sorry - Dell version is 6.6.0.13 On Wed, 20 May 2020 at 13:23, Joffrey Bienvenue < [email protected]> wrote:
> Hello > > Sorry for the output and sorry for the delay replying; we upgraded to > V10.1 after a reboot crashed our pf due to package updates. > > Our switch is a Dell N2048 v.6.6.0. > > raddebug fails to run > > radmin: Failed connecting to /usr/local/pf/var/run/radiusd.log: No such > file or directory > > > packetfence.log upon authentication > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] handling radius autz request: from switch_ip => > (10.10.224.199), connection_type => Ethernet-EAP,switch_mac => > (e4:f0:04:ff:b2:55), mac => [00:1d:72:e2:64:30], port => 3, username => > "SAPACC\joffrey" (pf::radius::authorize) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] Instantiate profile 8021x > (pf::Connection::ProfileFactory::_from_profile) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] Found authentication source(s) : 'PeerlessAD' for > realm 'sapacc' (pf::config::util::filter_authentication_sources) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] Using sources PeerlessAD for matching > (pf::authentication::match2) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] LDAP testing connection (pf::LDAP::expire_if) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, > returning actions. (pf::Authentication::Source::match_rule) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] Matched rule (admin) in source PeerlessAD, > returning actions. (pf::Authentication::Source::match) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) WARN: > [mac:00:1d:72:e2:64:30] Should perform access control on switch > (10.10.224.199) but the switch is not in production -> Returning ACCEPT > (pf::radius::authorize) > > May 20 13:12:37 pf pfqueue: pfqueue(8791) INFO: [mac:unknown] Already did > a person lookup for SAPACC\joffrey (pf::lookup::person::lookup_person) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] security_event 1300003 force-closed for > 00:1d:72:e2:64:30 (pf::security_event::security_event_force_close) > > May 20 13:12:37 pf packetfence_httpd.aaa: httpd.aaa(31665) INFO: > [mac:00:1d:72:e2:64:30] Instantiate profile 8021x > (pf::Connection::ProfileFactory::_from_profile) > > > > Thank you > > Joffrey > > On Thu, 7 May 2020 at 23:04, Durand fabrice via PacketFence-users < > [email protected]> wrote: > >> Hello Joffrey, >> >> the output is a little bit messy. >> >> What is the switch ? (Dell ?) >> >> Can you run raddebug -f /usr/local/pf/var/run/radiusd.log -t 3000 >> >> Can you post the content of packetfence.log when you authenticate ? >> >> Regards >> >> Fabrice >> >> >> >> Le 20-05-07 à 12 h 48, Joffrey Bienvenue via PacketFence-users a écrit : >> >> Hello >> >> We are able to login through radius but our switch doesn't seem to >> configure the vlan on the user port: >> Auditing output from packetfence >> MAC Address >> 00:1d:72:e2:64:30 >> Auth Status >> Accept >> Auth Status >> eap >> Auto Registration >> 1 >> Calling Station Identifier >> 00:1d:72:e2:64:30 >> Computer Name >> joffreydebian >> EAP Type >> MSCHAPv2 >> Event Type >> Radius-Access-Request >> IP Address >> Is a Phone >> 0 >> Node Status >> reg >> Domain >> SAPACC >> Profile >> 8021x >> Realm >> sapacc >> Reason >> Role >> N/A >> Source >> PeerlessAD >> Stripped User Name >> joffrey >> User Name >> SAPACC\joffrey >> Unique Identifier >> Created at >> 2020-05-07 12:37:43 >> PF VLAN onfig for switch: >> >> registrationVlan=164 >> >> isolationVlan=165 >> >> voiceVlan=93 >> >> inlineVlan=233 >> >> mode=testing >> >> EmployeeVlan=98 >> >> guestVlan=19 >> >> always_trigger=1 >> >> AdminVlan=5 >> >> >> >> Our switch config: >> >> aaa authentication login "defaultList" local >> >> authentication enable >> >> authentication dynamic-vlan enable >> >> dot1x system-auth-control >> >> aaa authentication dot1x default radius >> >> aaa authorization network default radius >> >> aaa server radius dynamic-author >> Our port config: >> >> show running-config interface gigabitethernet 1/0/3 >> >> >> switchport mode general >> >> switchport general allowed vlan add 5,19,98,164-165 >> >> authentication event fail action authorize vlan 164 >> >> authentication order dot1x mab >> >> authentication priority dot1x mab >> >> Are we missing anything? >> -- >> Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie >> IX Montréal, QC H1Z 4J5 | 514-723-7887 >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie IX > Montréal, QC H1Z 4J5 | 514-723-7887 > -- Joffrey Bienvenue | CTO | Peerless Clothing Inc. | 8888 Boul. Pie IX Montréal, QC H1Z 4J5 | 514-723-7887
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
