Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-06-21 Thread jabang konate via PacketFence-users 
hello fabrice,
im sorry late inform you, last day im in vacation.

i try this morning your patch, and it works.

On Fri, Jun 8, 2018 at 9:06 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Jabang,
>
> it should be fixed with this patch:
>
> https://github.com/inverse-inc/packetfence/pull/3236/commits/
> 79c77b7419aaa53cf9fec30ff5c1e2014ec13ddd.diff
>
> Let me know if it works.
>
> Regards
>
> Fabrice
>
> Le 2018-06-07 à 00:44, jabang konate via PacketFence-users a écrit :
>
> hi fabrice.
>
> when second device want to connect with same username.
>
> attach my log for first device connected, second devices log try to
> connect , and radius log when second try to connect.
>
> Regards
> Jabang
>
>
>
> On Wed, Jun 6, 2018 at 8:55 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Janbang,
>>
>> can you confirm that when you reach the limit the role is set to REJECT ?
>>
>> I searched in the code and didn't found any place where we set the role
>> REJECT if the user reach the limit.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-06-04 à 00:05, jabang konate via PacketFence-users a écrit :
>>
>> hi fabrice
>>
>> any update for this issue?
>>
>> On Thu, May 31, 2018 at 4:41 PM, jabang konate 
>> wrote:
>>
>>> hi fabrice.
>>>
>>> i already try the code and it work well.
>>> i try with limit 1 node per user with DEFAULT role.
>>>
>>> but i have something strange.
>>>
>>> when user rejected/denied by the packetfence, i saw user will be in
>>> REJECT role.
>>> and then i try to deregister the first device from nodes tab, then i try
>>> again with my second device with REJECT role and i still can't connect with
>>> my network and still with REJECT role.
>>> i must configure manual in nodes tab to apply role DEFAULT to my REJECT
>>> device, and then try to reconnect again to get acess to network.
>>>
>>> is it normal ?
>>>
>>> here my packetfence log.
>>>
>>>
>>>
>>>
>>>
>>> On Wed, May 30, 2018 at 7:42 PM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 Hello Jabang,

 thanks for testing it.

 Also for the limitation, i did some work on that not a long time ago
 and it should be fixed by https://patch-diff.githubuserc
 ontent.com/raw/inverse-inc/packetfence/pull/3236.diff

 Can you test it too and let me know.

 Regards

 Fabrice



 Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit :

 hi fabrice
 thanks a lot and great work.

 now i can login with my local realm and remote realm from other
 university.

 i have  another question,is it possible to limit device node per user
 in eduroam?
 i try with default role to limit 2 devices, but when third devices
 login with the same username , user can still login but with blank role in
 packetfence web.






 On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users
  wrote:

> Hello Jabang,
>
> can you try that:
>
> https://github.com/inverse-inc/packetfence/compare/fix/eduro
> am_standalone.diff
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :
>
> hi fabrice,
> ok i will wait for patch
>
> thank you
>
> On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users
>  wrote:
>
>> Ok there is a bug, i need to fix it.
>>
>>
>>
>> Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :
>>
>> hi fabrice.
>>
>> 10.18.23.60 is ip National Roaming Operator  eduroam in my Country.
>>
>> attach my eduroam config file.
>>
>>
>> On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users
>>  wrote:
>>
>>> What is 10.18.23.60 ?
>>>
>>> can you share with me your file 
>>> /usr/local/pf/raddb/sites-enabled/eduroam
>>> ?
>>>
>>> Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :
>>>
>>> Hi fabrice,
>>> today i try again with my packetfence.
>>>
>>> in packetfence-tunnel configuration i change configuration like
>>> this,
>>>if (update) {
>>> update control {
>>>  := No
>>> }
>>> }
>>>  }
>>> because from the output i don't see "ok", and then now i can login
>>> with my ldap account but with port 1812 in my access point, but not 
>>> using
>>> port 11812.
>>> if i'm using 11812 my request always forward to Realm eduroam my
>>> home server, and not forward the request to packetfence virtual server
>>> (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as
>>> you said in scenario 1.
>>>
>>> (1) Thu May 24 11:06:15 2018:

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-06-05 Thread jabang konate via PacketFence-users 
hi fabrice

any update for this issue?

On Thu, May 31, 2018 at 4:41 PM, jabang konate 
wrote:

> hi fabrice.
>
> i already try the code and it work well.
> i try with limit 1 node per user with DEFAULT role.
>
> but i have something strange.
>
> when user rejected/denied by the packetfence, i saw user will be in REJECT
> role.
> and then i try to deregister the first device from nodes tab, then i try
> again with my second device with REJECT role and i still can't connect with
> my network and still with REJECT role.
> i must configure manual in nodes tab to apply role DEFAULT to my REJECT
> device, and then try to reconnect again to get acess to network.
>
> is it normal ?
>
> here my packetfence log.
>
>
>
>
>
> On Wed, May 30, 2018 at 7:42 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Jabang,
>>
>> thanks for testing it.
>>
>> Also for the limitation, i did some work on that not a long time ago and
>> it should be fixed by https://patch-diff.githubuserc
>> ontent.com/raw/inverse-inc/packetfence/pull/3236.diff
>>
>> Can you test it too and let me know.
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit :
>>
>> hi fabrice
>> thanks a lot and great work.
>>
>> now i can login with my local realm and remote realm from other
>> university.
>>
>> i have  another question,is it possible to limit device node per user in
>> eduroam?
>> i try with default role to limit 2 devices, but when third devices login
>> with the same username , user can still login but with blank role in
>> packetfence web.
>>
>>
>>
>>
>>
>>
>> On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Jabang,
>>>
>>> can you try that:
>>>
>>> https://github.com/inverse-inc/packetfence/compare/fix/eduro
>>> am_standalone.diff
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :
>>>
>>> hi fabrice,
>>> ok i will wait for patch
>>>
>>> thank you
>>>
>>> On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 Ok there is a bug, i need to fix it.



 Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :

 hi fabrice.

 10.18.23.60 is ip National Roaming Operator  eduroam in my Country.

 attach my eduroam config file.


 On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users <
 packetfence-users@lists.sourceforge.net> wrote:

> What is 10.18.23.60 ?
>
> can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam
> ?
>
> Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :
>
> Hi fabrice,
> today i try again with my packetfence.
>
> in packetfence-tunnel configuration i change configuration like
> this,
>if (update) {
> update control {
>  := No
> }
> }
>  }
> because from the output i don't see "ok", and then now i can login
> with my ldap account but with port 1812 in my access point, but not using
> port 11812.
> if i'm using 11812 my request always forward to Realm eduroam my home
> server, and not forward the request to packetfence virtual server
> (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as
> you said in scenario 1.
>
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after
> "@"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm "
> xyz.ac.id" for User-Name = "testu...@xyz.ac.id"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name
> = "testuser"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id
> "
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is
> LOCAL
> (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
> (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has
> destination realm set.  Ignoring
> (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
> (1) Thu May 24 11:06:15 2018: Debug:   update control {
> (1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
> (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  =
> noop
> (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding
> "if" was taken
> (1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be
>

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-31 Thread jabang konate via PacketFence-users 
hi fabrice.

i already try the code and it work well.
i try with limit 1 node per user with DEFAULT role.

but i have something strange.

when user rejected/denied by the packetfence, i saw user will be in REJECT
role.
and then i try to deregister the first device from nodes tab, then i try
again with my second device with REJECT role and i still can't connect with
my network and still with REJECT role.
i must configure manual in nodes tab to apply role DEFAULT to my REJECT
device, and then try to reconnect again to get acess to network.

is it normal ?

here my packetfence log.





On Wed, May 30, 2018 at 7:42 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Jabang,
>
> thanks for testing it.
>
> Also for the limitation, i did some work on that not a long time ago and
> it should be fixed by https://patch-diff.githubusercontent.com/raw/
> inverse-inc/packetfence/pull/3236.diff
>
> Can you test it too and let me know.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit :
>
> hi fabrice
> thanks a lot and great work.
>
> now i can login with my local realm and remote realm from other university.
>
> i have  another question,is it possible to limit device node per user in
> eduroam?
> i try with default role to limit 2 devices, but when third devices login
> with the same username , user can still login but with blank role in
> packetfence web.
>
>
>
>
>
>
> On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Jabang,
>>
>> can you try that:
>>
>> https://github.com/inverse-inc/packetfence/compare/fix/eduro
>> am_standalone.diff
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :
>>
>> hi fabrice,
>> ok i will wait for patch
>>
>> thank you
>>
>> On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Ok there is a bug, i need to fix it.
>>>
>>>
>>>
>>> Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :
>>>
>>> hi fabrice.
>>>
>>> 10.18.23.60 is ip National Roaming Operator  eduroam in my Country.
>>>
>>> attach my eduroam config file.
>>>
>>>
>>> On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 What is 10.18.23.60 ?

 can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam
 ?

 Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :

 Hi fabrice,
 today i try again with my packetfence.

 in packetfence-tunnel configuration i change configuration like
 this,
if (update) {
 update control {
  := No
 }
 }
  }
 because from the output i don't see "ok", and then now i can login with
 my ldap account but with port 1812 in my access point, but not using port
 11812.
 if i'm using 11812 my request always forward to Realm eduroam my home
 server, and not forward the request to packetfence virtual server
 (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as
 you said in scenario 1.

 (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after
 "@"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm "
 xyz.ac.id" for User-Name = "testu...@xyz.ac.id"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name
 = "testuser"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id"
 (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is
 LOCAL
 (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
 (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has
 destination realm set.  Ignoring
 (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
 (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
 (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
 (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
 (1) Thu May 24 11:06:15 2018: Debug:   update control {
 (1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
 (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  =
 noop
 (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding
 "if" was taken
 (1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be
 proxied to Realm eduroam. Not doing EAP.
 (1) Thu May 24 11:06:15 2018: Debug: [eap] = noop

 attach my radiusd-eduroam.sock log and picture of my configurutiaon
 exclusive source eduroam .

 Regards.


 On Thu, May 24, 2018 at 12:49

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-30 Thread Fabrice Durand via PacketFence-users 

Hello Jabang,

thanks for testing it.

Also for the limitation, i did some work on that not a long time ago and 
it should be fixed by 
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3236.diff


Can you test it too and let me know.

Regards

Fabrice



Le 2018-05-30 à 00:23, jabang konate via PacketFence-users a écrit :

hi fabrice
thanks a lot and great work.

now i can login with my local realm and remote realm from other 
university.


i have  another question,is it possible to limit device node per user 
in eduroam?
i try with default role to limit 2 devices, but when third devices 
login with the same username , user can still login but with blank 
role in packetfence web.







On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users 
> wrote:


Hello Jabang,

can you try that:


https://github.com/inverse-inc/packetfence/compare/fix/eduroam_standalone.diff



Regards

Fabrice



Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :

hi fabrice,
ok i will wait for patch

thank you

On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:

Ok there is a bug, i need to fix it.



Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a
écrit :

hi fabrice.

10.18.23.60 is ip National Roaming Operator  eduroam in my
Country.

attach my eduroam config file.


On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:

What is 10.18.23.60 ?

can you share with me your file
/usr/local/pf/raddb/sites-enabled/eduroam ?


Le 2018-05-24 à 00:46, jabang konate via
PacketFence-users a écrit :

Hi fabrice,
today i try again with my packetfence.

in packetfence-tunnel configuration i change
configuration like this,
if (update) {
update control {
 := No
        }
        }
 }
because from the output i don't see "ok", and then now
i can login with my ldap account but with port 1812 in
my access point, but not using port 11812.
if i'm using 11812 my request always forward to Realm
eduroam my home server, and not forward the request to
packetfence virtual server (sites-enabled/packetfence
then site-enabled/packetfence-tunnel) as you said in
scenario 1.

(1) Thu May 24 11:06:15 2018: Debug: suffix: Checking
for suffix after "@"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up
realm "xyz.ac.id " for User-Name =
"testu...@xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Found
realm "xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding
Stripped-User-Name = "testuser"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding
Realm = "xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix:
Authentication realm is LOCAL
(1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
(1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request
already has destination realm set.  Ignoring
(1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name
=~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name
=~ /@/) -> TRUE
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name
=~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug:   update control {
(1) Thu May 24 11:06:15 2018: Debug:   } # update
control = noop
(1) Thu May 24 11:06:15 2018: Debug: } # if
(User-Name =~ /@/) = noop
(1) Thu May 24 11:06:15 2018: Debug: ... skipping
else: Preceding "if" was taken
(1) Thu May 24 11:06:15 2018: Debug: eap: Request is
supposed to be proxied to Realm eduroam. Not doing EAP.
(1) Thu May 24 11:06:15 2018: Debug: [eap] = noop

attach my radiusd-eduroam.sock log and picture of my
configurutiaon exclusive source eduroam .

Regards.


On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via
PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>> wrote:



Le 2018-05-23 à 13:36, jabang

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-30 Thread jabang konate via PacketFence-users 
hi fabrice
thanks a lot and great work.

now i can login with my local realm and remote realm from other university.

i have  another question,is it possible to limit device node per user in
eduroam?
i try with default role to limit 2 devices, but when third devices login
with the same username , user can still login but with blank role in
packetfence web.






On Tue, May 29, 2018 at 11:36 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Jabang,
>
> can you try that:
>
> https://github.com/inverse-inc/packetfence/compare/fix/
> eduroam_standalone.diff
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :
>
> hi fabrice,
> ok i will wait for patch
>
> thank you
>
> On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Ok there is a bug, i need to fix it.
>>
>>
>>
>> Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :
>>
>> hi fabrice.
>>
>> 10.18.23.60 is ip National Roaming Operator  eduroam in my Country.
>>
>> attach my eduroam config file.
>>
>>
>> On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> What is 10.18.23.60 ?
>>>
>>> can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam
>>> ?
>>>
>>> Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :
>>>
>>> Hi fabrice,
>>> today i try again with my packetfence.
>>>
>>> in packetfence-tunnel configuration i change configuration like this,
>>>if (update) {
>>> update control {
>>>  := No
>>> }
>>> }
>>>  }
>>> because from the output i don't see "ok", and then now i can login with
>>> my ldap account but with port 1812 in my access point, but not using port
>>> 11812.
>>> if i'm using 11812 my request always forward to Realm eduroam my home
>>> server, and not forward the request to packetfence virtual server
>>> (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as you
>>> said in scenario 1.
>>>
>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after
>>> "@"
>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm "xyz.ac.id"
>>> for User-Name = "testu...@xyz.ac.id"
>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id"
>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name =
>>> "testuser"
>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id"
>>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is
>>> LOCAL
>>> (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
>>> (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has
>>> destination realm set.  Ignoring
>>> (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
>>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
>>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
>>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
>>> (1) Thu May 24 11:06:15 2018: Debug:   update control {
>>> (1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
>>> (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  =
>>> noop
>>> (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding
>>> "if" was taken
>>> (1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be
>>> proxied to Realm eduroam. Not doing EAP.
>>> (1) Thu May 24 11:06:15 2018: Debug: [eap] = noop
>>>
>>> attach my radiusd-eduroam.sock log and picture of my configurutiaon
>>> exclusive source eduroam .
>>>
>>> Regards.
>>>
>>>
>>> On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>


 Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a écrit :

 Hi fabrice.

 Thanks for speedy response.

 > so i am not sure what you try to do with the ldap module.
 ldap module for configuration user with openldap right? i read in EAP
 Authentication against OpenLDAP.

 yes, the only difference is that you have to disable NTLM-Auth if ldap
 return ok to avoid "ERROR: mschap: Program returned code (1) and output
 'Reading winbind reply failed! (0xc001)'".



 > You have 3 scenarios:
 yes i want like that,

 I will try again and will share the results on this topic.

 thank you for your advice fabrice.


 On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via PacketFence-users
  wrote:

> Hello Jabang,
>
> so i am not sure what you try to do with the ldap module.
>
> You have 3 scenarios:
>
> 1: a user from your university connect on the ssid eduroam from your
> university.  (the ap/controller use the port 11812)
> You need to configure the

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-29 Thread Fabrice Durand via PacketFence-users 

Hello Jabang,

can you try that:

https://github.com/inverse-inc/packetfence/compare/fix/eduroam_standalone.diff

Regards

Fabrice



Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit :

hi fabrice,
ok i will wait for patch

thank you

On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users 
> wrote:


Ok there is a bug, i need to fix it.



Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :

hi fabrice.

10.18.23.60 is ip National Roaming Operator eduroam in my Country.

attach my eduroam config file.


On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:

What is 10.18.23.60 ?

can you share with me your file
/usr/local/pf/raddb/sites-enabled/eduroam ?


Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a
écrit :

Hi fabrice,
today i try again with my packetfence.

in packetfence-tunnel configuration i change configuration
like this,
if (update) {
        update control {
 := No
        }
        }
 }
because from the output i don't see "ok", and then now i can
login with my ldap account but with port 1812 in my access
point, but not using port 11812.
if i'm using 11812 my request always forward to Realm
eduroam my home server, and not forward the request to
packetfence virtual server (sites-enabled/packetfence then
site-enabled/packetfence-tunnel) as you said in scenario 1.

(1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for
suffix after "@"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up
realm "xyz.ac.id " for User-Name =
"testu...@xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm
"xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding
Stripped-User-Name = "testuser"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm =
"xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication
realm is LOCAL
(1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
(1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request
already has destination realm set. Ignoring
(1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~
/@/) -> TRUE
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug:   update control {
(1) Thu May 24 11:06:15 2018: Debug:   } # update
control = noop
(1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name
=~ /@/)  = noop
(1) Thu May 24 11:06:15 2018: Debug: ... skipping else:
Preceding "if" was taken
(1) Thu May 24 11:06:15 2018: Debug: eap: Request is
supposed to be proxied to Realm eduroam. Not doing EAP.
(1) Thu May 24 11:06:15 2018: Debug: [eap] = noop

attach my radiusd-eduroam.sock log and picture of my
configurutiaon exclusive source eduroam .

Regards.


On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via
PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> wrote:



Le 2018-05-23 à 13:36, jabang konate via
PacketFence-users a écrit :

Hi fabrice.

Thanks for speedy response.

> so i am not sure what you try to do with the ldap module.
ldap module for configuration user with openldap right?
i read in EAP Authentication against OpenLDAP.

yes, the only difference is that you have to disable
NTLM-Auth if ldap return ok to avoid "ERROR: mschap:
Program returned code (1) and output 'Reading winbind
reply failed! (0xc001)'".




> You have 3 scenarios:
yes i want like that,

I will try again and will share the results on this topic.

thank you for your advice fabrice.


On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via
PacketFence-users
mailto:packetfence-users@lists.sourceforge.net>> wrote:

Hello Jabang,

so i am not sure what you try to do with the ldap
module.

You have 3 scenarios:

1: a user from your university connect on the ssid
eduroam from your university. (the ap/controller
use the port 11812)

You need to configure the local

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-25 Thread jabang konate via PacketFence-users 
hi fabrice,
ok i will wait for patch

thank you

On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Ok there is a bug, i need to fix it.
>
>
>
> Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :
>
> hi fabrice.
>
> 10.18.23.60 is ip National Roaming Operator  eduroam in my Country.
>
> attach my eduroam config file.
>
>
> On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> What is 10.18.23.60 ?
>>
>> can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam
>> ?
>>
>> Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :
>>
>> Hi fabrice,
>> today i try again with my packetfence.
>>
>> in packetfence-tunnel configuration i change configuration like this,
>>if (update) {
>> update control {
>>  := No
>> }
>> }
>>  }
>> because from the output i don't see "ok", and then now i can login with
>> my ldap account but with port 1812 in my access point, but not using port
>> 11812.
>> if i'm using 11812 my request always forward to Realm eduroam my home
>> server, and not forward the request to packetfence virtual server
>> (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as you
>> said in scenario 1.
>>
>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after "@"
>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm "xyz.ac.id"
>> for User-Name = "testu...@xyz.ac.id"
>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id"
>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name =
>> "testuser"
>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id"
>> (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is LOCAL
>> (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
>> (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has
>> destination realm set.  Ignoring
>> (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
>> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
>> (1) Thu May 24 11:06:15 2018: Debug:   update control {
>> (1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
>> (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  = noop
>> (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding
>> "if" was taken
>> (1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be
>> proxied to Realm eduroam. Not doing EAP.
>> (1) Thu May 24 11:06:15 2018: Debug: [eap] = noop
>>
>> attach my radiusd-eduroam.sock log and picture of my configurutiaon
>> exclusive source eduroam .
>>
>> Regards.
>>
>>
>> On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>>
>>>
>>> Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a écrit :
>>>
>>> Hi fabrice.
>>>
>>> Thanks for speedy response.
>>>
>>> > so i am not sure what you try to do with the ldap module.
>>> ldap module for configuration user with openldap right? i read in EAP
>>> Authentication against OpenLDAP.
>>>
>>> yes, the only difference is that you have to disable NTLM-Auth if ldap
>>> return ok to avoid "ERROR: mschap: Program returned code (1) and output
>>> 'Reading winbind reply failed! (0xc001)'".
>>>
>>>
>>>
>>> > You have 3 scenarios:
>>> yes i want like that,
>>>
>>> I will try again and will share the results on this topic.
>>>
>>> thank you for your advice fabrice.
>>>
>>>
>>> On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
 Hello Jabang,

 so i am not sure what you try to do with the ldap module.

 You have 3 scenarios:

 1: a user from your university connect on the ssid eduroam from your
 university.  (the ap/controller use the port 11812)
 You need to configure the local realm (let's say myuniversity.org) in
 the eduroam authentication source and configure ldap in packetfence-tunnel.
 So when this user will try to connect on the eduroam ssid with
 u...@myuniversity.org then the eduroam virtual server will detect the
 realm myuniversity.org and forward the request to packetfence virtual
 server (sites-enabled/packetfence then site-enabled/packetfence-tunne
 l).
 And in packetfence-tunnel you have something like that:

 ```
 authorize {
 suffix
 ntdomain
 eap {
 ok = return
 }
 files
 ldap
 if (ok) {
 update control {
  := No
 }
 }
 }
 ```

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-24 Thread Fabrice Durand via PacketFence-users 

Ok there is a bug, i need to fix it.



Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit :

hi fabrice.

10.18.23.60 is ip National Roaming Operator  eduroam in my Country.

attach my eduroam config file.


On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users 
> wrote:


What is 10.18.23.60 ?

can you share with me your file
/usr/local/pf/raddb/sites-enabled/eduroam ?


Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :

Hi fabrice,
today i try again with my packetfence.

in packetfence-tunnel configuration i change configuration like
this,
if (update) {
        update control {
         := No
        }
        }
 }
because from the output i don't see "ok", and then now i can
login with my ldap account but with port 1812 in my access point,
but not using port 11812.
if i'm using 11812 my request always forward to Realm eduroam my
home server, and not forward the request to packetfence virtual
server (sites-enabled/packetfence then
site-enabled/packetfence-tunnel) as you said in scenario 1.

(1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix
after "@"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm
"xyz.ac.id " for User-Name =
"testu...@xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm
"xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding
Stripped-User-Name = "testuser"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm =
"xyz.ac.id "
(1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm
is LOCAL
(1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
(1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already
has destination realm set. Ignoring
(1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) 
-> TRUE
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
(1) Thu May 24 11:06:15 2018: Debug: update control {
(1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
(1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~
/@/)  = noop
(1) Thu May 24 11:06:15 2018: Debug: ... skipping else:
Preceding "if" was taken
(1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to
be proxied to Realm eduroam. Not doing EAP.
(1) Thu May 24 11:06:15 2018: Debug: [eap] = noop

attach my radiusd-eduroam.sock log and picture of my
configurutiaon exclusive source eduroam .

Regards.


On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via
PacketFence-users > wrote:



Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a
écrit :

Hi fabrice.

Thanks for speedy response.

> so i am not sure what you try to do with the ldap module.
ldap module for configuration user with openldap right? i
read in EAP Authentication against OpenLDAP.

yes, the only difference is that you have to disable
NTLM-Auth if ldap return ok to avoid "ERROR: mschap: Program
returned code (1) and output 'Reading winbind reply failed!
(0xc001)'".




> You have 3 scenarios:
yes i want like that,

I will try again and will share the results on this topic.

thank you for your advice fabrice.


On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via
PacketFence-users > wrote:

Hello Jabang,

so i am not sure what you try to do with the ldap module.

You have 3 scenarios:

1: a user from your university connect on the ssid
eduroam from your university.  (the ap/controller use
the port 11812)

You need to configure the local realm (let's say
myuniversity.org ) in the
eduroam authentication source and configure ldap in
packetfence-tunnel.
So when this user will try to connect on the eduroam
ssid with u...@myuniversity.org
 then the eduroam virtual
server will detect the realm myuniversity.org
 and forward the request to
packetfence virtual server (sites-enabled/packetfence
then site-enabled/packetfence-tunnel).
And in packetfence-tunnel

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-24 Thread jabang konate via PacketFence-users 
hi fabrice.

10.18.23.60 is ip National Roaming Operator  eduroam in my Country.

attach my eduroam config file.


On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> What is 10.18.23.60 ?
>
> can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam
> ?
>
> Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :
>
> Hi fabrice,
> today i try again with my packetfence.
>
> in packetfence-tunnel configuration i change configuration like this,
>if (update) {
> update control {
>  := No
> }
> }
>  }
> because from the output i don't see "ok", and then now i can login with my
> ldap account but with port 1812 in my access point, but not using port
> 11812.
> if i'm using 11812 my request always forward to Realm eduroam my home
> server, and not forward the request to packetfence virtual server
> (sites-enabled/packetfence then site-enabled/packetfence-tunnel) as you
> said in scenario 1.
>
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after "@"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm "xyz.ac.id"
> for User-Name = "testu...@xyz.ac.id"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name =
> "testuser"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id"
> (1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is LOCAL
> (1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
> (1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has
> destination realm set.  Ignoring
> (1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
> (1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
> (1) Thu May 24 11:06:15 2018: Debug:   update control {
> (1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
> (1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  = noop
> (1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding "if"
> was taken
> (1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be
> proxied to Realm eduroam. Not doing EAP.
> (1) Thu May 24 11:06:15 2018: Debug: [eap] = noop
>
> attach my radiusd-eduroam.sock log and picture of my configurutiaon
> exclusive source eduroam .
>
> Regards.
>
>
> On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>>
>>
>> Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a écrit :
>>
>> Hi fabrice.
>>
>> Thanks for speedy response.
>>
>> > so i am not sure what you try to do with the ldap module.
>> ldap module for configuration user with openldap right? i read in EAP
>> Authentication against OpenLDAP.
>>
>> yes, the only difference is that you have to disable NTLM-Auth if ldap
>> return ok to avoid "ERROR: mschap: Program returned code (1) and output
>> 'Reading winbind reply failed! (0xc001)'".
>>
>>
>>
>> > You have 3 scenarios:
>> yes i want like that,
>>
>> I will try again and will share the results on this topic.
>>
>> thank you for your advice fabrice.
>>
>>
>> On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Jabang,
>>>
>>> so i am not sure what you try to do with the ldap module.
>>>
>>> You have 3 scenarios:
>>>
>>> 1: a user from your university connect on the ssid eduroam from your
>>> university.  (the ap/controller use the port 11812)
>>> You need to configure the local realm (let's say myuniversity.org) in
>>> the eduroam authentication source and configure ldap in packetfence-tunnel.
>>> So when this user will try to connect on the eduroam ssid with
>>> u...@myuniversity.org then the eduroam virtual server will detect the
>>> realm myuniversity.org and forward the request to packetfence virtual
>>> server (sites-enabled/packetfence then site-enabled/packetfence-tunnel).
>>> And in packetfence-tunnel you have something like that:
>>>
>>> ```
>>> authorize {
>>> suffix
>>> ntdomain
>>> eap {
>>> ok = return
>>> }
>>> files
>>> ldap
>>> if (ok) {
>>> update control {
>>>  := No
>>> }
>>> }
>>> }
>>> ```
>>>
>>> 2: u...@myuniversity.org is in travel and connect on the ssid eduroam
>>> in montreal university
>>> The local montreal radius server will forward to eduroam and eduroam
>>> will forward to your packetfence server on the port 1812 (you need to
>>> configure that on the eduroam side).
>>>
>>> 3: u...@univmontreal.org is connecting on your ssid eduroam, the realm
>>> in unknow then the request will be forwarded to eduroam

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-24 Thread Fabrice Durand via PacketFence-users 

What is 10.18.23.60 ?

can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam ?


Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit :

Hi fabrice,
today i try again with my packetfence.

in packetfence-tunnel configuration i change configuration like this,
if (update) {
        update control {
         := No
        }
        }
 }
because from the output i don't see "ok", and then now i can login 
with my ldap account but with port 1812 in my access point, but not 
using port 11812.
if i'm using 11812 my request always forward to Realm eduroam my home 
server, and not forward the request to packetfence virtual server 
(sites-enabled/packetfence then site-enabled/packetfence-tunnel) as 
you said in scenario 1.


(1) Thu May 24 11:06:15 2018: Debug: suffix: Checking for suffix after "@"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Looking up realm 
"xyz.ac.id " for User-Name = "testu...@xyz.ac.id 
"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Found realm "xyz.ac.id 
"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Stripped-User-Name 
= "testuser"
(1) Thu May 24 11:06:15 2018: Debug: suffix: Adding Realm = "xyz.ac.id 
"

(1) Thu May 24 11:06:15 2018: Debug: suffix: Authentication realm is LOCAL
(1) Thu May 24 11:06:15 2018: Debug: [suffix] = ok
(1) Thu May 24 11:06:15 2018: Debug: ntdomain: Request already has 
destination realm set.  Ignoring

(1) Thu May 24 11:06:15 2018: Debug: [ntdomain] = noop
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/) {
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  -> TRUE
(1) Thu May 24 11:06:15 2018: Debug: if (User-Name =~ /@/)  {
(1) Thu May 24 11:06:15 2018: Debug:   update control {
(1) Thu May 24 11:06:15 2018: Debug:   } # update control = noop
(1) Thu May 24 11:06:15 2018: Debug: } # if (User-Name =~ /@/)  = noop
(1) Thu May 24 11:06:15 2018: Debug: ... skipping else: Preceding 
"if" was taken
(1) Thu May 24 11:06:15 2018: Debug: eap: Request is supposed to be 
proxied to Realm eduroam. Not doing EAP.

(1) Thu May 24 11:06:15 2018: Debug: [eap] = noop

attach my radiusd-eduroam.sock log and picture of my configurutiaon 
exclusive source eduroam .


Regards.


On Thu, May 24, 2018 at 12:49 AM, Fabrice Durand via PacketFence-users 
> wrote:




Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a écrit :

Hi fabrice.

Thanks for speedy response.

> so i am not sure what you try to do with the ldap module.
ldap module for configuration user with openldap right? i read in
EAP Authentication against OpenLDAP.

yes, the only difference is that you have to disable NTLM-Auth if
ldap return ok to avoid "ERROR: mschap: Program returned code (1)
and output 'Reading winbind reply failed! (0xc001)'".




> You have 3 scenarios:
yes i want like that,

I will try again and will share the results on this topic.

thank you for your advice fabrice.


On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via
PacketFence-users > wrote:

Hello Jabang,

so i am not sure what you try to do with the ldap module.

You have 3 scenarios:

1: a user from your university connect on the ssid eduroam
from your university.  (the ap/controller use the port 11812)

You need to configure the local realm (let's say
myuniversity.org ) in the eduroam
authentication source and configure ldap in packetfence-tunnel.
So when this user will try to connect on the eduroam ssid
with u...@myuniversity.org 
then the eduroam virtual server will detect the realm
myuniversity.org  and forward the
request to packetfence virtual server
(sites-enabled/packetfence then site-enabled/packetfence-tunnel).
And in packetfence-tunnel you have something like that:

```
authorize {
    suffix
    ntdomain
    eap {
    ok = return
    }
    files
    ldap
        if (ok) {
        update control {
 := No
        }
        }
    }
```

2: u...@myuniversity.org  is in
travel and connect on the ssid eduroam in montreal university
The local montreal radius server will forward to eduroam and
eduroam will forward to your packetfence server on the port
1812 (you need to configure that on the eduroam side).

3: u...@univmontreal.org

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-23 Thread Fabrice Durand via PacketFence-users 



Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a écrit :

Hi fabrice.

Thanks for speedy response.

> so i am not sure what you try to do with the ldap module.
ldap module for configuration user with openldap right? i read in EAP 
Authentication against OpenLDAP.
yes, the only difference is that you have to disable NTLM-Auth if ldap 
return ok to avoid "ERROR: mschap: Program returned code (1) and output 
'Reading winbind reply failed! (0xc001)'".



> You have 3 scenarios:
yes i want like that,

I will try again and will share the results on this topic.

thank you for your advice fabrice.


On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via PacketFence-users 
> wrote:


Hello Jabang,

so i am not sure what you try to do with the ldap module.

You have 3 scenarios:

1: a user from your university connect on the ssid eduroam from
your university.  (the ap/controller use the port 11812)

You need to configure the local realm (let's say myuniversity.org
) in the eduroam authentication source
and configure ldap in packetfence-tunnel.
So when this user will try to connect on the eduroam ssid with
u...@myuniversity.org  then the
eduroam virtual server will detect the realm myuniversity.org
 and forward the request to packetfence
virtual server (sites-enabled/packetfence then
site-enabled/packetfence-tunnel).
And in packetfence-tunnel you have something like that:

```
authorize {
    suffix
    ntdomain
    eap {
    ok = return
    }
    files
    ldap
        if (ok) {
        update control {
         := No
        }
        }
    }
```

2: u...@myuniversity.org  is in
travel and connect on the ssid eduroam in montreal university
The local montreal radius server will forward to eduroam and
eduroam will forward to your packetfence server on the port 1812
(you need to configure that on the eduroam side).

3: u...@univmontreal.org  is
connecting on your ssid eduroam, the realm in unknow then the
request will be forwarded to eduroam then eduroam forward to the
montreal radius server.

Is it what you want to do ?

Regards
Fabrice



Le 2018-05-23 à 12:57, jabang konate via PacketFence-users a écrit :

Thanks Fabrice, let me clear my goals first. i'm still confuse
which file i must to configure packetfence-tunnel or eduroam file
in sites-available.
my packetfence will be act as manage eduroam user so i will use
port 11812 in my access point.

here's my step how i configure my eduroam in packetfence.
1. setting my local REALM.
2. configure exclusive source eduroam, add my local realm at step
1. then create authentication rules "catch all" role default
access duration 12 hours.
3. add switch configuration
4. configure ldap module in freeradius
5. configure file packetfence-tunnel ? or eduroam ?
6. restart freeradius and iptables

in step 5 im still confuse if i'm using 11812 so i must configure
eduroam file or still packetfence-tunnel ?



On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via
PacketFence-users > wrote:

If it's a server for eduroam (like the eduroam servers use
this server for your domain) then 1812, if it's to manage
eduroam user how connect on a eduroam ssid then 11812.


Also what you can do in packetfence-tunnel


    #  The ldap module reads passwords from the LDAP database.
    ldap
    if (ok) {
    update control {
 := No
    }
    }

Regards

Fabrice




Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a
écrit :

thanks for your reply fabrice.
here i attach my packetfence-tunnel file.

and which port should i use for my access point 1812 or
11812 in radius configuration for eduroam?
thank you

On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via
PacketFence-users > wrote:

Hello Jabang,

can you paste your packetfence-tunnel file ?

Regards

Fabrice



Le 2018-05-23 à 04:08, jabang konate via
PacketFence-users a écrit :

my packetfence server version is 8.0.1 and i want to
configure packetfence as an eduroam server with
openldap as user database,
then i look

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-23 Thread jabang konate via PacketFence-users 
Hi fabrice.

Thanks for speedy response.

> so i am not sure what you try to do with the ldap module.
ldap module for configuration user with openldap right? i read in EAP
Authentication against OpenLDAP.

> You have 3 scenarios:
yes i want like that,

I will try again and will share the results on this topic.

thank you for your advice fabrice.


On Thu, May 24, 2018 at 12:22 AM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Jabang,
>
> so i am not sure what you try to do with the ldap module.
>
> You have 3 scenarios:
>
> 1: a user from your university connect on the ssid eduroam from your
> university.  (the ap/controller use the port 11812)
> You need to configure the local realm (let's say myuniversity.org) in the
> eduroam authentication source and configure ldap in packetfence-tunnel.
> So when this user will try to connect on the eduroam ssid with
> u...@myuniversity.org then the eduroam virtual server will detect the
> realm myuniversity.org and forward the request to packetfence virtual
> server (sites-enabled/packetfence then site-enabled/packetfence-tunnel).
> And in packetfence-tunnel you have something like that:
>
> ```
> authorize {
> suffix
> ntdomain
> eap {
> ok = return
> }
> files
> ldap
> if (ok) {
> update control {
>  := No
> }
> }
> }
> ```
>
> 2: u...@myuniversity.org is in travel and connect on the ssid eduroam in
> montreal university
> The local montreal radius server will forward to eduroam and eduroam will
> forward to your packetfence server on the port 1812 (you need to configure
> that on the eduroam side).
>
> 3: u...@univmontreal.org is connecting on your ssid eduroam, the realm in
> unknow then the request will be forwarded to eduroam then eduroam forward
> to the montreal radius server.
>
> Is it what you want to do ?
>
> Regards
> Fabrice
>
>
>
> Le 2018-05-23 à 12:57, jabang konate via PacketFence-users a écrit :
>
> Thanks Fabrice, let me clear my goals first. i'm still confuse which file
> i must to configure packetfence-tunnel or eduroam file in sites-available.
> my packetfence will be act as manage eduroam user so i will use port 11812
> in my access point.
>
> here's my step how i configure my eduroam in packetfence.
> 1. setting my local REALM.
> 2. configure exclusive source eduroam, add my local realm at step 1. then
> create authentication rules "catch all" role default access duration 12
> hours.
> 3. add switch configuration
> 4. configure ldap module in freeradius
> 5. configure file packetfence-tunnel ? or eduroam ?
> 6. restart freeradius and iptables
>
> in step 5 im still confuse if i'm using 11812 so i must configure eduroam
> file or still packetfence-tunnel ?
>
>
>
> On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> If it's a server for eduroam (like the eduroam servers use this server
>> for your domain) then 1812, if it's to manage eduroam user how connect on a
>> eduroam ssid then 11812.
>>
>>
>> Also what you can do in packetfence-tunnel
>>
>>
>> #  The ldap module reads passwords from the LDAP database.
>> ldap
>> if (ok) {
>> update control {
>>  := No
>> }
>> }
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit :
>>
>> thanks for your reply fabrice.
>> here i attach my packetfence-tunnel file.
>>
>> and which port should i use for my access point 1812 or 11812 in radius
>> configuration for eduroam?
>> thank you
>>
>> On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello Jabang,
>>>
>>> can you paste your packetfence-tunnel file ?
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit :
>>>
>>> my packetfence server version is 8.0.1 and i want to configure
>>> packetfence as an eduroam server with openldap as user database,
>>> then i look into documentation eduroam section from packetfence and EAP
>>> Authentication against OpenLDAP.
>>>
>>> when im try to login with my laptop, i always get access reject.
>>>
>>> from log i see i can connect with my ldap server, then i see error like
>>> this
>>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: Program returned code (1)
>>> and output 'Reading winbind reply failed! (0xc001)'
>>> (7) Wed May 23 14:32:55 2018: Debug: mschap: External script failed
>>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: External script says:
>>> Reading winbind reply failed! (0xc001)
>>>
>>> is it the root cause why i alwayas get access reject?
>>> then i check winbindd service is not running, but i cant start winbindd
>>> service
>>> (Service 'winbindd' is not managed by PacketFence. Therefore, no action
>>> will be performed)

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-23 Thread Fabrice Durand via PacketFence-users 

Hello Jabang,

so i am not sure what you try to do with the ldap module.

You have 3 scenarios:

1: a user from your university connect on the ssid eduroam from your 
university.  (the ap/controller use the port 11812)


You need to configure the local realm (let's say myuniversity.org) in 
the eduroam authentication source and configure ldap in packetfence-tunnel.
So when this user will try to connect on the eduroam ssid with 
u...@myuniversity.org then the eduroam virtual server will detect the 
realm myuniversity.org and forward the request to packetfence virtual 
server (sites-enabled/packetfence then site-enabled/packetfence-tunnel).

And in packetfence-tunnel you have something like that:

```
authorize {
    suffix
    ntdomain
    eap {
    ok = return
    }
    files
    ldap
        if (ok) {
        update control {
         := No
        }
        }
    }
```

2: u...@myuniversity.org is in travel and connect on the ssid eduroam in 
montreal university
The local montreal radius server will forward to eduroam and eduroam 
will forward to your packetfence server on the port 1812 (you need to 
configure that on the eduroam side).


3: u...@univmontreal.org is connecting on your ssid eduroam, the realm 
in unknow then the request will be forwarded to eduroam then eduroam 
forward to the montreal radius server.


Is it what you want to do ?

Regards
Fabrice


Le 2018-05-23 à 12:57, jabang konate via PacketFence-users a écrit :
Thanks Fabrice, let me clear my goals first. i'm still confuse which 
file i must to configure packetfence-tunnel or eduroam file in 
sites-available.
my packetfence will be act as manage eduroam user so i will use port 
11812 in my access point.


here's my step how i configure my eduroam in packetfence.
1. setting my local REALM.
2. configure exclusive source eduroam, add my local realm at step 1. 
then create authentication rules "catch all" role default access 
duration 12 hours.

3. add switch configuration
4. configure ldap module in freeradius
5. configure file packetfence-tunnel ? or eduroam ?
6. restart freeradius and iptables

in step 5 im still confuse if i'm using 11812 so i must configure 
eduroam file or still packetfence-tunnel ?




On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via PacketFence-users 
> wrote:


If it's a server for eduroam (like the eduroam servers use this
server for your domain) then 1812, if it's to manage eduroam user
how connect on a eduroam ssid then 11812.


Also what you can do in packetfence-tunnel


    #  The ldap module reads passwords from the LDAP database.
    ldap
    if (ok) {
    update control {
 := No
    }
    }

Regards

Fabrice




Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit :

thanks for your reply fabrice.
here i attach my packetfence-tunnel file.

and which port should i use for my access point 1812 or 11812 in
radius configuration for eduroam?
thank you

On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via
PacketFence-users > wrote:

Hello Jabang,

can you paste your packetfence-tunnel file ?

Regards

Fabrice



Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a
écrit :

my packetfence server version is 8.0.1 and i want to
configure packetfence as an eduroam server with openldap as
user database,
then i look into documentation eduroam section from
packetfence and EAP Authentication against OpenLDAP.

when im try to login with my laptop, i always get access reject.

from log i see i can connect with my ldap server, then i see
error like this
(7) Wed May 23 14:32:55 2018: ERROR: mschap: Program
returned code (1) and output 'Reading winbind reply failed!
(0xc001)'
(7) Wed May 23 14:32:55 2018: Debug: mschap: External script
failed
(7) Wed May 23 14:32:55 2018: ERROR: mschap: External script
says: Reading winbind reply failed! (0xc001)

is it the root cause why i alwayas get access reject?
then i check winbindd service is not running, but i cant
start winbindd service
(Service 'winbindd' is not managed by PacketFence.
Therefore, no action will be performed)

attach my radius log.
please give me some advice.
thank you



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot


___
PacketFence-users

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-23 Thread jabang konate via PacketFence-users 
Thanks Fabrice, let me clear my goals first. i'm still confuse which file i
must to configure packetfence-tunnel or eduroam file in sites-available.
my packetfence will be act as manage eduroam user so i will use port 11812
in my access point.

here's my step how i configure my eduroam in packetfence.
1. setting my local REALM.
2. configure exclusive source eduroam, add my local realm at step 1. then
create authentication rules "catch all" role default access duration 12
hours.
3. add switch configuration
4. configure ldap module in freeradius
5. configure file packetfence-tunnel ? or eduroam ?
6. restart freeradius and iptables

in step 5 im still confuse if i'm using 11812 so i must configure eduroam
file or still packetfence-tunnel ?



On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> If it's a server for eduroam (like the eduroam servers use this server for
> your domain) then 1812, if it's to manage eduroam user how connect on a
> eduroam ssid then 11812.
>
>
> Also what you can do in packetfence-tunnel
>
>
> #  The ldap module reads passwords from the LDAP database.
> ldap
> if (ok) {
> update control {
>  := No
> }
> }
>
> Regards
>
> Fabrice
>
>
>
>
> Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit :
>
> thanks for your reply fabrice.
> here i attach my packetfence-tunnel file.
>
> and which port should i use for my access point 1812 or 11812 in radius
> configuration for eduroam?
> thank you
>
> On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Jabang,
>>
>> can you paste your packetfence-tunnel file ?
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit :
>>
>> my packetfence server version is 8.0.1 and i want to configure
>> packetfence as an eduroam server with openldap as user database,
>> then i look into documentation eduroam section from packetfence and EAP
>> Authentication against OpenLDAP.
>>
>> when im try to login with my laptop, i always get access reject.
>>
>> from log i see i can connect with my ldap server, then i see error like
>> this
>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: Program returned code (1)
>> and output 'Reading winbind reply failed! (0xc001)'
>> (7) Wed May 23 14:32:55 2018: Debug: mschap: External script failed
>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: External script says:
>> Reading winbind reply failed! (0xc001)
>>
>> is it the root cause why i alwayas get access reject?
>> then i check winbindd service is not running, but i cant start winbindd
>> service
>> (Service 'winbindd' is not managed by PacketFence. Therefore, no action
>> will be performed)
>>
>> attach my radius log.
>> please give me some advice.
>> thank you
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-23 Thread jabang konate via PacketFence-users 
Thanks Fabrice, let me clear my goals first. i'm still confuse which file i
must to configure packetfence-tunnel or eduroam file in sites-available.
my packetfence will be act as manage eduroam user so i will use port 11812
in my access point.

here's my step how i configure my eduroam in packetfence.
1. setting my local REALM.
2. configure exclusive source eduroam, add my local realm at step 1. then
create authentication rules "catch all" role default access duration 12
hours.
3. add switch configuration
4. configure ldap module in freeradius
5. configure file packetfence-tunnel ? or eduroam ?
6. restart freeradius and iptables

in step 5 im still confuse if i'm using 11812 so i must configure eduroam
file or still packetfence-tunnel ?



On Wed, May 23, 2018 at 10:55 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> If it's a server for eduroam (like the eduroam servers use this server for
> your domain) then 1812, if it's to manage eduroam user how connect on a
> eduroam ssid then 11812.
>
>
> Also what you can do in packetfence-tunnel
>
>
> #  The ldap module reads passwords from the LDAP database.
> ldap
> if (ok) {
> update control {
>  := No
> }
> }
>
> Regards
>
> Fabrice
>
>
>
>
> Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit :
>
> thanks for your reply fabrice.
> here i attach my packetfence-tunnel file.
>
> and which port should i use for my access point 1812 or 11812 in radius
> configuration for eduroam?
> thank you
>
> On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Hello Jabang,
>>
>> can you paste your packetfence-tunnel file ?
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit :
>>
>> my packetfence server version is 8.0.1 and i want to configure
>> packetfence as an eduroam server with openldap as user database,
>> then i look into documentation eduroam section from packetfence and EAP
>> Authentication against OpenLDAP.
>>
>> when im try to login with my laptop, i always get access reject.
>>
>> from log i see i can connect with my ldap server, then i see error like
>> this
>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: Program returned code (1)
>> and output 'Reading winbind reply failed! (0xc001)'
>> (7) Wed May 23 14:32:55 2018: Debug: mschap: External script failed
>> (7) Wed May 23 14:32:55 2018: ERROR: mschap: External script says:
>> Reading winbind reply failed! (0xc001)
>>
>> is it the root cause why i alwayas get access reject?
>> then i check winbindd service is not running, but i cant start winbindd
>> service
>> (Service 'winbindd' is not managed by PacketFence. Therefore, no action
>> will be performed)
>>
>> attach my radius log.
>> please give me some advice.
>> thank you
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-23 Thread Fabrice Durand via PacketFence-users 
If it's a server for eduroam (like the eduroam servers use this server 
for your domain) then 1812, if it's to manage eduroam user how connect 
on a eduroam ssid then 11812.



Also what you can do in packetfence-tunnel


    #  The ldap module reads passwords from the LDAP database.
    ldap
    if (ok) {
    update control {
     := No
    }
    }

Regards

Fabrice




Le 2018-05-23 à 11:38, jabang konate via PacketFence-users a écrit :

thanks for your reply fabrice.
here i attach my packetfence-tunnel file.

and which port should i use for my access point 1812 or 11812 in 
radius configuration for eduroam?

thank you

On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via PacketFence-users 
> wrote:


Hello Jabang,

can you paste your packetfence-tunnel file ?

Regards

Fabrice



Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit :

my packetfence server version is 8.0.1 and i want to configure
packetfence as an eduroam server with openldap as user database,
then i look into documentation eduroam section from packetfence
and EAP Authentication against OpenLDAP.

when im try to login with my laptop, i always get access reject.

from log i see i can connect with my ldap server, then i see
error like this
(7) Wed May 23 14:32:55 2018: ERROR: mschap: Program returned
code (1) and output 'Reading winbind reply failed! (0xc001)'
(7) Wed May 23 14:32:55 2018: Debug: mschap: External script failed
(7) Wed May 23 14:32:55 2018: ERROR: mschap: External script
says: Reading winbind reply failed! (0xc001)

is it the root cause why i alwayas get access reject?
then i check winbindd service is not running, but i cant start
winbindd service
(Service 'winbindd' is not managed by PacketFence. Therefore, no
action will be performed)

attach my radius log.
please give me some advice.
thank you



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

2018-05-23 Thread jabang konate via PacketFence-users 
thanks for your reply fabrice.
here i attach my packetfence-tunnel file.

and which port should i use for my access point 1812 or 11812 in radius
configuration for eduroam?
thank you

On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Jabang,
>
> can you paste your packetfence-tunnel file ?
> Regards
>
> Fabrice
>
>
>
> Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit :
>
> my packetfence server version is 8.0.1 and i want to configure packetfence
> as an eduroam server with openldap as user database,
> then i look into documentation eduroam section from packetfence and EAP
> Authentication against OpenLDAP.
>
> when im try to login with my laptop, i always get access reject.
>
> from log i see i can connect with my ldap server, then i see error like
> this
> (7) Wed May 23 14:32:55 2018: ERROR: mschap: Program returned code (1) and
> output 'Reading winbind reply failed! (0xc001)'
> (7) Wed May 23 14:32:55 2018: Debug: mschap: External script failed
> (7) Wed May 23 14:32:55 2018: ERROR: mschap: External script says: Reading
> winbind reply failed! (0xc001)
>
> is it the root cause why i alwayas get access reject?
> then i check winbindd service is not running, but i cant start winbindd
> service
> (Service 'winbindd' is not managed by PacketFence. Therefore, no action
> will be performed)
>
> attach my radius log.
> please give me some advice.
> thank you
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


packetfence-tunnel
Description: Binary data
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users