Hi Ludovic,
For the radius debug try : raddebug -f /usr/local/pf/var/run/radiusd.sock
-t 3600
*Ans: Where can I look for upon the above command? If i run "radiusd -X -d
/usr/local/pf/raddb, I got the error for the last two lines*
*radiusd: #### Opening IP addresses and Ports ####The server is not
configured to listen on any ports. Cannot start.*
Are you trying to do a 802.1x authentication ?
*Ans: Yes, I would like to do a wired 802.1x, and captive portal login as
failover. For example, if domain PC connected to the network, they will
authenticate against AD, otherwise it will pop up the captive portal page.
Guest will need to input the username/password which stored in
/usr/local/pf/raddb/users file. (in this case for example, by default is
"demouser/demouser")*
*New problem arise:*
*My wired 802.1x authentication against AD is successful, however PF will
never assign the port to default vlan(118), but instead assign to
Registration Vlan(2)*
Below is my switchport configuration from Cisco
interface GigabitEthernet0/33
switchport access vlan 118
switchport mode access
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
end
*Switch log:*
.Jan 26 09:22:54.696 SG: %DOT1X-5-SUCCESS: Authentication successful for
client (d4be.d939.37c6) on Interface Gi0/33 AuditSessionID
.Jan 26 09:22:54.696 SG: %AUTHMGR-7-RESULT: Authentication result 'success'
from 'dot1x' for client (d4be.d939.37c6) on Interface Gi0/33 AuditSessionID
0AB876FB0000007714341E60
.Jan 26 09:22:54.705 SG: %AUTHMGR-5-VLANASSIGN: VLAN 2 assigned to
Interface Gi0/33 AuditSessionID 0AB876FB0000007714341E60
.Jan 26 09:22:55.753 SG: %AUTHMGR-5-SUCCESS: Authorization succeeded for
client (d4be.d939.37c6) on Interface Gi0/33 AuditSessionID
0AB876FB0000007714341E60
Make sure that :
- Your user exist on the local/external source --* I have included Radius
for Internal, because the method I use is Radius*
- That you put the correct source on your portal profile (try ton create
one with your SSID/ Switch IP) - *Done*
- Use bin/pftest authentication username password to see which source you
match -
*Ans: the command i run: pftest authenticate demouser demouser cdppl, the
output is*
* Authentication FAILED against cdppl (Unable to validate credentials at
the moment)*
* Did not match against cdppl*
* Did not match against cdppl*
Hope to hear from you, thank you !
Regards,
Reeyon
On Mon, Jan 25, 2016 at 10:08 PM, Ludovic Zammit <[email protected]> wrote:
> Hi Reeyon,
>
> For the radius debug try : raddebug -f /usr/local/pf/var/run/radiusd.sock
> -t 3600
>
> Are you trying to do a 802.1x authentication ?
>
> Make sure that :
>
> - Your user exist on the local/external source
> - That you put the correct source on your portal profile (try ton create
> one with your SSID/ Switch IP)
> - Use bin/pftest authentication username password to see which source you
> match
>
> Thanks,
>
> Ludovic [email protected] <[email protected]> :: +1.514.447.4918
> (x145) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
>
>
>
> Le 24 janv. 2016 à 21:05, Reeyon Lim <[email protected]> a écrit :
>
> Hi All,
>
> I have successfully setup a lab using ZEN 5.5 version on ESXi. Everything
> is working fine such as VLAN enforcement and the captive portal page for
> registration.
> I did followed
> http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-5.6.0.pdf
> manual guide, when the landing page pop up and I key in the default
> "demouser/demouser", it shows unable to validate credentials at the moment.
>
> So, going in to shell and run radiusd -X -d /usr/local/pf/raddb/
> The output at the last two line is:
>
> *radiusd: #### Opening IP addresses and Ports ####*
> *The server is not configured to listen on any ports. Cannot start.*
>
> I run radtest command and it didn't work as well
> Please help!
>
> Regards,
> Reeyon
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
>
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
