On 16/02/12 12:50 PM, Dan Nelson wrote:
> I am testing my new radius setup on 3.1.0 using the radtest and it is
> returning
>
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=108,
> length=20
>
> everytime no matter what password I use.
>
First, there is no EAP in the output you sent us. So I assume you are
not doing 802.1X but MAC-Auth.
We always accept a user on MAC-Authentication. What differs between a
valid user and an invalid one is the VLAN we place the user into.
In MAC-Auth User-Name / Password carried by RADIUS is the MAC address of
the client.
And finally, you are not running our perl module
(/etc/raddb/packetfence.pm) that's why nothing is happening. Review your
RADIUS configuration with the Admin Guide's freeradius2 appendix in hand
or, and that might be easier, reinstall the packetfence-freeradius package.
> I have successfully joined the domain and the ntlm_auth command does
> work properly. If I enter a wrong password in this test it will say bad
> password.
>
> Can someone point me to where my problem might be.
>
>
On 16/02/12 12:55 PM, Dan Nelson wrote:
> Here is the output when running radiusd –X
>
>
>
>
>
> Ready to process requests.
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 45347, id=191,
> length=74
>
> User-Name = "test"
>
> User-Password = "wrongpassword"
>
> NAS-IP-Address = 127.0.0.1
>
> NAS-Port = 12
>
> Message-Authenticator = 0x2c94884db17199cf881faa3615cf1e18
>
> server packetfence {
>
> # Executing section authorize from file /etc/raddb/sites-enabled/packetfence
>
> +- entering group authorize {...}
>
> [suffix] No '@' in User-Name = "test", looking up realm NULL
>
> [suffix] No such realm "NULL"
>
> ++[suffix] returns noop
>
> ++[preprocess] returns ok
>
> [eap] No EAP-Message, not doing EAP
>
> ++[eap] returns noop
>
> [files] users: Matched entry DEFAULT at line 1
>
> ++[files] returns ok
>
> ++[expiration] returns noop
>
> ++[logintime] returns noop
>
> rlm_perl: Added pair User-Name = test
>
> rlm_perl: Added pair User-Password = wrongpassword
>
> rlm_perl: Added pair NAS-Port = 12
>
> rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
>
> rlm_perl: Added pair Message-Authenticator =
> 0x2c94884db17199cf881faa3615cf1e18
>
> rlm_perl: Added pair Auth-Type = Accept
>
> ++[packetfence] returns noop
>
> Found Auth-Type = Accept
>
> Auth-Type = Accept, accepting the user
>
> # Executing section post-auth from file /etc/raddb/sites-enabled/packetfence
>
> +- entering group post-auth {...}
>
> ++[exec] returns noop
>
> rlm_perl: Added pair User-Name = test
>
> rlm_perl: Added pair User-Password = wrongpassword
>
> rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
>
> rlm_perl: Added pair NAS-Port = 12
>
> rlm_perl: Added pair Message-Authenticator =
> 0x2c94884db17199cf881faa3615cf1e18
>
> rlm_perl: Added pair Auth-Type = Accept
>
> ++[packetfence] returns ok
>
> } # server packetfence
>
> Sending Access-Accept of id 191 to 127.0.0.1 port 45347
>
> Finished request 1.
>
> Going to the next request
>
> Waking up in 4.9 seconds.
>
> Cleaning up request 1 ID 191 with timestamp +450
>
> Ready to process requests.
--
Olivier Bilodeau
[email protected] :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
