Ben,
your radiusd.conf file seems to be ok...
- Any access-list on your switch who can block these requests ?
- try to re-enter your radius password in your switch... make sure this
one is matching your radiusd.conf...
- what's the ip address of your switch ? IOS version ? send me your
swich config, I'll validate it...
M-A
Le 11-05-03 13:38, Willis, Ben a écrit :
> Marc,
>
> I disabled iptables and I still don't get a connection from my switch. I have
> my switches configured in clients.conf and since radius works locally I dont
> know what else to confirm.
>
>
>
> client localhost {
> ipaddr = 127.0.0.1
> secret = testing123
> require_message_authenticator = no
> nastype = other # localhost isn't usually a NAS...
> }
>
> client Cisco3750x {
> secret = cisco
> ipaddr = 10.85.10.1
> }
>
> client RAMS.MC.SW01 {
> secret = cisco
> ipaddr = 172.20.85.1
> }
>
> client 172.20.95.1 {
> secret = cisco
> ipaddr = 172.20.95.1
> nastype = cisco
> }
>
> client 10.95.0.0/16 {
> secret = cisco
> shortname = GVMS
> }
>
>
>
> Thanks,
> Ben
> _______________________
> There is no place like 127.0.0.1
>
> http://lmgtfy.com/?q=Anderson+School+District+Five
>
>
> -----Original Message-----
> From: Marc-André Jutras [mailto:[email protected]]
> Sent: Tuesday, May 03, 2011 1:11 PM
> To: [email protected]
> Subject: Re: [Packetfence-users] Radius Problems
>
> Hi again ! :)
>
> 1- to test your radius setup, de-activate your iptables ( iptables -F ) and
> try to authenticate... if this is not working, validate your radius config...
>
> 2- if your radius server is working, reload iptables and try to activate some
> log foryour traffic... ( example :
> http://www.techbytes.ca/techbyte136.html )
>
> 3- radiusd[3363]: segfault at 0000000000000000 rip 00002b4adba035db rsp
> 00007ffffa992bb0 error 4
> no issue there : this is what's happening every time you restart PF... ( PF
> will kill -9 radiusd at every restart ... )
>
> M-A
> Le 11-05-03 12:49, Willis, Ben a écrit :
>> Me again...
>>
>> I have PF working now with port security but my switches refuse to
>> work (Cisco 3750 (V2 and X's) with any 802.1x mac auth configurations.
>> The switch states:
>>
>> %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for
>> client (Unknown MAC) on Interface Fa1/0/46
>>
>> %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on
>> Interface Fa1/0/46
>>
>> %AUTHMGR-5-START: Starting 'mab' for client (0025.6444.6aaa) on
>> Interface Fa1/0/46
>>
>> It seems like radius is not answering but radius does work for the
>> registration portal. I have verified iptables:
>>
>> -A RH-Firewall-1-INPUT -p udp -m udp --dport 1812 -d 10.10.80.203 -i
>> eth0.10 -j ACCEPT
>>
>> -A RH-Firewall-1-INPUT -p udp -m udp --dport 1813 -d 10.10.80.203 -i
>> eth0.10 -j ACCEPT
>>
>> This is the radius server config on my switches (straight out of the
>> guides):
>>
>> aaa new-model
>>
>> aaa group server radius packtfence
>>
>> server 10.10.80.203 auth-port 1812 acct-port 1813
>>
>> aaa authentication login default local
>>
>> aaa authentication dot1x default group packetfence
>>
>> aaa authorization network default group packetfence
>>
>> radius-server host 10.10.80.203 auth-port 1812 acct-port 1813 timeout
>> 2 key ######
>>
>> radius-server vsa send authentication
>>
>> I did notice this error while monitoring /var/log/messages:
>>
>> A5DO-NAC kernel: radiusd[3363]: segfault at 0000000000000000 rip
>> 00002b4adba035db rsp 00007ffffa992bb0 error 4
>>
>> Hoping that someone can point me in the right direction......
>>
>> Thanks for the help so far,
>>
>> Ben in SC
>>
>> *//*
>>
>>
>> ----------------------------------------------------------------------
>> -- ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain
>> business related information that is PERSONAL AND CONFIDENTIAL. If you
>> have received this email in error, this does not constitute permission
>> to examine, copy or distribute the accompanying material.
>> If you receive this message in error, please notify the sender
>> immediately or call 864-260-5000.
>>
>>
>> ----------------------------------------------------------------------
>> -------- WhatsUp Gold - Download Free Network Management Software The
>> most intuitive, comprehensive, and cost-effective network management
>> toolset available today. Delivers lowest initial acquisition cost and
>> overall TCO of any competing solution.
>> http://p.sf.net/sfu/whatsupgold-sd
>>
>>
>> _______________________________________________
>> Packetfence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
> Marc-Andre Jutras, Project manager - Inverse inc.
> [email protected] :: +1.514.447.4918 (x110) :: http://www.inverse.ca Leaders
> behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
>
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related
> information that is
> PERSONAL AND CONFIDENTIAL. If you have received this email in error, this
> does not
> constitute permission to examine, copy or distribute the accompanying
> material.
> If you receive this message in error, please notify the sender immediately or
> call 864-260-5000.
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Marc-Andre Jutras, Project manager - Inverse inc.
[email protected] :: +1.514.447.4918 (x110) :: http://www.inverse.ca
Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
