Thanks, I should have included this previously. I know PF is logging into the switch. I get this log each time it tries:
Mar 19 01:47:39 RGB-L2-140 sshd[18905]: Accepted keyboard-interactive/pam for root from 10.2.0.3 port 57418 ssh2 Mar 19 01:48:05 RGB-L2-140 sshd[18921]: Accepted keyboard-interactive/pam for root from 10.2.0.3 port 57562 ssh2 However, you and Zach get me to think of something new. So, I tried a non-root user. I changed the user to a non-root user (nicholas), and I now see commits occurring. However, there is no up/down of the port. It's progress, but still not working. Mar 19 01:53:26 RGB-L2-140 sshd[18944]: Accepted keyboard-interactive/pam for nicholas from 10.2.0.3 port 59602 ssh2 Mar 19 01:53:30 RGB-L2-140 mgd[18949]: UI_COMMIT_COMPLETED: commit complete Mar 19 01:53:35 RGB-L2-140 sshd[18968]: Accepted keyboard-interactive/pam for nicholas from 10.2.0.3 port 59658 ssh2 Mar 19 01:53:40 RGB-L2-140 mgd[18975]: UI_COMMIT_COMPLETED: commit complete I'm a little new to Juniper and had to Google a bit to find how to get it to show my the cli history of another user. It looks like PF logs in, commits, exits, logs in again, commits, and exits. It never touches the ports' enable/disable status. Mar 19 02:08:03 RGB-L2-140 mgd[19468]: UI_AUTH_EVENT: Authenticated user 'remote' at permission level 'j-super-user' Mar 19 02:08:03 RGB-L2-140 mgd[19468]: UI_LOGIN_EVENT: User 'nicholas' login, class 'j-super-user' [19468], ssh-connection '10.2.0.3 36152 10.2.0.140 22', client-mode 'cli' Mar 19 02:08:03 RGB-L2-140 mgd[19468]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'set cli screen-length 0 ' Mar 19 02:08:03 RGB-L2-140 mgd[19468]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'configure ' Mar 19 02:08:03 RGB-L2-140 mgd[19468]: UI_DBASE_LOGIN_EVENT: User 'nicholas' entering configuration mode Mar 19 02:08:03 RGB-L2-140 mgd[19468]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'commit comment "admin link status change by PacketFence" ' Mar 19 02:08:03 RGB-L2-140 mgd[19468]: UI_COMMIT: User 'nicholas' requested 'commit' operation (comment: admin link status change by PacketFence) *** ommitting commit progress messages **** Mar 19 02:08:07 RGB-L2-140 mgd[19468]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'Alarm control process', pid 1374, signal 30, status 0 with notification errors enabled Mar 19 02:08:07 RGB-L2-140 mgd[19468]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'exit ' Mar 19 02:08:07 RGB-L2-140 mgd[19468]: UI_DBASE_LOGOUT_EVENT: User 'nicholas' exiting configuration mode Mar 19 02:08:07 RGB-L2-140 mgd[19468]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'set cli screen-length 24 ' Mar 19 02:08:08 RGB-L2-140 mgd[19468]: UI_LOGOUT_EVENT: User 'nicholas' logout Mar 19 02:08:12 RGB-L2-140 mgd[19492]: UI_AUTH_EVENT: Authenticated user 'remote' at permission level 'j-super-user' Mar 19 02:08:12 RGB-L2-140 mgd[19492]: UI_LOGIN_EVENT: User 'nicholas' login, class 'j-super-user' [19492], ssh-connection '10.2.0.3 36204 10.2.0.140 22', client-mode 'cli' Mar 19 02:08:12 RGB-L2-140 mgd[19492]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'set cli screen-length 0 ' Mar 19 02:08:12 RGB-L2-140 mgd[19492]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'configure ' Mar 19 02:08:12 RGB-L2-140 mgd[19492]: UI_DBASE_LOGIN_EVENT: User 'nicholas' entering configuration mode Mar 19 02:08:12 RGB-L2-140 mgd[19492]: UI_CMDLINE_READ_LINE: User 'nicholas', command 'commit comment "admin link status change by PacketFence" ' Mar 19 02:08:12 RGB-L2-140 mgd[19492]: UI_COMMIT: User 'nicholas' requested 'commit' operation (comment: admin link status change by PacketFence) I also checked packetfence.log but don't see the array/object output in the log. Am I looking in the wrong place? I don't know how the up/down script works in PF but it looks like it's not disabling and re-enabling the port. *Nicholas P. Pier* Network Architect CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 On Wed, Mar 18, 2020 at 9:15 PM Durand fabrice via PacketFence-users < [email protected]> wrote: > Hello Nicholas, > > can you verify when you reevaluate the access of the device packetfence > try to do ssh ? (with tcpdump per example). > > Also it looks that there is a way to trace the connection: > > > https://github.com/inverse-inc/packetfence/blob/maintenance/9.3/lib/pf/Switch/Juniper.pm#L134 > > add that: > > $session->input_log(*STDOUT); > > and see if you obtain some useful output. > > Regards > > Fabrice > > > Le 20-03-13 à 23 h 28, Nicholas Pier via PacketFence-users a écrit : > > Hello, > > Does anyone know a cli, log or other troubleshooting resource for > packetfence's internal SSH client? > > - Port 22 is open between the server and the switch. > - From the server, I can SSH into the switch with the same credentials > I've provided packetfence in the UI. > - I've also verified that the same SSH session is successful if I 'su' > to become the 'pf' user. > > > I can SSH directly from my packetfence server to the target switch and > have verified my credentials. However, when packetfence as user 'pf' > attempts the login, it fails with the following error message without much > detail. > > Mar 14 00:19:52 packetfence packetfence: ERROR pfperl-api(23844): Unable > to connect to 10.2.0.140 using SSH. Failed with Login failed to remote host > at /usr/local/pf/lib/pf/Switch/Juniper.pm line 135. > (pf::Switch::Juniper::setAdminStatus) > > I'm running: > [root@packetfence ~]# rpm -q packetfence > packetfence-9.3.0-20200113144930.108928498.0007.el7.x86_64 > > > *Nicholas P. Pier* > Network Architect > CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
