Re: [PacketFence-users] Eduroam port 11812 not working

ilto:ab.dijks...@noorderpoort.nl> > I > www.noorderpoort.nl > <https://urldefense.com/v3/__http://www.noorderpoort.nl/__;!!GjvTz_vk!Ty0R3ldoMyY_17TKdmD6xAwlIp4poUVzx9PYLE9JC9XhkMrP9Iu8DawtFpKzBz7IXpukcsQ7sr8DJCGHe4qCg02EAw$> > Van: Zammit, Ludovic > Verzonden: Dinsd

Re: [PacketFence-users] Eduroam port 11812 not working

Hello Anne, Make sure you configured the Eduroam source in PF and attached it to a connection profile. https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_eduroam Don’t to forget to restart radiusd

Re: [PacketFence-users] Eduroam port 11812 not working

Hi Tomasz, Thank you for your reply. Now the eduroam ext source is configured with port 11812 and I set port 11812 in our WiFi controller. But as I mentioned in my previous e-mail, when I make an authentication request from the WiFi controller to Packetfence on port 11812, it does nothing. The

Re: [PacketFence-users] Eduroam - without the AD and with LDAP - is possible or not in the NAC?

Restart the winbind service. Thanks & Regards, Nikunj Vachhani. Network Engineer. 99091 10490 From: P.Thirunavukkarasu via PacketFence-users Sent: 28 November 2022 11:34 AM To: packetfence-users Cc: P.Thirunavukkarasu Subject: [PacketFence-users] Eduroam - without the AD and with LDAP - is p

Re: [PacketFence-users] eduroam+packetfence with Google LDAP authentication

My packetfence server version is 11.2 and I want to configure packetfence as an eduroam server with Google Secure LDAP as a user database When I try to log in as an eduroam user, the reply is *access reject.* The error is as follows *Event Type: Radius-Access-RequestReason: mschap: Program ret

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Hi Fabrice, Greetings of the day Changed the configuration as follows..."*Realm Filter eduroam*" [image: image.png] FYKI in our setup we are not using any AD DC. Our authentication sources are Google LDAPs and MS AAD. Hence not configured the Domain (not listed any domain) in the *Default and NULL

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Thanks Fabrice... [image: image.png] There is such an option in the filter to select. Should I create a Realm "eduroam" in the realms section? Regards, Thirunavukkarasu ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lis

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Just like that: [image: image.png] Le dim. 20 mars 2022 à 07:39, P.Thirunavukkarasu a écrit : > Hi Fabrice, > Thank you and Sorry for the question... > > *Create the connection profile for outbound authentication* > *"Create the Connection Profile named External Eduroam authentication > Check A

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Hi Fabrice, Thank you and Sorry for the question... *Create the connection profile for outbound authentication* *"Create the Connection Profile named External Eduroam authentication Check Automatically register devices then create a REALM filter Eduroam. Next, make sure to add the Eduroam source p

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Hi Fabrice, Thank you *"Create a connection profile named Local and external Eduroam authentication Check Automatically register devices then create a SSID filter Eduroam. Make sure to add the Active Directory source to match on the local users."* [image: image.png] Then how to create the SSID filt

Re: [PacketFence-users] Eduroam configuration - SSID filter and REALM Filter

Hello Thirunavukkarasu, the realm eduroam is define in the freeradius unlang, so if the logic detect that it´s an outbound authentication then the realm eduroam will be added in the request. For the DEFAULT one you should use your domain for that. Regards Fabrice Le ven. 18 mars 2022 à 09:45, P

Re: [PacketFence-users] Eduroam as authentication source

Thank you very much for the explanations. It seems that this is the 2 information I was missing to complete the configuration. So, with your help, I have successfully configured eduroam on my site. Maybe you could add more details in the Installation Guide to help people like who were facing issu

Re: [PacketFence-users] Eduroam as authentication source

Hello Philippe, Eduroam will only work for 802.1x not for doing chap/pap. So in order to make it work you need to have a secure ssid called eduroam and use the port 11812 for the radius server. In the eduroam authentication source you also need to define your local realm (create your realm a

Re: [PacketFence-users] Eduroam as authentication source

Hi, I had the same problem until I realized that in our wifi controller must add a radius server wich is PF and the port 11812. After that it works! From: DOMINEAUX Philippe via PacketFence-users Sent: dinsdag 16 juli 2019 11:33 To: packetfence-users@lists.sourceforge.net Cc: DOMINEAUX Philip

Re: [PacketFence-users] Eduroam and PF 9.0.1

I have worked something out. In following the packetfence/eduroam guide I had changed the accthost to the eduroam servers in the US. I also had those same servers in the Exclusive Source. I was getting errors about servers being defined already. In looking at the proxy.conf.inc files, I rever

Re: [PacketFence-users] Eduroam local login

cketfence-users@lists.sourceforge.net *Cc:* Fabrice Durand *Subject:* Re: [PacketFence-users] Eduroam local login Hello Will, it's not enough, i need to see the raddebug for this user. Regards Fabrice Le 18-11-21 à 07 h 05, Will Halsall via PacketFence-users a écrit : Hi Fabrie,

Re: [PacketFence-users] Eduroam local login

*Cc:* Durand fabrice *Subject:* Re: [PacketFence-users] Eduroam local login Hello Will, yes but it's not yet available in packetfence 8.2. If you want to test you can use the following PR https://github.com/inverse-inc/packetfence/pull/3429 <https://github.com/inverse-inc/packetfence/pu

Re: [PacketFence-users] Eduroam local login

lp WillH From: Durand fabrice via PacketFence-users Sent: 20 November 2018 04:35 To: packetfence-users@lists.sourceforge.net Cc: Durand fabrice Subject: Re: [PacketFence-users] Eduroam local login Hello Will, yes but it's not yet available in packetfence 8.2. If you want to test you can

Re: [PacketFence-users] Eduroam local login

with a filter to retrieve the sAMAccountName Thanks Will H *From:*Fabrice Durand via PacketFence-users *Sent:* 14 November 2018 20:08 *To:* packetfence-users@lists.sourceforge.net *Cc:* Fabrice Durand *Subject:* Re: [PacketFence-users] Eduroam local login Hello Will, i think it's becau

Re: [PacketFence-users] Eduroam local login

retrieve the sAMAccountName Thanks Will H From: Fabrice Durand via PacketFence-users Sent: 14 November 2018 20:08 To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand Subject: Re: [PacketFence-users] Eduroam local login Hello Will, i think it's because the username is no

Re: [PacketFence-users] Eduroam local login

Hello Will, i think it's because the username is not stripped on the ntlm_auth call. Can you strip it in the farn-ct-ac-uk realm config ? It's like that right now: realm farn-ct.ac.uk { nostrip } Regards Fabrice Le 18-11-14 à 11 h 34, Will Halsall via PacketFence-users a écrit : Hi

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

hello fabrice, im sorry late inform you, last day im in vacation. i try this morning your patch, and it works. On Fri, Jun 8, 2018 at 9:06 PM, Fabrice Durand via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Jabang, > > it should be fixed with this patch: > > https:

Re: [PacketFence-users] Eduroam unable to process request local REALM from other university

hi fabrice. thanks a lot it work. Regards. Jabang On Wed, Jun 6, 2018 at 9:49 PM, Fabrice Durand via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Jabang, > > your issue is because in the Ruckus radius request it miss the > NAS-Port-Type attribute. > > > Can you tr

Re: [PacketFence-users] Eduroam unable to process request local REALM from other university

Hello Jabang, your issue is because in the Ruckus radius request it miss the NAS-Port-Type attribute. Can you try that: diff --git a/lib/pf/Switch.pm b/lib/pf/Switch.pm index 22bd94288..db9ee3921 100644 --- a/lib/pf/Switch.pm +++ b/lib/pf/Switch.pm @@ -3015,7 +3015,7 @@ sub parseRequest {   

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

hi fabrice any update for this issue? On Thu, May 31, 2018 at 4:41 PM, jabang konate wrote: > hi fabrice. > > i already try the code and it work well. > i try with limit 1 node per user with DEFAULT role. > > but i have something strange. > > when user rejected/denied by the packetfence, i saw

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

hi fabrice. i already try the code and it work well. i try with limit 1 node per user with DEFAULT role. but i have something strange. when user rejected/denied by the packetfence, i saw user will be in REJECT role. and then i try to deregister the first device from nodes tab, then i try again w

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Hello Jabang, thanks for testing it. Also for the limitation, i did some work on that not a long time ago and it should be fixed by https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3236.diff Can you test it too and let me know. Regards Fabrice Le 2018-05-30 à 00

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

hi fabrice thanks a lot and great work. now i can login with my local realm and remote realm from other university. i have another question,is it possible to limit device node per user in eduroam? i try with default role to limit 2 devices, but when third devices login with the same username , u

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Hello Jabang, can you try that: https://github.com/inverse-inc/packetfence/compare/fix/eduroam_standalone.diff Regards Fabrice Le 2018-05-25 à 03:50, jabang konate via PacketFence-users a écrit : hi fabrice, ok i will wait for patch thank you On Fri, May 25, 2018 at 1:33 AM, Fabrice Dura

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

hi fabrice, ok i will wait for patch thank you On Fri, May 25, 2018 at 1:33 AM, Fabrice Durand via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Ok there is a bug, i need to fix it. > > > > Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit : > > hi fabric

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Ok there is a bug, i need to fix it. Le 2018-05-24 à 11:33, jabang konate via PacketFence-users a écrit : hi fabrice. 10.18.23.60 is ip National Roaming Operator  eduroam in my Country. attach my eduroam config file. On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

hi fabrice. 10.18.23.60 is ip National Roaming Operator eduroam in my Country. attach my eduroam config file. On Thu, May 24, 2018 at 7:43 PM, Fabrice Durand via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > What is 10.18.23.60 ? > > can you share with me your file /us

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

What is 10.18.23.60 ? can you share with me your file /usr/local/pf/raddb/sites-enabled/eduroam ? Le 2018-05-24 à 00:46, jabang konate via PacketFence-users a écrit : Hi fabrice, today i try again with my packetfence. in packetfence-tunnel configuration i change configuration like this, if (u

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Le 2018-05-23 à 13:36, jabang konate via PacketFence-users a écrit : Hi fabrice. Thanks for speedy response. > so i am not sure what you try to do with the ldap module. ldap module for configuration user with openldap right? i read in EAP Authentication against OpenLDAP. yes, the only differ

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Hi fabrice. Thanks for speedy response. > so i am not sure what you try to do with the ldap module. ldap module for configuration user with openldap right? i read in EAP Authentication against OpenLDAP. > You have 3 scenarios: yes i want like that, I will try again and will share the results on

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Hello Jabang, so i am not sure what you try to do with the ldap module. You have 3 scenarios: 1: a user from your university connect on the ssid eduroam from your university.  (the ap/controller use the port 11812) You need to configure the local realm (let's say myuniversity.org) in the ed

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Thanks Fabrice, let me clear my goals first. i'm still confuse which file i must to configure packetfence-tunnel or eduroam file in sites-available. my packetfence will be act as manage eduroam user so i will use port 11812 in my access point. here's my step how i configure my eduroam in packetfen

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Thanks Fabrice, let me clear my goals first. i'm still confuse which file i must to configure packetfence-tunnel or eduroam file in sites-available. my packetfence will be act as manage eduroam user so i will use port 11812 in my access point. here's my step how i configure my eduroam in packetfen

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

If it's a server for eduroam (like the eduroam servers use this server for your domain) then 1812, if it's to manage eduroam user how connect on a eduroam ssid then 11812. Also what you can do in packetfence-tunnel     #  The ldap module reads passwords from the LDAP database.     ldap     i

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

thanks for your reply fabrice. here i attach my packetfence-tunnel file. and which port should i use for my access point 1812 or 11812 in radius configuration for eduroam? thank you On Wed, May 23, 2018 at 7:33 PM, Fabrice Durand via PacketFence-users < packetfence-users@lists.sourceforge.net> wr

Re: [PacketFence-users] eduroam+packetfence with openldap authentication

Hello Jabang, can you paste your packetfence-tunnel file ? Regards Fabrice Le 2018-05-23 à 04:08, jabang konate via PacketFence-users a écrit : my packetfence server version is 8.0.1 and i want to configure packetfence as an eduroam server with openldap as user database, then i look into do

Re: [PacketFence-users] eduroam

Hello Will, Le 2018-04-28 à 18:09, Will Halsall via PacketFence-users a écrit : > > Hi Folks > >   > >   > > Having a problem getting packetfence 7.4 to work with .ac.uk radius > servers > >   > > 1.   Server 1 and server 2 have different secrets and I cannot see > a way of configuring this

Re: [PacketFence-users] eduroam authentication

Hello Will, it looks that the authentication fail in the chroot. What you can try is the following: chroot /chroots/RadiusAD wbinfo -u ntlm_auth --userbane=helpdesk --password=... And let me know the result. Regards Fabrice Le 2018-05-02 à 03:39, Will Halsall via PacketFence-users a écr

Re: [PacketFence-users] eduroam and PF

Hi Max, There’s some good guidance in the admin guide to implement eduroam and PF which covers the majority of the config. We required some extra bits here as we wanted to split off local users to visiting users, and so did that through the getnormalvlan subroutine in the vlan/custom.pm file wit

Re: [PacketFence-users] eduroam home users being processed by packetfence

t seems to be working without, but I want to make sure there's no knock on effect anywhere. Cheers, Andi From: Morris, Andi [mailto:amor...@cardiffmet.ac.uk] Sent: 17 July 2014 10:16 To: 'packetfence-users@lists.sourceforge.net' Subject: Re: [PacketFence-users] eduroam home users be

Re: [PacketFence-users] eduroam home users being processed by packetfence

OK, after analysing some radius debug logs it looks like packetfence is being called from the post-auth section of the sites-enabled/packetfence server: post-auth { exec if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)|| (User-Name =~ /^.*\@.+/ && User-Name !~ /^.*\@cardiffme

Re: [PacketFence-users] Eduroam ...

Hi Rich, thanks for the answer ... On 02/07/2013 04:31 PM, Rich Graves wrote: >> When I try to log into the WPA enterprise (802.1x) WLAN my freeradius is >> having trouble to obtain the NT-Password. The hash resides in our LDAP, >> but does PF take care of retrieving it, or do I need to configure

Re: [PacketFence-users] Eduroam ...

Rich, will have a look. Thanks for comment. On 2013-02-07 10:31 AM, Rich Graves wrote: > (Inverse friends: this should get a mention in the "PacketFence and Eduroam" > FAQ entry.) -- dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.n

Re: [PacketFence-users] Eduroam ...

> When I try to log into the WPA enterprise (802.1x) WLAN my freeradius is > having trouble to obtain the NT-Password. The hash resides in our LDAP, > but does PF take care of retrieving it, or do I need to configure the > connection from the freeradius to the LDAP myself? To debug, killall radiu

Re: [PacketFence-users] Eduroam and Guest Logins

On 02/04/2013 09:26 PM, Rich Graves wrote: > Well, Europe is about 5 years ahead of US .edu's, so your sense of what's > normal for eduroam is better than mine. I'm surprised, though. If the same > person visits mpifr-bonn and uni-bonn and cam.uk, they might need three > different passwords, and

Re: [PacketFence-users] Eduroam and Guest Logins

Well, Europe is about 5 years ahead of US .edu's, so your sense of what's normal for eduroam is better than mine. I'm surprised, though. If the same person visits mpifr-bonn and uni-bonn and cam.uk, they might need three different passwords, and they must accept three different certificates for

Re: [PacketFence-users] Eduroam and Guest Logins

On 02/04/2013 06:23 PM, Rich Graves wrote: > Are you allowing locally authenticated guests to use your "eduroam" SSID? > That's unusual. Typically, guests go on an open SSID. > If your guests use a 802.1X SSID other than eduroam, then I think you > should be able to short-circuit the proxy logic b

Re: [PacketFence-users] Eduroam and Guest Logins

On 02/04/2013 06:01 PM, Durand Fabrice wrote: > in your proxy.conf, add : > realm domain_name { > } > > Where domain_name is your domaine name. Hi Durand, thank for your answer. I have my own domain correctly proxied to the local radius instance. The problem is, I cannot distinguish between an

Re: [PacketFence-users] Eduroam and Guest Logins

Are you allowing locally authenticated guests to use your "eduroam" SSID? That's unusual. Typically, guests go on an open SSID. If your guests use a 802.1X SSID other than eduroam, then I think you should be able to short-circuit the proxy logic based on ESSID. For example, my controllers put i

Re: [PacketFence-users] Eduroam and Guest Logins

Hello, in your proxy.conf, add : realm domain_name { } Where domain_name is your domaine name. Regards Fabrice Le 2013-02-04 10:59, Jan Behrend a écrit : Hi, I have integrated "eduroam" in my PF setup. The problem now occurs, that guest logins which use their email address as login name (PID