Ok, now we are talking ;)
Thank you, Fabrice. I wish I could easily use the suggested wpa supplicant
but I couldnt build the eapol_test binary without installing gcc to the ZEN
VM and also I ran into an error with nl80211 driver
../src/drivers/driver_nl80211.c:17:31: fatal error: netlink/genl/genl.h: No
such file or directory
Plus, it is still unclear to me how I would test it because the syntax of
the command refers to the configuration file
eapol_test -c file -s testing123
In our case the user that I created is in the local database, not in users
file
Eugene
From: Durand fabrice via PacketFence-users
[mailto:[email protected]]
Sent: Thursday, December 28, 2017 3:30 PM
To: [email protected]
Cc: Durand fabrice
Subject: Re: [PacketFence-users] Need an advice and maybe assistance with
FreeRADIUS
Hello Eugene,
in fact for 802.1x you need to use eapol_test instead of radtest.
(http://deployingradius.com/scripts/eapol_test/)
Also use the port 1812 instead of 18120.
Regards
Fabrice
Le 2017-12-28 à 03:07, E.P. via PacketFence-users a écrit :
Guys,
I still hope someone with more experience with PF give me a hand with this
trivial issue (if it is an issue)
Im on my way to test PF with baby steps and just created a user under Users
section in PF GUI.
Then I test it using a simple command like this and it seems to work using
the local identity store.
[root@PacketFence-ZEN bin]# ./pftest authentication test1 123456
Testing authentication for "test1"
Authenticating against local
Authentication SUCCEEDED against local (Authentication successful.)
Matched against local for 'authentication' rules
set_access_level : User Manager
set_unreg_date : 0000-00-00 00:00:00
Matched against local for 'administration' rules
set_access_level : User Manager
set_unreg_date : 0000-00-00 00:00:00
Then Im following the admin guide and want to test this user authentication
using radtest command as in
[root@PacketFence-ZEN bin]# radtest test1 123456 localhost:18120 12
testing123
Sent Access-Request Id 136 from 0.0.0.0:45055 to 127.0.0.1:18120 length 75
User-Name = "test1"
User-Password = "123456"
NAS-IP-Address = 172.16.0.222
NAS-Port = 12
Message-Authenticator = 0x00
Cleartext-Password = "123456"
Received Access-Reject Id 136 from 127.0.0.1:18120 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Why am I rejected here ? Am I not supposed to use this test1 user to test
RADIUS with the proxy module ?
And finally, when I test this with a real network device, Unifi WAP for
example, I dont go anywhere.
I see that NAD is added, heres an entry from radius.log
Dec 28 07:42:46 PacketFence-ZEN auth[16806]: Adding client 172.19.254.2/32
with shared secret "123456"
When I try to authenticate for an endpoint to a specific SSID I see this
error in radius-acct.log
Dec 28 07:38:58 PacketFence-ZEN acct[16780]: Dropping packet without
response because of error: Received Accounting-Request packet from client
172.19.254.2 with invalid Request Authenticator! (Shared secret is
incorrect.)
I added this WAP under Policies and access control in Switches section
using the shared secret as shown above and following the admin guide. What
am I doing wrong ?
Heres how the switches.conf file looks like after I added this WAP:
[root@PacketFence-ZEN conf]# cat ./switches.conf
[172.19.254.2]
VoIPCDPDetect=N
VoIPDHCPDetect=N
deauthMethod=RADIUS
description=Test-WAP
VoIPLLDPDetect=N
radiusSecret=123456
VlanMap=N
Just to confirm, Im not doing any inline mode, nor guest or web
authentication, just pure WPA-Enterprise with RADIUS internal users identity
store.
Eugene
----------------------------------------------------------------------------
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
