I configured 802.1x authentication on the switch
I started the Radius with command "radiusd-X-d / usr / local / pf / raddb"
then it displays "Ready to process requests" so I connected a PC to the switch,
the following message appears , I wonder if the authentication was successful :
rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
length=209
User-Name = "643150113ef9"
User-Password = "643150113ef9"
Service-Type = Call-Check
Framed-MTU = 1500
Called-Station-Id = "58-35-D9-E4-E4-03"
Calling-Station-Id = "64-31-50-11-3E-F9"
Message-Authenticator = 0x6b539c3105fef57533218025522e60c6
Cisco-AVPair = "audit-session-id=C0A8010200000006003E4BE4"
NAS-Port-Type = Ethernet
NAS-Port = 50103
NAS-Port-Id = "GigabitEthernet1/0/3"
NAS-IP-Address = 192.168.1.2
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "643150113ef9", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Calling-Station-Id = 64-31-50-11-3E-F9
rlm_perl: Added pair Called-Station-Id = 58-35-D9-E4-E4-03
rlm_perl: Added pair Message-Authenticator = 0x6b539c3105fef57533218025522e60c6
rlm_perl: Added pair Cisco-AVPair = audit-session-id=C0A8010200000006003E4BE4
rlm_perl: Added pair User-Name = 643150113ef9
rlm_perl: Added pair User-Password = 643150113ef9
rlm_perl: Added pair NAS-IP-Address = 192.168.1.2
rlm_perl: Added pair NAS-Port = 50103
rlm_perl: Added pair NAS-Port-Id = GigabitEthernet1/0/3
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair Auth-Type = Accept
++[packetfence] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [643150113ef9] (from client 192.168.1.2 port 50103 cli
64-31-50-11-3E-F9)
# Executing section post-auth from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group post-auth {...}
++[exec] returns noop
++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25))
? Evaluating !(EAP-Type ) -> TRUE
?? Skipping (EAP-Type != 21 )
?? Skipping (EAP-Type != 25)
++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) -> TRUE
++- entering if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) {...}
rlm_perl: Error in SOAP communication with server: 401 Authorization Required
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Called-Station-Id = 58-35-D9-E4-E4-03
rlm_perl: Added pair Calling-Station-Id = 64-31-50-11-3E-F9
rlm_perl: Added pair Message-Authenticator = 0x6b539c3105fef57533218025522e60c6
rlm_perl: Added pair Cisco-AVPair = audit-session-id=C0A8010200000006003E4BE4
rlm_perl: Added pair User-Name = 643150113ef9
rlm_perl: Added pair User-Password = 643150113ef9
rlm_perl: Added pair NAS-Port = 50103
rlm_perl: Added pair NAS-IP-Address = 192.168.1.2
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair NAS-Port-Id = GigabitEthernet1/0/3
rlm_perl: Added pair Auth-Type = Accept
+++[packetfence] returns fail
++- if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) returns fail
} # server packetfence
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> 643150113ef9
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 7 to 192.168.1.2 port 1645
Finished request 0.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
length=209
Sending duplicate reply to client 192.168.1.2 port 1645 - ID: 7
Sending Access-Reject of id 7 to 192.168.1.2 port 1645
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
length=209
Sending duplicate reply to client 192.168.1.2 port 1645 - ID: 7
Sending Access-Reject of id 7 to 192.168.1.2 port 1645
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
length=209
Sending duplicate reply to client 192.168.1.2 port 1645 - ID: 7
Sending Access-Reject of id 7 to 192.168.1.2 port 1645
Waking up in 4.8 seconds.
Cleaning up request 0 ID 7 with timestamp +167
Ready to process requests.
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
