Hi again ! :) 1- to test your radius setup, de-activate your iptables ( iptables -F ) and try to authenticate... if this is not working, validate your radius config...
2- if your radius server is working, reload iptables and try to activate some log foryour traffic... ( example : http://www.techbytes.ca/techbyte136.html ) 3- radiusd[3363]: segfault at 0000000000000000 rip 00002b4adba035db rsp 00007ffffa992bb0 error 4 no issue there : this is what's happening every time you restart PF... ( PF will kill -9 radiusd at every restart ... ) M-A Le 11-05-03 12:49, Willis, Ben a écrit : > > Me again... > > I have PF working now with port security but my switches refuse to > work (Cisco 3750 (V2 and X's) with any 802.1x mac auth configurations. > The switch states: > > %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for > client (Unknown MAC) on Interface Fa1/0/46 > > %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on > Interface Fa1/0/46 > > %AUTHMGR-5-START: Starting 'mab' for client (0025.6444.6aaa) on > Interface Fa1/0/46 > > It seems like radius is not answering but radius does work for the > registration portal. I have verified iptables: > > -A RH-Firewall-1-INPUT -p udp -m udp --dport 1812 -d 10.10.80.203 -i > eth0.10 -j ACCEPT > > -A RH-Firewall-1-INPUT -p udp -m udp --dport 1813 -d 10.10.80.203 -i > eth0.10 -j ACCEPT > > This is the radius server config on my switches (straight out of the > guides): > > aaa new-model > > aaa group server radius packtfence > > server 10.10.80.203 auth-port 1812 acct-port 1813 > > aaa authentication login default local > > aaa authentication dot1x default group packetfence > > aaa authorization network default group packetfence > > radius-server host 10.10.80.203 auth-port 1812 acct-port 1813 timeout > 2 key ###### > > radius-server vsa send authentication > > I did notice this error while monitoring /var/log/messages: > > A5DO-NAC kernel: radiusd[3363]: segfault at 0000000000000000 rip > 00002b4adba035db rsp 00007ffffa992bb0 error 4 > > Hoping that someone can point me in the right direction...... > > Thanks for the help so far, > > Ben in SC > > *//* > > > ------------------------------------------------------------------------ > ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business > related information that is > PERSONAL AND CONFIDENTIAL. If you have received this email in error, > this does not > constitute permission to examine, copy or distribute the accompanying > material. > If you receive this message in error, please notify the sender > immediately or call 864-260-5000. > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Marc-Andre Jutras, Project manager - Inverse inc. [email protected] :: +1.514.447.4918 (x110) :: http://www.inverse.ca Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
