Hi! Thanks for your answer. I got stuck again but I don't give up!
When I start freeradius in debug mode like you told me, it works fine. I see data in packetfence.log and the switch port is switched to the registration vlan. sudo pkill freeradius; sudo freeradius -d /usr/local/pf/raddb -n auth -Xx BUT when I just start it like sudo service freeradius start it does not accept the requests. If I restart the whole machine, it is the same. It only works when I start it in debug mode. Why is that? Gábor Barócsi Network and System Engineer From: Louis Munro [mailto:lmu...@inverse.ca] Sent: 2016. február 24. 22:19 To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] freeradius issue with 802.1x On Feb 24, 2016, at 15:59 , BARÓCSI Gábor <gabor.baro...@qualysoft.com> wrote: Now the switchport went to Registration vlan, but I don't know understand why. I defined a Portal profile with the following conditions: 1. switch - switchIp Source: A defined ADauthentication (is user in a group) Provisioners: accept It is set that any of the conditions are met. In the switchconfig, there is: Role mapping by vlan ID, and I set up registration, isolation and a production vlan. How do I know why is that port set to the registration vlan? I don't understand the decision logic of packet fence. I've read the admin guide a few times, but I just don't get the point. I really understood it with your words :) Hi Gábor, You don’t really need provisioners. Those are meant to autoconfigure devices, mostly on wireless. The way do do this is to define a combination of Portal and sources. Here is what I would do. Start by making sure you have an Active-Directory source. Add a catchall rule to it (meaning a rule that has no condition and will apply to any request). Set the action to assign a default role and a registration time. Then make sure that the switch is configured to assign whatever vlan you want for the "default" role. Do that by mapping out roles to vlans in the PacketFence switches configuration. Delete all portal profiles and start with just the default one. Assign it the AD source you have configured. Try connecting again. The trick is to break it down into parts. Don’t try to configure multiple profiles before you have the default one working. Don’t try to add complex authorization rules before you get the catchall rule working. Add one thing at a time and try it. Read the logs (/usr/local/pf/logs/packetfence.log). If nothing works, show us your conf/profiles.conf, conf/switches.conf as well as your conf/authentication.conf files. These define which authentication rules you have set and which profile should apply to the incoming connection. Good luck, and don’t give up! -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
