Well thank you! That was a simple fix! Got assigned proper vlan and ip!
On Wed, 20 May 2020 at 21:26, Durand fabrice via PacketFence-users < [email protected]> wrote: > Hello Joffrey, > > first i think you need to upgrade the switch firmware to the latest > version (they fix stuff about mab/802.1x). > > > https://www.dell.com/support/home/en-ca/product-support/product/networking-n1500-series/drivers > > Next you will need to patch packetfence to have the latest dev on the Dell > switches module, to do that, go in /usr/local/pf/ then do: > > curl > https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/4968.diff > | patch -p1 --dry-run > > if no errrors: > > curl > https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/4968.diff > | patch -p1 > > then restart packetfence. > > Also it looks that you didn't set the switch in production mode, fix that > in the switch config (pf side). > > Let me know if it helps. > > Regards > > Fabrice > > > Le 20-05-20 à 13 h 23, Joffrey Bienvenue via PacketFence-users a écrit : > > sorry - Dell version is 6.6.0.13 > > On Wed, 20 May 2020 at 13:23, Joffrey Bienvenue < > [email protected]> wrote: > >> Hello >> >> Sorry for the output and sorry for the delay replying; we upgraded to >> V10.1 after a reboot crashed our pf due to package updates. >> >> Our switch is a Dell N2048 v.6.6.0. >> >> raddebug fails to run >> >> radmin: Failed connecting to /usr/local/pf/var/run/radiusd.log: No such >> file or directory >> >> >> packetfence.log upon authentication >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] handling radius autz request: from switch_ip => >> (10.10.224.199), connection_type => Ethernet-EAP,switch_mac => >> (e4:f0:04:ff:b2:55), mac => [00:1d:72:e2:64:30], port => 3, username => >> "SAPACC\joffrey" (pf::radius::authorize) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] Instantiate profile 8021x >> (pf::Connection::ProfileFactory::_from_profile) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] Found authentication source(s) : 'PeerlessAD' for >> realm 'sapacc' (pf::config::util::filter_authentication_sources) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] Using sources PeerlessAD for matching >> (pf::authentication::match2) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] LDAP testing connection (pf::LDAP::expire_if) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, >> returning actions. (pf::Authentication::Source::match_rule) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, >> returning actions. (pf::Authentication::Source::match) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) WARN: >> [mac:00:1d:72:e2:64:30] Should perform access control on switch >> (10.10.224.199) but the switch is not in production -> Returning ACCEPT >> (pf::radius::authorize) >> >> May 20 13:12:37 pf pfqueue: pfqueue(8791) INFO: [mac:unknown] Already did >> a person lookup for SAPACC\joffrey (pf::lookup::person::lookup_person) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] security_event 1300003 force-closed for >> 00:1d:72:e2:64:30 (pf::security_event::security_event_force_close) >> >> May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: >> [mac:00:1d:72:e2:64:30] Instantiate profile 8021x >> (pf::Connection::ProfileFactory::_from_profile) >> >> >> >> Thank you >> >> Joffrey >> >> On Thu, 7 May 2020 at 23:04, Durand fabrice via PacketFence-users < >> [email protected]> wrote: >> >>> Hello Joffrey, >>> >>> the output is a little bit messy. >>> >>> What is the switch ? (Dell ?) >>> >>> Can you run raddebug -f /usr/local/pf/var/run/radiusd.log -t 3000 >>> >>> Can you post the content of packetfence.log when you authenticate ? >>> >>> Regards >>> >>> Fabrice >>> >>> >>> >>> Le 20-05-07 à 12 h 48, Joffrey Bienvenue via PacketFence-users a écrit : >>> >>> Hello >>> >>> We are able to login through radius but our switch doesn't seem to >>> configure the vlan on the user port: >>> Auditing output from packetfence >>> MAC Address >>> 00:1d:72:e2:64:30 >>> Auth Status >>> Accept >>> Auth Status >>> eap >>> Auto Registration >>> 1 >>> Calling Station Identifier >>> 00:1d:72:e2:64:30 >>> Computer Name >>> joffreydebian >>> EAP Type >>> MSCHAPv2 >>> Event Type >>> Radius-Access-Request >>> IP Address >>> Is a Phone >>> 0 >>> Node Status >>> reg >>> Domain >>> SAPACC >>> Profile >>> 8021x >>> Realm >>> sapacc >>> Reason >>> Role >>> N/A >>> Source >>> PeerlessAD >>> Stripped User Name >>> joffrey >>> User Name >>> SAPACC\joffrey >>> Unique Identifier >>> Created at >>> 2020-05-07 12:37:43 >>> PF VLAN onfig for switch: >>> >>> registrationVlan=164 >>> >>> isolationVlan=165 >>> >>> voiceVlan=93 >>> >>> inlineVlan=233 >>> >>> mode=testing >>> >>> EmployeeVlan=98 >>> >>> guestVlan=19 >>> >>> always_trigger=1 >>> >>> AdminVlan=5 >>> >>> >>> >>> Our switch config: >>> >>> aaa authentication login "defaultList" local >>> >>> authentication enable >>> >>> authentication dynamic-vlan enable >>> >>> dot1x system-auth-control >>> >>> aaa authentication dot1x default radius >>> >>> aaa authorization network default radius >>> >>> aaa server radius dynamic-author >>> Our port config: >>> >>> show running-config interface gigabitethernet 1/0/3 >>> >>> >>> switchport mode general >>> >>> switchport general allowed vlan add 5,19,98,164-165 >>> >>> authentication event fail action authorize vlan 164 >>> >>> authentication order dot1x mab >>> >>> authentication priority dot1x mab >>> >>> Are we missing anything? >>> -- >>> Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie >>> IX Montréal, QC H1Z 4J5 | 514-723-7887 >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> -- >> Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie >> IX Montréal, QC H1Z 4J5 | 514-723-7887 >> > > > -- > Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie IX > Montréal, QC H1Z 4J5 | 514-723-7887 > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie IX Montréal, QC H1Z 4J5 | 514-723-7887
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
