Can you try this:
edit switches.conf, in the section [172.28.5.0/24]
useCoA=Y
then do pfcmd configreload hard
Then retry to authenticate and give me the log. (packetfence.log)
Regards
Fabrice
Le 19-09-04 à 19 h 49, Peter Reissenweber a écrit :
Here is a full packetfence.log history from
Here is a full packetfence.log history from enrolment to disconnect.
admin@ip-10-11-8-37:/tmp$ tail -fn 20 /usr/local/pf/logs/packetfence.log
Aug 29 12:24:25 ip-10-11-8-37 pfqueue: pfqueue(6561) INFO:
[mac:30:07:4d:74:4c:55] [30:07:4d:74:4c:55] DesAssociating mac on switch
(172.28.5.250)
Your config looks good but there is something i miss.
Can you provide the packetfence.log when you register ?
Le 19-09-04 à 18 h 11, Peter Reissenweber via PacketFence-users a écrit :
Any options here do you need more logs?
-Original Message-
From: Peter Reissenweber via
Any options here do you need more logs?
-Original Message-
From: Peter Reissenweber via PacketFence-users
Sent: Monday, 2 September 2019 8:16 AM
To: Nicolas Quiniou-Briand ;
packetfence-users@lists.sourceforge.net
Cc: Peter Reissenweber
Subject: Re: [PacketFence-users] DesAssociating
Hi Fabrice,
As I mentioned it works for me as well when all devices have the same role but
not when I have multiple devices with different roles assigned connecting.
I will try to get the logs together for you!
Thanks
Benjamin
Von: Fabrice Durand
Gesendet: Mittwoch, 4. September 2019 15:52
Hello Benjamin,
i did some test and even if i have multiples device on the same switch
port the locationlog is still open (for all of them).
Can you provide me more information about your setup ?
Like the switch module you are using, the log in packetfence.log when
you connect multiples on
Hello Ali,
in fact when you authenticate with 802.1x you authenticate the user and
not the device.
So if you associate the user to a role then the role to an acl it mean
user = ACL.
Also i checked the code of the module and it looks that it doesn't
support dynamic ACL. Btw it looks to use
Hello there,
We are working on a use case where downloadable and dynamic ACLs are used
as separate features independent of web authentication.
The use case is simple, lets say we have an 802.1X user and I want to
associate a dynamic or downloadable ACL with it when the authentication
passes.