Andi,
Do you have the packetfence-freeradius2 package installed? Did you
change the db credentials in /etc/raddb/sql.conf?
On 11-12-09 8:42 AM, Morris, Andi wrote:
I have configured a Cisco 3550 to connect via dot1x to the packetfence
server as per the network config guide, which all seemed to go well.
However I'm not getting an IP address on a client plugged into the switch.
When running radius --X on the packetfence server I see the following:
/Ignoring request to authentication address * port 1812 as server
packetfence from unknown client 192.168.41.53 port 1645/
/Ready to process requests./
//
This IP address is the only switch I have defined in my switches.conf
so I've no idea why radius would say it is an unknown client and
ignore the request.
Relevant parts of the switch config are:
/aaa new-model/
/!/
/!/
/aaa group server radius packetfence/
/server 192.168.52.1 auth-port 1812 acct-port 1813/
/!/
/aaa authentication login default local/
/aaa authentication login MyVTY line/
/aaa authentication login myCon none/
/aaa authentication dot1x default group packetfence/
aaa session-id common
ip subnet-zero
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 4
switchport mode access
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 7200
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
snmp-server community ******** RW
snmp-server community ****** RO
snmp-server location **********
snmp-server contact *******************
*snmp-server host 192.168.1.10 public-uwic config vlan-membership snmp*
radius-server host 192.168.52.1 auth-port 1812 acct-port 1813 timeout
2 key 7 044F0E151B284249584B56
radius-server vsa send authentication
The line I have put in bold above I think may be significant
possibly. The IP address specified isn't the IP address of the
packetfence server, it is a different server that we have here that
monitors switches via snmp.
Switches.conf is:
/#/
/# Copyright 2006-2008 Inverse inc./
/#/
/# See the enclosed file COPYING for license information (GPL)./
/# If you did not receive this file, see/
/# http://www.fsf.org/licensing/licenses/gpl.html/
/[default]/
/vlans=4,301,308,309/
/normalVlan=301/
/registrationVlan=308/
/isolationVlan=309/
/macDetectionVlan=4/
/guestVlan=/
/customVlan1=/
/customVlan2=/
/customVlan3=/
/customVlan4=/
/customVlan5=/
/VoIPEnabled=no/
/voiceVlan=/
/mode=testing/
/macSearchesMaxNb=30/
/macSearchesSleepInterval=2/
/uplink=dynamic/
/#/
/# Command Line Interface/
/#/
/# cliTransport could be: Telnet, SSH or Serial/
/cliTransport=Telnet/
/cliUser=/
/cliPwd=/
/cliEnablePwd=/
/#/
/# SNMP section/
/#/
/# PacketFence -> Switch/
/SNMPVersion=2c/
/SNMPCommunityRead=*****/
/SNMPCommunityWrite=***********/
/#SNMPEngineID = 0000000000000/
/#SNMPUserNameRead = readUser/
/#SNMPAuthProtocolRead = MD5/
/#SNMPAuthPasswordRead = authpwdread/
/#SNMPPrivProtocolRead = DES/
/#SNMPPrivPasswordRead = privpwdread/
/#SNMPUserNameWrite = writeUser/
/#SNMPAuthProtocolWrite = MD5/
/#SNMPAuthPasswordWrite = authpwdwrite/
/#SNMPPrivProtocolWrite = DES/
/#SNMPPrivPasswordWrite = privpwdwrite/
/# Switch -> PacketFence/
/SNMPVersionTrap=2c/
/SNMPCommunityTrap=allegro/
/#SNMPAuthProtocolTrap = MD5/
/#SNMPAuthPasswordTrap = authpwdread/
/#SNMPPrivProtocolTrap = DES/
/#SNMPPrivPasswordTrap = privpwdread/
/#/
/# Web Services Interface/
/#/
/# wsTransport could be: http or https/
/wsTransport=http/
/wsUser=/
/wsPwd=/
/#/
/# RADIUS NAS Client config/
/#/
/# RADIUS shared secret with switch/
/radiusSecret=testing123/
/type=/
/controllerIp=192.168.52.1/
/SNMPUserNameTrap=/
/SNMPAuthProtocolTrap=/
/SNMPAuthPasswordTrap=/
/SNMPPrivProtocolTrap=/
/SNMPPrivPasswordTrap=/
/SNMPEngineID=/
/SNMPUserNameRead=/
/SNMPAuthProtocolRead=/
/SNMPAuthPasswordRead=/
/SNMPPrivProtocolRead=/
/SNMPPrivPasswordRead=/
/SNMPUserNameWrite=/
/SNMPAuthProtocolWrite=/
/SNMPAuthPasswordWrite=/
/SNMPPrivProtocolWrite=/
/SNMPPrivPasswordWrite=/
//
/[127.0.0.1]/
/type=PacketFence/
/mode=production/
/uplink=dynamic/
//
/[192.168.41.53]/
/type=Cisco::Catalyst_3550/
/radiusSecret=testing123/
/controllerIp=192.168.52.1/
/SNMPVersion=2c/
/#SNMPVersion = 3/
/#SNMPEngineID = 0000000000000/
/#SNMPUserNameRead = readUser/
/#SNMPAuthProtocolRead = MD5/
/#SNMPAuthPasswordRead = authpwdread/
/#SNMPPrivProtocolRead = DES/
/#SNMPPrivPasswordRead = privpwdread/
/#SNMPUserNameWrite = writeUser/
/#SNMPAuthProtocolWrite = MD5/
/#SNMPAuthPasswordWrite = authpwdwrite/
/#SNMPPrivProtocolWrite = DES/
/#SNMPPrivPasswordWrite = privpwdwrite/
/#SNMPVersionTrap = 3/
/#SNMPUserNameTrap = readUser/
/#SNMPAuthProtocolTrap = MD5/
/#SNMPAuthPasswordTrap = authpwdread/
/#SNMPPrivProtocolTrap = DES/
/#SNMPPrivPasswordTrap = privpwdread/
Can anyone help as to why the radius requests are reaching the PF
server, but being ignored?
---------------------------------------------------------------
Andi Morris
Technical Security Analyst
Systems and Communications Services
Information Services Division
UWIC
Cardiff
Wales
CF5 2YB
02920 205720
--------------------------------------------------------------
------------------------------------------------------------------------
>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
University. From the 6th December, as part of this change, all email
addresses which included @uwic.ac.uk have changed to
@cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan
University will now be sent from the new @cardiffmet.ac.uk address.
*Please could you ensure that all of your contact records and
databases are updated to reflect this change.* Further information can
be found on the website here.
<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
