For future reference, as François told, here's the BTS bug link.
http://www.packetfence.org/bugs/view.php?id=1491
François also commit the fix into our devel branch so the issue should
be fixed in the next release :)
https://github.com/inverse-inc/packetfence/commit/ab90630e67c4046a6f4ae02982b279f261bab7c1
On 7/19/12 09:37 , Francois Gaudreault wrote:
Hi,
Yes, this is a known "issue". If you set a global radiusSecret, we also
put that secret for the 127.0.0.1 switch. There is a default 127.0.0.1
client in /etc/raddb/clients.conf, so RADIUS bail out with a duplicate
client entry. radiusd -X should have provided the hint.
I will make sure we open a bug in our BTS to track this, and resolve it.
Thanks!
On 12-07-19 9:15 AM, Curtis Clemons wrote:
Got it fixed. For some reason there was an issue if the 127.0.0.1 client
as left in the clients.conf for freeradius. I commented it out and
everything is working correctly now.
Curtis Clemons
Network Systems Supervisor
Guilford Technical Community College
Email: [email protected]<mailto:[email protected]>
Phone: 3363344822 ext 50100
PGP key ID-1308FF29
*From:*Derek Wuelfrath [mailto:[email protected]]
*Sent:* Wednesday, July 18, 2012 9:02 AM
*To:* [email protected]
*Subject:* Re: [PacketFence-users] Issue in Packetfence 3.4.1
Hi Curtis,
First of all, you shouldn't remove the "default" switch (127.0.0.1).
That being said, can you send us your switches.conf file. Is the
10.10.10.10 switch configured in it?
Thanks
On 7/17/12 16:12 , Curtis Clemons wrote:
Hello all,
I am having a small problem when installing pf 3.4.1. What is happening
is if I leave the default switch entry of 127.0.0.1 then I have a
problem with radius authentication. The error I get is below:
Tue Jul 17 15:57:16 2012 : Error: Ignoring request to authentication
address * port 1812 as server packetfence from unknown client
10.10.10.10 port 41323
Tue Jul 17 15:57:21 2012 : Error: Ignoring request to authentication
address * port 1812 as server packetfence from unknown client
10.10.10.10 port 41323
Tue Jul 17 15:57:26 2012 : Error: Ignoring request to authentication
address * port 1812 as server packetfence from unknown client
10.10.10.10 port 41323
If I remove the switch entry then radius authentication works fine, as
detailed in a post I had found. However If I try to register or
unregister a node manually from with the web admin interface the
commands are not sent to the switch and I have to manually either shut
the port down, reboot the device, or unplug the network cable from the
device to get the vlan to change. The error from the packetfence log is
below:
Jul 17 15:58:03 pfcmd(19118) ERROR: ERROR ! Unknown switch 127.0.0.1
(pf::SwitchFactory::instantiate)
Jul 17 15:58:03 pfcmd(19118) ERROR: Can't instantiate switch 127.0.0.1!
Check your configuration! (pf::enforcement::_vlan_reevaluation)
If I add 127.0.01 back as a network switch as a packetfence device,
making changes are again pushed down to the switch via SNMP however
radius stops working again if packetfence is restarted. Has anyone ran
into this issue and know what’s going on? I didn’t have this issue in
3.3. I did an upgrade but also have done a fresh install and the same
problem persists.
Thanks for any help.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats.http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Derek Wuelfrath
[email protected]<mailto:[email protected]> :: +1.514.447.4918
x110 :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>)
and PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Derek Wuelfrath
[email protected] <mailto:[email protected]> :: +1.514.447.4918
x110 :: www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>)
and PacketFence (www.packetfence.org <http://www.packetfence.org>)
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
