Abdelghafour: Did you add the switch in the admin GUI on PF? You can also tail the packetfence.log file when you are doing your test and you should see why PF is rejecting the authentication.
This is just a shot in the dark, but my feeling is that the switch for some reason did not make it into the radius_nas table which means FreeRADIUS will not answer requests from it. If that is the case you will get lines in the radius.log file talking about unknown clients. Easy way to fix that is to bounce the PF services, and depending on the version of PF you are running you can enable the option to automatically add new switches into the database so you don't need to bounce any services when you add switches. But starting in v4 something, I think this is enabled by default. but Fabrice will know better than me. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: Fabrice DURAND [[email protected]] Sent: Monday, June 15, 2015 10:37 AM To: [email protected] Subject: Re: [PacketFence-users] User Authentication using 802.1X and MAB Hello Abdelghafour, please provide your switches.conf, pf.conf and the configuration of you cisco switch. Also can you post the radius.log (/usr/local/pf/logs/) Regards Fabrice Le 2015-06-15 11:30, Abdelghafour Rakhma a écrit : Hello everyone! We're deploying packefence in our university, we've choosed the OUT-OF-BAND mode, as a basic configuration I've made a test on my Cisco catalyst 2960 switch and PF on my VMware! Overview: ---------------------------------------------------------------------------------------------- Vlan 1: (where all port are assigned) is the MGT => 192.168.0.254 Vlan 2: Reg => 192.168.2.254 Vlan 3: Isolation => 192.168.3.254 Vlan 10: Normal => 192.168.10.254 My PF server (192.168.0.1) is connected to the switch on the port fa0/1 in vlan 1 (mode access trunk) --------------------------------------------------------------- But I have more than one problem! and it's killing me, cuz I was searching in this mailing for 10 days without resolving em! I'd be very thankful if you give me a hand since I don't have a big experience with NAC solutions 1) - I've configured the switch as mentioned in the documentation and configured PF as well, but STILL when I'm plugging a laptop on the port where I configured the MAB and 802.1X, I get in my switch : -Starting mab for client xxxx -Radius-server-dead: radius-server is not responding -Radius-server-Alive: radius server is being marked alive -MAB-5-FAIL: authentication failed for client xxxx -Authentication result 'server dead' from 'mab' for client xxxx And that's it nothing happens and the client don't recieve an IP address! 2)- when starting the service i get the following error: -httpd: apr_sockaddr_info_get() failed -httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName And Thank you very much in advance Best regards! ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
