Hi.
Guys, I need help.
I try to setup free radius. When I make test request to radius [root@localhost
radiusd]# radtest steve testing localhost:1812 0 testing123 0 localhost
I got in radius.log
Mon Sep 15 15:34:54 2014 : Auth: Login OK: [steve] (from client 127.0.0.1_1
port 0)
Mon Sep 15 15:34:54 2014 : Info: rlm_perl: MAC address is empty or invalid in
this request. It could be normal on certain radius calls
I got in packetfence.log
Sep 15 15:34:23 pfcmd.pl(20275) INFO: Daemon pfsetvlan took 0.843 seconds to
start. (pf::services::manager::launchService)
Sep 15 15:34:24 pfcmd.pl(20275) INFO: Daemon radiusd took 0.208 seconds to
start. (pf::services::manager::launchService)
And output in console is:
Sending Access-Request of id 14 to 127.0.0.1 port 1812
User-Name = "steve"
User-Password = "testing"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=14, length=20
clients.conf:
client 127.0.0.1 {
secret = testing123
shortname = 127.0.0.1_1
}
users:
DEFAULT EAP-Message !* "", Auth-Type := Accept
steve Cleartext-Password := "testing"
Framed-IP-Address = localhost
If any info needed just say to me.
What is my problem?
I can not establish relations between ZoneDirector and freeRadius. ZoneDirector
can not see radius for test reques with steve\testing pair.
Sorry for my english.
On 15 сент. 2014, at 16:34, Sallee, Jake <[email protected]> wrote:
>> mab <- without this you wont be doing MAB : )
>
> Otherwise you should be fine, I have been using MAB with Cisco 2960s for
> years without those commands.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
> WWW.UMHB.EDU
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
>
> ________________________________________
> From: Andrew Lukasiak [[email protected]]
> Sent: Sunday, September 14, 2014 12:26 PM
> To: [email protected]
> Subject: [PacketFence-users] Catalyst 2970 MAC Authentication
>
> Hello Everyone,
>
> I have been following the excellent Network Devices Configuration Guide
> to setup Cisco Catalyst 2970 for "MAC Authentication bypass only".
> The issue is that the interface doesn't want to accept the following
> commands:
>
> authentication periodic
> authentication timer restart 10800
> authentication timer reauthenticate 7200
> mab
>
> It seems that these options are unavailable.
> I am running IOS 12.2(44)SE6. I believe it is the most recent one.
>
> Would Packetfence work OK with these options left unset? What would be
> the side effects?
>
> I welcome any insights or advice.
>
> Thanks.
> Andrew
>
>
>
> sw001(config-if)#?
> Interface configuration commands:
> arp Set arp type (arpa, probe, snap) or timeout
> auto Configure Automation
> bandwidth Set bandwidth informational parameter
> carrier-delay Specify delay for interface transitions
> cdp CDP interface subcommands
> channel-group Etherchannel/port bundling configuration
> channel-protocol Select the channel protocol (LACP, PAgP)
> dampening Enable event dampening
> default Set a command to its defaults
> delay Specify interface throughput delay
> description Interface specific description
> down-when-looped Force looped interface down
> duplex Configure duplex operation.
> exit Exit from interface configuration mode
> flowcontrol Configure flow operation.
> help Description of the interactive help system
> hold-queue Set hold queue depth
> ip Interface Internet Protocol config commands
> keepalive Enable keepalive
> l2protocol-tunnel Tunnel Layer2 protocols
> lacp LACP interface subcommands
> link Configure Link
> load-interval Specify interval for load calculation for an
> interface
> logging Configure logging for interface
> mac MAC interface commands
> macro Command macro
> max-reserved-bandwidth Maximum Reservable Bandwidth on an Interface
> mdix Set Media Dependent Interface with Crossover
> mls mls interface commands
> mvr MVR per port configuration
> no Negate a command or set its defaults
> pagp PAgP interface subcommands
> priority-queue Priority Queue
> queue-set Choose a queue set for this queue
> rmon Configure Remote Monitoring on an interface
> service-policy Configure QoS Service Policy
> shutdown Shutdown the selected interface
> small-frame Set rate limit parameters for small frame
> snmp Modify SNMP interface parameters
> source Get config from another source
> spanning-tree Spanning Tree Subsystem
> speed Configure speed operation.
> srr-queue Configure shaped round-robin transmit queues
> storm-control storm configuration
> switchport Set switching mode characteristics
> timeout Define timeout values for this interface
> transmit-interface Assign a transmit interface to a receive-only
> interface
> tx-ring-limit Configure PA level transmit ring limit
> udld Configure UDLD enabled or disabled and ignore
> global UDLD setting
>
>
> sw001(config-if)#dot1x ?
> auth-fail Configure Authentication Fail values for this port
> control-direction Set the control-direction on the interface
> critical Enable 802.1x Critical Authentication
> default Configure Dot1x with default values for this port
> fallback Enable the Webauth fallback mechanism
> guest-vlan Configure Guest-vlan on this interface
> host-mode Set the Host mode for 802.1x on this interface
> mac-auth-bypass Enable MAC Auth Bypass
> max-reauth-req Max No.of Reauthentication Attempts
> max-req Max No.of Retries
> pae Set 802.1x interface pae type
> port-control set the port-control value
> reauthentication Enable or Disable Reauthentication for this port
> timeout Various Timeouts
> violation-mode Set the Security Violation mode on this interface
>
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
