Hello Joel, That output tells me that your node / username did not match any rule in any source.
Do that and show me the result: grep -i MAC_ADDRESS /usr/local/pf/logs/packetfence.log Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Mar 23, 2021, at 1:33 PM, Joel Rodriguez <[email protected]> > wrote: > > Ludovic can you help with my question below. Also this is the entire output > as you can see in the RADIUS reply I do not see where PacketFence is sending > back the VLAN. > > I am having an issue where I have a rule successfully match and is based on > AD Group however even if the account used on the device is not on the correct > AD Group it still successfully authenticate. I believe this is more of an AAA > override issue is there anywhere on Packetfence where I can see if > Packetfence is sending back the vlan assignment? All i see in the log is > successful authentication nothing indicating it sent back a vlan override. > Thank you in advance for your help. > > Request Time > 0 > RADIUS Request > User-Name = "test" > NAS-IP-Address = 172.16.99.99 > NAS-Port = 5 > Service-Type = Framed-User > Framed-IP-Address = 172.16.100.174 > Framed-MTU = 1485 > State = 0x5ce103c05de81912a6fe102bc6c3d43e > Called-Station-Id = "2c:21:21:9d:5f:60:Rdz-EWC > Calling-Station-Id = "56:59:f8:36:e1:55" > NAS-Identifier = "WLC2CF8.9B15.6E14" > NAS-Port-Type = Wireless-802.11 > Event-Timestamp = "Mar 16 2021 08:59:38 EDT" > EAP-Message = 0x020900061a03 > NAS-Port-Id = "capwap_90000004" > Airespace-Wlan-Id = 1 > Cisco-AVPair = "service-type=Framed" > Cisco-AVPair = "audit-session-id=636310AC0000004094F18357" > Cisco-AVPair = "method=dot1x" > Cisco-AVPair = "addrv6=fe80::1ca6:189c:65f4:5770" > Cisco-AVPair = "client-iif-id=469767067" > Cisco-AVPair = "vlan-id=100" > Cisco-AVPair = "cisco-wlan-ssid=Rdz-EWC" > Cisco-AVPair = "wlan-profile-name=Rdz-EWC" > FreeRADIUS-Proxied-To = 127.0.0.1 > EAP-Type = MSCHAPv2 > Stripped-User-Name = "test" > Realm = "null" > Called-Station-SSID = "Rdz-EWC" > PacketFence-Domain = "NNGDomain" > PacketFence-KeyBalanced = "6d5099cbb3bd042f6788696b2f8e2bfc" > PacketFence-Radius-Ip = "172.16.100.95" > PacketFence-NTLMv2-Only = "" > PacketFence-Outer-User = "test" > User-Password = "******" > SQL-User-Name = "test" > RADIUS Reply > EAP-Message = 0x03090004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "test" > > ---------- Forwarded message --------- > From: Joel Rodriguez <[email protected] > <mailto:[email protected]>> > Date: Tue, Mar 16, 2021 at 10:13 AM > Subject: VLAN Override Issue > To: <[email protected] > <mailto:[email protected]>> > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
