Menu
▾
▴
Re: [PacketFence-users] Packetfence not moving to next source in list
|
From: Durand f. <fd...@in...> - 2019-10-13 11:57:32
|
Hello Jordan, yes you can do that on the captive portal. You just need to create a connection profile with a rule that match per example the ssid and assign it the authentication source you want to use (in first position the student one and the in 2nd position the staff one). The other option should be to do EAP-TTLS/PAP for the student and configure Freeradius to talk to G suite via ldap. (I don't have a G suite account so i can't test but it should work). Regards Fabrice Le 19-10-11 à 22 h 11, Jordan Dare a écrit : > Hi Durand, > > Thanks for your reply. > > Is it possible to have it check the student source first, then if it > fails go to AD? or something like that? G Suite doesn't normally do > 802.1x, but they have an LDAP server you can authenticate against > which is what I'm trying to do. > > Thanks! > > On Fri, Oct 11, 2019 at 5:45 PM Durand fabrice via PacketFence-users > <pac...@li...> wrote: >> Hello Jordan, >> >> the error message is related to ntlm, so it mean that it try to >> authenticate the student account on the AD. >> >> When it fail in freeradius then the radius request doesn't reach the >> packetfence code to test the authentication sources with the rules. >> >> So you need to find a way to authenticate your student with 802.1x and >> is it possible to do 802.1x with G suite ? >> >> Regards >> >> Fabrice >> >> >> Le 19-10-03 à 16 h 23, Jordan Dare via PacketFence-users a écrit : >>> Hi all, >>> >>> I'm having issues getting a wireless profile to use the secondary LDAP >>> source instead of the Active Directory source when authentication >>> fails. >>> >>> What I have is our internal AD server that has all staff accounts, >>> etc. And an stunnel proxy to G-Suite LDAP which contains our student >>> accounts. >>> >>> What I want to happen is if authentication fails for the first Active >>> Directory source, it then tries the stunnel G Suite LDAP, however it >>> seems to hit the AD source, get a "authentication failed", and then >>> stop there. >>> >>> Here's what the "RADIUS" tab on the failed authentication shows: >>> Module-Failure-Message = "chrooted_mschap: Program returned code (1) >>> and output 'The attempted logon is invalid. This is either due to a >>> bad username or authentication information. (0xc000006d)'" >>> Module-Failure-Message = "chrooted_mschap: External script says: The >>> attempted logon is invalid. This is either due to a bad username or >>> authentication information. (0xc000006d)" >>> Module-Failure-Message = "chrooted_mschap: MS-CHAP2-Response is incorrect" >>> User-Password = "******" >>> Module-Failure-Message = "Failed retrieving values required to >>> evaluate condition" >>> >>> Thanks. >>> -- >>> >>> Jordan Dare >>> >>> Information Technology Specialist >>> >>> Morgan Hill Unified School District >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> Pac...@li... >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> _______________________________________________ >> PacketFence-users mailing list >> Pac...@li... >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > |
