Marc,
I disabled iptables and I still don't get a connection from my switch. I have
my switches configured in clients.conf and since radius works locally I dont
know what else to confirm.
client localhost {
ipaddr = 127.0.0.1
secret = testing123
require_message_authenticator = no
nastype = other # localhost isn't usually a NAS...
}
client Cisco3750x {
secret = cisco
ipaddr = 10.85.10.1
}
client RAMS.MC.SW01 {
secret = cisco
ipaddr = 172.20.85.1
}
client 172.20.95.1 {
secret = cisco
ipaddr = 172.20.95.1
nastype = cisco
}
client 10.95.0.0/16 {
secret = cisco
shortname = GVMS
}
Thanks,
Ben
_______________________
There is no place like 127.0.0.1
http://lmgtfy.com/?q=Anderson+School+District+Five
-----Original Message-----
From: Marc-André Jutras [mailto:[email protected]]
Sent: Tuesday, May 03, 2011 1:11 PM
To: [email protected]
Subject: Re: [Packetfence-users] Radius Problems
Hi again ! :)
1- to test your radius setup, de-activate your iptables ( iptables -F ) and try
to authenticate... if this is not working, validate your radius config...
2- if your radius server is working, reload iptables and try to activate some
log foryour traffic... ( example :
http://www.techbytes.ca/techbyte136.html )
3- radiusd[3363]: segfault at 0000000000000000 rip 00002b4adba035db rsp
00007ffffa992bb0 error 4
no issue there : this is what's happening every time you restart PF... ( PF
will kill -9 radiusd at every restart ... )
M-A
Le 11-05-03 12:49, Willis, Ben a écrit :
>
> Me again...
>
> I have PF working now with port security but my switches refuse to
> work (Cisco 3750 (V2 and X's) with any 802.1x mac auth configurations.
> The switch states:
>
> %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for
> client (Unknown MAC) on Interface Fa1/0/46
>
> %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on
> Interface Fa1/0/46
>
> %AUTHMGR-5-START: Starting 'mab' for client (0025.6444.6aaa) on
> Interface Fa1/0/46
>
> It seems like radius is not answering but radius does work for the
> registration portal. I have verified iptables:
>
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 1812 -d 10.10.80.203 -i
> eth0.10 -j ACCEPT
>
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 1813 -d 10.10.80.203 -i
> eth0.10 -j ACCEPT
>
> This is the radius server config on my switches (straight out of the
> guides):
>
> aaa new-model
>
> aaa group server radius packtfence
>
> server 10.10.80.203 auth-port 1812 acct-port 1813
>
> aaa authentication login default local
>
> aaa authentication dot1x default group packetfence
>
> aaa authorization network default group packetfence
>
> radius-server host 10.10.80.203 auth-port 1812 acct-port 1813 timeout
> 2 key ######
>
> radius-server vsa send authentication
>
> I did notice this error while monitoring /var/log/messages:
>
> A5DO-NAC kernel: radiusd[3363]: segfault at 0000000000000000 rip
> 00002b4adba035db rsp 00007ffffa992bb0 error 4
>
> Hoping that someone can point me in the right direction......
>
> Thanks for the help so far,
>
> Ben in SC
>
> *//*
>
>
> ----------------------------------------------------------------------
> -- ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain
> business related information that is PERSONAL AND CONFIDENTIAL. If you
> have received this email in error, this does not constitute permission
> to examine, copy or distribute the accompanying material.
> If you receive this message in error, please notify the sender
> immediately or call 864-260-5000.
>
>
> ----------------------------------------------------------------------
> -------- WhatsUp Gold - Download Free Network Management Software The
> most intuitive, comprehensive, and cost-effective network management
> toolset available today. Delivers lowest initial acquisition cost and
> overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
>
>
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Marc-Andre Jutras, Project manager - Inverse inc.
[email protected] :: +1.514.447.4918 (x110) :: http://www.inverse.ca Leaders
behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related
information that is
PERSONAL AND CONFIDENTIAL. If you have received this email in error, this does
not
constitute permission to examine, copy or distribute the accompanying material.
If you receive this message in error, please notify the sender immediately or
call 864-260-5000.
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
