Hello Stefan,
What do you see in the logs/packetfence.log upon using 'bin/pfcmd checkup', and
do you see the filter being trigger when the user authenticate?
Look for "1:EthernetEAP&EAPTLS" in the packetfence.log.
Thanks.
On Thursday, October 06, 2016 10:36 EDT, "Marold, Stefan"
<[email protected]> wrote:
Hi Antoine,
Thank you very much for your answer. Yes, the status of the client is unreg.
I've configured an AD source with a catch-all rule and thought, this will
register the nodes automatically. But after reading the documentation again, I
think it is only for captive portal.
I tried to configure AutoRegister as you suggested, but I think there is an
error in my configuration. With the following configuration, I expect the
client will be autoregistered with role 'default', vlan 477. Instead, it is
still unreg, vlan 11.
[root@PacketFence-6_2_1 ~]# cat /usr/local/pf/conf/vlan_filters.conf|egrep -v
"^#"
[EthernetEAP]
filter = connection_type
operator = is
value = Ethernet-EAP
[EAPTLS]
filter = radius_request
attribute = EAP-Type
operator = is
value = EAP-TLS
[1:EthernetEAP&EAPTLS]
scope = AutoRegister
role = default
[root@PacketFence-6_2_1 ~]# /usr/local/pf/bin/pfcmd checkup Checking
configuration sanity...
tail -f /usr/local/pf/logs/radius.log
Thu Oct 6 09:56:37 2016 : Error: (10) Ignoring duplicate packet from client
172.20.10.118 port 1645 - ID: 216 due to unfinished request in component
post-auth module packetfence
Thu Oct 6 09:56:39 2016 : Error: (10) Ignoring duplicate packet from client
172.20.10.118 port 1645 - ID: 216 due to unfinished request in component
post-auth module packetfence
Thu Oct 6 09:56:41 2016 : Error: (10) Ignoring duplicate packet from client
172.20.10.118 port 1645 - ID: 216 due to unfinished request in component
post-auth module packetfence
Thu Oct 6 09:56:43 2016 : Error: (10) Ignoring duplicate packet from client
172.20.10.118 port 1645 - ID: 216 due to unfinished request in component
post-auth module packetfence
Thu Oct 6 09:56:44 2016 : Auth: rlm_perl: Returning vlan 11 to request from
74:2b:62:6d:47:d4 port 50101
Thu Oct 6 09:56:44 2016 : rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2
means OK)
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Closing connection (1): Hit
idle_timeout, was idle for 905 seconds
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Closing connection (2): Hit
idle_timeout, was idle for 905 seconds
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Closing connection (3): Hit
idle_timeout, was idle for 905 seconds
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Closing connection (4): Hit
idle_timeout, was idle for 905 seconds
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Closing connection (0): Hit
idle_timeout, was idle for 905 seconds
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Closing connection (5): Hit
idle_timeout, was idle for 905 seconds
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Opening additional connection
(6), 1 of 64 pending slots used
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Need 2 more connections to reach
10 spares
Thu Oct 6 09:56:44 2016 : Info: rlm_sql (sql): Opening additional connection
(7), 1 of 63 pending slots used
Thu Oct 6 09:56:35 2016 : [mac:74:2b:62:6d:47:d4] Accepted user: and returned
VLAN 11
Thu Oct 6 09:56:44 2016 : Auth: (10) Login OK: [host/D1527.dorsten.local] (from
client 172.20.10.118 port 50101 cli 74:2b:62:6d:47:d4)
Best regards
Stefan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
