Do you have a complete radius request ? because this one is just to test
the if the radius server is still alive.

Regards
Fabrice

Le 2018-03-07 à 11:42, ebrar via PacketFence-users a écrit :
>
> Hi Fabrice,
>
> But it doesn't. I'm trying to solve the problem for hours but could
> not find anything.
>
> I read Administrator guide and run raddebug to find any clue. Still
> trying to find. I'm sending the output to you. May be you can see
> something that i did not see.
>
> (73) Wed Mar  7 22:33:50 2018: Debug: Received Access-Request Id 133
> from 192.168.56.100:1645 to 192.168.56.101:1812 length 51
> (73) Wed Mar  7 22:33:50 2018: Debug:   User-Password = "cisco"
> (73) Wed Mar  7 22:33:50 2018: Debug:   User-Name = "dummy"
> (73) Wed Mar  7 22:33:50 2018: Debug:   NAS-IP-Address = 192.168.56.100
> (73) Wed Mar  7 22:33:50 2018: Debug: # Executing section authorize
> from file /usr/local/pf/raddb/sites-enabled/packetfence
> (73) Wed Mar  7 22:33:50 2018: Debug:   authorize {
> (73) Wed Mar  7 22:33:50 2018: Debug:     update {
> (73) Wed Mar  7 22:33:50 2018: Debug:       EXPAND
> %{Packet-Src-IP-Address}
> (73) Wed Mar  7 22:33:50 2018: Debug:          --> 192.168.56.100
> (73) Wed Mar  7 22:33:50 2018: Debug:       EXPAND %l
> (73) Wed Mar  7 22:33:50 2018: Debug:          --> 1520451230
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # update = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     policy
> rewrite_calling_station_id {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&Calling-Station-Id &&
> (&Calling-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
> {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&Calling-Station-Id &&
> (&Calling-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>  
> -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:       else {
> (73) Wed Mar  7 22:33:50 2018: Debug:         [noop] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:       } # else = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # policy
> rewrite_calling_station_id = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     policy
> rewrite_called_station_id {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if ((&Called-Station-Id)
> && (&Called-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
> {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if ((&Called-Station-Id)
> && (&Called-Station-Id =~
> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>  
> -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:       else {
> (73) Wed Mar  7 22:33:50 2018: Debug:         [noop] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:       } # else = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # policy
> rewrite_called_station_id = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     policy filter_username {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&User-Name) {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&User-Name)  -> TRUE
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&User-Name)  {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~ / /) {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~ / /) 
> -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~
> /@[^@]*@/ ) {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~
> /@[^@]*@/ )  -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~ /\.\./ ) {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~ /\.\./
> )  -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:         if ((&User-Name =~ /@/)
> && (&User-Name !~ /@(.+)\.(.+)$/))  {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if ((&User-Name =~ /@/)
> && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~ /\.$/)  {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~
> /\.$/)   -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~ /@\./)  {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name =~
> /@\./)   -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:       } # if (&User-Name)  = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # policy filter_username =
> noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     policy filter_password {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&User-Password &&    
>    (&User-Password != "%{string:User-Password}")) {
> (73) Wed Mar  7 22:33:50 2018: Debug:       EXPAND %{string:User-Password}
> (73) Wed Mar  7 22:33:50 2018: Debug:          --> cisco
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&User-Password &&    
>    (&User-Password != "%{string:User-Password}"))  -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # policy filter_password =
> noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     [preprocess] = ok
> (73) Wed Mar  7 22:33:50 2018: Debug: suffix: Checking for suffix
> after "@"
> (73) Wed Mar  7 22:33:50 2018: Debug: suffix: No '@' in User-Name =
> "dummy", skipping NULL due to config.
> (73) Wed Mar  7 22:33:50 2018: Debug:     [suffix] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug: ntdomain: Checking for prefix
> before "\"
> (73) Wed Mar  7 22:33:50 2018: Debug: ntdomain: No '\' in User-Name =
> "dummy", looking up realm NULL
> (73) Wed Mar  7 22:33:50 2018: Debug: ntdomain: Found realm "null"
> (73) Wed Mar  7 22:33:50 2018: Debug: ntdomain: Adding
> Stripped-User-Name = "dummy"
> (73) Wed Mar  7 22:33:50 2018: Debug: ntdomain: Adding Realm = "null"
> (73) Wed Mar  7 22:33:50 2018: Debug: ntdomain: Authentication realm
> is LOCAL
> (73) Wed Mar  7 22:33:50 2018: Debug:     [ntdomain] = ok
> (73) Wed Mar  7 22:33:50 2018: Debug: eap: No EAP-Message, not doing EAP
> (73) Wed Mar  7 22:33:50 2018: Debug:     [eap] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     if ( !EAP-Message ) {
> (73) Wed Mar  7 22:33:50 2018: Debug:     if ( !EAP-Message )  -> TRUE
> (73) Wed Mar  7 22:33:50 2018: Debug:     if ( !EAP-Message )  {
> (73) Wed Mar  7 22:33:50 2018: Debug:       update {
> (73) Wed Mar  7 22:33:50 2018: Debug:       } # update = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # if ( !EAP-Message )  = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     policy
> packetfence-eap-mac-policy {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if ( &EAP-Type ) {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if ( &EAP-Type )  -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:       [noop] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # policy
> packetfence-eap-mac-policy = noop
> (73) Wed Mar  7 22:33:50 2018: WARNING: pap:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> (73) Wed Mar  7 22:33:50 2018: WARNING: pap: !!! Ignoring
> control:User-Password.  Update your        !!!
> (73) Wed Mar  7 22:33:50 2018: WARNING: pap: !!! configuration so that
> the "known good" clear text !!!
> (73) Wed Mar  7 22:33:50 2018: WARNING: pap: !!! password is in
> Cleartext-Password and NOT in        !!!
> (73) Wed Mar  7 22:33:50 2018: WARNING: pap: !!!
> User-Password.                                      !!!
> (73) Wed Mar  7 22:33:50 2018: WARNING: pap:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> (73) Wed Mar  7 22:33:50 2018: WARNING: pap: Auth-Type already set. 
> Not setting to PAP
> (73) Wed Mar  7 22:33:50 2018: Debug:     [pap] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:   } # authorize = ok
> (73) Wed Mar  7 22:33:50 2018: Debug: Found Auth-Type = Accept
> (73) Wed Mar  7 22:33:50 2018: Debug: Auth-Type = Accept, accepting
> the user
> (73) Wed Mar  7 22:33:50 2018: Debug: # Executing section post-auth
> from file /usr/local/pf/raddb/sites-enabled/packetfence
> (73) Wed Mar  7 22:33:50 2018: Debug:   post-auth {
> (73) Wed Mar  7 22:33:50 2018: Debug:     update {
> (73) Wed Mar  7 22:33:50 2018: Debug:       EXPAND
> %{Packet-Src-IP-Address}
> (73) Wed Mar  7 22:33:50 2018: Debug:          --> 192.168.56.100
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # update = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     if (! EAP-Type || (EAP-Type
> != TTLS  && EAP-Type != PEAP) ) {
> (73) Wed Mar  7 22:33:50 2018: Debug:     if (! EAP-Type || (EAP-Type
> != TTLS  && EAP-Type != PEAP) )  -> TRUE
> (73) Wed Mar  7 22:33:50 2018: Debug:     if (! EAP-Type || (EAP-Type
> != TTLS  && EAP-Type != PEAP) )  {
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Expanding URI components
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: EXPAND http://127.0.0.1:7070
> (73) Wed Mar  7 22:33:50 2018: Debug: rest:    --> http://127.0.0.1:7070
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: EXPAND //radius/rest/authorize
> (73) Wed Mar  7 22:33:50 2018: Debug: rest:    --> //radius/rest/authorize
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Sending HTTP POST to
> "http://127.0.0.1:7070//radius/rest/authorize";
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Encoding attribute "User-Name"
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Encoding attribute
> "User-Password"
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Encoding attribute
> "NAS-IP-Address"
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Encoding attribute
> "Event-Timestamp"
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Encoding attribute
> "Stripped-User-Name"
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Encoding attribute "Realm"
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Encoding attribute
> "FreeRADIUS-Client-IP-Address"
> (73) Wed Mar  7 22:33:50 2018: Debug: rest: Processing response header
> (73) Wed Mar  7 22:33:50 2018: Debug: rest:   Status : 401 (Unauthorized)
> (73) Wed Mar  7 22:33:50 2018: Debug: rest:   Type   : json
> (application/json)
> (73) Wed Mar  7 22:33:50 2018: ERROR: rest: Server returned:
> (73) Wed Mar  7 22:33:50 2018: ERROR: rest:
> {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch
> is not managed by PacketFence"}
> (73) Wed Mar  7 22:33:50 2018: Debug:       [rest] = invalid
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # if (! EAP-Type ||
> (EAP-Type != TTLS  && EAP-Type != PEAP) )  = invalid
> (73) Wed Mar  7 22:33:50 2018: Debug:   } # post-auth = invalid
> (73) Wed Mar  7 22:33:50 2018: Debug: Using Post-Auth-Type Reject
> (73) Wed Mar  7 22:33:50 2018: Debug: # Executing group from file
> /usr/local/pf/raddb/sites-enabled/packetfence
> (73) Wed Mar  7 22:33:50 2018: Debug:   Post-Auth-Type REJECT {
> (73) Wed Mar  7 22:33:50 2018: Debug:     update {
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # update = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     if (! EAP-Type || (EAP-Type
> != TTLS  && EAP-Type != PEAP) ) {
> (73) Wed Mar  7 22:33:50 2018: Debug:     if (! EAP-Type || (EAP-Type
> != TTLS  && EAP-Type != PEAP) )  -> TRUE
> (73) Wed Mar  7 22:33:50 2018: Debug:     if (! EAP-Type || (EAP-Type
> != TTLS  && EAP-Type != PEAP) )  {
> (73) Wed Mar  7 22:33:50 2018: Debug:       policy
> packetfence-audit-log-reject {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name != "dummy") {
> (73) Wed Mar  7 22:33:50 2018: Debug:         if (&User-Name !=
> "dummy")  -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:       } # policy
> packetfence-audit-log-reject = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # if (! EAP-Type ||
> (EAP-Type != TTLS  && EAP-Type != PEAP) )  = noop
> (73) Wed Mar  7 22:33:50 2018: Debug: attr_filter.access_reject:
> EXPAND %{User-Name}
> (73) Wed Mar  7 22:33:50 2018: Debug: attr_filter.access_reject:   
> --> dummy
> (73) Wed Mar  7 22:33:50 2018: Debug: attr_filter.access_reject:
> Matched entry DEFAULT at line 11
> (73) Wed Mar  7 22:33:50 2018: Debug:     [attr_filter.access_reject]
> = updated
> (73) Wed Mar  7 22:33:50 2018: Debug:
> attr_filter.packetfence_post_auth: EXPAND %{User-Name}
> (73) Wed Mar  7 22:33:50 2018: Debug:
> attr_filter.packetfence_post_auth:    --> dummy
> (73) Wed Mar  7 22:33:50 2018: Debug:
> attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10
> (73) Wed Mar  7 22:33:50 2018: Debug:    
> [attr_filter.packetfence_post_auth] = updated
> (73) Wed Mar  7 22:33:50 2018: Debug:     [eap] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     policy
> remove_reply_message_if_eap {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&reply:EAP-Message &&
> &reply:Reply-Message) {
> (73) Wed Mar  7 22:33:50 2018: Debug:       if (&reply:EAP-Message &&
> &reply:Reply-Message)  -> FALSE
> (73) Wed Mar  7 22:33:50 2018: Debug:       else {
> (73) Wed Mar  7 22:33:50 2018: Debug:         [noop] = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:       } # else = noop
> (73) Wed Mar  7 22:33:50 2018: Debug:     } # policy
> remove_reply_message_if_eap = noop
> (73) Wed Mar  7 22:33:50 2018: Debug: linelog: EXPAND
> messages.%{%{reply:Packet-Type}:-default}
> (73) Wed Mar  7 22:33:50 2018: Debug: linelog:    -->
> messages.Access-Reject
> (73) Wed Mar  7 22:33:50 2018: Debug: linelog: EXPAND
> [mac:%{Calling-Station-Id}] Rejected user: %{User-Name}
> (73) Wed Mar  7 22:33:50 2018: Debug: linelog:    --> [mac:] Rejected
> user: dummy
> (73) Wed Mar  7 22:33:50 2018: Debug:     [linelog] = ok
> (73) Wed Mar  7 22:33:50 2018: Debug:   } # Post-Auth-Type REJECT =
> updated
> (73) Wed Mar  7 22:33:50 2018: Debug: Delaying response for 1.000000
> seconds
> (73) Wed Mar  7 22:33:51 2018: Debug: Sending delayed response
> (73) Wed Mar  7 22:33:51 2018: Debug: Sent Access-Reject Id 133 from
> 192.168.56.101:1812 to 192.168.56.100:1645 length 20
> (73) Wed Mar  7 22:33:55 2018: Debug: Cleaning up request packet ID
> 133 with timestamp +8995
>
> Regards.
>
> Ebrar.
>
> On 07-03-2018 05:27, Durand fabrice via PacketFence-users wrote:
>>
>> Hello Ebrar,
>>
>> This should work:
>>
>> [192.168.56.100]
>> description=IOUvL2
>> type=Cisco::Catalyst_2960
>> radiusSecret=useStrongerSecret
>> deauthMethod=RADIUS
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>>
>> Le 2018-03-06 à 08:49, ebrar via PacketFence-users a écrit :
>>>
>>> Hi All,
>>>
>>> I have set up PF on a virtual machine whose OS is Centos and i have
>>> set up a switch on GNS3 by using the image below :
>>>
>>> i86bi-linux-l2-adventerprisek9-15.1a
>>>
>>> This SW lets me do all the configurations mentioned on PacketFence
>>> Out-of-Band Deployment Quick Guide. You can see the related
>>> configurations on the SW below :
>>>
>>> username ebrar privilege 0 password 0 eleb
>>> aaa new-model
>>> !        
>>> !
>>> aaa group server radius packetfence
>>>  server name pfnac
>>> !
>>> aaa authentication login default local
>>> aaa authentication dot1x default group packetfence
>>> aaa authorization network default group packetfence
>>> !
>>> !
>>> !
>>> !
>>> aaa server radius dynamic-author
>>>  client 192.168.56.101 server-key useStrongerSecret
>>>  port 3799
>>> !
>>> aaa session-id common
>>> no ip icmp rate-limit unreachable
>>> !
>>> ip cef
>>> !
>>> !
>>> no ip domain-lookup
>>> no ipv6 cef
>>> ipv6 multicast rpf use-bgp
>>> !
>>> !
>>> dot1x system-auth-control
>>>
>>> interface Ethernet0/0
>>>  switchport trunk encapsulation dot1q
>>>  switchport trunk allowed vlan 2,3,10
>>>  switchport mode trunk
>>>  duplex auto
>>> !
>>> interface Ethernet0/1
>>>  switchport access vlan 10
>>>  switchport mode access
>>>  duplex auto
>>>  authentication order mab dot1x
>>>  authentication priority mab dot1x
>>>  authentication port-control auto
>>>  authentication periodic
>>>  authentication timer restart 10800
>>>  authentication timer reauthenticate 10800
>>>  authentication violation replace
>>>  mab
>>>  no snmp trap link-status
>>>  dot1x pae authenticator
>>>  dot1x timeout quiet-period 2
>>>  dot1x timeout tx-period 3
>>> !
>>> interface Ethernet0/2
>>>  switchport access vlan 20
>>>  switchport mode access
>>>  duplex auto
>>>
>>> snmp-server community public RO
>>> snmp-server community private RW
>>> snmp-server host 192.168.56.101 version 2c public
>>> !
>>> radius-server vsa send authentication
>>> !
>>> radius server pfnac
>>>  address ipv4 192.168.56.101 auth-port 1812 acct-port 1813
>>>  automate-tester username ebrar ignore-acct-port idle-time 3
>>>  key useStrongerSecret
>>>
>>> When I connect a client to Ethernet 0/1 and try to connect to
>>> internet (www.google.com) It responds "Page Not Found" and nothing
>>> is being changed on the SW.
>>>
>>> You can see the errors in the log files below :
>>>
>>> packetfence.log :
>>>
>>> [root@localhost logs]#  tail -f packetfence.log
>>> Mar  6 19:26:03 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
>>> (pf::SwitchFactory::instantiate)
>>> Mar  6 19:26:03 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request
>>> will be failed. (pf::radius::switch_access)
>>> Mar  6 19:29:02 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
>>> (pf::SwitchFactory::instantiate)
>>> Mar  6 19:29:02 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request
>>> will be failed. (pf::radius::switch_access)
>>> Mar  6 19:31:51 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
>>> (pf::SwitchFactory::instantiate)
>>> Mar  6 19:31:51 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request
>>> will be failed. (pf::radius::switch_access)
>>> Mar  6 19:34:49 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
>>> (pf::SwitchFactory::instantiate)
>>> Mar  6 19:34:49 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request
>>> will be failed. (pf::radius::switch_access)
>>> Mar  6 19:37:37 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
>>> (pf::SwitchFactory::instantiate)
>>> Mar  6 19:37:37 localhost packetfence_httpd.aaa: httpd.aaa(2123)
>>> WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request
>>> will be failed. (pf::radius::switch_access)
>>>
>>> radius.log :
>>>
>>> Mar  6 19:37:37 localhost auth[2284]: (552) rest: ERROR:
>>> {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch
>>> is not managed by PacketFence"}
>>> Mar  6 19:37:37 localhost auth[2284]: Need 2 more connections to
>>> reach min connections (3)
>>> Mar  6 19:37:37 localhost auth[2284]: rlm_rest (rest): Opening
>>> additional connection (1099), 1 of 63 pending slots used
>>> Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Closing
>>> connection (1097): Hit idle_timeout, was idle for 168 seconds
>>> Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Closing
>>> connection (1098): Hit idle_timeout, was idle for 168 seconds
>>> Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Opening
>>> additional connection (1099), 1 of 64 pending slots used
>>> Mar  6 19:37:37 localhost auth[2284]: Need 2 more connections to
>>> reach min connections (3)
>>> Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Opening
>>> additional connection (1100), 1 of 63 pending slots used
>>> Mar  6 19:37:37 localhost auth[2284]: [mac:] Rejected user: ebrar
>>> Mar  6 19:37:37 localhost auth[2284]: (552) Rejected in post-auth:
>>> [ebrar] (from client 192.168.56.100/32 port 0)
>>>
>>> And configuration file :
>>>
>>> switches.conf :
>>>
>>> [root@localhost conf]# cat switches.conf
>>> #
>>> # Copyright (C) 2005-2018 Inverse inc.
>>> #
>>> # See the enclosed file COPYING for license information (GPL).
>>> # If you did not receive this file, see
>>> # http://www.fsf.org/licensing/licenses/gpl.html
>>> [192.168.0.1]
>>> description=Test Switch
>>> type=Cisco::Catalyst_2900XL
>>> mode=production
>>> uplink=23,24
>>>
>>> #SNMPVersion = 3
>>> #SNMPEngineID = 0000000000000
>>> #SNMPUserNameRead = readUser
>>> #SNMPAuthProtocolRead = MD5
>>> #SNMPAuthPasswordRead = authpwdread
>>> #SNMPPrivProtocolRead = DES
>>> #SNMPPrivPasswordRead = privpwdread
>>> #SNMPUserNameWrite = writeUser
>>> #SNMPAuthProtocolWrite = MD5
>>> #SNMPAuthPasswordWrite = authpwdwrite
>>> #SNMPPrivProtocolWrite = DES
>>> #SNMPPrivPasswordWrite = privpwdwrite
>>> #SNMPVersionTrap = 3
>>> #SNMPUserNameTrap = readUser
>>> #SNMPAuthProtocolTrap = MD5
>>> #SNMPAuthPasswordTrap = authpwdread
>>> #SNMPPrivProtocolTrap = DES
>>> #SNMPPrivPasswordTrap = privpwdread
>>> [192.168.1.0/24]
>>> description=Test Range Switch
>>> type=Cisco::Catalyst_2900XL
>>> mode=production
>>> uplink=23,24
>>>
>>> [192.168.56.100/32]
>>> description=IOUvL2
>>> type=Cisco::Catalyst_2960
>>> radiusSecret=useStrongerSecret
>>> deauthMethod=RADIUS
>>> [root@localhost conf]#
>>>
>>> Where I am making mistake and how i can resolve it? Could you please
>>> help?
>>>
>>> Thanks,
>>>
>>> Regards.
>>>
>>> Ebrar.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to