Most of our on-campus switches are EX4300's. I'm guessing for this we would use
the Juniper::EX2200_v15 connection profile?
On 4/16/20 9:44 AM, Kevin MacNeil wrote:
Worked! Thank you!
Request Time
0
RADIUS Request
User-Name = "kevin"
NAS-IP-Address = 192.168.98.3
NAS-Port = 75
State = 0xc100021fc00818d1e459dce5efd24c20
Called-Station-Id = "00:23:9c:00:0c:c0"
Calling-Station-Id = "08:00:27:0a:b3:58"
NAS-Identifier = "labsw3"
NAS-Port-Type = Ethernet
Acct-Session-Id = "8O2.1x81ab01af000c6a7c"
Event-Timestamp = "Apr 16 2020 09:33:50 EDT"
EAP-Message = 0x020800061a03
NAS-Port-Id = "ge-0/0/9.0"
FreeRADIUS-Proxied-To = 127.0.0.1
EAP-Type = MSCHAPv2
Stripped-User-Name = "kevin"
Realm = "null"
PacketFence-Domain = "TEST"
PacketFence-KeyBalanced = "f5cbc088283dd1e576c7c5d2c4f73cf5"
PacketFence-Radius-Ip = "192.168.13.41"
PacketFence-NTLMv2-Only = ""
User-Password = "******"
SQL-User-Name = "kevin"
RADIUS Reply
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "kevin"
On 4/15/20 8:37 PM, Durand fabrice via PacketFence-users wrote:
Hello,
try to use Juniper::EX2200 switch module instead and let us know if it
works.
Regards
Fabrice
Le 20-04-15 à 20 h 29, Kevin MacNeil via PacketFence-users a écrit :
Hi,
Yes, the computer is joined to the same domain that packetfence is
joined to. I have tried logging in with both domain\user and just user
and both failed with the same "Network device does not support this
mode of operation" error.
I should note that my test Windows 10 system is a Virtualbox VM
running on a Ubuntu Linux host, but I accounted for this by raising
the mac-limit to 2 in the config below.
My guess is there is some compatibility issue with the Juniper::EX
template and EX4200 switches, or there is some obscure configuration
issue with my setup. I have tried to follow the documentation as best
as I could but I found it to be very terse given the number of
configuration options in the gui.
On 4/15/20 6:09 PM, Bill Handler via PacketFence-users wrote:
Kevin,
Is the machine domain joined? I found that when I was logging in
with a domain machine via 802.1x, if I used the domain name in my
username either domain\user or u...@domain.com, it would fail. When I
just used the username it succeeded
Thanks,
Bill
Sent from my iPhone
On Apr 15, 2020, at 5:56 PM, Kevin MacNeil via PacketFence-users
<packetfence-users@lists.sourceforge.net> wrote:
I am working on a proof of concept for Packetfence for our
production Juniper environment of ~200 switches. I have EX4200's in
my test lab and have used the Juniper example
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_juniper
in the network device configuration guide. Otherwise I have followed
the installation guide. I was able to join to my local AD domain,
which I then added to the default and null realms. I configured a new
internal AD authentication source and the connection test works as
expected. I added the catchall rule per the instructions. I created a
new 802.1x connection profile as well per the instructions. I created
a new switch group using the Juniper::EX type. However after
configuring my Windows 10 test box I am getting the following error,
"Network device does not support this mode of operation."
FWIW I have tried both the 12.3 and 15.1 versions of JUNOS with the
same result. I'm guessing this is an easy problem but I'm not sure
what is wrong. Any and all help appreciated.
Request Time
0
RADIUS Request
User-Name = "test\\kevin"
NAS-IP-Address = 192.168.98.3
NAS-Port = 75
State = 0x4cc4fae04dcce0c184a03c0a51cb6cd7
Called-Station-Id = "00:23:9c:00:0c:c0"
Calling-Station-Id = "08:00:27:0a:b3:58"
NAS-Identifier = "labsw3"
NAS-Port-Type = Ethernet
Acct-Session-Id = "8O2.1x81ab013900042681"
Event-Timestamp = "Apr 15 2020 17:04:26 EDT"
EAP-Message = 0x020800061a03
NAS-Port-Id = "ge-0/0/9.0"
FreeRADIUS-Proxied-To = 127.0.0.1
EAP-Type = MSCHAPv2
Stripped-User-Name = "kevin"
Realm = "default"
PacketFence-Domain = "TEST"
PacketFence-KeyBalanced = "4f50863fad315484ff895de9b971f63b"
PacketFence-Radius-Ip = "192.168.13.41"
PacketFence-NTLMv2-Only = ""
Module-Failure-Message = "rest: Server returned:"
Module-Failure-Message = "rest:
{\"control:PacketFence-Authorization-Status\":\"allow\",\"control:PacketFence-Switch-Id\":\"192.168.98.3\",\"control:PacketFence-Switch-Ip-Address\":\"192.168.98.3\",\"control:PacketFence-UserName\":\"test\\\\kevin\",\"control:PacketFence-Request-Time\":1586984666,\"control:PacketFence-Connection-Type\":\"Ethernet-EAP\",\"control:PacketFence-IfIndex\":75,\"control:PacketFence-Mac\":\"08:00:27:0a:b3:58\",\"Reply-Message\":\"Network
device does not support this mode of
operation\",\"control:PacketFence-Eap-Type\":26,\"control:PacketFence-Switch-Mac\":\"00:23:9c:00:0c:c0\"}"
User-Password = "******"
SQL-User-Name = "test\\\\kevin"
RADIUS Reply
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "test\\kevin"
interfaces {
interface-range access-ports {
member-range ge-0/0/2 to ge-0/0/23;
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
}
protocols {
dot1x {
authenticator {
authentication-profile-name packetfence;
interface {
access-ports {
supplicant multiple;
mac-radius;
}
}
}
}
}
access {
radius-server {
192.168.13.41 {
port 1812;
secret "secret";
}
}
profile packetfence {
authentication-order radius;
radius {
authentication-server 192.168.13.41;
accounting-server 192.168.13.41;
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
}
}
}
ethernet-switching-options {
secure-access-port {
interface access-ports {
mac-limit 2 action drop;
}
}
}
snmp {
name "labsw3";
description juniper;
location EX;
contact "kevin@test.local";
client-list list0 {
192.168.13.41/32;
}
community public {
authorization read-only;
client-list-name list0;
}
community private {
authorization read-write;
client-list-name list0;
}
}
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
