Thank you Ludovic for reply! The problem might be that i can't ping pf server from switch and vice versa. I am using Vmware Workstation with NAT, firewall is disabled. What could be wrong?
2015-09-25 15:55 GMT+03:00 Ludovic Zammit <[email protected]>: > Hello Kristaps, > > Few things you could do: > > - Check if the radius configuration on the switch is properly done > - Check that the radius authentication request is reaching packetfence box > - Check the VLAN configured in PacketFence for the registration VLAN > - Check which VLAN is applied to the port > > After all this steps you should be able to see the portal if everything is > correctly configured. > > Thanks and have a nice day. > > Ludovic [email protected] <[email protected]> :: +1.514.447.4918 > (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > > Le 2015-09-24 à 15:50, Kristaps Dambergs <[email protected]> a > écrit : > > Could somebody help me? > > > > 2015-09-22 0:17 GMT+03:00 Kristaps Dambergs <[email protected]>: > >> Hi, >> >> >> I am trying to implement PF ZEN using 801.1x + MAC. When i connect laptop >> to port (Registration VLAN) no IP address is received, no access to outh >> portal. I can't even ping switch from pf server. I added my config below. >> >> >> Hoping for some help. >> >> >> Thanks >> >> >> PF Logs: >> >> >> [root@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/packetfence.log >> >> Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon carbon-relay took 1.537 >> seconds to start. (pf::services::manager::launchService) >> >> Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon collectd took 0.196 seconds >> to start. (pf::services::manager::launchService) >> >> Sep 19 09:09:27 pfcmd.pl(1615) INFO: pf::services::manager, >> /usr/local/pf/lib/pf/services/manager.pm, 178 >> (pf::services::manager::dhcpd::generateConfig) >> >> Sep 19 09:09:27 pfcmd.pl(1615) INFO: Memory configuration is not valid >> anymore for key interfaces::listen_ints in local cached_hash >> (pfconfig::cached::is_valid) >> >> Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an >> undefined interface... (pf::cluster::members_ips) >> >> Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an >> undefined interface... (pf::cluster::members_ips) >> >> Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an >> undefined interface... (pf::cluster::members_ips) >> >> Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an >> undefined interface... (pf::cluster::members_ips) >> >> Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon dhcpd took 0.241 seconds to >> start. (pf::services::manager::launchService) >> >> Sep 19 09:10:07 pfcmd.pl(1615) INFO: Daemon httpd.aaa took 40.085 >> seconds to start. (pf::services::manager::launchService) >> >> Sep 19 09:11:22 pfcmd.pl(1615) INFO: Daemon httpd.graphite took 36.280 >> seconds to start. (pf::services::manager::launchService) >> >> >> >> [root@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/snmptrapd.log >> >> NET-SNMP version 5.5 >> >> 2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped. >> >> Stopping snmptrapd >> >> >> NET-SNMP version 5.5 >> >> 2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped. >> >> Stopping snmptrapd >> >> >> NET-SNMP version 5.5 >> >> NET-SNMP version 5.5 >> >> >> [root@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/snmptrapd.log >> >> NET-SNMP version 5.5 >> >> 2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped. >> >> Stopping snmptrapd >> >> >> NET-SNMP version 5.5 >> >> 2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped. >> >> Stopping snmptrapd >> >> >> NET-SNMP version 5.5 >> >> NET-SNMP version 5.5 >> >> >> >> [root@PacketFence-ZEN-5-3 ~]# sudo vi /usr/local/pf/conf/switches.conf >> >> RoleMap=Y >> >> mode=testing >> >> macSearchesMaxNb=30 >> >> macSearchesSleepInterval=2 >> >> uplink=dynamic >> >> # >> >> # Command Line Interface >> >> # >> >> # cliTransport could be: Telnet, SSH or Serial >> >> cliTransport=Telnet >> >> cliUser= >> >> cliPwd= >> >> cliEnablePwd= >> >> # >> >> # SNMP section >> >> # >> >> # PacketFence -> Switch >> >> SNMPVersion=1 >> >> SNMPCommunityRead=public >> >> SNMPCommunityWrite=private >> >> #SNMPEngineID = 0000000000000 >> >> #SNMPUserNameRead = readUser >> >> #SNMPAuthProtocolRead = MD5 >> >> #SNMPAuthPasswordRead = authpwdread >> >> #SNMPPrivProtocolRead = DES >> >> #SNMPPrivPasswordRead = privpwdread >> >> #SNMPUserNameWrite = writeUser >> >> #SNMPAuthProtocolWrite = MD5 >> >> #SNMPAuthPasswordWrite = authpwdwrite >> >> #SNMPPrivProtocolWrite = DES >> >> #SNMPPrivPasswordWrite = privpwdwrite >> >> # Switch -> PacketFence >> >> SNMPVersionTrap=1 >> >> SNMPCommunityTrap=public >> >> #SNMPAuthProtocolTrap = MD5 >> >> #SNMPAuthPasswordTrap = authpwdread >> >> #SNMPPrivProtocolTrap = DES >> >> #SNMPPrivPasswordTrap = privpwdread >> >> # >> >> # Web Services Interface >> >> # >> >> # wsTransport could be: http or https >> >> wsTransport=http >> >> wsUser= >> >> wsPwd= >> >> # >> >> # RADIUS NAS Client config >> >> # >> >> # RADIUS shared secret with switch >> >> radiusSecret= >> >> >> [192.168.0.3] >> >> mode=production >> >> deauthMethod=RADIUS >> >> AccessListMap=N >> >> description=2610 >> >> SNMPVersionTrap=1 >> >> type=HP::Procurve_2600 >> >> VoIPEnabled=N >> >> radiusSecret="PASSWD" >> >> uplink_dynamic=0 >> >> uplink=23,24 >> >> >> >> My procurve 2610 config: >> >> >> Running configuration: >> >> >> ; J9086A Configuration Editor; Created on release #R.11.60 >> >> >> hostname "ProCurveSwitch" >> >> time timezone 180 >> >> no telnet-server >> >> interface 23 >> >> name "pfserver" >> >> exit >> >> trunk 23 Trk1 Trunk >> >> timesync sntp >> >> vlan 1 >> >> name "Default" >> >> untagged 1-2,4-22,24-28,Trk1 >> >> ip address 192.168.0.3 255.255.255.0 >> >> no untagged 3 >> >> exit >> >> vlan 2 >> >> name "Registration" >> >> untagged 3 >> >> ip address 192.168.2.1 255.255.255.0 >> >> tagged Trk1 >> >> exit >> >> vlan 3 >> >> name "Isolation" >> >> ip address 192.168.3.1 255.255.255.0 >> >> tagged Trk1 >> >> exit >> >> vlan 10 >> >> name "Normal" >> >> ip address 192.168.1.1 255.255.255.0 >> >> tagged Trk1 >> >> exit >> >> radius-server host 192.168.0.10 key Parole321 >> >> aaa server-group radius "packetfence" host 192.168.0.10 >> >> aaa authentication port-access eap-radius server-group "packetfence" >> >> aaa authentication mac-based chap-radius server-group "packetfence" >> >> port-security 1 learn-mode port-access action send-alarm >> >> port-security 2 learn-mode port-access action send-alarm >> >> port-security 3 learn-mode port-access action send-alarm >> >> port-security 4 learn-mode port-access action send-alarm >> >> port-security 5 learn-mode port-access action send-alarm >> >> port-security 6 learn-mode port-access action send-alarm >> >> port-security 7 learn-mode port-access action send-alarm >> >> port-security 8 learn-mode port-access action send-alarm >> >> port-security 9 learn-mode port-access action send-alarm >> >> port-security 10 learn-mode port-access action send-alarm >> >> port-security 11 learn-mode port-access action send-alarm >> >> port-security 12 learn-mode port-access action send-alarm >> >> port-security 13 learn-mode port-access action send-alarm >> >> port-security 14 learn-mode port-access action send-alarm >> >> port-security 15 learn-mode port-access action send-alarm >> >> port-security 16 learn-mode port-access action send-alarm >> >> port-security 17 learn-mode port-access action send-alarm >> >> port-security 18 learn-mode port-access action send-alarm >> >> port-security 19 learn-mode port-access action send-alarm >> >> port-security 20 learn-mode port-access action send-alarm >> >> port-security 21 learn-mode port-access action send-alarm >> >> port-security 22 learn-mode port-access action send-alarm >> >> snmp-server host 192.168.0.10 community "public" informs trap-level >> Not-INFO >> >> no snmp-server enable traps link-change 1-22 >> >> sntp unicast >> >> sntp server 129.6.15.30 >> >> aaa port-access authenticator 1-22 >> >> aaa port-access authenticator 1 client-limit 1 >> >> aaa port-access authenticator 2 client-limit 1 >> >> aaa port-access authenticator 3 client-limit 1 >> >> aaa port-access authenticator 4 client-limit 1 >> >> aaa port-access authenticator 5 client-limit 1 >> >> aaa port-access authenticator 6 client-limit 1 >> >> aaa port-access authenticator 7 client-limit 1 >> >> aaa port-access authenticator 8 client-limit 1 >> >> aaa port-access authenticator 9 client-limit 1 >> >> aaa port-access authenticator 10 client-limit 1 >> >> aaa port-access authenticator 11 client-limit 1 >> >> aaa port-access authenticator 12 client-limit 1 >> >> aaa port-access authenticator 13 client-limit 1 >> >> aaa port-access authenticator 14 client-limit 1 >> >> aaa port-access authenticator 15 client-limit 1 >> >> aaa port-access authenticator 16 client-limit 1 >> >> aaa port-access authenticator 17 client-limit 1 >> >> aaa port-access authenticator 18 client-limit 1 >> >> aaa port-access authenticator 19 client-limit 1 >> >> aaa port-access authenticator 20 client-limit 1 >> >> aaa port-access authenticator 21 client-limit 1 >> >> aaa port-access authenticator 22 client-limit 1 >> >> aaa port-access authenticator active >> >> aaa port-access mac-based 1-22 >> >> aaa port-access mac-based 1 addr-moves >> >> aaa port-access mac-based 1 reauth-period 14400 >> >> aaa port-access mac-based 2 addr-moves >> >> aaa port-access mac-based 2 reauth-period 14400 >> >> aaa port-access mac-based 3 addr-moves >> >> aaa port-access mac-based 3 reauth-period 14400 >> >> aaa port-access mac-based 4 addr-moves >> >> aaa port-access mac-based 4 reauth-period 14400 >> >> aaa port-access mac-based 5 addr-moves >> >> aaa port-access mac-based 5 reauth-period 14400 >> >> aaa port-access mac-based 6 addr-moves >> >> aaa port-access mac-based 6 reauth-period 14400 >> >> aaa port-access mac-based 7 addr-moves >> >> aaa port-access mac-based 7 reauth-period 14400 >> >> aaa port-access mac-based 8 addr-moves >> >> aaa port-access mac-based 8 reauth-period 14400 >> >> aaa port-access mac-based 9 addr-moves >> >> aaa port-access mac-based 9 reauth-period 14400 >> >> aaa port-access mac-based 10 addr-moves >> >> aaa port-access mac-based 10 reauth-period 14400 >> >> aaa port-access mac-based 11 addr-moves >> >> aaa port-access mac-based 11 reauth-period 14400 >> >> aaa port-access mac-based 12 addr-moves >> >> aaa port-access mac-based 12 reauth-period 14400 >> >> aaa port-access mac-based 13 addr-moves >> >> aaa port-access mac-based 13 reauth-period 14400 >> >> aaa port-access mac-based 14 addr-moves >> >> aaa port-access mac-based 14 reauth-period 14400 >> >> aaa port-access mac-based 15 addr-moves >> >> aaa port-access mac-based 15 reauth-period 14400 >> >> aaa port-access mac-based 16 addr-moves >> >> aaa port-access mac-based 16 reauth-period 14400 >> >> aaa port-access mac-based 17 addr-moves >> >> aaa port-access mac-based 17 reauth-period 14400 >> >> aaa port-access mac-based 18 addr-moves >> >> aaa port-access mac-based 18 reauth-period 14400 >> >> aaa port-access mac-based 19 addr-moves >> >> aaa port-access mac-based 19 reauth-period 14400 >> >> aaa port-access mac-based 20 addr-moves >> >> aaa port-access mac-based 20 reauth-period 14400 >> >> aaa port-access mac-based 21 addr-moves >> >> aaa port-access mac-based 21 reauth-period 14400 >> >> aaa port-access mac-based 22 addr-moves >> >> aaa port-access mac-based 22 reauth-period 14400 >> >> aaa port-access 1 controlled-direction in >> >> aaa port-access 2 controlled-direction in >> >> aaa port-access 3 controlled-direction in >> >> aaa port-access 4 controlled-direction in >> >> aaa port-access 5 controlled-direction in >> >> aaa port-access 6 controlled-direction in >> >> aaa port-access 7 controlled-direction in >> >> aaa port-access 8 controlled-direction in >> >> aaa port-access 9 controlled-direction in >> >> aaa port-access 10 controlled-direction in >> >> aaa port-access 11 controlled-direction in >> >> aaa port-access 12 controlled-direction in >> >> aaa port-access 13 controlled-direction in >> >> aaa port-access 14 controlled-direction in >> >> aaa port-access 15 controlled-direction in >> >> aaa port-access 16 controlled-direction in >> >> aaa port-access 17 controlled-direction in >> >> aaa port-access 18 controlled-direction in >> >> aaa port-access 19 controlled-direction in >> >> aaa port-access 20 controlled-direction in >> >> aaa port-access 21 controlled-direction in >> >> aaa port-access 22 controlled-direction in >> >> spanning-tree Trk1 priority 4 >> >> ip ssh >> >> password manager >> >> password operator >> > > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
