Hello Peter,
try to remove md5 in
https://pf_mgmt:1443/admin/configuration#configuration/radius_authentication_methods
as i remember the Dell switch try to negotiate md5 first.
Regards
Fabrice
Le 2018-01-09 à 19:19, Truax, Peter via PacketFence-users a écrit :
Hello,
First, I want to say that I love PacketFence! All the things it can do
are wonderful and make my life so much easier. I am having trouble
trying to get a Dell 3500 Switch to work with PacketFence. It is
capable of performing mac auth bypass and dynamic VLAN assignment.
Half of our wired network uses these devices, and we cannot upgrade to
newer equipment yet.
These switches will successfully do mac-auth-bypass and dynamic vlan
assignment with a vanilla install of FreeRadius. They should be able
to work with PacketFence.
Using the Dell N1500 series Switch Module, it works up to a point. I
also tried the Dell Force 10 Switch Module as well, but with no
difference.
Below are various log file snippets of relevant information.
From Raddebug:
Jan 9 13:12:22 netreg auth[2276]: Adding client 10.10.0.130/32 with
shared secret "xxxxxx"
Jan 9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Response appears
to match a previous request, but the EAP type is wrong
Jan 9 13:12:22 netreg auth[2276]: (277) eap: ERROR: We expected EAP
type PEAP, but received type MD5
Jan 9 13:12:22 netreg auth[2276]: (277) eap: ERROR: Your Supplicant
or NAS is probably broken
Jan 9 13:12:22 netreg auth[2276]: (277) Login incorrect (eap:
Response appears to match a previous request, but the EAP type is
wrong): [782bcbe1350b] (from client 10.10.0.130 port 1 cli
78:2b:cb:e1:35:0b)
Jan 9 13:12:22 netreg auth[2276]: (277) eap: ERROR: rlm_eap (EAP): No
EAP session matching state 0x281b6642281a7f83
Jan 9 13:12:22 netreg auth[2276]: [mac:78:2b:cb:e1:35:0b] Rejected
user: 782bcbe1350b
From Radius.Log:
(268) Mon Jan 8 14:04:01 2018: ERROR: eap: Response appears to match a
previous request, but the EAP type is wrong
(268) Mon Jan 8 14:04:01 2018: ERROR: eap: We expected EAP type PEAP,
but received type MD5
(268) Mon Jan 8 14:04:01 2018: ERROR: eap: Your Supplicant or NAS is
probably broken
(268) Mon Jan 8 14:04:01 2018: Debug: eap: Failed in handler
(268) Mon Jan 8 14:04:01 2018: Debug: [eap] = invalid
I found the source code for this error in FreeRadius:
1117/*
1118 * Even more paranoia. Without this, some weird
1119 * clients could do crazy things.
1120 *
1121 * It's ok to send EAP sub-type NAK in response
1122 * to a request for a particular type, but it's NOT
1123 * OK to blindly return data for another type.
1124 */
1125if((eap_packet->data
<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
!= PW_EAP_NAK
<https://doc.freeradius.org/eap__types_8h.html#a492a186ed73931736f0e2bd7a63ebfd5a1b2f59161e5d9801d9949e4548d37f2b>)
&&
1126 (eap_packet->data
<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]
!= eap_session->type
<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080e9dea5865a5933c>))
{
1127RERROR
<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("Response
appears to match a previous request, but the EAP type is wrong");
1128RERROR
<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("We
expected EAP type %s, but received type %s",
1129eap_type2name
<https://doc.freeradius.org/eap__types_8h.html#a8377cc0098fbc33aab9bbab907f5232b>(eap_session->type
<https://doc.freeradius.org/eap_8h.html#a928dd3fb263d69080e9dea5865a5933c>),
1130eap_type2name
<https://doc.freeradius.org/eap__types_8h.html#a8377cc0098fbc33aab9bbab907f5232b>(eap_packet->data
<https://doc.freeradius.org/eap__types_8h.html#aa7cc073025022d94c87cfec0358aaf3f>[0]));
1131RERROR
<https://doc.freeradius.org/log_8h.html#a54d63b732521caba733f2d624dc6c04a>("Your
Supplicant or NAS is probably broken");
1132gotoerror;
1133 }
It appears this error is produced by FreeRadius but that doesn’t make
sense, as I have a working instance of FreeRadius. Any help or
guidance would be appreciated.
Peter Truax
Network Administrator
(360) 688-2240
St. Martin’s University
5000 Abbey Way E
Lacey, WA 98503
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
