Hello Amidou,
You should look toward your switch, is your registration VLAN properly
applied to the port and spanned?
What is the result of "show authentication session interface XX" where
XX stands for the interface where your client is connected.
You should see "Vlan Policy: YOUR_REGISTRATION_VLAN".
Also look for "show spanning-tree vlan YOUR_REGISTRATION_VLAN"
You should see your interface where your device is plugged.
Thank you
On 04/26/2016 03:08 PM, TOURE Amidou Florian wrote:
Hi,I have a problem running with my packetfence. Now I have configure
it to work with a cisco 2960 swicth and the server is running on a
wmware worksation machine.When packetfence put the device on the
registration vlan the client doesn't get an IP address and a static ip
address on this same client doesn't permit to ping packetfence server
or to ping the switch.
eth0 interface seems to be running.
The output of radius debug shows this
[suffix] No '@' in User-Name = "Administrateur", skipping NULL due to
config.
++[suffix] = noop
[ntdomain] No '\' in User-Name = "Administrateur", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
++[preprocess] = ok
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "100"
User-Name = "Administrateur"
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
Login OK: [Administrateur] (from client 192.168.1.5 port 50003 cli
00:40:d0:67:d0:b1)
} # server packetfence
# Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group post-auth {
++[exec] = noop
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP))
? Evaluating !(EAP-Type ) -> FALSE
?? Evaluating (EAP-Type != EAP-TTLS ) -> TRUE
?? Evaluating (EAP-Type != PEAP) -> FALSE
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> FALSE
+} # group post-auth = noop
Sending Access-Accept of id 42 to 192.168.1.5 port 1645
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "100"
User-Name = "Administrateur"
MS-MPPE-Recv-Key =
0xf68acbdf500d49b410cdfc7e55f80616b05cc4b2ef2ca466d212317af86838ff
MS-MPPE-Send-Key =
0x127d4a339e47839cd271f86f062913e861408355d02e43364597daba13d2108e
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 15 ID 41 with timestamp +45
Cleaning up request 16 ID 42 with timestamp +49
Ready to process requests.
Now the output of packetfence.log and pfdhcplistener.log
Apr 26 11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1] is of
status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
Apr 26 11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1]
(192.168.1.5) Added VLAN 100 to the returned RADIUS reply
(pf::Switch::returnRadiusAccessAccept)
Apr 26 11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1]
(192.168.1.5) Returning ACCEPT with VLAN 100
(pf::Switch::returnRadiusAccessAccept)
Apr 26 11:49:51 httpd.aaa(50960) INFO: [mac:00:40:d0:67:d0:b1]
(192.168.1.5) No access lists defined for this role registration
(pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
Apr 26 11:16:26 pfdhcplistener(51054) WARN: Unable to open VLAN proc
description for eth0: No such file or directory
(pf::util::get_vlan_from_int)
Apr 26 11:16:26 pfdhcplistener(51054) INFO: DHCP detector on eth0
enabled (main::)
Apr 26 11:16:26 pfdhcplistener(51054) INFO: Reload configuration on
eth0 with status 0 (main::reload_config)
Why a static IP on the host can't reach the server or can ping the
switch?All the firewalls have been stopped.
Can I have a help?
thanks
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] :: +1.514.447.4918 *130 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
