Hi,
in our corporation laboratory we use HP Procurve 2610 switches.
I'm using packetfence 2.2.1 on CentOS 5.6.
I have configured switch and packetfence for 802.1x, but users can not
authenticate.
I have seen in supported switches list that 802.1x is not possible for
Procurve 2610.
Is never possible for thiis switch?
Is not possible a workaround also if it is not supported in official
packetfence distribution?
My radius log is
Odd number of elements in hash assignment at /etc/raddb/packetfence.pm line
160 (#1)
(W misc) You specified an odd number of elements to initialize a hash,
which is odd, because hashes come in key/value pairs.
Use of uninitialized value in list assignment at /etc/raddb/packetfence.pm
line
160 (#2)
(W uninitialized) An undefined value was used as if it were already
defined. It was interpreted as a "" or a 0, but maybe it was a mistake.
To suppress this warning assign a defined value to your variables.
To help you figure out what was undefined, perl tells you what operation
you used the undefined value in. Note, however, that perl optimizes
your
program and the operation displayed in the warning may not necessarily
appear literally in your program. For example, "that $foo" is
usually optimized into "that " . $foo, and the warning will refer to
the concatenation (.) operator, even though there is no . in your
program.
And in the core request
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
rlm_perl: PacketFence RESULT VLAN COULD NOT BE DETERMINED
rlm_perl: PacketFence RESULT RESPONSE CODE: 1 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Called-Station-Id = 00-1f-28-f9-16-00
rlm_perl: Added pair State = 0xe07c9a32e17180121aa36f849c76daee
rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1
rlm_perl: Added pair Connect-Info = CONNECT Ethernet 100Mbps Full duplex
rlm_perl: Added pair EAP-Type = MS-CHAP-V2
rlm_perl: Added pair NAS-IP-Address = 192.168.1.243
rlm_perl: Added pair Tunnel-Private-Group-Id = 90
rlm_perl: Added pair NAS-Port-Id = 1
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Calling-Station-Id = 00-16-d3-01-e5-e5
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = EXAMPLE\\bob
rlm_perl: Added pair NAS-Identifier = SW-NAC
rlm_perl: Added pair EAP-Message = 0x020d00061a03
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1480
rlm_perl: Added pair User-Name = EXAMPLE\\bob
rlm_perl: Added pair EAP-Message = 0x030d0004
rlm_perl: Added pair Message-Authenticator =
0x00000000000000000000000000000000
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns fail
In packetfence log I see:
Sep 27 16:53:40 pf::WebAPI(6411) INFO: handling radius autz request: from
switch_ip => 192.168.1.243, connection_type => Ethernet-EAP mac =>
00:16:d3:01:e5:e5, port => 1, username => EXAMPLE\\bob
(pf::radius::authorize)
Sep 27 16:53:40 pf::WebAPI(6411) ERROR: Wired 802.1X is not supported on
switch type pf::SNMP::HP::Procurve_2600. Please let us know what hardware
you are using. (pf::SNMP::supportsWiredDot1x)
Sep 27 16:53:40 pf::WebAPI(6411) WARN: Sending REJECT since switch is
unspported (pf::radius::_switchUnsupportedReply)
Thanks a lot
Raffaele
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
