[PacketFence-users] access issue with 802.1x & mac-auth

Silvester Schattauer via PacketFence-users Mon, 25 Feb 2019 02:01:56 -0800

Hey people,

I am stuck and cannot find anything that really helps me solve my issue(s).


What do i want to achieve?:

The main goal is to set up packetfence to use certificates for 
802.1X-authentication and if the device is not 802.1x-compatible, a perl script 
checking against an smaba/openldap should be done.
Only machines should be checked -> is it a company-machine it should get access 
and if not -> reject

Further i want to use pf primarily as a RADIUS-Server with the twist of an 
wmi-compliance-check pre-authentication.

So it should check if it is a company machine and if so it should check if all 
given software is up to date.

What issues do i have?:

Problem with the 802.1x auth:

When i check for certificates (added the certificates into 
/usr/loacal/pf/raddb/certs -> changed the eap.conf file to use this certs and 
also changed the cert_issuer) basically i took over all configuration that is 
running perfectly on my freeradius-server.

When i try to authenticate i always get back :


(309) Mon Feb 18 12:25:16 2019: Debug:   EAP-Message = 0x0114000a0d8000000000

(309) Mon Feb 18 12:25:16 2019: Debug:   Message-Authenticator = 
0x00000000000000000000000000000000

(309) Mon Feb 18 12:25:16 2019: Debug:   State = 
0xd7bd26dbc5a92bd65f9a05990fef7086


in the end i dont get any vlan and it puts my device into vlan 0 altough the 
log shows eap was successful


Problem with mac-auth:

When i try to check against openldap/samba for a mac-address, i get the 
following output:

...
eap: No EAP-Message, not doing EAP
(8) Mon Feb 25 08:40:10 2019: Debug:     [eap] = noop
(8) Mon Feb 25 08:40:10 2019: Debug:     if ( !EAP-Message ) {
(8) Mon Feb 25 08:40:10 2019: Debug:     if ( !EAP-Message )  -> TRUE
(8) Mon Feb 25 08:40:10 2019: Debug:     if ( !EAP-Message )  {
(8) Mon Feb 25 08:40:10 2019: Debug: ldap-mac-check:   
$RAD_REQUEST{'User-Name'} = &request:User-Name -> '001c251cb1b0'
( <----perl script running here----->)
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:NAS-Port-Type = 
$RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:CHAP-Password = 
$RAD_REQUEST{'CHAP-Password'} -> '0x15531d18d409f3601c3d9bb639379d1f47'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Service-Type = 
$RAD_REQUEST{'Service-Type'} -> 'Call-Check'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Called-Station-Id 
= $RAD_REQUEST{'Called-Station-Id'} -> 'b4:39:d6:29:15:ed'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'} -> 
'0x2e20da122377932d156bc3ff8bddda09'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:CHAP-Challenge = 
$RAD_REQUEST{'CHAP-Challenge'} -> '0xb84c6a53ce9b979fd964262f0c946c6c'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Connect-Info = 
$RAD_REQUEST{'Connect-Info'} -> 'CONNECT Ethernet 100Mbps Full duplex'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Realm = 
$RAD_REQUEST{'Realm'} -> 'null'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:NAS-IP-Address = 
$RAD_REQUEST{'NAS-IP-Address'} -> '192.168.1.100'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:NAS-Port-Id = 
$RAD_REQUEST{'NAS-Port-Id'} -> '19'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:SQL-User-Name = 
$RAD_REQUEST{'SQL-User-Name'} -> '001c251cb1b0'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} -> 
'00:1c:25:1c:b1:b0'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&request:FreeRADIUS-Client-IP-Address = 
$RAD_REQUEST{'FreeRADIUS-Client-IP-Address'} -> '192.168.1.100'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Framed-Protocol = 
$RAD_REQUEST{'Framed-Protocol'} -> 'PPP'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:User-Name = 
$RAD_REQUEST{'User-Name'} -> '001c251cb1b0'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:NAS-Identifier = 
$RAD_REQUEST{'NAS-Identifier'} -> 'ProCurve Switch 2610-24'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Event-Timestamp = 
$RAD_REQUEST{'Event-Timestamp'} -> 'Feb 25 2019 08:40:10 UTC'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} -> 
'001c251cb1b0'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:NAS-Port = 
$RAD_REQUEST{'NAS-Port'} -> '19'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Framed-MTU = 
$RAD_REQUEST{'Framed-MTU'} -> '1466'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &control:Load-Balance-Key 
= $RAD_CHECK{'Load-Balance-Key'} -> '00-1c-25-1c-b1-b0 001c251cb1b0'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&control:PacketFence-RPC-Server = $RAD_CHECK{'PacketFence-RPC-Server'} -> 
'127.0.0.1'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&control:PacketFence-Tenant-Id = $RAD_CHECK{'PacketFence-Tenant-Id'} -> '1'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&control:PacketFence-RPC-User = $RAD_CHECK{'PacketFence-RPC-User'} -> ''
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&control:PacketFence-Request-Time = $RAD_CHECK{'PacketFence-Request-Time'} -> 
'0'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&control:PacketFence-RPC-Pass = $RAD_CHECK{'PacketFence-RPC-Pass'} -> ''''
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &control:Tmp-Integer-0 = 
$RAD_CHECK{'Tmp-Integer-0'} -> '1551084010'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&control:PacketFence-RPC-Proto = $RAD_CHECK{'PacketFence-RPC-Proto'} -> 'http'
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: 
&control:PacketFence-RPC-Port = $RAD_CHECK{'PacketFence-RPC-Port'} -> '7070'
(8) Mon Feb 25 08:40:11 2019: Debug:       [ldap-mac-check] = ok
(8) Mon Feb 25 08:40:11 2019: Debug:       if (!ok) {
(8) Mon Feb 25 08:40:11 2019: Debug:       if (!ok)  -> FALSE
(8) Mon Feb 25 08:40:11 2019: Debug:       else {
(8) Mon Feb 25 08:40:11 2019: Debug:         update {
(8) Mon Feb 25 08:40:11 2019: Debug:         } # update = noop
(8) Mon Feb 25 08:40:11 2019: Debug:       } # else = noop
(8) Mon Feb 25 08:40:11 2019: Debug:     } # if ( !EAP-Message )  = ok
(8) Mon Feb 25 08:40:11 2019: Debug:     policy packetfence-eap-mac-policy {
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( &EAP-Type ) {
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( &EAP-Type )  -> FALSE
(8) Mon Feb 25 08:40:11 2019: Debug:       [noop] = noop
(8) Mon Feb 25 08:40:11 2019: Debug:     } # policy packetfence-eap-mac-policy 
= noop
(8) Mon Feb 25 08:40:11 2019: WARNING: pap: 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! Ignoring control:User-Password. 
 Update your        !!!
(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! configuration so that the 
"known good" clear text !!!
(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! password is in 
Cleartext-Password and NOT in        !!!
(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! User-Password.                  
                    !!!
(8) Mon Feb 25 08:40:11 2019: WARNING: pap: 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(8) Mon Feb 25 08:40:11 2019: WARNING: pap: Auth-Type already set.  Not setting 
to PAP
(8) Mon Feb 25 08:40:11 2019: Debug:     [pap] = noop
(8) Mon Feb 25 08:40:11 2019: Debug:   } # authorize = updated
(8) Mon Feb 25 08:40:11 2019: Debug: Found Auth-Type = Accept
(8) Mon Feb 25 08:40:11 2019: Debug: Auth-Type = Accept, accepting the user
(8) Mon Feb 25 08:40:11 2019: Debug: # Executing section post-auth from file 
/usr/local/pf/raddb/sites-enabled/packetfence
(8) Mon Feb 25 08:40:11 2019: Debug:   post-auth {
(8) Mon Feb 25 08:40:11 2019: Debug:     update {
(8) Mon Feb 25 08:40:11 2019: Debug:       EXPAND %{Packet-Src-IP-Address}
(8) Mon Feb 25 08:40:11 2019: Debug:          --> 192.168.1.100
(8) Mon Feb 25 08:40:11 2019: Debug:     } # update = noop
(8) Mon Feb 25 08:40:11 2019: Debug:     policy packetfence-set-tenant-id {
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( 
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(8) Mon Feb 25 08:40:11 2019: Debug:       EXPAND 
%{%{control:PacketFence-Tenant-Id}:-0}
(8) Mon Feb 25 08:40:11 2019: Debug:          --> 1
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( 
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0")  -> FALSE
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( &control:PacketFence-Tenant-Id 
== 0 ) {
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( &control:PacketFence-Tenant-Id 
== 0 )  -> FALSE
(8) Mon Feb 25 08:40:11 2019: Debug:     } # policy packetfence-set-tenant-id = 
noop
(8) Mon Feb 25 08:40:11 2019: Debug:     if 
("%{%{control:PacketFence-Proxied-From}:-False}" == "True") {
(8) Mon Feb 25 08:40:11 2019: Debug:     EXPAND 
%{%{control:PacketFence-Proxied-From}:-False}
(8) Mon Feb 25 08:40:11 2019: Debug:        --> False
(8) Mon Feb 25 08:40:11 2019: Debug:     if 
("%{%{control:PacketFence-Proxied-From}:-False}" == "True")  -> FALSE
(8) Mon Feb 25 08:40:11 2019: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&& EAP-Type != PEAP) ) {
(8) Mon Feb 25 08:40:11 2019: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&& EAP-Type != PEAP) )  -> TRUE
(8) Mon Feb 25 08:40:11 2019: Debug:     if (! EAP-Type || (EAP-Type != TTLS  
&& EAP-Type != PEAP) )  {
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Expanding URI components
(8) Mon Feb 25 08:40:11 2019: Debug: rest: EXPAND http://127.0.0.1:7070
(8) Mon Feb 25 08:40:11 2019: Debug: rest:    --> http://127.0.0.1:7070
(8) Mon Feb 25 08:40:11 2019: Debug: rest: EXPAND //radius/rest/authorize
(8) Mon Feb 25 08:40:11 2019: Debug: rest:    --> //radius/rest/authorize
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Sending HTTP POST to 
"http://127.0.0.1:7070//radius/rest/authorize";
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "User-Name"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "CHAP-Password"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "NAS-IP-Address"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "NAS-Port"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Service-Type"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Framed-Protocol"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Framed-MTU"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute 
"Called-Station-Id"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute 
"Calling-Station-Id"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "NAS-Identifier"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "CHAP-Challenge"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "NAS-Port-Type"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Event-Timestamp"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Connect-Info"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute 
"Message-Authenticator"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "NAS-Port-Id"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute 
"Stripped-User-Name"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Returning 1012 bytes of JSON data 
(buffer full or chunk exceeded)
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute 
"Stripped-User-Name"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Realm"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "SQL-User-Name"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute 
"FreeRADIUS-Client-IP-Address"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Processing response header
(8) Mon Feb 25 08:40:11 2019: Debug: rest:   Status : 100 (Continue)
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Continuing...
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Processing response header
(8) Mon Feb 25 08:40:12 2019: Debug: rest:   Status : 200 (OK)
(8) Mon Feb 25 08:40:12 2019: Debug: rest:   Type   : json (application/json)
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Eap-Type"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 0
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 0
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Eap-Type := "0"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-AutoReg"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 1
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 1
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-AutoReg := "1"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Authorization-Status"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND allow
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> allow
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Authorization-Status := 
"allow"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Computer-Name"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Computer-Name := ""
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Mac"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 00:1c:25:1c:b1:b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 00:1c:25:1c:b1:b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Mac := 
"00:1c:25:1c:b1:b0"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Switch-Ip-Address"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 192.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 192.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Switch-Ip-Address := 
"192.168.1.100"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Request-Time"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 1551084012
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 1551084012
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Request-Time := 
1551084012
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-IfIndex"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 19
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 19
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-IfIndex := "19"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-UserName"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 001c251cb1b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 001c251cb1b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-UserName := 
"001c251cb1b0"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-IsPhone"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-IsPhone := ""
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Connection-Type"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND Ethernet-NoEAP
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> Ethernet-NoEAP
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Connection-Type := 
"Ethernet-NoEAP"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Switch-Id"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 182.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 192.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Switch-Id := 
"192.168.1.100"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Switch-Mac"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND b4:39:d6:29:15:ed
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> b4:39:d6:29:15:ed
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Switch-Mac := 
"b4:39:d6:29:15:ed"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute 
"control:PacketFence-Status"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND reg
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> reg
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Status := "reg"
(8) Mon Feb 25 08:40:12 2019: Debug:       [rest] = updated
(8) Mon Feb 25 08:40:12 2019: Debug:       update {
(8) Mon Feb 25 08:40:12 2019: Debug:       } # update = noop
(8) Mon Feb 25 08:40:12 2019: Debug:       if 
(&control:PacketFence-Authorization-Status == "deny") {
(8) Mon Feb 25 08:40:12 2019: Debug:       if 
(&control:PacketFence-Authorization-Status == "deny")  -> FALSE
(8) Mon Feb 25 08:40:12 2019: Debug:       else {
(8) Mon Feb 25 08:40:12 2019: Debug:         policy 
packetfence-audit-log-accept {
(8) Mon Feb 25 08:40:12 2019: Debug:           if (&User-Name && (&User-Name == 
"dummy")) {
(8) Mon Feb 25 08:40:12 2019: Debug:           if (&User-Name && (&User-Name == 
"dummy"))  -> FALSE
(8) Mon Feb 25 08:40:12 2019: Debug:           else {
(8) Mon Feb 25 08:40:12 2019: Debug:             policy request-timing {
(8) Mon Feb 25 08:40:12 2019: Debug:               if 
(control:PacketFence-Request-Time != 0) {
(8) Mon Feb 25 08:40:12 2019: Debug:               if 
(control:PacketFence-Request-Time != 0)  -> TRUE
(8) Mon Feb 25 08:40:12 2019: Debug:               if 
(control:PacketFence-Request-Time != 0)  {
(8) Mon Feb 25 08:40:12 2019: Debug:                 update control {
(8) Mon Feb 25 08:40:12 2019: Debug:                   EXPAND %{expr: 
%{control:PacketFence-Request-Time} - %{control:Tmp-Integer-0}}
(8) Mon Feb 25 08:40:12 2019: Debug:                      --> 2
(8) Mon Feb 25 08:40:12 2019: Debug:                 } # update control = noop
(8) Mon Feb 25 08:40:12 2019: Debug:               } # if 
(control:PacketFence-Request-Time != 0)  = noop
(8) Mon Feb 25 08:40:12 2019: Debug:             } # policy request-timing = 
noop
(8) Mon Feb 25 08:40:12 2019: Debug: sql: EXPAND type.accept.query
(8) Mon Feb 25 08:40:12 2019: Debug: sql:    --> type.accept.query
(8) Mon Feb 25 08:40:12 2019: Debug: sql: Using query template 'query'
(8) Mon Feb 25 08:40:12 2019: Debug: sql: EXPAND %{User-Name}
(8) Mon Feb 25 08:40:12 2019: Debug: sql:    --> 001c251cb1b0
(8) Mon Feb 25 08:40:12 2019: Debug: sql: SQL-User-Name set to '001c251cb1b0'
(8) Mon Feb 25 08:40:12 2019: Debug: sql: SQL query returned: success
(8) Mon Feb 25 08:40:12 2019: Debug: sql: 1 record(s) updated
(8) Mon Feb 25 08:40:12 2019: Debug:             [sql] = ok
(8) Mon Feb 25 08:40:12 2019: Debug:           } # else = ok
(8) Mon Feb 25 08:40:12 2019: Debug:         } # policy 
packetfence-audit-log-accept = ok
(8) Mon Feb 25 08:40:12 2019: Debug:       } # else = ok
(8) Mon Feb 25 08:40:12 2019: Debug:     } # if (! EAP-Type || (EAP-Type != 
TTLS  && EAP-Type != PEAP) )  = updated
(8) Mon Feb 25 08:40:12 2019: Debug: attr_filter.packetfence_post_auth: EXPAND 
%{User-Name}
(8) Mon Feb 25 08:40:12 2019: Debug: attr_filter.packetfence_post_auth:    --> 
001c251cb1b0
(8) Mon Feb 25 08:40:12 2019: Debug: attr_filter.packetfence_post_auth: Matched 
entry DEFAULT at line 10
(8) Mon Feb 25 08:40:12 2019: Debug:     [attr_filter.packetfence_post_auth] = 
updated
(8) Mon Feb 25 08:40:12 2019: Debug: linelog: EXPAND 
messages.%{%{reply:Packet-Type}:-default}
(8) Mon Feb 25 08:40:12 2019: Debug: linelog:    --> messages.Access-Accept
(8) Mon Feb 25 08:40:12 2019: Debug: linelog: EXPAND 
[mac:%{Calling-Station-Id}] Accepted user: %{reply:User-Name} and returned VLAN 
%{reply:Tunnel-Private-Group-ID}
(8) Mon Feb 25 08:40:12 2019: Debug: linelog:    --> [mac:00:1c:25:1c:b1:b0] 
Accepted user:  and returned VLAN
(8) Mon Feb 25 08:40:12 2019: Debug:     [linelog] = ok
(8) Mon Feb 25 08:40:12 2019: Debug:   } # post-auth = updated
(8) Mon Feb 25 08:40:12 2019: Debug: Sent Access-Accept Id 177 from 
192.168.1.10:1812 to 192.168.1.100:1024 length 0
(8) Mon Feb 25 08:40:12 2019: Debug: Finished request

The main issue here is that i dont get access to any vlan -> in the gui it 
always show my device in vlan 0

i hope someone can help me

best regards

silvester schattauer

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] access issue with 802.1x & mac-auth

Reply via email to