Hello Sorry for the output and sorry for the delay replying; we upgraded to V10.1 after a reboot crashed our pf due to package updates.
Our switch is a Dell N2048 v.6.6.0. raddebug fails to run radmin: Failed connecting to /usr/local/pf/var/run/radiusd.log: No such file or directory packetfence.log upon authentication May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] handling radius autz request: from switch_ip => (10.10.224.199), connection_type => Ethernet-EAP,switch_mac => (e4:f0:04:ff:b2:55), mac => [00:1d:72:e2:64:30], port => 3, username => "SAPACC\joffrey" (pf::radius::authorize) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] Found authentication source(s) : 'PeerlessAD' for realm 'sapacc' (pf::config::util::filter_authentication_sources) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] Using sources PeerlessAD for matching (pf::authentication::match2) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] LDAP testing connection (pf::LDAP::expire_if) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, returning actions. (pf::Authentication::Source::match_rule) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, returning actions. (pf::Authentication::Source::match) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) WARN: [mac:00:1d:72:e2:64:30] Should perform access control on switch (10.10.224.199) but the switch is not in production -> Returning ACCEPT (pf::radius::authorize) May 20 13:12:37 pf pfqueue: pfqueue(8791) INFO: [mac:unknown] Already did a person lookup for SAPACC\joffrey (pf::lookup::person::lookup_person) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] security_event 1300003 force-closed for 00:1d:72:e2:64:30 (pf::security_event::security_event_force_close) May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: [mac:00:1d:72:e2:64:30] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) Thank you Joffrey On Thu, 7 May 2020 at 23:04, Durand fabrice via PacketFence-users < [email protected]> wrote: > Hello Joffrey, > > the output is a little bit messy. > > What is the switch ? (Dell ?) > > Can you run raddebug -f /usr/local/pf/var/run/radiusd.log -t 3000 > > Can you post the content of packetfence.log when you authenticate ? > > Regards > > Fabrice > > > > Le 20-05-07 à 12 h 48, Joffrey Bienvenue via PacketFence-users a écrit : > > Hello > > We are able to login through radius but our switch doesn't seem to > configure the vlan on the user port: > Auditing output from packetfence > MAC Address > 00:1d:72:e2:64:30 > Auth Status > Accept > Auth Status > eap > Auto Registration > 1 > Calling Station Identifier > 00:1d:72:e2:64:30 > Computer Name > joffreydebian > EAP Type > MSCHAPv2 > Event Type > Radius-Access-Request > IP Address > Is a Phone > 0 > Node Status > reg > Domain > SAPACC > Profile > 8021x > Realm > sapacc > Reason > Role > N/A > Source > PeerlessAD > Stripped User Name > joffrey > User Name > SAPACC\joffrey > Unique Identifier > Created at > 2020-05-07 12:37:43 > PF VLAN onfig for switch: > > registrationVlan=164 > > isolationVlan=165 > > voiceVlan=93 > > inlineVlan=233 > > mode=testing > > EmployeeVlan=98 > > guestVlan=19 > > always_trigger=1 > > AdminVlan=5 > > > > Our switch config: > > aaa authentication login "defaultList" local > > authentication enable > > authentication dynamic-vlan enable > > dot1x system-auth-control > > aaa authentication dot1x default radius > > aaa authorization network default radius > > aaa server radius dynamic-author > Our port config: > > show running-config interface gigabitethernet 1/0/3 > > > switchport mode general > > switchport general allowed vlan add 5,19,98,164-165 > > authentication event fail action authorize vlan 164 > > authentication order dot1x mab > > authentication priority dot1x mab > > Are we missing anything? > -- > Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie IX > Montréal, QC H1Z 4J5 | 514-723-7887 > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie IX Montréal, QC H1Z 4J5 | 514-723-7887
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
