Hi Ludovic, Kindly find the error below;
[image: image.png] [image: image.png] In order to confirm that the password is correct, I logged in successfully. See output below; [image: image.png] On Tue, 8 Jun 2021 at 20:40, Ezeh Victor <vickeyzed...@gmail.com> wrote: > Hi Ludovic, > > Thanks for the clarification but I have no idea where the radius_nas is > for me to get the nasname to input in the command. > > The password for the user of for the database can be obtained from the GUI > I think......seen it under the configuration section. > > > On Tue, Jun 8, 2021, 6:33 PM Zammit, Ludovic <luza...@akamai.com> wrote: > >> Hello Victor, >> >> mysql -p -upf pf -e "select nasname from radius_nas” >> >> That command there, will connect to the 'pf' database with the user ‘pf’, >> if you don’t know your PF user password, you can use the root password with: >> >> mysql -p -uroot pf -e "select nasname from radius_nas” >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> >> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> >> <http://www.linkedin.com/company/akamai-technologies> >> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >> >> On Jun 8, 2021, at 11:07 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: >> >> >> Hi Ludovic, >> >> I am not sure I understand how this command is used. >> >> Kindly find what u tried below; >> <image.png> >> <image.png> >> >> Your guidance will be appreciated. >> >> On Mon, 7 Jun 2021 at 17:09, Zammit, Ludovic <luza...@akamai.com> wrote: >> >>> Did you re-add your switch without the /32? >>> >>> Give me the output of: >>> >>> mysql -p -upf pf -e "select nasname from radius_nas” >>> >>> Thanks, >>> >>> *Ludovic Zammit* >>> *Product Support Engineer Principal* >>> *Cell:* +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!E4mhT8AvPAver9AWppEii-xG_CsKVwOIwUtbiFdMgPJoOVzK4yv6wV0MzaY7ww$> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!E4mhT8AvPAver9AWppEii-xG_CsKVwOIwUtbiFdMgPJoOVzK4yv6wV1dsWV4RA$> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!E4mhT8AvPAver9AWppEii-xG_CsKVwOIwUtbiFdMgPJoOVzK4yv6wV0sdf_9Zw$> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!E4mhT8AvPAver9AWppEii-xG_CsKVwOIwUtbiFdMgPJoOVzK4yv6wV14l9pHEA$> >>> >>> On Jun 7, 2021, at 11:08 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: >>> >>> Hi Ludovic, >>> >>> Is there something else I should check to verify what the issue might be? >>> >>> On Thu, 3 Jun 2021 at 23:50, Ezeh Victor <vickeyzed...@gmail.com> wrote: >>> >>>> Hi Ludovic, >>>> >>>> The switch was not added with /32 as seen below; >>>> <image.png> >>>> <image.png> >>>> >>>> Or what exactly is being referred to? >>>> >>>> On Thu, 3 Jun 2021 at 21:08, Zammit, Ludovic <luza...@akamai.com> >>>> wrote: >>>> >>>>> Don’t add your switch with /32, clone it and remove /32 and try again. >>>>> >>>>> Thanks, >>>>> >>>>> *Ludovic Zammit* >>>>> *Product Support Engineer Principal* >>>>> *Cell:* +1.613.670.8432 >>>>> Akamai Technologies - Inverse >>>>> 145 Broadway >>>>> Cambridge, MA 02142 >>>>> Connect with Us: <https://community.akamai.com/> >>>>> <http://blogs.akamai.com/> >>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZA4OAeoUg$> >>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZCIgejhbw$> >>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZBu520SBw$> >>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZBlQ9xcPw$> >>>>> >>>>> On Jun 3, 2021, at 12:16 PM, Ezeh Victor <vickeyzed...@gmail.com> >>>>> wrote: >>>>> >>>>> Hi Ludovic, >>>>> >>>>> That feature is now turned on as seen below; >>>>> <image.png> >>>>> >>>>> httpd.aaa and radiusd-auth services were restarted after this >>>>> >>>>> But the error still persists but with a different log message: >>>>> >>>>> >>>>> *Jun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: >>>>> ciscopiJun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: (1290157) Rejected in >>>>> post-auth: [ciscopi] (from client 172.29.1.16/32 >>>>> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhKfD_IBw$> >>>>> port 1)Jun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: (1290157) Login >>>>> incorrect (rest: Server returned:): [ciscopi] (from client 172.29.1.16/32 >>>>> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhKfD_IBw$> >>>>> port 1)* >>>>> >>>>> >>>>> On Thu, 3 Jun 2021 at 17:03, Zammit, Ludovic <luza...@akamai.com> >>>>> wrote: >>>>> >>>>>> It says that the CLI Radius login is not permitted, did you check the >>>>>> box on the switch config in PF ? >>>>>> >>>>>> <PastedGraphic-4.tiff> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> *Ludovic Zammit* >>>>>> *Product Support Engineer Principal* >>>>>> *Cell:* +1.613.670.8432 >>>>>> Akamai Technologies - Inverse >>>>>> 145 Broadway >>>>>> Cambridge, MA 02142 >>>>>> Connect with Us: <https://community.akamai.com/> >>>>>> <http://blogs.akamai.com/> >>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhRP_okcg$> >>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgD_Sro-w$> >>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgkxfneBA$> >>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgMOOHD4w$> >>>>>> >>>>>> On Jun 3, 2021, at 11:27 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Hi Ludovic, >>>>>> >>>>>> Kindly find errors below; >>>>>> >>>>>> Packetfence.log: *packetfence_httpd.aaa: httpd.aaa(10470) WARN: >>>>>> [mac:a8:51:5b:c8:3f:67] CLI Access is not permit on this switch >>>>>> 172.29.1.16 >>>>>> (pf::radius::switch_access)* >>>>>> <image.png> >>>>>> >>>>>> Radius.log: >>>>>> *Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: >>>>>> Server returned:* >>>>>> >>>>>> >>>>>> >>>>>> *Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: >>>>>> {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"CLI >>>>>> or >>>>>> VPN Access is not allowed by PacketFence on this switch"}Jun 3 16:11:56 >>>>>> IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: ciscopiJun 3 16:11:56 >>>>>> IKJDC-PRD-PKF01 auth[12075]: (1286075) Rejected in post-auth: [ciscopi] >>>>>> (from client 172.29.1.16/32 >>>>>> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3fWyaHsMg$> >>>>>> port 1)* >>>>>> <image.png> >>>>>> >>>>>> >>>>>> From the radius logs, it seems the switch is not accepting access via >>>>>> CLI and it needs to be enabled from Packetfence. >>>>>> >>>>>> I have reviewed the configuration on the switch section in >>>>>> PacketFence and also added the credentials for login to the CLI tab and >>>>>> yet >>>>>> I receive the same error message. >>>>>> >>>>>> On Wed, 2 Jun 2021 at 19:07, Zammit, Ludovic <luza...@akamai.com> >>>>>> wrote: >>>>>> >>>>>>> Hello Victor, >>>>>>> >>>>>>> It’s probably an authentication issue, check in the radius.log and >>>>>>> packetfence.log for errors. >>>>>>> >>>>>>> The password need to be sent in clear from the switch to PF. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> *Ludovic Zammit* >>>>>>> *Product Support Engineer Principal* >>>>>>> *Cell:* +1.613.670.8432 >>>>>>> Akamai Technologies - Inverse >>>>>>> 145 Broadway >>>>>>> Cambridge, MA 02142 >>>>>>> Connect with Us: <https://community.akamai.com/> >>>>>>> <http://blogs.akamai.com/> >>>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3cZeoA23A$> >>>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dO9Maypw$> >>>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dguSc2cg$> >>>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dItV6Kog$> >>>>>>> >>>>>>> On Jun 2, 2021, at 11:50 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Thank you for your email. >>>>>>> >>>>>>> I tried out that command and retried access but this is the error I >>>>>>> received; >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> The ciscopi account is a locally created account on PacketFence with >>>>>>> an action set to Admin Role *CLI Switches* that was created within >>>>>>> Admin Access - (CLI Read and CLI Write). >>>>>>> >>>>>>> Does the software image running on the switch also affect this >>>>>>> funtion? >>>>>>> >>>>>>> On Wed, 2 Jun 2021 at 11:46, Quiniou-Briand, Nicolas < >>>>>>> nquin...@akamai.com> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Could you try to add following commands in switch configuration: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> #v+ >>>>>>>> >>>>>>>> conf t >>>>>>>> >>>>>>>> aaa authorization exec default group packetfence local >>>>>>>> >>>>>>>> #v- >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I recently worked with Cisco IOS XE Software, Version 16.09.05 and >>>>>>>> this step was mandatory. >>>>>>>> >>>>>>>> Without this line, it was possible to connect to switch but user >>>>>>>> get privilege 1. If you try to use “enable”, it doesn’t work. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *Nicolas Quiniou-Briand* >>>>>>>> *Product Support Engineer* >>>>>>>> >>>>>>>> <image001.png> >>>>>>>> >>>>>>>> *Office:* +33156696210 >>>>>>>> >>>>>>>> Akamai Technologies >>>>>>>> 145 Broadway >>>>>>>> Cambridge, MA 02142 >>>>>>>> >>>>>>>> Connect with Us: >>>>>>>> >>>>>>>> <image002.jpg> <https://community.akamai.com/> <image003.png> >>>>>>>> <http://blogs.akamai.com/> <image004.png> >>>>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsonEWpNFQ$> >>>>>>>> <image005.png> >>>>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsoPTpAoDA$> >>>>>>>> <image006.png> >>>>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsqZZ_gRXg$> >>>>>>>> <image007.png> >>>>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsrplQlfuA$> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>> >>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
