Hello
Helloaccording to the documentation I have to have this user in / usr / local /
pf / raddb / userstitle "Option 2: Local Authentication" through the link
recommendedLog in packetfence not have any record, but I have a user in the PF
and the users file.
When I try to authenticate I receive it
I remember I'm trying to authenticate locally on own server PF :)
log (/usr/sbin/radiusd -d /usr/local/pf/raddb/ -X)
rad_recv: Access-Request packet from host 192.168.100.5 port 55170, id=20,
length=46 User-Name = "ismael"
User-Password = "12345678"
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/packetfence+group authorize {
[suffix] No '@' in
User-Name = "ismael", skipping NULL due to config. ++[suffix] =
noop
[ntdomain] No '\' in User-Name = "ismael", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
++[preprocess] = ok
Use of uninitialized value $RAD_REQUEST{"Realm"} in
hash element at /usr/local/pf/raddb//packetfence-multi-domain.pm line
64.rlm_perl: Added pair User-Name = ismael
rlm_perl: Added pair
User-Password = 12345678
rlm_perl: Added pair NAS-IP-Address = 192.168.100.5
++[packetfence-multi-domain] = updated
[eap] No EAP-Message, not doing
EAP
++[eap] = noop
[files] users:
Matched entry DEFAULT at line 5
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++update request {
expand:
%{Packet-Src-IP-Address} -> 192.168.100.5
++} # update request = noop
++update control {
++} # update control = noop
rlm_perl: Added pair User-Name = ismael
rlm_perl: Added pair
User-Password = 12345678
rlm_perl: Added pair NAS-IP-Address = 192.168.100.5
rlm_perl:
Added pair FreeRADIUS-Client-IP-Address = 192.168.100.5
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair
PacketFence-RPC-Proto = http
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl:
Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port =
7070
++[packetfence] = noop
+} # group authorize = updated
Found Auth-Type = Accept
Auth-Type = Accept,
accepting the user
Login OK: [ismael] (from client
PacketFence-ZEN-5-3.local port 0)
} # server packetfence
# Executing section
post-auth from file /usr/local/pf/raddb//sites-enabled/packetfence
+group post-auth {
++[exec]
= noop
++? if (!EAP-Type || (EAP-Type != EAP-TTLS
&& EAP-Type != PEAP))
? Evaluating !(EAP-Type ) -> TRUE
?? Skipping (EAP-Type != EAP-TTLS
)?? Skipping (EAP-Type != PEAP)++? if (!EAP-Type || (EAP-Type != EAP-TTLS &&
EAP-Type != PEAP)) -> TRUE++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type
!= PEAP)) {+++update control {+++} # update control = nooprlm_perl: MAC address
is empty or invalid in this request. It could be normal on certain radius
callsrlm_perl: Added pair User-Name = ismaelrlm_perl: Added pair User-Password
= 12345678rlm_perl: Added pair NAS-IP-Address = 192.168.100.5rlm_perl: Added
pair FreeRADIUS-Client-IP-Address = 192.168.100.5rlm_perl: Added pair
PacketFence-RPC-Pass =rlm_perl: Added pair PacketFence-RPC-Server =
127.0.0.1rlm_perl: Added pair PacketFence-RPC-User =rlm_perl: Added pair
PacketFence-RPC-Proto = httprlm_perl: Added pair Auth-Type = Acceptrlm_perl:
Added pair PacketFence-RPC-Port = 7070+++[packetfence] = reject++} # if
(!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = reject+} # group
post-auth = rejectUsing Post-Auth-Type Reject# Executing group from file
/usr/local/pf/raddb//sites-enabled/packetfence+group REJECT
{[attr_filter.access_reject] expand: %{User-Name} -> ismaelattr_filter:
Matched entry DEFAULT at line 11++[attr_filter.access_reject] = updated+} #
group REJECT = updatedDelaying reject of request 1 for 1 secondsGoing to the
next requestWaking up in 0.9 seconds.Sending delayed reject for request
1Sending Access-Reject of id 20 to 192.168.100.5 port 55170Waking up in 4.9
seconds.Cleaning up request 1 ID 20 with timestamp +35Ready to process requests.
To: [email protected]
From: [email protected]
Date: Tue, 10 Nov 2015 21:20:22 -0500
Subject: Re: [PacketFence-users] Radius authentication
Hello Ismael,
you created a user in radius but it probably doesn't exist on
packetfence side. (check packetfence.log)
So remove what you did in /usr/local/pf/raddb/users and follow this
documentation:
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Administration_Guide.asciidoc#option-5-eap-local-user-authentication
Also don't forget to create a portal profile with a specific filter
(like SSID, switch ... that match your connection) and add local
authentication source.
Then retry.
Regards
Fabrice
Le 2015-11-10 21:04, ismael flavio
silva a écrit :
Hello :)
I am locally test the radius. He appears to accept any user or
password, and log accuses a problem with the mac-address.
I see in the community but everybody uses AD or an equivalent
server.
LOG
/usr/local/pf/logs/radius.log
Tue Nov 10 20:56:47 2015 : Auth: Login OK: [ismael] (from client
PacketFence-ZEN-5-3.local port 0)
Tue Nov 10 20:56:47 2015 : Info: rlm_perl: MAC address is empty
or invalid in this request. It could be normal on certain radius
calls
-----------------------------------
/usr/sbin/radiusd -d /usr/local/pf/raddb/ -X
......
......
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
virtual_server = "packetfence"
ipaddr = 192.168.100.5
port = 0
}
listen {
type = "acct"
virtual_server = "packetfence"
ipaddr = 192.168.100.5
port = 0
}
listen {
type = "control"
listen {
socket = "/usr/local/pf/var/run/radiusd.sock"
mode = "rw"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 49410
Listening on authentication address 192.168.100.5 port 1812 as
server packetfence
Listening on accounting address 192.168.100.5 port 1813 as
server packetfence
Listening on command file /usr/local/pf/var/run/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as
server inner-tunnel
Listening on proxy address 192.168.100.5 port 1814
Ready to process requests.
configs
/usr/local/pf/raddb/users
ismael Cleartext-Password := "12345678"
Configuration → Advanced -> plaintext
Thanks
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
