Dear Friends,
I created local users in PF(Web Admin) as well as the
/usr/local/pf/raddb/users, but Radius won't authenticate them. I'm able to test
the local raddb user file with radtest utility.
I have configured a switch with Radius Authentication to PF.
#########################################################################
aaa new-model
aaa authentication login default group radius line
radius-server host 10.xx.xx.xxx auth-port 1812 acct-port 1813 key Password
#########################################################################
The Switch is sending the request correctly to Radius.
Here are the debug logs...
#########################################################################
rad_recv: Access-Request packet from host 10.X.XX.XXX port 1645, id=98,
length=86
NAS-IP-Address = 0.0.0.0
NAS-Port = 1
Cisco-NAS-Port = "tty1"
NAS-Port-Type = Virtual
User-Name = "hari"
Calling-Station-Id = "10.X.X.XXX"
User-Password = "kEn\004\214^\257\271b\302Q8Fm\371\024"
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "hari", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry hari at line 3
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Virtual
rlm_perl: Added pair User-Name = hari
rlm_perl: Added pair User-Password = kEn\004\214^\257\271b\302Q8Fm\371\024
rlm_perl: Added pair Calling-Station-Id = 10.X.X.XXX
rlm_perl: Added pair Cisco-NAS-Port = tty1
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair NAS-IP-Address = 0.0.0.0
rlm_perl: Added pair Cleartext-Password = hari
++[packetfence] returns noop
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
User-Password in the request does NOT match "known good" password.
Failed to authenticate the user.
Login incorrect: [hari] (from client 10.X.X.XXX port 1 cli 10.X.X.XXX)
} # server packetfence
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> hari
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 10 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 10
Sending Access-Reject of id 98 to 10.X.X.XXX port 1645
Waking up in 4.9 seconds.
Cleaning up request 10 ID 98 with timestamp +3669
Ready to process requests.
#########################################################################
I'm surprised why this is not working. I have also done AD integration by
editing the /usr/local/pf/raddb/modules/mschap file. I have also added my AD
sources...
I have read the Admin manual completely looking for clues.
Any help in the right direction would be appreciated.
Best Regards,
Hari.
* * * * * * * * * * D I S C L A I M E R * * * * * * * * * * This email and any
files transmitted with it are confidential and intended solely for the use of
the individual or entity to whom they are addressed. If you have received this
email in error please notify the sender immediately. This message contains
confidential information and is intended only for the individual named. If you
are not the named addressee you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system. If you are not
the intended recipient you are notified that disclosing, copying, distributing
or taking any action in reliance on the contents of this information is
strictly prohibited. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those of
the company. Finally, the recipient should check this email and any attachments
for the presence of viruses. GAVS accepts no liability for any damage caused by
any virus transmitted by this email.
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
