Yes, I configured the Windows supplicant as described in the installation guide. I get the pop-up but the authentication does not succeed. From the error message I was wondering if there was some sort of issue between the Juniper::EX module and the Juniper EX4200 switches in my lab.
Thanks for following up so quickly. I guess I should have asked earlier--I've been pounding my head on my desk for most of a week now. On 4/15/20 6:14 PM, Sallee, Jake via PacketFence-users wrote:
Did you configure the Windows box for 802.1x? Jake Sallee Godfather of Bandwidth System Engineer and Security Specialist University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: Kevin MacNeil via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Wednesday, April 15, 2020 4:41 PM To: packetfence-users@lists.sourceforge.net Cc: Kevin MacNeil Subject: [PacketFence-users] POC Radius auth with Juniper switches EXTERNAL Exercise Caution I am working on a proof of concept for Packetfence for our production Juniper environment of ~200 switches. I have EX4200's in my test lab and have used the Juniper example https://urldefense.proofpoint.com/v2/url?u=https-3A__packetfence.org_doc_PacketFence-5FNetwork-5FDevices-5FConfiguration-5FGuide.html-23-5Fjuniper&d=DwIGaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=GglvSsG0w5UxfuXgspmD-WjDFPqio39urpw0ErinIpQ&s=b7Ci3enf4ej78jZJcGp4bVoOON36-eWwYBYG_TCgHIk&e= in the network device configuration guide. Otherwise I have followed the installation guide. I was able to join to my local AD domain, which I then added to the default and null realms. I configured a new internal AD authentication source and the connection test works as expected. I added the catchall rule per the instructions. I created a new 802.1x connection profile as well per the instructions. I created a new switch group using the Juniper::EX type. However after configuring my Windows 10 test box I am getting the following error, "Network device does not support this mode of operation." FWIW I have tried both the 12.3 and 15.1 versions of JUNOS with the same result. I'm guessing this is an easy problem but I'm not sure what is wrong. Any and all help appreciated. Request Time 0 RADIUS Request User-Name = "test\\kevin" NAS-IP-Address = 192.168.98.3 NAS-Port = 75 State = 0x4cc4fae04dcce0c184a03c0a51cb6cd7 Called-Station-Id = "00:23:9c:00:0c:c0" Calling-Station-Id = "08:00:27:0a:b3:58" NAS-Identifier = "labsw3" NAS-Port-Type = Ethernet Acct-Session-Id = "8O2.1x81ab013900042681" Event-Timestamp = "Apr 15 2020 17:04:26 EDT" EAP-Message = 0x020800061a03 NAS-Port-Id = "ge-0/0/9.0" FreeRADIUS-Proxied-To = 127.0.0.1 EAP-Type = MSCHAPv2 Stripped-User-Name = "kevin" Realm = "default" PacketFence-Domain = "TEST" PacketFence-KeyBalanced = "4f50863fad315484ff895de9b971f63b" PacketFence-Radius-Ip = "192.168.13.41" PacketFence-NTLMv2-Only = "" Module-Failure-Message = "rest: Server returned:" Module-Failure-Message = "rest: {\"control:PacketFence-Authorization-Status\":\"allow\",\"control:PacketFence-Switch-Id\":\"192.168.98.3\",\"control:PacketFence-Switch-Ip-Address\":\"192.168.98.3\",\"control:PacketFence-UserName\":\"test\\\\kevin\",\"control:PacketFence-Request-Time\":1586984666,\"control:PacketFence-Connection-Type\":\"Ethernet-EAP\",\"control:PacketFence-IfIndex\":75,\"control:PacketFence-Mac\":\"08:00:27:0a:b3:58\",\"Reply-Message\":\"Network device does not support this mode of operation\",\"control:PacketFence-Eap-Type\":26,\"control:PacketFence-Switch-Mac\":\"00:23:9c:00:0c:c0\"}" User-Password = "******" SQL-User-Name = "test\\\\kevin" RADIUS Reply EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "test\\kevin" interfaces { interface-range access-ports { member-range ge-0/0/2 to ge-0/0/23; unit 0 { family ethernet-switching { port-mode access; } } } } protocols { dot1x { authenticator { authentication-profile-name packetfence; interface { access-ports { supplicant multiple; mac-radius; } } } } } access { radius-server { 192.168.13.41 { port 1812; secret "secret"; } } profile packetfence { authentication-order radius; radius { authentication-server 192.168.13.41; accounting-server 192.168.13.41; } accounting { order radius; accounting-stop-on-failure; accounting-stop-on-access-deny; } } } ethernet-switching-options { secure-access-port { interface access-ports { mac-limit 2 action drop; } } } snmp { name "labsw3"; description juniper; location EX; contact "kevin@test.local"; client-list list0 { 192.168.13.41/32; } community public { authorization read-only; client-list-name list0; } community private { authorization read-write; client-list-name list0; } } _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwIGaQ&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=GglvSsG0w5UxfuXgspmD-WjDFPqio39urpw0ErinIpQ&s=r_Iy3WDTeBvPpnpTq3o9KqYhr-WzLZSOidJjSzNDkWs&e= _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
