Can you try pfcmd configreload hard and restart radius. (pfcmd service
radiusd restart)
Le 2017-12-28 à 19:20, E.P. a écrit :
I should have made my previous email shorter because my main question
fell into cracks.
Why do I have an error with the shared secret? Quoting it here again:
When I test this with a real network device, Unifi WAP for example, I
don’t go anywhere.
I see that NAD is added, here’s an entry from radius.log
/Dec 28 07:42:46 PacketFence-ZEN auth[16806]: Adding client
172.19.254.2/32 with shared secret "123456"/
When I try to authenticate from an endpoint to a specific SSID I see
this error in radius-acct.log
/Dec 28 07:38:58 PacketFence-ZEN acct[16780]: Dropping packet without
response because of error: Received Accounting-Request packet from
client 172.19.254.2 with invalid Request Authenticator! (Shared
secret is incorrect.)/
I added this WAP under “Policies and access control” in Switches
section using the shared secret as shown above and following the admin
guide. What am I doing wrong ?
Here’s how the switches.conf file looks like after I added this WAP:
/[root@PacketFence-ZEN conf]# cat ./switches.conf/
/[172.19.254.2]/
/VoIPCDPDetect=N/
/VoIPDHCPDetect=N/
/deauthMethod=RADIUS/
/description=Test-WAP/
/VoIPLLDPDetect=N/
/radiusSecret=123456/
/VlanMap=N/
Eugene
*From:*Durand fabrice via PacketFence-users
[mailto:[email protected]]
*Sent:* Thursday, December 28, 2017 3:30 PM
*To:* [email protected]
*Cc:* Durand fabrice
*Subject:* Re: [PacketFence-users] Need an advice and maybe assistance
with FreeRADIUS
Hello Eugene,
in fact for 802.1x you need to use eapol_test instead of radtest.
(http://deployingradius.com/scripts/eapol_test/)
Also use the port 1812 instead of 18120.
Regards
Fabrice
Le 2017-12-28 à 03:07, E.P. via PacketFence-users a écrit :
Guys,
I still hope someone with more experience with PF give me a hand
with this trivial issue (if it is an issue)
I’m on my way to test PF with baby steps and just created a user
under Users section in PF GUI.
Then I test it using a simple command like this and it seems to
work using the local identity store.
/[//root@PacketFence-ZEN bin]# ./pftest authentication test1 123456/
/Testing authentication for "test1"/
//
/Authenticating against local/
/Authentication SUCCEEDED against local (Authentication successful.)/
/Matched against local for 'authentication' rules/
/set_access_level : User Manager/
/set_unreg_date : 0000-00-00 00:00:00/
/Matched against local for 'administration' rules/
/set_access_level : User Manager/
/set_unreg_date : 0000-00-00 00:00:00/
Then I’m following the admin guide and want to test this user
authentication using radtest command as in
/[root@PacketFence-ZEN bin]# radtest test1 123456 localhost:18120
12 testing123/
/Sent Access-Request Id 136 from 0.0.0.0:45055 to 127.0.0.1:18120
length 75/
/User-Name = "test1"/
/User-Password = "123456"/
/NAS-IP-Address = 172.16.0.222/
/NAS-Port = 12/
/Message-Authenticator = 0x00/
/Cleartext-Password = "123456"/
/Received Access-Reject Id 136 from 127.0.0.1:18120 to 0.0.0.0:0
length 20/
(0)/-: Expected Access-Accept got Access-Reject/
Why am I rejected here ? Am I not supposed to use this test1 user
to test RADIUS with the proxy module ?
And finally, when I test this with a real network device, Unifi
WAP for example, I don’t go anywhere.
I see that NAD is added, here’s an entry from radius.log
/Dec 28 07:42:46 PacketFence-ZEN auth[16806]: Adding client
172.19.254.2/32 with shared secret "123456"/
When I try to authenticate for an endpoint to a specific SSID I
see this error in radius-acct.log
/Dec 28 07:38:58 PacketFence-ZEN acct[16780]: Dropping packet
without response because of error: Received Accounting-Request
packet from client 172.19.254.2 with invalid Request
Authenticator! (Shared secret is incorrect.)/
I added this WAP under “Policies and access control” in Switches
section using the shared secret as shown above and following the
admin guide. What am I doing wrong ?
Here’s how the switches.conf file looks like after I added this WAP:
/[root@PacketFence-ZEN conf]# cat ./switches.conf/
/[172.19.254.2]/
/VoIPCDPDetect=N/
/VoIPDHCPDetect=N/
/deauthMethod=RADIUS/
/description=Test-WAP/
/VoIPLLDPDetect=N/
/radiusSecret=123456/
/VlanMap=N/
Just to confirm, I’m not doing any inline mode, nor guest or web
authentication, just pure WPA-Enterprise with RADIUS internal
users identity store.
Eugene
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
