Hello Younes,
follow this link, it's the same problem.
http://www.mail-archive.com/[email protected]/msg03613.html
Regards
Fabrice
Le samedi 20 avril 2013 05:54:52, HAIFI Younes a écrit :
> I configured 802.1x authentication on the switch
> I started the Radius with command "radiusd-X-d / usr / local / pf /
> raddb" thenit displays "Ready to process requests" so I connected a PC
> to the switch, the following messageappears , I wonder if the
> authentication was successful :
>
>
> rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
> length=209
> User-Name = "643150113ef9"
> User-Password = "643150113ef9"
> Service-Type = Call-Check
> Framed-MTU = 1500
> Called-Station-Id = "58-35-D9-E4-E4-03"
> Calling-Station-Id = "64-31-50-11-3E-F9"
> Message-Authenticator = 0x6b539c3105fef57533218025522e60c6
> Cisco-AVPair = "audit-session-id=C0A8010200000006003E4BE4"
> NAS-Port-Type = Ethernet
> NAS-Port = 50103
> NAS-Port-Id = "GigabitEthernet1/0/3"
> NAS-IP-Address = 192.168.1.2
> server packetfence {
> # Executing section authorize from file
> /usr/local/pf/raddb/sites-enabled/packetfence
> +- entering group authorize {...}
> [suffix] No '@' in User-Name = "643150113ef9", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[preprocess] returns ok
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> [files] users: Matched entry DEFAULT at line 1
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> rlm_perl: Added pair NAS-Port-Type = Ethernet
> rlm_perl: Added pair Service-Type = Call-Check
> rlm_perl: Added pair Calling-Station-Id = 64-31-50-11-3E-F9
> rlm_perl: Added pair Called-Station-Id = 58-35-D9-E4-E4-03
> rlm_perl: Added pair Message-Authenticator =
> 0x6b539c3105fef57533218025522e60c6
> rlm_perl: Added pair Cisco-AVPair =
> audit-session-id=C0A8010200000006003E4BE4
> rlm_perl: Added pair User-Name = 643150113ef9
> rlm_perl: Added pair User-Password = 643150113ef9
> rlm_perl: Added pair NAS-IP-Address = 192.168.1.2
> rlm_perl: Added pair NAS-Port = 50103
> rlm_perl: Added pair NAS-Port-Id = GigabitEthernet1/0/3
> rlm_perl: Added pair Framed-MTU = 1500
> rlm_perl: Added pair Auth-Type = Accept
> ++[packetfence] returns noop
> Found Auth-Type = Accept
> Auth-Type = Accept, accepting the user
> Login OK: [643150113ef9] (from client 192.168.1.2 port 50103 cli
> 64-31-50-11-3E-F9)
> # Executing section post-auth from file
> /usr/local/pf/raddb/sites-enabled/packetfence
> +- entering group post-auth {...}
> ++[exec] returns noop
> ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25))
> ? Evaluating !(EAP-Type ) -> TRUE
> ?? Skipping (EAP-Type != 21 )
> ?? Skipping (EAP-Type != 25)
> ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) -> TRUE
> ++- entering if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) {...}
> rlm_perl: Error in SOAP communication with server: 401 Authorization
> Required
> rlm_perl: Added pair NAS-Port-Type = Ethernet
> rlm_perl: Added pair Service-Type = Call-Check
> rlm_perl: Added pair Called-Station-Id = 58-35-D9-E4-E4-03
> rlm_perl: Added pair Calling-Station-Id = 64-31-50-11-3E-F9
> rlm_perl: Added pair Message-Authenticator =
> 0x6b539c3105fef57533218025522e60c6
> rlm_perl: Added pair Cisco-AVPair =
> audit-session-id=C0A8010200000006003E4BE4
> rlm_perl: Added pair User-Name = 643150113ef9
> rlm_perl: Added pair User-Password = 643150113ef9
> rlm_perl: Added pair NAS-Port = 50103
> rlm_perl: Added pair NAS-IP-Address = 192.168.1.2
> rlm_perl: Added pair Framed-MTU = 1500
> rlm_perl: Added pair NAS-Port-Id = GigabitEthernet1/0/3
> rlm_perl: Added pair Auth-Type = Accept
> +++[packetfence] returns fail
> ++- if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) returns fail
> } # server packetfence
> Using Post-Auth-Type REJECT
> # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> 643150113ef9
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Sending Access-Reject of id 7 to 192.168.1.2 port 1645
> Finished request 0.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
> length=209
> Sending duplicate reply to client 192.168.1.2 port 1645 - ID: 7
> Sending Access-Reject of id 7 to 192.168.1.2 port 1645
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
> length=209
> Sending duplicate reply to client 192.168.1.2 port 1645 - ID: 7
> Sending Access-Reject of id 7 to 192.168.1.2 port 1645
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.1.2 port 1645, id=7,
> length=209
> Sending duplicate reply to client 192.168.1.2 port 1645 - ID: 7
> Sending Access-Reject of id 7 to 192.168.1.2 port 1645
> Waking up in 4.8 seconds.
> Cleaning up request 0 ID 7 with timestamp +167
> Ready to process requests.
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
