Hello, We are setting up PacketFence with a Dell N2048 v.6.6.0.13 and all seems to be working fine except the vlan assignment does seem to be occurring. We are using the Dell N1500.pm profile. We are not sure if this is compatible with our N2048. Where can we find info to code a N2048.pm if not compatible?
Here are the packetfence.log, radius.log and switch configuration. We do see that I'm recognized as being part of the Admin group. radius.log Apr 24 14:27:39 pf auth[675]: (1100702) Login OK: [SAPACC\joffrey] (from client 10.10.224.199 port 3 cli 00:1d:72:e2:64:30) Apr 24 14:28:26 pf auth[675]: Need 3 more connections to reach 10 spares Apr 24 14:28:26 pf auth[675]: rlm_sql (sql): Opening additional connection (8488), 1 of 57 pending slots used Apr 24 14:28:27 pf auth[675]: Need 2 more connections to reach 10 spares Apr 24 14:28:27 pf auth[675]: rlm_sql (sql): Opening additional connection (8489), 1 of 56 pending slots used Apr 24 14:28:27 pf auth[675]: rlm_rest (rest): Closing connection (4332): Hit idle_timeout, was idle for 96 seconds Apr 24 14:28:27 pf auth[675]: Need 1 more connections to reach min connections (3) Apr 24 14:28:27 pf auth[675]: rlm_rest (rest): Opening additional connection (4334), 1 of 62 pending slots used Apr 24 14:28:27 pf auth[675]: (1100714) Login OK: [SAPACC\joffrey] (from client 10.10.224.199 port 3 cli 00:1d:72:e2:64:30 via TLS tunnel) Apr 24 14:28:27 pf auth[675]: [mac:00:1d:72:e2:64:30] Accepted user: SAPACC\joffrey and returned VLAN Apr 24 14:28:27 pf auth[675]: (1100715) Login OK: [SAPACC\joffrey] (from client 10.10.224.199 port 3 cli 00:1d:72:e2:64:30) packetfence.Log Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] handling radius autz request: from switch_ip => (10.10.224.199), connection_type => Ethernet-EAP,switch_mac => (e4:f0:04:ff:b2:55), mac => [00:1d:72:e2:64:30], port => 3, username => "SAPACC\joffrey" (pf::radius::authorize) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Found authentication source(s) : 'PeerlessAD' for realm 'sapacc' (pf::config::util::filter_authentication_sources) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) WARN: [mac:00:1d:72:e2:64:30] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Using sources PeerlessAD for matching (pf::authentication::match2) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] LDAP testing connection (pf::LDAP::expire_if) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, returning actions. (pf::Authentication::Source::match_rule) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, returning actions. (pf::Authentication::Source::match) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) WARN: [mac:00:1d:72:e2:64:30] Should perform access control on switch (10.10.224.199) but the switch is not in production -> Returning ACCEPT (pf::radius::authorize) Apr 24 14:27:39 pf pfqueue: pfqueue(12281) INFO: [mac:unknown] Already did a person lookup for SAPACC\joffrey (pf::lookup::person::lookup_person) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] security_event 1300003 force-closed for 00:1d:72:e2:64:30 (pf::security_event::security_event_force_close) Apr 24 14:27:39 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) Apr 24 14:28:24 pf pfdhcp[31455]: t=2020-04-24T14:28:24-0400 lvl=info msg="DHCPDISCOVER from e4:f0:04:ff:b2:56 ()" pid=31455 mac=e4:f0:04:ff:b2:56 Apr 24 14:28:25 pf pfdhcp[31455]: t=2020-04-24T14:28:25-0400 lvl=info msg="DHCPOFFER on 10.10.130.153 to e4:f0:04:ff:b2:56 ()" pid=31455 mac=e4:f0:04:ff:b2:56 Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] handling radius autz request: from switch_ip => (10.10.224.199), connection_type => Ethernet-EAP,switch_mac => (e4:f0:04:ff:b2:55), mac => [00:1d:72:e2:64:30], port => 3, username => "SAPACC\joffrey" (pf::radius::authorize) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Found authentication source(s) : 'PeerlessAD' for realm 'sapacc' (pf::config::util::filter_authentication_sources) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) WARN: [mac:00:1d:72:e2:64:30] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Using sources PeerlessAD for matching (pf::authentication::match2) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] LDAP testing connection (pf::LDAP::expire_if) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, returning actions. (pf::Authentication::Source::match_rule) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, returning actions. (pf::Authentication::Source::match) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) WARN: [mac:00:1d:72:e2:64:30] Should perform access control on switch (10.10.224.199) but the switch is not in production -> Returning ACCEPT (pf::radius::authorize) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] security_event 1300003 force-closed for 00:1d:72:e2:64:30 (pf::security_event::security_event_force_close) Apr 24 14:28:27 pf packetfence_httpd.aaa: httpd.aaa(20806) INFO: [mac:00:1d:72:e2:64:30] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) Apr 24 14:28:27 pf pfqueue: pfqueue(6700) INFO: [mac:unknown] Already did a person lookup for SAPACC\joffrey (pf::lookup::person::lookup_person) Switch config - Dell N2048 v.6.6.0.13 aaa authentication login "defaultList" local authentication enable authentication dynamic-vlan enable dot1x system-auth-control aaa authentication dot1x default radius aaa authorization network default radius aaa server radius dynamic-author interface Gi1/0/3 switchport mode general switchport general allowed vlan add 19,98,164-165 authentication host-mode multi-auth authentication event fail action authorize vlan 164 authentication periodic authentication order dot1x mab exit -- Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie IX Montréal, QC H1Z 4J5 | 514-723-7887
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
