Hello Fabrice, In case, I have reset my switch configuration and reconfigure it has shown in the Network Device Configuration Guide, Part 4.8.2 2950
Here, the running-config of my switch: Current configuration : 2467 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! aaa new-model aaa group server radius packetfence server 192.168.1.112 auth-port 1812 acct-port 1813 ! aaa authentication login default local aaa authentication dot1x default group packetfence aaa authorization network default group packetfence enable password ade ! username ade privilege 15 password 0 ade ip subnet-zero ! ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id dot1x system-auth-control ! ! interface FastEthernet0/1 ! ... ! interface FastEthernet0/17 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication spanning-tree portfast ! interface FastEthernet0/18 ! ... ! interface Vlan1 ip address 192.168.1.201 255.255.255.0 no ip route-cache ! ip http server ! radius-server host 192.168.1.112 auth-port 1812 acct-port 1812 key pf-ade radius-server retransmit 3 radius-server vsa send authentication ! line con 0 line vty 0 4 password ade line vty 5 15 ! end I've tried to edit the configuration file in site-enable, but all change get lost on the restart of the service. To be sure my switch is working correctly, I've installed and configured Freeradius on a fresh debian8 system. After some change on the switch configuration, I have an EAP-Success: Current configuration : 2236 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! aaa new-model aaa authentication dot1x default group radius aaa authorization network default group radius enable password ade ! username ade privilege 15 password 0 ade ip subnet-zero ! ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id dot1x system-auth-control ! ! ... ! interface FastEthernet0/16 ! interface FastEthernet0/17 switchport mode access dot1x port-control auto spanning-tree portfast ! ... ! Interface GigabitEthernet0/2 ! interface Vlan1 ip address 192.168.1.201 255.255.255.0 no ip route-cache ! ip http server ! radius-server host 192.168.1.112 auth-port 1812 acct-port 1812 key pf-ade radius-server retransmit 3 ! line con 0 line vty 0 4 password ade line vty 5 15 ! end So I switched back to my system with PF on it and keeped this switch configuration. I tested it, failure. By checking back the log, I still have to Calling-Station-ID. If it work on a basic FreeRadius configuration, does it mean the issue is with my PF FreeRadius ? Best Regard Adrian ----- Mail original ----- De: "packetfence-users" <[email protected]> À: "packetfence-users" <[email protected]> Cc: "Durand fabrice" <[email protected]> Envoyé: Jeudi 7 Février 2019 00:26:02 Objet: Re: [PacketFence-users] Can't link PacketFence with AD Server. Hello Adrian, your issue looks to be because you have 2 Calling-Station-Id attributes in the request. (33) Wed Feb 6 11:08:00 2019: Debug: Calling-Station-Id = "4\227\366\024I\344" (33) Wed Feb 6 11:08:00 2019: Debug: Service-Type = Framed-User (33) Wed Feb 6 11:08:00 2019: Debug: Framed-MTU = 1500 (33) Wed Feb 6 11:08:00 2019: Debug: Calling-Station-Id = "34-97-f6-14-49-e4" Check the switch config to see if there a configuration parameter that add it. Also you will be able to remove it with the freeradius configuration (raddb/sites-enable/packetfence) Regards Fabrice _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
