Hello John,
in order to test a radius request and get rid of CLI Access.... add a
Calling-Station-ID attribute in your request and it should be ok.
Also if you want to test 802.1x use eapol_test for that.
Regards
Fabrice
Le 2018-01-09 à 02:26, John Whitten via PacketFence-users a écrit :
Hello Talented and Knowledgeable PacketFence Gurus!!
We use Nagios in our environment and I need to set up a service
monitor for the Packetfence system. I'm already monitoring the server
itself for the various stuff, disk, memory, cpu, etc., as well as the
various relevant processes. But what I need is something that will
permit me (or rather nagios) to go through a full dry run to verify
that a user would be able to login using Radius. I have a test user
account defined in our Active Directory and if I use it to actually
attempt to log in with a real system on a real switch, it works fine.
So that much is working okay. But when I try to just do a radius check
from nagios (located on another system) with the same user and
credentials, I keep running into all sorts of roadblocks such as "CLI
Access is not allowed by PacketFence on this switch", etc. I have
tried a number of different switch and configuration combinations,
especially attempting to use the "PF::MockedSwitch" type as that seems
the most reasonable, seeing as how nagios isn't a real switch. I've
gone in and told it to permit CLI access (CliAccess=Y) and all the
variations I can think of-- but nothing seems to work out. There is
nothing wrong with the PacketFence system in general. We use it all
day every day and have been for well over a year now. So it's just
trying to get something set up for testing / monitoring that I'm
having difficulties with. I'm fine with any type of Radius check as
long as it uses the user defined in Active Directory and can return
the answer to a remote system (i.e., the nagios system). I don't need
it to do any vlans or special handling. Just verify that the user
could log in as far as PacketFence is concerned.
Can anybody offer any advice or assistance on this?
Thanks!
John Whitten
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
