Hi,
run radius in debug to see what happen.
radius -d /usr/local/pf/raddb/ -X
Regards
Fabrice
Le 2013-06-20 10:58, forbmsyn a écrit :
Hi,
I installed PF 4.0.1 on CentOS 6.4. I am now testing the PF with a
Cisco 3560 switch. I followed the Guide
"PacketFence_Administration_Guide-4.0.1" to do the configuration on
the PF box and the switch. After that I plugged a notebook into the
switch port but it failed to authorize.
*Below is the output from the switch. *
*Mar 1 17:06:01.131: %LINK-3-UPDOWN: Interface FastEthernet0/3,
changed state to up
*Mar 1 17:06:02.138: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/3, changed state to up
*Mar 1 17:06:08.304: %AUTHMGR-5-START: Starting 'dot1x' for client
(dc0e.a18a.d48f) on Interface Fa0/3 AuditSessionID
C0A8010C0000000503AB5161
*Mar 1 17:06:08.396: %DOT1X-5-FAIL: Authentication failed for client
(dc0e.a18a.d48f) on Interface Fa0/3 AuditSessionID
*
Mar 1 17:06:08.396: %AUTHMGR-7-RESULT: Authentication result
'no-response' from 'dot1x' for client (dc0e.a18a.d48f) on Interface
Fa0/3 AuditSessionID C0A8010C0000000503AB5161
*Mar 1 17:06:08.396: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x'
for client (dc0e.a18a.d48f) on Interface Fa0/3 AuditSessionID
C0A8010C0000000503AB5161
*Mar 1 17:06:08.396: %AUTHMGR-5-START: Starting 'mab' for client
(dc0e.a18a.d48f) on Interface Fa0/3 AuditSessionID
C0A8010C0000000503AB5161
*Mar 1 17:06:08.396: %MAB-5-FAIL: Authentication failed for client
(dc0e.a18a.d48f) on Interface Fa0/3 AuditSessionID
C0A8010C0000000503AB5161
*Mar 1 17:06:08.396: %AUTHMGR-7-RESULT: Authentication result 'server
dead' from 'mab' for client (dc0e.a18a.d48f) on Interface Fa0/3
AuditSessionID C0A8010C0000000503AB5161
*Mar 1 17:06:08.396: %AUTHMGR-5-FAIL: Authorization failed for client
(dc0e.a18a.d48f) on Interface Fa0/3 AuditSessionID
C0A8010C0000000503AB5161
*Below is the configuration of the switch:*
Building configuration...
Current configuration : 6184 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname pfsw1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$C350$YhFHNRVPjyV5wfZO5wPW3/
!
username admin password 7 1218011A1B05
!
!
aaa new-model
!
!
aaa group server radius packtfence
server 192.168.1.5 auth-port 18120 acct-port 1813
!
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
!
!
!
aaa session-id common
system mtu routing 1500
!
!
!
!
crypto pki trustpoint TP-self-signed-2374957568
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2374957568
revocation-check none
rsakeypair TP-self-signed-2374957568
!
!
crypto pki certificate chain TP-self-signed-2374957568
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32333734 39353735 3638301E 170D3933 30333031 30303030
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33373439
35373536 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C368 D504DCD0 D587EB9B FF256DA7 631E1879 204F27BF FA294DA5 58832222
C32956E0 4D8BBCC4 E4072D18 965E4A93 B3477098 96B6BC9E 66E7EFE0 AE61719B
FE5E3C15 D587C593 A2C2AAF4 BC7F5DD0 DA44C32F 8107DC6A 61431478 A7AFD7CE
8AA173C8 390A4C49 34FC3AB0 2C7EE213 0DB98B37 433C74C7 1E3F1F20 9F7142A5
64390203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06706673 77312E30 1F060355 1D230418 30168014 85FFF74D
618F8A7C 5B679D32 2A438916 62A64B79 301D0603 551D0E04 16041485 FFF74D61
8F8A7C5B 679D322A 43891662 A64B7930 0D06092A 864886F7 0D010104 05000381
81006126 9256F05C 4AC78A8A 2C31EC5D 6442888C 15375001 327B51A3 CA79A23F
6BDD151F 2F561C6A 5CE9A0DA 798CE348 21E17D75 FE1E8246 3A28BCD8 077B42AB
49AB123B DE476444 057BB2E0 D1A4905F EEB8C677 9C3E69B0 B315EB30 DC56C7E1
60F2CBEB B4C36153 33F1FD99 9F09E609 65728AFA 3716D77F 739F7C84
4B7B03DE DCCA
quit
dot1x system-auth-control
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 4
switchport mode access
switchport voice vlan 100
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0001 vlan access
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 4
switchport mode access
switchport voice vlan 100
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0002 vlan access
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 4
switchport mode access
switchport voice vlan 100
switchport port-security maximum 1 vlan access
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0003 vlan access
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 4
switchport mode access
switchport voice vlan 100
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0004 vlan access
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.12 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host 192.168.1.5 public port-security
radius-server host 192.168.1.5 auth-port 18120 acct-port 1813 timeout
2 key 7 15071809373E392B26343030200215110442
radius-server vsa send authentication
!
!
line con 0
line vty 5 15
!
end
*Radius is listening on port 18120 so I configured 18120 on the switch. *
[root@qlpfp logs]# netstat -a | grep 1812
udp 0 0 localhost:18120 *:*
[root@qlpfp logs]#
*I can ping the IP 192.168.1.5 of PF from the switch. *
Can anyone please let me know what else I need to do to get it worked?
Thank you!
Regards,
Jacky
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
