So it mean that there is no rule that match it.tech username in your AD
source.
Try pftest authentication it.tech bob and see if the AD source return a
role and an unregdate.
Fabrice
Le 2018-01-29 à 20:39, E.P. a écrit :
Well, that’s my problem, Fabrice,
I’ve already checked that log, nothing in there ;)
RADIUS Request
User-Name = "it.tech" NAS-IP-Address = 172.19.254.2 NAS-Port = 0
Framed-MTU = 1400 State = 0xe7795756e6bf4d151b0bfaeaef977462
Called-Station-Id = "24:a4:3c:5e:c1:11:staff-secured"
Calling-Station-Id = "3c:2e:ff:3b:c7:ca" NAS-Identifier =
"24a43c507608" NAS-Port-Type = Wireless-802.11 Event-Timestamp = "Jan
30 2018 01:36:24 UTC" Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x02c600061a03 FreeRADIUS-Proxied-To = 127.0.0.1
EAP-Type = MSCHAPv2 Stripped-User-Name = "it.tech" Realm = "default"
Called-Station-SSID = "staff-secured" PacketFence-Domain = "optionsad"
User-Password = "******" SQL-User-Name = "it.tech"
RADIUS Reply
EAP-Message = 0x03c60004 Message-Authenticator =
0x00000000000000000000000000000000 Stripped-User-Name = "it.tech"
*From:*Durand fabrice via PacketFence-users
[mailto:[email protected]]
*Sent:* Monday, January 29, 2018 5:18 PM
*To:* [email protected]
*Cc:* Durand fabrice
*Subject:* Re: [PacketFence-users] VLAN assigment by RADIUS
Hello Eugene,
check in the radius audit log, you will see the radius answer.
Regards
Fabrice
Le 2018-01-29 à 19:41, E.P. via PacketFence-users a écrit :
Guys,
How can I see if a specific VLAN ID that I assigned to the switch
(or rather WAP) in “Role by VLAN ID” setting.
I have it as follows (extract from switches.conf file)
StaffRole=10
StaffVlan=10
Should I take into account not a very good marriage of Ubiquiti
Unifi and FreeRADIUS when it comes to VLAN ID assignment?
I see in the RADIUS debugs that VLAN is indeed assigned to the
user session (see below) but what is its ID ?
(88) attr_filter.packetfence_post_auth: EXPAND %{User-Name}
(88) attr_filter.packetfence_post_auth: --> it.tech
(88) attr_filter.packetfence_post_auth: Matched entry DEFAULT at
line 10
(88) [attr_filter.packetfence_post_auth] = updated
(88) linelog: EXPAND messages.%{%{reply:Packet-Type}:-default}
(88) linelog: --> messages.Access-Accept
(88) linelog: EXPAND [mac:%{Calling-Station-Id}] Accepted user:
%{reply:User-Name} and *returned VLAN*%{reply:Tunnel-Private-Group-ID}
(88) linelog: --> [mac:3c:2e:ff:3b:c7:ca] Accepted user: and
*returned VLAN*
(88) [linelog] = ok
(88) } # post-auth = updated
(88) Login OK: [it.tech] (from client 172.19.254.2 port 0 cli
3c:2e:ff:3b:c7:ca)
(88) Sent Access-Accept Id 46 from 172.16.0.222:1812
<http://172.16.0.222:1812> to 172.19.254.2:32784
<http://172.19.254.2:32784> length 0
Eugene
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
