> On Apr 12, 2017, at 9:23 AM, Forum <[email protected]> wrote:
>
> Wed Apr 12 15:19:21 2017 : ERROR: (0) rest: ERROR: {"Reply-Message":"CLI
> Access is not allowed by PacketFence on this
> switch","reply:PacketFence-Authorization-Status":"allow"}
You are testing from the localhost.
That (virtual) switch is not configured in PacketFence for this type of
requests.
The problem is with your test.
radtest is not a working replacement for a real request.
The request has to contain additional radius attributes.
Furthermore you are sending requests to a port that will not necessarily
replicate your real AAA workflow.
Use either radclient or eapol_test (if doing any kind of eap).
I suggest you capture a real request and then replicate the traffic by sending
the same attributes to the same port.
You will need attributes such as NAS-Ip-Address to be defined.
Look in /usr/local/pf/conf/local_secret for the shared secret of the local
server.
You will need it.
Regards,
--
Louis Munro
[email protected] <mailto:[email protected]> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (www.packetfence.org <http://www.packetfence.org/>)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users