_dir}/${name}.pid
rpc_user = %%rpc_user%%
rpc_pass = %%rpc_pass%%
rpc_port = 9090
rpc_server = 127.0.0.1
rpc_proto = http
user = pf
group = pf
max_request_time = 30
cleanup_delay = 5
max_requests = 2
listen {
type = auth
ipaddr = %%management_ip%%
port = 0
virtual_server = packetfence
}
listen {
ipaddr = %%management_ip%%
port = 0
type = acct
virtual_server = packetfence
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions= yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
# On Centos, even if the openssl lib has been patched, freeradius
refuse to start. Make sure you update openssl.
allow_vulnerable_openssl = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
}
instantiate {
exec
expr
expiration
logintime
raw
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
Is there anything else that can be done?
Thank you,
Carla
--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Hi, I ran the command you gave me: [root@pf-zen-esx ~]# net ads testjoin Join is OK It has indicated that the join is okay. We do have multiple domain controllers. Are you indicating I may need to wait for replication? On Mon, Jun 2, 2014 at 2:27 PM, Louis Munro lmu...@inverse.ca wrote: Has the machine been joined to the domain correctly? Try this command to make sure: # net ads testjoin Also, do you have multiple Domain Controller servers? On 2014-06-02, at 13:59 , Carla Nurse packeth...@gmail.com wrote: I went through the setup as recommended by Louis. I was able to get the machine on the domain. When I run the ntlm_auth command, I encounter the following error message: [root@pf-zen-esx ~]# ntlm_auth --username * password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) I didn't try the radtest command as yet, as I figured I should get this one sorted out fir Correct. This has to work before FreeRADIUS will correctly authenticate AD users. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: Hi, I ran the command you gave me: [root@pf-zen-esx ~]# net ads testjoin Join is OK It has indicated that the join is okay. We do have multiple domain controllers. Are you indicating I may need to wait for replication? No. I was just wondering if the join could be incorrect because you could be pointing to the wrong server. Since the join seems ok, I would looking into what info you might no be able to get from the domain. does wbinfo -u return the list of users? -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radtest Fail
Louis, I will check with them and see if there is anything that can be done. I will continue to work on the configuration during that time. Thank you for your assistance. Carla On Mon, Jun 2, 2014 at 5:04 PM, Louis Munro lmu...@inverse.ca wrote: wbinfo -u should return the list of users in the domain. This would seem to indicate an issue with either the rights of the user doing the query or the AD configuration. You might be better helped by the samba mailing list as this issue is really more with winbind/AD than with PacketFence. Best regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 *125 :: +1 (866) 353-6153 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( www.packetfence.org) On 2014-06-02, at 16:50 , Carla Nurse packeth...@gmail.com wrote: Hi Louis, When I run *wbinfo -u* it goes straight back to prompt. I tried *wbinfo -p* and the ping to winbindd succeeded. On Mon, Jun 2, 2014 at 4:36 PM, Louis Munro lmu...@inverse.ca wrote: -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Captive Portal Settings Missing?
I have started to configure the Packetfence ZEN VM (version 4.1.0) and I have encountered a problem. The documentation refers to: · Trappings Redirect URL under Configuration · Captive Portal IP under Configuration But I don’t see these options. Is there a problem with my set up? Or a bug in the system? (The only thing I request is that you don’t tell me that I have to start over…) Any assistance that you can provide would be greatly appreciated. -- Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
