Re: [PacketFence-users] 802.1x auth failed

Fri, 08 Sep 2017 05:31:49 -0700 

Hi


Now I have successfully accomplished 802.1x local auth with newly created user 
"test124", but now the question is, why it always showed "is of status unreg" 
and just put the device into registration role. The user has finished 802.1x 
auth and the device should be put into default(employees) role as I 
defined...Why not now ?


My switch config??profiles config and packetfence.log is as below:


# more profiles.conf
[mac-auth]
locale=
filter=ssid:pf-public
sources=email
redirecturl=https://172.30.1.5/
always_use_redirecturl=enabled


[802.1x]
locale=
filter=ssid:pf-secure
sources=radius
always_use_redirecturl=enabled
redirecturl=http://172.30.1.5



#more switches.conf
[172.30.1.250]
deauthMethod=RADIUS
description=Aruba AC
type=Aruba
RoleMap=Y
mode=production
ExternalPortalEnforcement=Y
defaultRole=employees
guestRole=internet-only
wsPwd=admin1
cliUser=admin
wsTransport=HTTPS
wsUser=admin
defaultVlan=801
radiusSecret=hahahaha
SNMPCommunityRead=pftest
SNMPCommunityWrite=pftest
SNMPVersion=2c
cliPwd=admin1
cliEnablePwd=admin1
VlanMap=N





#tail -f packetfence.log
Sep  8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO: 
[mac:64:b0:a6:d3:24:bd] handling radius autz request: from switch_ip => 
(172.30.1.250), connection_type => Wireless-802.11-EAP,switch_mac => 
(00:0b:86:b7:78:6f), mac => [64:b0:a6:d3:24:bd], port => 0, username => 
"test123", ssid => pf-secure (pf::radius::authorize)
Sep  8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO: 
[mac:64:b0:a6:d3:24:bd] Instantiate profile 802.1x 
(pf::Connection::ProfileFactory::_from_profile)
Sep  8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO: 
[mac:64:b0:a6:d3:24:bd] is of status unreg; belongs into registration VLAN 
(pf::role::getRegistrationRole)
Sep  8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO: 
[mac:64:b0:a6:d3:24:bd] (172.30.1.250) Added role registration to the returned 
RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to