Re: [PacketFence-users] access issue with 802.1x & mac-auth

Durand fabrice via PacketFence-users Mon, 25 Feb 2019 12:41:57 -0800

Hello Silvester,


Le 19-02-25 à 04 h 22, Silvester Schattauer via PacketFence-users a écrit :

Hey people,
I am stuck and cannot find anything that really helps me solve myissue(s).
What do i want to achieve?:
The main goal is to set up packetfence to use certificates for802.1X-authentication and if the device is not 802.1x-compatible, aperl script checking against an smaba/openldap should be done.Only machines should be checked -> is it a company-machine it shouldget access and if not -> reject

You can use the vlan filter for that:


[machineauth]
filter = user_name
operator = match
value = host/

[EthernetEAP]
filter = connection_type
operator = is
value = Ethernet-EAP


[1:EthernetEAP&!machineauth]
scope = RegisteredRole
role = REJECT

Further i want to use pf primarily as a RADIUS-Server with the twistof an wmi-compliance-check pre-authentication.

So you need to have the unreg machine authentication devices in theregistration vlan

So it should check if it is a company machine and if so it shouldcheck if all given software is up to date.
What issues do i have?:

Problem with the 802.1x auth:
When i check for certificates (added the certificates into/usr/loacal/pf/raddb/certs -> changed the eap.conf file to use thiscerts and also changed the cert_issuer) basically i took over allconfiguration that is running perfectly on my freeradius-server.
When i try to authenticate i always get back :

(309) Mon Feb 18 12:25:16 2019: Debug:EAP-Message = 0x0114000a0d8000000000
(309) Mon Feb 18 12:25:16 2019: Debug:Message-Authenticator =0x00000000000000000000000000000000
(309) Mon Feb 18 12:25:16 2019: Debug:State =0xd7bd26dbc5a92bd65f9a05990fef7086

There is not enough debug to see what is the issue.

Btw if you uncheck "verify server certificate" on the supplicant thenyou should be able to connect.

in the end i dont get any vlan and it puts my device into vlan 0altough the log shows eap was successful
Problem with mac-auth:
When i try to check against openldap/samba for a mac-address, i getthe following output:
...
eap: No EAP-Message, not doing EAP
(8) Mon Feb 25 08:40:10 2019: Debug:     [eap] = noop
(8) Mon Feb 25 08:40:10 2019: Debug:     if ( !EAP-Message ) {
(8) Mon Feb 25 08:40:10 2019: Debug:     if ( !EAP-Message )  -> TRUE
(8) Mon Feb 25 08:40:10 2019: Debug:     if ( !EAP-Message )  {
(8) Mon Feb 25 08:40:10 2019: Debug: ldap-mac-check:$RAD_REQUEST{'User-Name'} = &request:User-Name -> '001c251cb1b0'
( <----perl script running here----->)
(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:NAS-Port-Type = $RAD_REQUEST{'NAS-Port-Type'} -> 'Ethernet'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:CHAP-Password = $RAD_REQUEST{'CHAP-Password'} ->'0x15531d18d409f3601c3d9bb639379d1f47'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Service-Type = $RAD_REQUEST{'Service-Type'} -> 'Call-Check'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Called-Station-Id = $RAD_REQUEST{'Called-Station-Id'} ->'b4:39:d6:29:15:ed'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Message-Authenticator = $RAD_REQUEST{'Message-Authenticator'}-> '0x2e20da122377932d156bc3ff8bddda09'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:CHAP-Challenge = $RAD_REQUEST{'CHAP-Challenge'} ->'0xb84c6a53ce9b979fd964262f0c946c6c'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Connect-Info = $RAD_REQUEST{'Connect-Info'} -> 'CONNECTEthernet 100Mbps Full duplex'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:Realm =$RAD_REQUEST{'Realm'} -> 'null'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:NAS-IP-Address = $RAD_REQUEST{'NAS-IP-Address'} ->'192.168.1.100'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:NAS-Port-Id = $RAD_REQUEST{'NAS-Port-Id'} -> '19'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:SQL-User-Name = $RAD_REQUEST{'SQL-User-Name'} -> '001c251cb1b0'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Calling-Station-Id = $RAD_REQUEST{'Calling-Station-Id'} ->'00:1c:25:1c:b1:b0'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:FreeRADIUS-Client-IP-Address =$RAD_REQUEST{'FreeRADIUS-Client-IP-Address'} -> '192.168.1.100'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Framed-Protocol = $RAD_REQUEST{'Framed-Protocol'} -> 'PPP'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:User-Name = $RAD_REQUEST{'User-Name'} -> '001c251cb1b0'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:NAS-Identifier = $RAD_REQUEST{'NAS-Identifier'} -> 'ProCurveSwitch 2610-24'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Event-Timestamp = $RAD_REQUEST{'Event-Timestamp'} -> 'Feb 252019 08:40:10 UTC'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Stripped-User-Name = $RAD_REQUEST{'Stripped-User-Name'} ->'001c251cb1b0'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check: &request:NAS-Port= $RAD_REQUEST{'NAS-Port'} -> '19'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&request:Framed-MTU = $RAD_REQUEST{'Framed-MTU'} -> '1466'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:Load-Balance-Key = $RAD_CHECK{'Load-Balance-Key'} ->'00-1c-25-1c-b1-b0 001c251cb1b0'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:PacketFence-RPC-Server = $RAD_CHECK{'PacketFence-RPC-Server'}-> '127.0.0.1'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:PacketFence-Tenant-Id = $RAD_CHECK{'PacketFence-Tenant-Id'}-> '1'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:PacketFence-RPC-User = $RAD_CHECK{'PacketFence-RPC-User'} -> ''(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:PacketFence-Request-Time =$RAD_CHECK{'PacketFence-Request-Time'} -> '0'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:PacketFence-RPC-Pass = $RAD_CHECK{'PacketFence-RPC-Pass'} -> ''''(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:Tmp-Integer-0 = $RAD_CHECK{'Tmp-Integer-0'} -> '1551084010'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:PacketFence-RPC-Proto = $RAD_CHECK{'PacketFence-RPC-Proto'}-> 'http'(8) Mon Feb 25 08:40:11 2019: Debug: ldap-mac-check:&control:PacketFence-RPC-Port = $RAD_CHECK{'PacketFence-RPC-Port'} ->'7070'
(8) Mon Feb 25 08:40:11 2019: Debug:       [ldap-mac-check] = ok
(8) Mon Feb 25 08:40:11 2019: Debug:       if (!ok) {
(8) Mon Feb 25 08:40:11 2019: Debug:       if (!ok)  -> FALSE
(8) Mon Feb 25 08:40:11 2019: Debug:       else {
(8) Mon Feb 25 08:40:11 2019: Debug:         update {
(8) Mon Feb 25 08:40:11 2019: Debug:         } # update = noop
(8) Mon Feb 25 08:40:11 2019: Debug:       } # else = noop
(8) Mon Feb 25 08:40:11 2019: Debug:     } # if ( !EAP-Message )  = ok
(8) Mon Feb 25 08:40:11 2019: Debug: policypacketfence-eap-mac-policy {
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( &EAP-Type ) {
(8) Mon Feb 25 08:40:11 2019: Debug:       if ( &EAP-Type )  -> FALSE
(8) Mon Feb 25 08:40:11 2019: Debug:       [noop] = noop
(8) Mon Feb 25 08:40:11 2019: Debug: } # policypacketfence-eap-mac-policy = noop(8) Mon Feb 25 08:40:11 2019: WARNING: pap:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! Ignoringcontrol:User-Password. Update your !!!(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! configuration so thatthe "known good" clear text !!!(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! password is inCleartext-Password and NOT in !!!(8) Mon Feb 25 08:40:11 2019: WARNING: pap: !!! User-Password. !!!(8) Mon Feb 25 08:40:11 2019: WARNING: pap:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(8) Mon Feb 25 08:40:11 2019: WARNING: pap: Auth-Type already set. Not setting to PAP
(8) Mon Feb 25 08:40:11 2019: Debug:     [pap] = noop
(8) Mon Feb 25 08:40:11 2019: Debug:   } # authorize = updated
(8) Mon Feb 25 08:40:11 2019: Debug: Found Auth-Type = Accept
(8) Mon Feb 25 08:40:11 2019: Debug: Auth-Type = Accept, accepting theuser(8) Mon Feb 25 08:40:11 2019: Debug: # Executing section post-authfrom file /usr/local/pf/raddb/sites-enabled/packetfence
(8) Mon Feb 25 08:40:11 2019: Debug:   post-auth {
(8) Mon Feb 25 08:40:11 2019: Debug:     update {
(8) Mon Feb 25 08:40:11 2019: Debug:       EXPAND %{Packet-Src-IP-Address}
(8) Mon Feb 25 08:40:11 2019: Debug:          --> 192.168.1.100
(8) Mon Feb 25 08:40:11 2019: Debug:     } # update = noop
(8) Mon Feb 25 08:40:11 2019: Debug: policypacketfence-set-tenant-id {(8) Mon Feb 25 08:40:11 2019: Debug: if ("%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {(8) Mon Feb 25 08:40:11 2019: Debug: EXPAND%{%{control:PacketFence-Tenant-Id}:-0}
(8) Mon Feb 25 08:40:11 2019: Debug:          --> 1
(8) Mon Feb 25 08:40:11 2019: Debug: if ("%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE(8) Mon Feb 25 08:40:11 2019: Debug: if (&control:PacketFence-Tenant-Id == 0 ) {(8) Mon Feb 25 08:40:11 2019: Debug: if (&control:PacketFence-Tenant-Id == 0 ) -> FALSE(8) Mon Feb 25 08:40:11 2019: Debug: } # policypacketfence-set-tenant-id = noop(8) Mon Feb 25 08:40:11 2019: Debug: if("%{%{control:PacketFence-Proxied-From}:-False}" == "True") {(8) Mon Feb 25 08:40:11 2019: Debug: EXPAND%{%{control:PacketFence-Proxied-From}:-False}
(8) Mon Feb 25 08:40:11 2019: Debug:        --> False
(8) Mon Feb 25 08:40:11 2019: Debug: if("%{%{control:PacketFence-Proxied-From}:-False}" == "True") -> FALSE(8) Mon Feb 25 08:40:11 2019: Debug: if (! EAP-Type || (EAP-Type!= TTLS && EAP-Type != PEAP) ) {(8) Mon Feb 25 08:40:11 2019: Debug: if (! EAP-Type || (EAP-Type!= TTLS && EAP-Type != PEAP) ) -> TRUE(8) Mon Feb 25 08:40:11 2019: Debug: if (! EAP-Type || (EAP-Type!= TTLS && EAP-Type != PEAP) ) {
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Expanding URI components
(8) Mon Feb 25 08:40:11 2019: Debug: rest: EXPAND http://127.0.0.1:7070
(8) Mon Feb 25 08:40:11 2019: Debug: rest:    --> http://127.0.0.1:7070
(8) Mon Feb 25 08:40:11 2019: Debug: rest: EXPAND //radius/rest/authorize
(8) Mon Feb 25 08:40:11 2019: Debug: rest:    --> //radius/rest/authorize
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Sending HTTP POST to"http://127.0.0.1:7070//radius/rest/authorize";
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "User-Name"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"CHAP-Password"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"NAS-IP-Address"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "NAS-Port"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Service-Type"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Framed-Protocol"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Framed-MTU"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Called-Station-Id"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Calling-Station-Id"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"NAS-Identifier"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"CHAP-Challenge"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"NAS-Port-Type"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Event-Timestamp"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Connect-Info"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Message-Authenticator"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"NAS-Port-Id"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Stripped-User-Name"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Returning 1012 bytes ofJSON data (buffer full or chunk exceeded)(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"Stripped-User-Name"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute "Realm"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"SQL-User-Name"(8) Mon Feb 25 08:40:11 2019: Debug: rest: Encoding attribute"FreeRADIUS-Client-IP-Address"
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Processing response header
(8) Mon Feb 25 08:40:11 2019: Debug: rest:   Status : 100 (Continue)
(8) Mon Feb 25 08:40:11 2019: Debug: rest: Continuing...
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Processing response header
(8) Mon Feb 25 08:40:12 2019: Debug: rest:   Status : 200 (OK)
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Type : json(application/json)(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Eap-Type"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 0
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 0
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Eap-Type := "0"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-AutoReg"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 1
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 1
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-AutoReg := "1"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Authorization-Status"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND allow
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> allow
(8) Mon Feb 25 08:40:12 2019: Debug: rest:PacketFence-Authorization-Status := "allow"(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Computer-Name"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Computer-Name := ""
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Mac"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 00:1c:25:1c:b1:b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 00:1c:25:1c:b1:b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Mac :="00:1c:25:1c:b1:b0"(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Switch-Ip-Address"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 192.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 192.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest:PacketFence-Switch-Ip-Address := "192.168.1.100"(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Request-Time"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 1551084012
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 1551084012
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Request-Time :=1551084012(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-IfIndex"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 19
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 19
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-IfIndex := "19"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-UserName"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 001c251cb1b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 001c251cb1b0
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-UserName :="001c251cb1b0"(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-IsPhone"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-IsPhone := ""
(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Connection-Type"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND Ethernet-NoEAP
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> Ethernet-NoEAP
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Connection-Type:= "Ethernet-NoEAP"(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Switch-Id"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND 182.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> 192.168.1.100
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Switch-Id :="192.168.1.100"(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Switch-Mac"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND b4:39:d6:29:15:ed
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> b4:39:d6:29:15:ed
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Switch-Mac :="b4:39:d6:29:15:ed"(8) Mon Feb 25 08:40:12 2019: Debug: rest: Parsing attribute"control:PacketFence-Status"
(8) Mon Feb 25 08:40:12 2019: Debug: rest: EXPAND reg
(8) Mon Feb 25 08:40:12 2019: Debug: rest:    --> reg
(8) Mon Feb 25 08:40:12 2019: Debug: rest: PacketFence-Status := "reg"
(8) Mon Feb 25 08:40:12 2019: Debug:       [rest] = updated
(8) Mon Feb 25 08:40:12 2019: Debug:       update {
(8) Mon Feb 25 08:40:12 2019: Debug:       } # update = noop
(8) Mon Feb 25 08:40:12 2019: Debug: if(&control:PacketFence-Authorization-Status == "deny") {(8) Mon Feb 25 08:40:12 2019: Debug: if(&control:PacketFence-Authorization-Status == "deny") -> FALSE
(8) Mon Feb 25 08:40:12 2019: Debug:       else {
(8) Mon Feb 25 08:40:12 2019: Debug: policypacketfence-audit-log-accept {(8) Mon Feb 25 08:40:12 2019: Debug: if (&User-Name &&(&User-Name == "dummy")) {(8) Mon Feb 25 08:40:12 2019: Debug: if (&User-Name &&(&User-Name == "dummy")) -> FALSE
(8) Mon Feb 25 08:40:12 2019: Debug:           else {
(8) Mon Feb 25 08:40:12 2019: Debug:             policy request-timing {
(8) Mon Feb 25 08:40:12 2019: Debug: if(control:PacketFence-Request-Time != 0) {(8) Mon Feb 25 08:40:12 2019: Debug: if(control:PacketFence-Request-Time != 0) -> TRUE(8) Mon Feb 25 08:40:12 2019: Debug: if(control:PacketFence-Request-Time != 0) {
(8) Mon Feb 25 08:40:12 2019: Debug:                 update control {
(8) Mon Feb 25 08:40:12 2019: Debug: EXPAND %{expr:%{control:PacketFence-Request-Time} - %{control:Tmp-Integer-0}}
(8) Mon Feb 25 08:40:12 2019: Debug:  --> 2
(8) Mon Feb 25 08:40:12 2019: Debug: } # updatecontrol = noop(8) Mon Feb 25 08:40:12 2019: Debug: } # if(control:PacketFence-Request-Time != 0) = noop(8) Mon Feb 25 08:40:12 2019: Debug: } # policyrequest-timing = noop
(8) Mon Feb 25 08:40:12 2019: Debug: sql: EXPAND type.accept.query
(8) Mon Feb 25 08:40:12 2019: Debug: sql:    --> type.accept.query
(8) Mon Feb 25 08:40:12 2019: Debug: sql: Using query template 'query'
(8) Mon Feb 25 08:40:12 2019: Debug: sql: EXPAND %{User-Name}
(8) Mon Feb 25 08:40:12 2019: Debug: sql:    --> 001c251cb1b0
(8) Mon Feb 25 08:40:12 2019: Debug: sql: SQL-User-Name set to'001c251cb1b0'
(8) Mon Feb 25 08:40:12 2019: Debug: sql: SQL query returned: success
(8) Mon Feb 25 08:40:12 2019: Debug: sql: 1 record(s) updated
(8) Mon Feb 25 08:40:12 2019: Debug:             [sql] = ok
(8) Mon Feb 25 08:40:12 2019: Debug:           } # else = ok
(8) Mon Feb 25 08:40:12 2019: Debug: } # policypacketfence-audit-log-accept = ok
(8) Mon Feb 25 08:40:12 2019: Debug:       } # else = ok
(8) Mon Feb 25 08:40:12 2019: Debug: } # if (! EAP-Type ||(EAP-Type != TTLS && EAP-Type != PEAP) ) = updated(8) Mon Feb 25 08:40:12 2019: Debug:attr_filter.packetfence_post_auth: EXPAND %{User-Name}(8) Mon Feb 25 08:40:12 2019: Debug:attr_filter.packetfence_post_auth: --> 001c251cb1b0(8) Mon Feb 25 08:40:12 2019: Debug:attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10(8) Mon Feb 25 08:40:12 2019: Debug:[attr_filter.packetfence_post_auth] = updated(8) Mon Feb 25 08:40:12 2019: Debug: linelog: EXPANDmessages.%{%{reply:Packet-Type}:-default}(8) Mon Feb 25 08:40:12 2019: Debug: linelog: -->messages.Access-Accept(8) Mon Feb 25 08:40:12 2019: Debug: linelog: EXPAND[mac:%{Calling-Station-Id}] Accepted user: %{reply:User-Name} andreturned VLAN %{reply:Tunnel-Private-Group-ID}(8) Mon Feb 25 08:40:12 2019: Debug: linelog: -->[mac:00:1c:25:1c:b1:b0] Accepted user: and returned VLAN
(8) Mon Feb 25 08:40:12 2019: Debug:     [linelog] = ok
(8) Mon Feb 25 08:40:12 2019: Debug:   } # post-auth = updated
(8) Mon Feb 25 08:40:12 2019: Debug: Sent Access-Accept Id 177 from192.168.1.10:1812 to 192.168.1.100:1024 length 0
(8) Mon Feb 25 08:40:12 2019: Debug: Finished request
The main issue here is that i dont get access to any vlan -> in thegui it always show my device in vlan 0

For that you need to check the packetfence.log file to see why there isno vlan.


Probably because the device is reg but without a role.

Regards

Fabrice

i hope someone can help me

best regards

silvester schattauer




_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] access issue with 802.1x & mac-auth

Reply via email to