Hello Joshua,
let's run that:
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 -c '(
Calling-Station-Id =~ /78[-:]?4f[-:]?43[-:]?97[-:]?f5[-:]?fe/i )'
And paste the output.
Regards
Fabrice
Le 21-03-26 à 18 h 22, Joshua Wise via PacketFence-users a écrit :
RADIUS Reply is empty.
I ran the specified patch, restarted services, same error.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 1:47 PM Ludovic Zammit <[email protected]
<mailto:[email protected]>> wrote:
I never seen that error message.
It needs more investigation.
What is the radius reply given by pf for that authentication ?
Just below the radius request.
Did you patch your server with :
/usr/local/pf/addons/pf-maint.pl <http://pf-maint.pl>
Then restart all pf services:
/usr/local/pf/bin/pfcmd service pf restart
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
On Mar 26, 2021, at 2:24 PM, Joshua Wise
<[email protected] <mailto:[email protected]>> wrote:
RADIS Request Audit log:
NAS-Port-Type = Wireless-802.11 PacketFence-Outer-User =
"[email protected] <mailto:[email protected]>"
PacketFence-Radius-Ip = "10.56.64.44" Service-Type = Framed-User
Called-Station-Id = "00-1A-1E-01-EC-98-cisd.1x" State =
0x6f17c8406f1fd21550a9f72c8da28ab6 FreeRADIUS-Proxied-To =
127.0.0.1 Realm = "default" NAS-IP-Address = 10.56.64.44
PacketFence-NTLMv2-Only = "" Calling-Station-Id =
"78:4f:43:97:f5:fe" Aruba-Essid-Name = "cisd.1x"
PacketFence-KeyBalanced = "e779e78c1ea9a92dab5dc5d6d30a8dc7"
PacketFence-Domain = "celinaisd" Aruba-AP-Group = "CS701"
User-Name = "[email protected]
<mailto:[email protected]>" Aruba-Location-Id =
"ADMIN-MDF-AP16" NAS-Identifier = "10.56.64.222" Event-Timestamp
= "Mar 25 2021 08:33:08 CDT" EAP-Message =
0x020800511a0208004c316ec62dd3023b6ff16890ed459e79818b0000000000000000175ed1760cce67ff48491f88d067ce8bc17ec36c65b75de60074657374776966694063656c696e616973642e636f6d
Stripped-User-Name = "testwifi" NAS-Port = 0 Framed-MTU = 1100
EAP-Type = MSCHAPv2 PacketFence-UserNameAttribute =
"[email protected] <mailto:[email protected]>"
Module-Failure-Message = "celinaisd: Attribute \"User-Password\"
is required for authentication" User-Password = "******"
SQL-User-Name = "[email protected]
<mailto:[email protected]>"
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 12:12 PM Ludovic Zammit
<[email protected] <mailto:[email protected]>> wrote:
For that radius request, go check Auditing and show me the
radius request.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence
(http://packetfence.org <http://packetfence.org/>)
On Mar 26, 2021, at 8:43 AM, Joshua Wise
<[email protected] <mailto:[email protected]>>
wrote:
Here we go:
Mar 26 07:40:11 packetfence auth[2770]: (10350) Login
incorrect (celinaisd: Attribute "User-Password" is required
for authentication): [[email protected]
<mailto:[email protected]>] (from client
10.56.64.222/32 <http://10.56.64.222/32> port 0 cli
78:4f:43:97:f5:fe via TLS tunnel)
Mar 26 07:40:11 packetfence auth[2770]:
[mac:78:4f:43:97:f5:fe] Rejected user:
[email protected] <mailto:[email protected]>
Mar 26 07:40:11 packetfence auth[2770]: (10351) Login
incorrect (eap_peap: The users session was previously
rejected: returning reject (again.)):
[[email protected] <mailto:[email protected]>]
(from client 10.56.64.222/32 <http://10.56.64.222/32> port 0
cli 78:4f:43:97:f5:fe)
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 7:00 AM Ludovic Zammit
<[email protected] <mailto:[email protected]>> wrote:
That’s not good, you should have something in the log
related to that Mac address. Try another computer or
clear the cache info related to your Mac in the wifi
controller.
Check:
grep MAC_ADDRESS /usr/local/pf/logs/radius.log
Use 00:11:22:33:44:55 for the Mac address format.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence
(http://packetfence.org <http://packetfence.org/>)
On Mar 25, 2021, at 2:20 PM, Joshua Wise
<[email protected]
<mailto:[email protected]>> wrote:
I don't get a response when using that command. I can
see the log file exists, modifying with vi shows the
following repeatedly.
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: Using 300 resolution threshold
(pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: All cluster members are running
the same configuration version
(pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0 security_events
during security_event maintenance (1616662378.2789
1616662378.28441)
(pf::security_event::security_event_maintenance)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0 security_events
during security_event maintenance (1616662378.2855
1616662378.2874)
(pf::security_event::security_event_maintenance)
Mar 25 03:53:58 packetfence packetfence:
pfperl-api(2204) INFO: Using 300 resolution threshold
(pf::pfcron::task::cluster_check::run)
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 10:08 AM Ludovic Zammit
<[email protected] <mailto:[email protected]>> wrote:
Give me the output of:
grep MAC_ADDRESS /usr/local/pf/logs/packetfence.log
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 25, 2021, at 8:39 AM, Joshua Wise
<[email protected]
<mailto:[email protected]>> wrote:
SSID type is 802.1x with WPA2-Enterprise.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 7:08 AM Ludovic Zammit
<[email protected] <mailto:[email protected]>>
wrote:
Hello,
What’s your SSID type ? Open SSID or 8021.x
with WPA2 Entreprise?
Thanks,
Ludovic Zammit
[email protected]
<mailto:[email protected]> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 24, 2021, at 3:06 PM, Joshua Wise via
PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
I'm in the process of testing Packefence with
our Aruba Controller. I've added our on-prem
Active Directory to Packetfence, and can test
authentication fine with pftest, no issues.
I've configured our Aruba Controller with an
802.1x SSID, RADIUS, etc.
When I attempt to connect with
username/password, it fails. I can see in the
RADIUS log that I get an error "Attribute
"User-Password" is required for authentication."
Within that log, I can go to the RADIUS
section and see: User-Password = "******"
This makes me think the password is being
passed from our Controller to Packetfence
just fine.
Not sure what I'm missing, any ideas or
suggestions?
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
