Hi,I have a problem running with my packetfence. Now I have configure it to
work with a cisco 2960 swicth and the server is running on a wmware worksation
machine.When packetfence put the device on the registration vlan the client
doesn't get an IP address and a static ip address on this same client doesn't
permit to ping packetfence server or to ping the switch.eth0 interface seems to
be running.The output of radius debug shows this [suffix] No '@' in User-Name
= "Administrateur", skipping NULL due to config.++[suffix] = noop[ntdomain] No
'\' in User-Name = "Administrateur", looking up realm NULL[ntdomain] No such
realm "NULL"++[ntdomain] = noop++[preprocess] = ok[eap] EAP packet type
response id 10 length 43[eap] Continuing tunnel setup.++[eap] = ok+} # group
authorize = okFound Auth-Type = EAP# Executing group from file
/usr/local/pf/raddb//sites-enabled/packetfence+group authenticate {[eap]
Request found, released from the list[eap] EAP/peap[eap] processing type
peap[peap] processing EAP-TLS[peap] eaptls_verify returned 7 [peap] Done
initial handshake[peap] eaptls_process returned 7 [peap] EAPTLS_OK[peap]
Session established. Decoding tunneled attributes.[peap] Peap state send tlv
success[peap] Received EAP-TLV response.[peap] Success[peap] Using saved
attributes from the original Access-Accept Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 = "100" User-Name =
"Administrateur"[eap] Freeing handler++[eap] = ok+} # group authenticate =
okLogin OK: [Administrateur] (from client 192.168.1.5 port 50003 cli
00:40:d0:67:d0:b1)} # server packetfence# Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/packetfence+group post-auth {++[exec] =
noop++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP))?
Evaluating !(EAP-Type ) -> FALSE?? Evaluating (EAP-Type != EAP-TTLS ) ->
TRUE?? Evaluating (EAP-Type != PEAP) -> FALSE++? if (!EAP-Type || (EAP-Type !=
EAP-TTLS && EAP-Type != PEAP)) -> FALSE+} # group post-auth = noopSending
Access-Accept of id 42 to 192.168.1.5 port 1645 Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 = "100" User-Name =
"Administrateur" MS-MPPE-Recv-Key =
0xf68acbdf500d49b410cdfc7e55f80616b05cc4b2ef2ca466d212317af86838ff
MS-MPPE-Send-Key =
0x127d4a339e47839cd271f86f062913e861408355d02e43364597daba13d2108e EAP-Message
= 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000Finished
request 16.Going to the next requestWaking up in 4.9 seconds.Cleaning up
request 15 ID 41 with timestamp +45Cleaning up request 16 ID 42 with timestamp
+49Ready to process requests. Now the output of packetfence.log and
pfdhcplistener.log
Apr 26 11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1] is of status
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)Apr 26
11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1] (192.168.1.5) Added
VLAN 100 to the returned RADIUS reply (pf::Switch::returnRadiusAccessAccept)Apr
26 11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1] (192.168.1.5)
Returning ACCEPT with VLAN 100 (pf::Switch::returnRadiusAccessAccept)Apr 26
11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1] (192.168.1.5) No access
lists defined for this role registration
(pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
Apr 26 11:16:26 pfdhcplistener(51054) WARN: Unable to open VLAN proc
description for eth0: No such file or directory
(pf::util::get_vlan_from_int)Apr 26 11:16:26 pfdhcplistener(51054) INFO: DHCP
detector on eth0 enabled (main::)Apr 26 11:16:26 pfdhcplistener(51054) INFO:
Reload configuration on eth0 with status 0 (main::reload_config)
Why a static IP on the host can't reach the server or can ping the switch?All
the firewalls have been stopped.Can I have a help?thanks
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
