Hello Kimiko,
I am thinking that you do not have a rule to apply a role at the moment,
so you validate the dot1x on PF, but that's just the authentication
part, authentication =/= registration.
You could enable the autoreg, on the connection profile secure, so
anyone who success to authenticate in dot1x will be automatically
register on PF. Else you will need to authenticate twice, once for the
concoction and once on the portal of PF.
Thanks
On 09/08/2017 05:24 AM, Kimiko_Yan via PacketFence-users wrote:
Hi
Now I have successfully accomplished 802.1x local auth with newly
created user "test124", but now the question is, why it always showed
"is of status unreg" and just put the device into registration role.
The user has finished 802.1x auth and the device should be put into
default(employees) role as I defined...Why not now ?
My switch config??profiles config and packetfence.log is as below:
# more profiles.conf
[mac-auth]
locale=
filter=ssid:pf-public
sources=email
redirecturl=https://172.30.1.5/
always_use_redirecturl=enabled
[802.1x]
locale=
filter=ssid:pf-secure
sources=radius
always_use_redirecturl=enabled
redirecturl=http://172.30.1.5
#more switches.conf
[172.30.1.250]
deauthMethod=RADIUS
description=Aruba AC
type=Aruba
RoleMap=Y
mode=production
ExternalPortalEnforcement=Y
defaultRole=employees
guestRole=internet-only
wsPwd=admin1
cliUser=admin
wsTransport=HTTPS
wsUser=admin
defaultVlan=801
radiusSecret=hahahaha
SNMPCommunityRead=pftest
SNMPCommunityWrite=pftest
SNMPVersion=2c
cliPwd=admin1
cliEnablePwd=admin1
VlanMap=N
#tail -f packetfence.log
Sep 8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO:
[mac:64:b0:a6:d3:24:bd] handling radius autz request: from switch_ip
=> (172.30.1.250), connection_type => Wireless-802.11-EAP,switch_mac
=> (00:0b:86:b7:78:6f), mac => [64:b0:a6:d3:24:bd], port => 0,
username => "test123", ssid => pf-secure (pf::radius::authorize)
Sep 8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO:
[mac:64:b0:a6:d3:24:bd] Instantiate profile 802.1x
(pf::Connection::ProfileFactory::_from_profile)
Sep 8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO:
[mac:64:b0:a6:d3:24:bd] is of status unreg; belongs into registration
VLAN (pf::role::getRegistrationRole)
Sep 8 16:55:12 bogon packetfence_httpd.aaa: httpd.aaa(10971) INFO:
[mac:64:b0:a6:d3:24:bd] (172.30.1.250) Added role registrationto the
returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
aamac...@inverse.ca :: www.inverse.ca
+1.514.447.4918 x130 :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
