very kind Diego, I understand what you say.
But suppose I want to use local pf users for authentication and the TP-Link controller Omada is compatible with pf. Then a captive portal appears to the user connected via wifi, for whose authentication Omada will contact a server radius (pf). I have a number of questions to ask yourself: For communication with the NAS, does the pf radius use pap or chap? pf's radius is listening on port 1812, right? Always assuming that Omada is compatible with pf, the operating scheme on pf is: - On the managing interface (which is the only interface of pf) I select 'radius' as "additionnal listening daemon ". - does the controller have to be inserted as a switch? if yes, I click on new switch \ default \ and then apart from the "Secret Passphrase "(between ilo radius pf and nas Omada) which must be entered in the tab radius, and the ip address of Omada in the "Controller IP Address" field, what else should I enter in that switch part? - Then always in pf, I create a connection profile with source local. How can I indicate in this connection profile that it refers to the request radius? Thanks always Da: Diego Garcia del Rio <[email protected]> Inviato: lunedì 13 giugno 2022 23:37 A: [email protected] Cc: packetfence-users <[email protected]>; P.Thirunavukkarasu <[email protected]> Oggetto: Re: PacketFence in radius enforcement Hi Leonardo, TPLink is not one of the supported vendors for wifi. Not sure what you're trying to achieve. Would PF just be a radius server for authentication? Im not 100% sure you can use it that way, as you'd still have to configure the "switch" to be a particular model / brand / vendor You can find the supported models here: https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html For example, you won't be able to use it to do any sort of authentication against google in this way. You'd need google's LDAP authentication as well as PAP for the password to be sent in cleartext to the LDAP server. Google's web auth will not work at all as PF is not seeing the password in any part of the exchange. Best regards On Mon, Jun 13, 2022 at 8:14 AM <[email protected] <mailto:[email protected]> > wrote: Hello, I have a Tp-Link Omada wifi controller on which I want to implement a local captive portal but with authentication through an External Radius Server. In practice, the Omada one will be used for the captive portal and PacketFence in radius enforcement will be used for the External Radius Server. ** Omada side ** It first asks me to choose between PAP and CHAP as Authentication Mode, I will choose CHAP for obvious security reasons. Furthermore, you are asked to create a radius profile in which you are asked for the following information: "Enable VLAN Assignment for Wireless Network": yes / no "Authentication Server IP": I guess pf's ip "Authentication Port": Port 1812 is proposed "Authentication Password": "RADIUS Accounting": yes / no ** Pf side ** On the managing interface (which is the only interface of pf) I have selected 'radius' as "additionnal listening daemon". And then? What do I set in Configuration \ System Configuration \ Radius? If I want to use a certain source for the user database how do I set the connection profile to attach it to the listening radius on the management interface? Thank you
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
