Hello Denis, so first you added it in packetfence-tunnel (which is correct) but you test it with radclient and it will never go in packetfence-tunnel.
What you have to do is to use eapol_test in order to test 802.1x. http://deployingradius.com/scripts/eapol_test/ Also radius debug mean : raddebug -f var/run/radiusd.sock -t 300 Regards Fabrice Le 2017-01-17 à 16:27, denis a écrit : > > Le 17/01/2017 à 21:48, Fabrice Durand a écrit : >> Hello Denis, > Hello Fabrice, >> where did you defined your ldap in Freeradius (packetfence / >> packetfence-tunnel) and in which section ? > conf/radiusd/packetfence-tunnel, in authorize section : > > > # > # The ldap module reads passwords from the LDAP database. > -ldap > # > > raddb/mods-enabled/ldap : my encrypted ntpassword is stored in > 'sambaNTPassword' attribute > > ldap { > server = '172.16.x.x' > identity = "cn=xxxxxx,dc=diderot,dc=org" > password = xxxxxxx > base_dn = "dc=diderot,dc=org" > ... > update { > control:Password-With-Header += 'userPassword' > control:NT-Password := 'sambaNTPassword' > .... > user { > base_dn = "${..base_dn}" > filter = "(uid=%{%{mschap:User-Name}:-%{User-Name}})" > .... > > >> Also do you have the whole radius debug ? > > Tue Jan 17 22:22:13 2017 : Warning: WARNING: Ignoring "response_window = > 20.000000", forcing to "response_window = 10.000000" > Tue Jan 17 22:22:13 2017 : Info: Debugger not attached > Tue Jan 17 22:22:13 2017 : Info: rlm_redis: libhiredis version: 0.11.0 > Tue Jan 17 22:22:13 2017 : Info: rlm_sql (sql): Driver rlm_sql_mysql > (module rlm_sql_mysql) loaded and linked > Tue Jan 17 22:22:13 2017 : Info: rlm_sql (pfguest): Driver rlm_sql_mysql > (module rlm_sql_mysql) loaded and linked > Tue Jan 17 22:22:13 2017 : Info: rlm_sql (pfsponsor): Driver > rlm_sql_mysql (module rlm_sql_mysql) loaded and linked > Tue Jan 17 22:22:13 2017 : Info: rlm_sql (pfsms): Driver rlm_sql_mysql > (module rlm_sql_mysql) loaded and linked > Tue Jan 17 22:22:13 2017 : Info: rlm_sql (pflocal): Driver rlm_sql_mysql > (module rlm_sql_mysql) loaded and linked > Tue Jan 17 22:22:13 2017 : Info: rlm_sql (sql_reject): Driver > rlm_sql_mysql (module rlm_sql_mysql) loaded and linked > Tue Jan 17 22:22:13 2017 : Info: rlm_redis (redis): Opening additional > connection (0), 1 of 64 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_redis (redis): Opening additional > connection (1), 1 of 63 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_redis (redis): Opening additional > connection (2), 1 of 62 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_redis (redis): Opening additional > connection (3), 1 of 61 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_redis (redis): Opening additional > connection (4), 1 of 60 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_rest: libcurl version: > libcurl/7.38.0 OpenSSL/1.0.1t zlib/1.2.8 libidn/1.29 libssh2/1.4.3 > librtmp/2.3 > Tue Jan 17 22:22:13 2017 : Info: rlm_rest (rest): Opening additional > connection (0), 1 of 64 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_rest (rest): Opening additional > connection (1), 1 of 63 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_rest (rest): Opening additional > connection (2), 1 of 62 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_rest (rest): Opening additional > connection (3), 1 of 61 pending slots used > Tue Jan 17 22:22:13 2017 : Info: rlm_rest (rest): Opening additional > connection (4), 1 of 60 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_sql_mysql: libmysql version: 5.5.53 > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Attempting to connect to > database "pf" > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Opening additional > connection (0), 1 of 64 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Opening additional > connection (1), 1 of 63 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Opening additional > connection (2), 1 of 62 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Opening additional > connection (3), 1 of 61 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Opening additional > connection (4), 1 of 60 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Need 5 more connections > to reach 10 spares > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql): Opening additional > connection (5), 1 of 59 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (pfguest): Attempting to > connect to database "pf" > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (pfsponsor): Attempting to > connect to database "pf" > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (pfsms): Attempting to connect > to database "pf" > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (pflocal): Attempting to > connect to database "pf" > Tue Jan 17 22:22:14 2017 : Warning: rlm_sql (sql_reject): > groupmemb_query is empty. Please delete it from the configuration > Tue Jan 17 22:22:14 2017 : Warning: rlm_sql (sql_reject): > authorize_check_query is empty. Please delete it from the configuration > Tue Jan 17 22:22:14 2017 : Info: rlm_sql (sql_reject): Attempting to > connect to database "pf" > Tue Jan 17 22:22:14 2017 : Info: rlm_ldap: libldap vendor: OpenLDAP, > version: 20440 > Tue Jan 17 22:22:14 2017 : Info: rlm_ldap (ldap): Opening additional > connection (0), 1 of 64 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_ldap (ldap): Opening additional > connection (1), 1 of 63 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_ldap (ldap): Opening additional > connection (2), 1 of 62 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_ldap (ldap): Opening additional > connection (3), 1 of 61 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_ldap (ldap): Opening additional > connection (4), 1 of 60 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_rest (rest-cli): Opening additional > connection (0), 1 of 64 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_rest (rest-cli): Opening additional > connection (1), 1 of 63 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_rest (rest-cli): Opening additional > connection (2), 1 of 62 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_rest (rest-cli): Opening additional > connection (3), 1 of 61 pending slots used > Tue Jan 17 22:22:14 2017 : Info: rlm_rest (rest-cli): Opening additional > connection (4), 1 of 60 pending slots used > Tue Jan 17 22:22:14 2017 : Warning: > [raddb//mods-config/attr_filter/access_reject]:11 Check item > "FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT". > Tue Jan 17 22:22:14 2017 : Warning: > [raddb//mods-config/attr_filter/access_reject]:11 Check item > "FreeRADIUS-Response-Delay-USec" found in filter list for realm > "DEFAULT". > Tue Jan 17 22:22:14 2017 : Info: Loaded virtual server <default> > Tue Jan 17 22:22:14 2017 : Info: Loaded virtual server packetfence-cli > Tue Jan 17 22:22:14 2017 : Info: Loaded virtual server dynamic_clients > Tue Jan 17 22:22:14 2017 : Info: Loaded virtual server packetfence-tunnel > Tue Jan 17 22:22:14 2017 : Info: Loaded virtual server packetfence > Tue Jan 17 22:22:14 2017 : Info: Ready to process requests > Tue Jan 17 22:22:33 2017 : ERROR: (0) rest: ERROR: Server returned: > Tue Jan 17 22:22:33 2017 : ERROR: (0) rest: ERROR: > {"Reply-Message":"Switch is not managed by > PacketFence","reply:PacketFence-Authorization-Status":"allow"} > Tue Jan 17 22:22:33 2017 : Info: rlm_rest (rest): Need 5 more > connections to reach 10 spares > Tue Jan 17 22:22:33 2017 : Info: rlm_rest (rest): Opening additional > connection (5), 1 of 59 pending slots used > Tue Jan 17 22:22:33 2017 : Info: rlm_sql (sql): Need 4 more connections > to reach 10 spares > Tue Jan 17 22:22:33 2017 : Info: rlm_sql (sql): Opening additional > connection (6), 1 of 58 pending slots used > Tue Jan 17 22:22:33 2017 : [mac:] Accepted user: and returned VLAN > Tue Jan 17 22:22:33 2017 : Auth: (0) Rejected in post-auth: > [denis.bonnenfant] (from client localhost port 12) > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
