No luck adjusting those values from the web gui, same error. realm.conf
[1 DEFAULT] permit_custom_attributes=disabled radius_auth_proxy_type=keyed-balance radius_auth_compute_in_pf=enabled eduroam_radius_auth= eduroam_radius_auth_proxy_type=keyed-balance eduroam_radius_acct= radius_acct_proxy_type=load-balance radius_auth= eduroam_radius_auth_compute_in_pf=enabled eduroam_radius_acct_proxy_type=load-balance radius_acct= domain=celinaisd [1 LOCAL] radius_strip_username=enabled permit_custom_attributes=disabled radius_auth_proxy_type=keyed-balance radius_auth_compute_in_pf=enabled eduroam_radius_auth= domain=celinaisd eduroam_radius_auth_proxy_type=keyed-balance eduroam_radius_acct= radius_acct_proxy_type=load-balance radius_auth= ldap_source=celinaisd eduroam_radius_auth_compute_in_pf=enabled eduroam_radius_acct_proxy_type=load-balance radius_acct= *Joshua Wise* Systems Engineer, Celina ISD 469-742-9113 https://www.celinaisd.com On Fri, Apr 2, 2021 at 10:32 AM Fabrice Durand <[email protected]> wrote: > Hello Joshua, > > yes it can be there and it can also be because you set a "LDAP Source for > TTLS PAP" in the realm. > > I am just curious to see why it doesn't work, can you share the realm.conf > file ? > > > Regards > > Fabrice > > > Le 2021-04-01 à 16 h 26, Joshua Wise a écrit : > > Are you referring to the section under Configuration > Default > EAP > Profiles? > > I reset it to defaults, but get the same error. > > I actually had this all working, the authentication portion at least, > about a month ago. After an extended break, it's doing this. > > I'm tempted to start over with a fresh installation. > > *Joshua Wise* > Systems Engineer, Celina ISD > 469-742-9113 > https://www.celinaisd.com > > > > On Wed, Mar 31, 2021 at 7:22 AM Fabrice Durand via PacketFence-users < > [email protected]> wrote: > >> Hello Joshua, >> >> sorry for the late reply. >> >> So it looks that you played with the radius eap configuration. >> >> Can you revert this section (put as default) and retry ? >> >> Thanks >> >> Regards >> >> Fabrice >> >> >> Le 2021-03-29 à 16 h 15, Joshua Wise via PacketFence-users a écrit : >> >> Pastebin of the response. >> >> https://pastebin.com/L70fKEB7 >> >> *Joshua Wise* >> Systems Engineer, Celina ISD >> 469-742-9113 >> https://www.celinaisd.com >> >> >> On Sat, Mar 27, 2021 at 8:13 AM Durand fabrice via PacketFence-users < >> [email protected]> wrote: >> >>> Then run the command without the filter and reconnect your device. >>> >>> raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 >>> >>> >>> Le 21-03-27 à 08 h 29, Joshua Wise via PacketFence-users a écrit : >>> >>> Command appears to run endlessly, I grabbed a snippet that appears to be >>> what is repeated. >>> >>> (3440) Sat Mar 27 07:25:15 2021: Debug: Received Status-Server Id 51 >>> from 127.0.0.1:51452 to 127.0.0.1:18121 length 50 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: Message-Authenticator = >>> 0x9257e8cab94913463172d8be5663c80b >>> (3440) Sat Mar 27 07:25:15 2021: Debug: FreeRADIUS-Statistics-Type = 15 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: # Executing group from file >>> /usr/local/pf/raddb/sites-enabled/status >>> (3440) Sat Mar 27 07:25:15 2021: Debug: Autz-Type Status-Server { >>> (3440) Sat Mar 27 07:25:15 2021: Debug: [ok] = ok >>> (3440) Sat Mar 27 07:25:15 2021: Debug: } # Autz-Type Status-Server = >>> ok >>> (3440) Sat Mar 27 07:25:15 2021: Debug: Sent Access-Accept Id 51 from >>> 127.0.0.1:18121 to 127.0.0.1:51452 length 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Access-Requests = 3441 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Access-Accepts = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Access-Rejects = 2 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Access-Challenges = 16 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Auth-Responses = 18 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Auth-Duplicate-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Auth-Malformed-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Auth-Invalid-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Auth-Dropped-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Auth-Unknown-Types = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Accounting-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Accounting-Responses = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Acct-Duplicate-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Acct-Malformed-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Acct-Invalid-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Acct-Dropped-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Acct-Unknown-Types = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Access-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Access-Accepts = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Access-Rejects = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Access-Challenges = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Auth-Responses = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Accounting-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Accounting-Responses = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: >>> FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0 >>> (3440) Sat Mar 27 07:25:15 2021: Debug: Finished request >>> (3440) Sat Mar 27 07:25:20 2021: Debug: Cleaning up request packet ID 51 >>> with timestamp +51321 >>> >>> *Joshua Wise* >>> Systems Engineer, Celina ISD >>> 469-742-9113 >>> https://www.celinaisd.com >>> >>> >>> On Fri, Mar 26, 2021 at 9:00 PM Durand fabrice via PacketFence-users < >>> [email protected]> wrote: >>> >>>> Hello Joshua, >>>> >>>> let's run that: >>>> >>>> raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 -c '( >>>> Calling-Station-Id =~ /78[-:]?4f[-:]?43[-:]?97[-:]?f5[-:]?fe/i )' >>>> >>>> >>>> And paste the output. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 21-03-26 à 18 h 22, Joshua Wise via PacketFence-users a écrit : >>>> >>>> RADIUS Reply is empty. >>>> >>>> I ran the specified patch, restarted services, same error. >>>> >>>> *Joshua Wise* >>>> Systems Engineer, Celina ISD >>>> 469-742-9113 >>>> https://www.celinaisd.com >>>> >>>> >>>> On Fri, Mar 26, 2021 at 1:47 PM Ludovic Zammit <[email protected]> >>>> wrote: >>>> >>>>> I never seen that error message. >>>>> >>>>> It needs more investigation. >>>>> >>>>> What is the radius reply given by pf for that authentication ? Just >>>>> below the radius request. >>>>> >>>>> Did you patch your server with : >>>>> >>>>> /usr/local/pf/addons/pf-maint.pl >>>>> >>>>> Then restart all pf services: >>>>> >>>>> /usr/local/pf/bin/pfcmd service pf restart >>>>> >>>>> Thanks, >>>>> >>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Mar 26, 2021, at 2:24 PM, Joshua Wise <[email protected]> >>>>> wrote: >>>>> >>>>> RADIS Request Audit log: >>>>> >>>>> NAS-Port-Type = Wireless-802.11 PacketFence-Outer-User = " >>>>> [email protected]" PacketFence-Radius-Ip = "10.56.64.44" >>>>> Service-Type = Framed-User Called-Station-Id = "00-1A-1E-01-EC-98-cisd.1x" >>>>> State = 0x6f17c8406f1fd21550a9f72c8da28ab6 FreeRADIUS-Proxied-To = >>>>> 127.0.0.1 Realm = "default" NAS-IP-Address = 10.56.64.44 >>>>> PacketFence-NTLMv2-Only = "" Calling-Station-Id = "78:4f:43:97:f5:fe" >>>>> Aruba-Essid-Name = "cisd.1x" PacketFence-KeyBalanced = >>>>> "e779e78c1ea9a92dab5dc5d6d30a8dc7" PacketFence-Domain = "celinaisd" >>>>> Aruba-AP-Group = "CS701" User-Name = "[email protected]" >>>>> Aruba-Location-Id = "ADMIN-MDF-AP16" NAS-Identifier = "10.56.64.222" >>>>> Event-Timestamp = "Mar 25 2021 08:33:08 CDT" EAP-Message = >>>>> 0x020800511a0208004c316ec62dd3023b6ff16890ed459e79818b0000000000000000175ed1760cce67ff48491f88d067ce8bc17ec36c65b75de60074657374776966694063656c696e616973642e636f6d >>>>> Stripped-User-Name = "testwifi" NAS-Port = 0 Framed-MTU = 1100 EAP-Type = >>>>> MSCHAPv2 PacketFence-UserNameAttribute = "[email protected]" >>>>> Module-Failure-Message = "celinaisd: Attribute \"User-Password\" is >>>>> required for authentication" User-Password = "******" SQL-User-Name = " >>>>> [email protected]" >>>>> >>>>> *Joshua Wise* >>>>> Systems Engineer, Celina ISD >>>>> 469-742-9113 >>>>> https://www.celinaisd.com >>>>> >>>>> >>>>> On Fri, Mar 26, 2021 at 12:12 PM Ludovic Zammit <[email protected]> >>>>> wrote: >>>>> >>>>>> For that radius request, go check Auditing and show me the radius >>>>>> request. >>>>>> Thanks, >>>>>> >>>>>> >>>>>> Ludovic Zammit >>>>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>>> (http://packetfence.org) >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Mar 26, 2021, at 8:43 AM, Joshua Wise <[email protected]> >>>>>> wrote: >>>>>> >>>>>> Here we go: >>>>>> >>>>>> Mar 26 07:40:11 packetfence auth[2770]: (10350) Login incorrect >>>>>> (celinaisd: Attribute "User-Password" is required for authentication): [ >>>>>> [email protected]] (from client 10.56.64.222/32 port 0 cli >>>>>> 78:4f:43:97:f5:fe via TLS tunnel) >>>>>> Mar 26 07:40:11 packetfence auth[2770]: [mac:78:4f:43:97:f5:fe] >>>>>> Rejected user: [email protected] >>>>>> Mar 26 07:40:11 packetfence auth[2770]: (10351) Login incorrect >>>>>> (eap_peap: The users session was previously rejected: returning reject >>>>>> (again.)): [[email protected]] (from client 10.56.64.222/32 >>>>>> port 0 cli 78:4f:43:97:f5:fe) >>>>>> >>>>>> *Joshua Wise* >>>>>> Systems Engineer, Celina ISD >>>>>> 469-742-9113 >>>>>> https://www.celinaisd.com >>>>>> >>>>>> >>>>>> On Fri, Mar 26, 2021 at 7:00 AM Ludovic Zammit <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> That’s not good, you should have something in the log related to >>>>>>> that Mac address. Try another computer or clear the cache info related >>>>>>> to >>>>>>> your Mac in the wifi controller. >>>>>>> >>>>>>> Check: >>>>>>> >>>>>>> grep MAC_ADDRESS /usr/local/pf/logs/radius.log >>>>>>> >>>>>>> Use 00:11:22:33:44:55 for the Mac address format. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> >>>>>>> Ludovic Zammit >>>>>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mar 25, 2021, at 2:20 PM, Joshua Wise <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> I don't get a response when using that command. I can see the log >>>>>>> file exists, modifying with vi shows the following repeatedly. >>>>>>> >>>>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2202) INFO: >>>>>>> Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>>>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2202) INFO: All >>>>>>> cluster members are running the same configuration version >>>>>>> (pf::pfcron::task::cluster_check::run) >>>>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2204) INFO: >>>>>>> processed 0 security_events during security_event maintenance >>>>>>> (1616662378.2789 1616662378.28441) >>>>>>> (pf::security_event::security_event_maintenance) >>>>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2204) INFO: >>>>>>> processed 0 security_events during security_event maintenance >>>>>>> (1616662378.2855 1616662378.2874) >>>>>>> (pf::security_event::security_event_maintenance) >>>>>>> Mar 25 03:53:58 packetfence packetfence: pfperl-api(2204) INFO: >>>>>>> Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>>>>>> >>>>>>> *Joshua Wise* >>>>>>> Systems Engineer, Celina ISD >>>>>>> 469-742-9113 >>>>>>> https://www.celinaisd.com >>>>>>> >>>>>>> >>>>>>> On Thu, Mar 25, 2021 at 10:08 AM Ludovic Zammit <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Give me the output of: >>>>>>>> >>>>>>>> grep MAC_ADDRESS /usr/local/pf/logs/packetfence.log >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> >>>>>>>> Ludovic Zammit >>>>>>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>> PacketFence (http://packetfence.org) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mar 25, 2021, at 8:39 AM, Joshua Wise <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>> SSID type is 802.1x with WPA2-Enterprise. >>>>>>>> >>>>>>>> *Joshua Wise* >>>>>>>> Systems Engineer, Celina ISD >>>>>>>> 469-742-9113 >>>>>>>> https://www.celinaisd.com >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Mar 25, 2021 at 7:08 AM Ludovic Zammit <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> What’s your SSID type ? Open SSID or 8021.x with WPA2 Entreprise? >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> >>>>>>>>> Ludovic Zammit >>>>>>>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mar 24, 2021, at 3:06 PM, Joshua Wise via PacketFence-users < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>> I'm in the process of testing Packefence with our Aruba >>>>>>>>> Controller. I've added our on-prem Active Directory to Packetfence, >>>>>>>>> and can >>>>>>>>> test authentication fine with pftest, no issues. >>>>>>>>> >>>>>>>>> I've configured our Aruba Controller with an 802.1x SSID, RADIUS, >>>>>>>>> etc. >>>>>>>>> >>>>>>>>> When I attempt to connect with username/password, it fails. I can >>>>>>>>> see in the RADIUS log that I get an error "Attribute "User-Password" >>>>>>>>> is >>>>>>>>> required for authentication." >>>>>>>>> >>>>>>>>> Within that log, I can go to the RADIUS section and see: >>>>>>>>> User-Password = "******" >>>>>>>>> >>>>>>>>> This makes me think the password is being passed from our >>>>>>>>> Controller to Packetfence just fine. >>>>>>>>> >>>>>>>>> Not sure what I'm missing, any ideas or suggestions? >>>>>>>>> >>>>>>>>> *Joshua Wise* >>>>>>>>> Systems Engineer, Celina ISD >>>>>>>>> 469-742-9113 >>>>>>>>> https://www.celinaisd.com >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing >>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> _______________________________________________ >> PacketFence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
