> Well... I will keep my opinion for myself on this one ;)
I completely agree with your unspoken opinion.
> Are you using a VIP in your setup?
By VIP I assume you mean Virtual IP. If so then, no, we are not
using a virtual IP.
> So bottom line, make sure the UDP go out on the same IP than it goes IN.
The requests are coming in from a Xirrus AP ALWAYS on 10.11.30.3.
I don't know if it matters but the perl module is returning NOOP and the EAP
module is returning HANDLED but no ACCESS-ACCEPT or ACCESS-REJECT messages are
in the logs ... it is like the server is never assigning an auth-type.
Shouldn't it be the perl module (which is the packetfence integration) be
responding with an access-accept?
Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Francois Gaudreault [mailto:[email protected]]
Sent: Friday, May 06, 2011 1:46 PM
To: [email protected]
Subject: Re: [Packetfence-users] FreeRADIUS client authentication problem
Jake,
I can authenticate via radtest with a domain user but when I
try that same user on a wireless client I don't get authenticated, what is
strange is that I don't get an access-reject message either, it like the FR
server doesn't do ANYTHING with the request. I have included the radius -X log
from both radtest and a client. I have been looking at the FR configs and
everything looks correct to me (but I am no FR expert).
Are you using a VIP in your setup? By default, we use the listen = * in the
radiusd.conf. You MAY need to change that to the proper IP. Devices are
really picky for RADIUS, if they receive a reponse from another IP than the one
configured in the device, it won't work. So bottomline, make sure the UDP go
out on the same IP than it goes IN.
Also, the packetfence-freeradius2 RPM does a good job of changing the FR
config, BUT the files it replaces are skeletonized with all the comments and
info in the config files removed.
Yes, but we always make a backup of the files. Look for *.pfsave files.
Lastly, the Head developer for the FR project is EXTREMELY picky about how you
edit the default config files. He has gone on record several times about how
he will not give much support to anyone who butchers his config files "because
[they] apparently know a lot more than [him]".
Well... I will keep my opinion for myself on this one ;)
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
