Unfortunately, nothing that you’ve sent is really helpful for us to help you.
We’re gonna need to output of the radius debug.
First stop FreeRADIUS from being managed by PacketFence:
/usr/local/pf/bin/pfcmd service radiusd stop
Then, start FreeRADIUS in debug mode: radiusd -X -d /usr/local/pf/raddb
After that, retry and paste the full FreeRADIUS output.
Derek
—
Derek Wuelfrath
[email protected] :: www.inverse.ca
+1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On Sep 15, 2014, at 9:55, Алексей <[email protected]> wrote:
> Hi.
> Guys, I need help.
> I try to setup free radius. When I make test request to radius
> [root@localhost radiusd]# radtest steve testing localhost:1812 0 testing123 0
> localhost
> I got in radius.log
> Mon Sep 15 15:34:54 2014 : Auth: Login OK: [steve] (from client 127.0.0.1_1
> port 0)
> Mon Sep 15 15:34:54 2014 : Info: rlm_perl: MAC address is empty or invalid in
> this request. It could be normal on certain radius calls
>
> I got in packetfence.log
> Sep 15 15:34:23 pfcmd.pl(20275) INFO: Daemon pfsetvlan took 0.843 seconds to
> start. (pf::services::manager::launchService)
> Sep 15 15:34:24 pfcmd.pl(20275) INFO: Daemon radiusd took 0.208 seconds to
> start. (pf::services::manager::launchService)
>
> And output in console is:
> Sending Access-Request of id 14 to 127.0.0.1 port 1812
> User-Name = "steve"
> User-Password = "testing"
> NAS-IP-Address = 127.0.0.1
> NAS-Port = 0
> Message-Authenticator = 0x00000000000000000000000000000000
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=14, length=20
>
> clients.conf:
> client 127.0.0.1 {
> secret = testing123
> shortname = 127.0.0.1_1
> }
>
> users:
> DEFAULT EAP-Message !* "", Auth-Type := Accept
> steve Cleartext-Password := "testing"
> Framed-IP-Address = localhost
>
> If any info needed just say to me.
> What is my problem?
> I can not establish relations between ZoneDirector and freeRadius.
> ZoneDirector can not see radius for test reques with steve\testing pair.
> Sorry for my english.
>
>
> On 15 сент. 2014, at 16:34, Sallee, Jake <[email protected]> wrote:
>
>>> mab <- without this you wont be doing MAB : )
>>
>> Otherwise you should be fine, I have been using MAB with Cisco 2960s for
>> years without those commands.
>>
>> Jake Sallee
>> Godfather of Bandwidth
>> System Engineer
>> University of Mary Hardin-Baylor
>> WWW.UMHB.EDU
>>
>> 900 College St.
>> Belton, Texas
>> 76513
>>
>> Fone: 254-295-4658
>> Phax: 254-295-4221
>>
>> ________________________________________
>> From: Andrew Lukasiak [[email protected]]
>> Sent: Sunday, September 14, 2014 12:26 PM
>> To: [email protected]
>> Subject: [PacketFence-users] Catalyst 2970 MAC Authentication
>>
>> Hello Everyone,
>>
>> I have been following the excellent Network Devices Configuration Guide
>> to setup Cisco Catalyst 2970 for "MAC Authentication bypass only".
>> The issue is that the interface doesn't want to accept the following
>> commands:
>>
>> authentication periodic
>> authentication timer restart 10800
>> authentication timer reauthenticate 7200
>> mab
>>
>> It seems that these options are unavailable.
>> I am running IOS 12.2(44)SE6. I believe it is the most recent one.
>>
>> Would Packetfence work OK with these options left unset? What would be
>> the side effects?
>>
>> I welcome any insights or advice.
>>
>> Thanks.
>> Andrew
>>
>>
>>
>> sw001(config-if)#?
>> Interface configuration commands:
>> arp Set arp type (arpa, probe, snap) or timeout
>> auto Configure Automation
>> bandwidth Set bandwidth informational parameter
>> carrier-delay Specify delay for interface transitions
>> cdp CDP interface subcommands
>> channel-group Etherchannel/port bundling configuration
>> channel-protocol Select the channel protocol (LACP, PAgP)
>> dampening Enable event dampening
>> default Set a command to its defaults
>> delay Specify interface throughput delay
>> description Interface specific description
>> down-when-looped Force looped interface down
>> duplex Configure duplex operation.
>> exit Exit from interface configuration mode
>> flowcontrol Configure flow operation.
>> help Description of the interactive help system
>> hold-queue Set hold queue depth
>> ip Interface Internet Protocol config commands
>> keepalive Enable keepalive
>> l2protocol-tunnel Tunnel Layer2 protocols
>> lacp LACP interface subcommands
>> link Configure Link
>> load-interval Specify interval for load calculation for an
>> interface
>> logging Configure logging for interface
>> mac MAC interface commands
>> macro Command macro
>> max-reserved-bandwidth Maximum Reservable Bandwidth on an Interface
>> mdix Set Media Dependent Interface with Crossover
>> mls mls interface commands
>> mvr MVR per port configuration
>> no Negate a command or set its defaults
>> pagp PAgP interface subcommands
>> priority-queue Priority Queue
>> queue-set Choose a queue set for this queue
>> rmon Configure Remote Monitoring on an interface
>> service-policy Configure QoS Service Policy
>> shutdown Shutdown the selected interface
>> small-frame Set rate limit parameters for small frame
>> snmp Modify SNMP interface parameters
>> source Get config from another source
>> spanning-tree Spanning Tree Subsystem
>> speed Configure speed operation.
>> srr-queue Configure shaped round-robin transmit queues
>> storm-control storm configuration
>> switchport Set switching mode characteristics
>> timeout Define timeout values for this interface
>> transmit-interface Assign a transmit interface to a receive-only
>> interface
>> tx-ring-limit Configure PA level transmit ring limit
>> udld Configure UDLD enabled or disabled and ignore
>> global UDLD setting
>>
>>
>> sw001(config-if)#dot1x ?
>> auth-fail Configure Authentication Fail values for this port
>> control-direction Set the control-direction on the interface
>> critical Enable 802.1x Critical Authentication
>> default Configure Dot1x with default values for this port
>> fallback Enable the Webauth fallback mechanism
>> guest-vlan Configure Guest-vlan on this interface
>> host-mode Set the Host mode for 802.1x on this interface
>> mac-auth-bypass Enable MAC Auth Bypass
>> max-reauth-req Max No.of Reauthentication Attempts
>> max-req Max No.of Retries
>> pae Set 802.1x interface pae type
>> port-control set the port-control value
>> reauthentication Enable or Disable Reauthentication for this port
>> timeout Various Timeouts
>> violation-mode Set the Security Violation mode on this interface
>>
>>
>> ------------------------------------------------------------------------------
>> Want excitement?
>> Manually upgrade your production database.
>> When you want reliability, choose Perforce
>> Perforce version control. Predictably reliable.
>> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ------------------------------------------------------------------------------
>> Want excitement?
>> Manually upgrade your production database.
>> When you want reliability, choose Perforce
>> Perforce version control. Predictably reliable.
>> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
