> On Apr 12, 2017, at 9:23 AM, Forum <[email protected]> wrote:
> 
> Wed Apr 12 15:19:21 2017 : ERROR: (0) rest: ERROR: {"Reply-Message":"CLI
> Access is not allowed by PacketFence on this
> switch","reply:PacketFence-Authorization-Status":"allow"}


You are testing from the localhost.
That (virtual) switch is not configured in PacketFence for this type of 
requests.

The problem is with your test.
radtest is not a working replacement for a real request.
The request has to contain additional radius attributes.

Furthermore you are sending requests to a port that will not necessarily 
replicate your real AAA workflow.

Use either radclient or eapol_test (if doing any kind of eap).
I suggest you capture a real request and then replicate the traffic by sending 
the same attributes to the same port.
You will need attributes such as NAS-Ip-Address to be defined.
Look in /usr/local/pf/conf/local_secret for the shared secret of the local 
server.
You will need it.

Regards,
--
Louis Munro
[email protected] <mailto:[email protected]>  ::  www.inverse.ca 
<http://www.inverse.ca/> 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and 
PacketFence (www.packetfence.org <http://www.packetfence.org/>)

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to