Hello Reese, You have to have the controller IP in PF.
The error here says rejected in Post auth meaning that the Cert based authentication worked, it’s PacketFence now that does not match any rule to assign a role and access duration. Create an EAP TLS source and add it to the profile that connection matches. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Feb 13, 2024, at 7:20 PM, Herber, Reese via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > I recently switched our test environment from a windows based NPS to > Packetfence (with Packetfence PKI) however I am currently running into an > issue when attempting to include the two Aruba Mobility Controllers (we run > HA with dual controllers). We have one Aruba AP setup for radius and yet I > somehow get different results between my Mac and Windows clients when > attempting to connect, the Mac devices work fine but the radius.log shows > them connecting from one of the controllers, whereas the windows devices fail > to connect by saying that the switch is not managed: > > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: Adding client 10.81.0.9/32 > <https://urldefense.com/v3/__http://10.81.0.9/32__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1m8MHdsXQ$> > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) rest: ERROR: Server returned: > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) rest: ERROR: > {"Reply-Message":"Switch is not managed by > PacketFence","control:PacketFence-Authorization-Status":"allow","control:PacketFence-Request-Time":1707869148} > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) Rejected in post-auth: > [host/WindowsTestCert] (from client 10.81.0.9/32 > <https://urldefense.com/v3/__http://10.81.0.9/32__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1m8MHdsXQ$> > port 0 cli c8:34:8e:3d:f2:fd) > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) Login incorrect (rest: Server > returned:): [host/WindowsTestCert] (from client 10.81.0.9/32 > <https://urldefense.com/v3/__http://10.81.0.9/32__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1m8MHdsXQ$> > port 0 cli c8:34:8e:3d:f2:fd) > > When troubleshooting this I deleted the 2 controller addresses from my > packetfence setup and now I get an error that my identifier is already in use > when trying to re-add it (this behavior continues after I reboot packetfence > via the CLI) > > Hopefully someone with experience with Aruba devices can chime in here as the > documentation is a few Aruba OS's behind. > Thanks, > > Reese Herber > Systems Integration Analyst > Department of Learning and Innovation > > Phone: 253-530-3715 > > "The fusion of technology and education is the canvas on which we paint the > masterpiece of our collective future, one pixel at a time." > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1mym2L5jQ$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
