Hello, A start would be the packetfence logs (/usr/local/pf/logs/packetfence.log) info/debug messages are written there. Is the switch in production? Else it only gives out access-accept packages, but no control logic is applied yet.
Bebbet On 24-2-2016 16:55, BARÓCSI Gábor wrote: > Hello, > > Please help me with an issue. I've just installed packetfence and integrated > to a windows AD domain. I can do AD queries. I use a cisco sg300 switch which > sends the EAP requests to packetfence. > I see with tcpdump that requests are coming to packetfence, but there is no > response to the switch. > > RADIUS, Access Request (1), id: 0x8b length: 137 > > When I run the command: sudo netstat -nap | grep radius > > I get this: > udp 0 0 127.0.0.1:56159 127.0.0.1:8125 > ESTABLISHED 2866/freeradius > udp 0 0 127.0.0.1:43991 127.0.0.1:8125 > ESTABLISHED 2866/freeradius > udp 0 0 0.0.0.0:1103 0.0.0.0:* > 2866/freeradius > udp 0 0 0.0.0.0:38039 0.0.0.0:* > 2866/freeradius > udp 0 0 127.0.0.1:18120 0.0.0.0:* > 2880/freeradius > udp 0 0 10.1.12.52:1812 0.0.0.0:* > 2880/freeradius > udp 0 0 10.1.12.52:1813 0.0.0.0:* > 2866/freeradius > udp 0 0 10.1.12.52:1814 0.0.0.0:* > 2880/freeradius > udp 0 0 0.0.0.0:49196 0.0.0.0:* > 2880/freeradius > udp 0 0 127.0.0.1:47188 127.0.0.1:8125 > ESTABLISHED 2880/freeradius > udp 0 0 127.0.0.1:55612 127.0.0.1:8125 > ESTABLISHED 2880/freeradius > > > I tried to do a query with this actual command (I don't have a user like > that): radtest dd9999 Abcd1234 localhost:18120 12 testing123 Sending > Access-Request of id 189 to 127.0.0.1 port 18120 > User-Name = "dd9999" > User-Password = "Abcd1234" > NAS-IP-Address = 127.0.1.1 > NAS-Port = 12 > Message-Authenticator = 0x00000000000000000000000000000000 > rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=189, > length=20 > > Anything that I can check? The problem is that the switch is not getting an > EAP Radius-Access-Chellange response message and the VLAN can not be set. > > Also please confirm if I understand it correct: switch uses 802.1x auth wih > freeradius, packetfence is checking the AD, and if user or machine is in the > AD it is setting the correct VLAN. Maybe some other checks are also made like > firewall is on, etc. > > Thanks for any help, I'd really appreciate it as I'm new to this system but I > have to make it work. > > Gábor Barócsi > Network and System Engineer > > > > > > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
