Ludovic, test user is an Active Directory user that is in the vlan100 AD group. I want to authenticate against AD. This is the authentication rule. [image: image.png]
and output [image: image.png] On Thu, Mar 25, 2021 at 8:09 AM Ludovic Zammit <[email protected]> wrote: > Where do you want to authenticate your test user? > > Where did you create it? > > Thanks, > > > Ludovic Zammit > [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > > > > On Mar 24, 2021, at 4:19 PM, Joel Rodriguez <[email protected]> > wrote: > > Hi Ludovic, > > This is the output. > > <image.png> > > On Tue, Mar 23, 2021 at 1:40 PM Ludovic Zammit <[email protected]> wrote: > >> Hello Joel, >> >> That output tells me that your node / username did not match any rule in >> any source. >> >> Do that and show me the result: >> >> grep -i MAC_ADDRESS /usr/local/pf/logs/packetfence.log >> >> Thanks, >> >> >> Ludovic Zammit >> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> >> >> On Mar 23, 2021, at 1:33 PM, Joel Rodriguez <[email protected]> >> wrote: >> >> Ludovic can you help with my question below. Also this is the entire >> output as you can see in the RADIUS reply I do not see where PacketFence is >> sending back the VLAN. >> >> I am having an issue where I have a rule successfully match and is based >> on AD Group however even if the account used on the device is not on the >> correct AD Group it still successfully authenticate. I believe this is more >> of an AAA override issue is there anywhere on Packetfence where I can see >> if Packetfence is sending back the vlan assignment? All i see in the log is >> successful authentication nothing indicating it sent back a vlan override. >> Thank you in advance for your help. >> >> Request Time >> 0 >> RADIUS Request >> User-Name = "test" NAS-IP-Address = 172.16.99.99 NAS-Port = 5 >> Service-Type = Framed-User Framed-IP-Address = 172.16.100.174 Framed-MTU = >> 1485 State = 0x5ce103c05de81912a6fe102bc6c3d43e Called-Station-Id = >> "2c:21:21:9d:5f:60:Rdz-EWC Calling-Station-Id = "56:59:f8:36:e1:55" >> NAS-Identifier = "WLC2CF8.9B15.6E14" NAS-Port-Type = Wireless-802.11 >> Event-Timestamp = "Mar 16 2021 08:59:38 EDT" EAP-Message = 0x020900061a03 >> NAS-Port-Id = "capwap_90000004" Airespace-Wlan-Id = 1 Cisco-AVPair = >> "service-type=Framed" Cisco-AVPair = >> "audit-session-id=636310AC0000004094F18357" Cisco-AVPair = "method=dot1x" >> Cisco-AVPair = "addrv6=fe80::1ca6:189c:65f4:5770" Cisco-AVPair = >> "client-iif-id=469767067" Cisco-AVPair = "vlan-id=100" Cisco-AVPair = >> "cisco-wlan-ssid=Rdz-EWC" Cisco-AVPair = "wlan-profile-name=Rdz-EWC" >> FreeRADIUS-Proxied-To = 127.0.0.1 EAP-Type = MSCHAPv2 Stripped-User-Name = >> "test" Realm = "null" Called-Station-SSID = "Rdz-EWC" PacketFence-Domain = >> "NNGDomain" PacketFence-KeyBalanced = "6d5099cbb3bd042f6788696b2f8e2bfc" >> PacketFence-Radius-Ip = "172.16.100.95" PacketFence-NTLMv2-Only = "" >> PacketFence-Outer-User = "test" User-Password = "******" SQL-User-Name = >> "test" >> RADIUS Reply >> EAP-Message = 0x03090004 Message-Authenticator = >> 0x00000000000000000000000000000000 User-Name = "test" >> >> ---------- Forwarded message --------- >> From: Joel Rodriguez <[email protected]> >> Date: Tue, Mar 16, 2021 at 10:13 AM >> Subject: VLAN Override Issue >> To: <[email protected]> >> >> >> >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
