Louis,
Thanks for the quick reply. Here is the output:
Ready to process requests.
rad_recv: Access-Request packet from host 172.21.255.2 port 1137, id=94,
length=121
User-Name = "f0def1701dc5"
User-Password = "f0def1701dc5"
Service-Type = Framed-User
Framed-MTU = 1500
NAS-IP-Address = 172.21.255.2
NAS-Port-Type = Ethernet
NAS-Port = 13
NAS-Identifier = "ICX6450-48P Router"
Calling-Station-Id = "F0-DE-F1-70-1D-C5"
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "f0def1701dc5", skipping NULL due to config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "f0def1701dc5", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
++[preprocess] = ok
Use of uninitialized value $RAD_REQUEST{"Realm"} in hash element at
/usr/local/pf/raddb/packetfence-multi-domain.pm line 59.
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = F0-DE-F1-70-1D-C5
rlm_perl: Added pair User-Name = f0def1701dc5
rlm_perl: Added pair User-Password = f0def1701dc5
rlm_perl: Added pair NAS-Identifier = ICX6450-48P Router
rlm_perl: Added pair NAS-IP-Address = 172.21.255.2
rlm_perl: Added pair NAS-Port = 13
rlm_perl: Added pair Framed-MTU = 1500
++[packetfence-multi-domain] = updated
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 5
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++update request {
expand: %{Packet-Src-IP-Address} -> 172.21.255.2
++} # update request = noop
++update control {
++} # update control = noop
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = F0-DE-F1-70-1D-C5
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.21.255.2
rlm_perl: Added pair User-Name = f0def1701dc5
rlm_perl: Added pair User-Password = f0def1701dc5
rlm_perl: Added pair NAS-Identifier = ICX6450-48P Router
rlm_perl: Added pair NAS-IP-Address = 172.21.255.2
rlm_perl: Added pair NAS-Port = 13
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 7070
++[packetfence] = noop
+} # group authorize = updated
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [f0def1701dc5] (from client 172.21.255.2 port 13 cli
F0-DE-F1-70-1D-C5)
} # server packetfence
# Executing section post-auth from file
/usr/local/pf/raddb/sites-enabled/packetfence
+group post-auth {
++[exec] = noop
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP))
? Evaluating !(EAP-Type ) -> TRUE
?? Skipping (EAP-Type != EAP-TTLS )
?? Skipping (EAP-Type != PEAP)
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE
++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
+++update control {
+++} # update control = noop
rlm_perl: Returning vlan 101 to request from f0:de:f1:70:1d:c5 port 13
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = F0-DE-F1-70-1D-C5
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.21.255.2
rlm_perl: Added pair User-Name = f0def1701dc5
rlm_perl: Added pair User-Password = f0def1701dc5
rlm_perl: Added pair NAS-Identifier = ICX6450-48P Router
rlm_perl: Added pair NAS-Port = 13
rlm_perl: Added pair NAS-IP-Address = 172.21.255.2
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair Tunnel-Private-Group-ID = 101
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 7070
+++[packetfence] = ok
++} # if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = ok
+} # group post-auth = ok
Sending Access-Accept of id 94 to 172.21.255.2 port 1137
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 94 with timestamp +15
Ready to process requests.
From: Louis Munro [mailto:[email protected]]
Sent: Wednesday, July 15, 2015 1:12 PM
To: [email protected]
Subject: Re: [PacketFence-users] Error in parsing of RADIUS VLAN entry
Hi Jason,
show us the full FreeRADIUS debug output.
To do so, stop the radius service on the PacketFence server and restart it with
this command:
radiusd -d /usr/local/pf/raddb -X
That will spew out a lot of details about the connection.
Try authenticating again and send us the result.
Regards,
--
Louis Munro
[email protected]<mailto:[email protected]> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
On Jul 15, 2015, at 14:06 , Guntharp, Jason W.
<[email protected]<mailto:[email protected]>> wrote:
Hello,
I'm working to fit Packetfence into a community college network as a NAC to
manage wired devices. The install and basic configuration has been easy, but I
have been unsuccessful at getting a working system with Brocade switches. Could
anyone shed some light on this "Error in parsing of RADIUS VLAN entry"?
Platform VMware 6.x / CENTOS 6.6 x64 / Packetfence 5.2
Brocade 6450-48-POE on 8.30a (latest code -though I've tried the 7.x with no
success)
Brocade Switch and Packetfence Roles
registration VLAN 101
isolation VLAN 102
macDetection VLAN 103
inline VLAN 104
voice VLAN 105
default VLAN 106
Brocade 6450 switch is configured 802.1x/MAC bypass via the network devices
guide. Switch fails VLAN steer:
Debug dot1x output:
ICX6450-48P Router#[T:157274] [VLAN] [MGMT-POR] : 802.1X: vlan_name (String):
101 is now converted to vlan id (Decimal): 101
Show log output:
Jan 1 04:22:18:A:MAC Authentication failed for [f0de.f170.1dc5 ] on port
1/1/37 (Error in parsing of RADIUS VLAN entry)
Jan 1 04:22:18:I:System: Interface ethernet 1/1/37, state up
Jan 1 04:22:15:I:System: Interface ethernet 1/1/37, state down
Packetfence.log output:
ul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] handling radius autz
request: from switch_ip => (172.21.255.2), connection_type =>
WIRED_MAC_AUTH,switch_mac => (Unknown), mac => [f0:de:f1:70:1d:c5], port => 37,
username => "f0def1701dc5" (pf::radius::authorize)
Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] is of status unreg;
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] Returning ACCEPT with
VLAN: 101 (pf::Switch::Brocade::returnRadiusAccessAccept)
I have even tried a new packetfence install with the same results. It appears
that Packetfence is returning the radius ACCEPT with vlan 101, but the switch
will not correctly parse the reply. Any help?
Thanks,
Jason Guntharp
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
