Thank you for your quick response!
I'm using the latest version of PF (5.1.0), I'll provide here the
configuration files:
And That's what I thought Too: there is radius no communication between the
server and the switch, but still i don't know how to fix that!
Switch configuration (cisco 2960):
!
username admin privilege 15 secret 5 $1$OhO3$Ab2iIMl8Bsou6feNobkvK.
!
!
aaa new-model
!
!
aaa group server radius packetfence
server 192.168.0.1 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
!
!
aaa server radius dynamic-author
client 192.168.0.1 server-key testing123
port 3799
!
aaa session-id common
system mtu routing 1500
!
!
!
!
!
dot1x system-auth-control
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport mode trunk
!
!
interface FastEthernet0/12
!
interface FastEthernet0/13
description NAC_controlled
switchport mode access
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
mls qos trust cos
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
spanning-tree guard loop
!
!
!
interface FastEthernet0/14
description NAC_controlled
switchport mode access
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security
authentication order mab
authentication port-control auto
mab
mls qos trust cos
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
spanning-tree guard loop
!
!
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0
ip helper-address 192.168.0.1
!
interface Vlan2
ip address 192.168.2.254 255.255.255.0
ip helper-address 192.168.0.1
!
interface Vlan3
ip address 192.168.3.254 255.255.255.0
ip helper-address 192.168.0.1
!
interface Vlan10
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.0.1
!
ip http server
ip http secure-server
snmp-server community ciscoWrite RW
snmp-server community ciscoRead RO
radius-server host 192.168.0.1 auth-port 1812 acct-port 1813 timeout 2
key testing123
radius-server key testing123
radius-server vsa send authentication
!
line con 0
password root
line vty 5 15
!
end
!
========================================================================================
Switches.conf looks like that:
[default]
description=Switches Default Values
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=no
VlanMap=Y
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
SNMPVersionTrap=1
SNMPCommunityTrap=public
radiusSecret=testing123
[192.168.0.1]
description=Cisco 2960
type=Cisco::Catalyst_2960
mode=production
deauthMethod=RADIUS
AccessListMap=N
VoIPEnabled=N
defaultRole=normal
defaultVlan=10
radiusSecret=testing123
SNMPCommunityRead=ciscoRead
SNMPCommunityWrite=ciscoWrite
SNMPVersion=2c
================================================================
pf.config :
[general]
domain=fssm.local
hostname=pf.fssm.local
[database]
pass=root
[omapi]
key_base64=Zop2OvYAwVao7hTz+kBx/w==
[interface eth0.2]
enforcement=vlan
ip=192.168.2.1
type=internal
mask=255.255.255.0
[interface eth0.3]
enforcement=vlan
ip=192.168.3.1
type=internal
mask=255.255.255.0
[interface eth0]
ip=192.168.0.1
type=management,high-availability
mask=255.255.255.0
===========================================================
And radius.conf in /raddb/radius/radius.conf :
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /usr/local/pf/var
sbindir = /usr/sbin
logdir = /usr/local/pf/logs
raddbdir = /usr/local/pf/var/radiusd
radacctdir = /usr/local/pf/logs/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
rpc_user = ''
rpc_pass = ''
rpc_port = 7070
rpc_host = 127.0.0.1
rpc_proto = http
user = pf
group = pf
max_request_time = 10
cleanup_delay = 5
max_requests = 20000
listen {
type = auth
ipaddr = 192.168.0.1
port = 0
virtual_server = packetfence
}
listen {
ipaddr = 192.168.0.1
port = 0
type = acct
virtual_server = packetfence
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
# On Centos, even if the openssl lib has been patched, freeradius
refuse to start. Make sure you update openssl.
allow_vulnerable_openssl = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 64
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
}
instantiate {
exec
expr
expiration
logintime
sql
raw
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
