OK! I have the RADIUS server setup correctly and ntlm_auth returns OK, so I
know that it works. However when I try to use the radius for the captive
portal auth I get an error on the client that says invalid login or password.
However I see that the user is accepted in the radius debug:
rad_recv: Access-Request packet from host 127.0.0.1 port 34053, id=170,
length=66
User-Name = "[email protected]"
User-Password = ********************************************
NAS-IP-Address = 127.0.0.1
server packetfence {
+- entering group authorize {...}
[suffix] Looking up realm "umhb.edu" for User-Name = "[email protected]"
[suffix] Found realm "umhb.edu"
[suffix] Adding Stripped-User-Name = "Jake.Sallee"
[suffix] Adding Realm = "umhb.edu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[preprocess] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
GOT CLONE 1493856848 0x69520f0
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair User-Password =
********************************************
rlm_perl: Added pair Realm = umhb.edu
rlm_perl: Added pair Stripped-User-Name = Jake.Sallee
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Auth-Type = Accept
++[perl] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[exec] returns noop
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair User-Password =
********************************************
rlm_perl: Added pair Realm = umhb.edu
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair Stripped-User-Name = Jake.Sallee
rlm_perl: Added pair Auth-Type = Accept
++[perl] returns ok
} # server packetfence
Sending Access-Accept of id 170 to 127.0.0.1 port 34053
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 170 with timestamp +7
Ready to process requests.
In the message log I get the following:
NAC01 radiusd_pf[11971]: warning: mac address is empty or invalid in this
request. It could be normal on certain radius calls
And in the packetfence.log I get:
May 16 17:15:02 redir.cgi(0) INFO: 10.11.30.12 not resolvable, generating error
page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_cgi_2dbin_redir_2ecgi::handler)
May 16 17:15:02 redir.cgi(0) INFO: could not resolve 10.11.30.12 to mac in ARP
table (pf::iplog::ip2macinarp)
May 16 17:15:02 redir.cgi(0) WARN: could not resolve 10.11.30.12 to mac
(pf::iplog::ip2mac)
BUT the node shows up in the node table with the correct MAC... what could be
causing this?
Also, when trying to auth through the captive portal it seems that the user is
ALWAYS accepted no matter what, I tested this by entering gibberish into the
username and password fields and I still got an access accept from the radius
server. I am pretty sure this is not supposed to happen.
Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
