Hello Joshua,
sorry for the late reply.
So it looks that you played with the radius eap configuration.
Can you revert this section (put as default) and retry ?
Thanks
Regards
Fabrice
Le 2021-03-29 à 16 h 15, Joshua Wise via PacketFence-users a écrit :
Pastebin of the response.
https://pastebin.com/L70fKEB7 <https://pastebin.com/L70fKEB7>
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Sat, Mar 27, 2021 at 8:13 AM Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Then run the command without the filter and reconnect your device.
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600
Le 21-03-27 à 08 h 29, Joshua Wise via PacketFence-users a écrit :
Command appears to run endlessly, I grabbed a snippet that
appears to be what is repeated.
(3440) Sat Mar 27 07:25:15 2021: Debug: Received Status-Server Id
51 from 127.0.0.1:51452 <http://127.0.0.1:51452> to
127.0.0.1:18121 <http://127.0.0.1:18121> length 50
(3440) Sat Mar 27 07:25:15 2021: Debug: Message-Authenticator =
0x9257e8cab94913463172d8be5663c80b
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Statistics-Type = 15
(3440) Sat Mar 27 07:25:15 2021: Debug: # Executing group from
file /usr/local/pf/raddb/sites-enabled/status
(3440) Sat Mar 27 07:25:15 2021: Debug: Autz-Type Status-Server {
(3440) Sat Mar 27 07:25:15 2021: Debug: [ok] = ok
(3440) Sat Mar 27 07:25:15 2021: Debug: } # Autz-Type
Status-Server = ok
(3440) Sat Mar 27 07:25:15 2021: Debug: Sent Access-Accept Id 51
from 127.0.0.1:18121 <http://127.0.0.1:18121> to 127.0.0.1:51452
<http://127.0.0.1:51452> length 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Requests = 3441
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Accepts = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Rejects = 2
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Challenges = 16
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Responses = 18
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Accounting-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Accounting-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Accepts = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Rejects = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Challenges = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Accounting-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Accounting-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug: Finished request
(3440) Sat Mar 27 07:25:20 2021: Debug: Cleaning up request
packet ID 51 with timestamp +51321
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 9:00 PM Durand fabrice via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Joshua,
let's run that:
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 -c '(
Calling-Station-Id =~ /78[-:]?4f[-:]?43[-:]?97[-:]?f5[-:]?fe/i )'
And paste the output.
Regards
Fabrice
Le 21-03-26 à 18 h 22, Joshua Wise via PacketFence-users a
écrit :
RADIUS Reply is empty.
I ran the specified patch, restarted services, same error.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 1:47 PM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>> wrote:
I never seen that error message.
It needs more investigation.
What is the radius reply given by pf for that
authentication ? Just below the radius request.
Did you patch your server with :
/usr/local/pf/addons/pf-maint.pl <http://pf-maint.pl>
Then restart all pf services:
/usr/local/pf/bin/pfcmd service pf restart
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918
(x145) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu>) and PacketFence (http://packetfence.org
<http://packetfence.org>)
On Mar 26, 2021, at 2:24 PM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
RADIS Request Audit log:
NAS-Port-Type = Wireless-802.11 PacketFence-Outer-User
= "testw...@celinaisd.com
<mailto:testw...@celinaisd.com>" PacketFence-Radius-Ip
= "10.56.64.44" Service-Type = Framed-User
Called-Station-Id = "00-1A-1E-01-EC-98-cisd.1x" State =
0x6f17c8406f1fd21550a9f72c8da28ab6
FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "default"
NAS-IP-Address = 10.56.64.44 PacketFence-NTLMv2-Only =
"" Calling-Station-Id = "78:4f:43:97:f5:fe"
Aruba-Essid-Name = "cisd.1x" PacketFence-KeyBalanced =
"e779e78c1ea9a92dab5dc5d6d30a8dc7" PacketFence-Domain =
"celinaisd" Aruba-AP-Group = "CS701" User-Name =
"testw...@celinaisd.com
<mailto:testw...@celinaisd.com>" Aruba-Location-Id =
"ADMIN-MDF-AP16" NAS-Identifier = "10.56.64.222"
Event-Timestamp = "Mar 25 2021 08:33:08 CDT"
EAP-Message =
0x020800511a0208004c316ec62dd3023b6ff16890ed459e79818b0000000000000000175ed1760cce67ff48491f88d067ce8bc17ec36c65b75de60074657374776966694063656c696e616973642e636f6d
Stripped-User-Name = "testwifi" NAS-Port = 0 Framed-MTU
= 1100 EAP-Type = MSCHAPv2
PacketFence-UserNameAttribute = "testw...@celinaisd.com
<mailto:testw...@celinaisd.com>" Module-Failure-Message
= "celinaisd: Attribute \"User-Password\" is required
for authentication" User-Password = "******"
SQL-User-Name = "testw...@celinaisd.com
<mailto:testw...@celinaisd.com>"
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 12:12 PM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>> wrote:
For that radius request, go check Auditing and show
me the radius request.
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 26, 2021, at 8:43 AM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
Here we go:
Mar 26 07:40:11 packetfence auth[2770]: (10350)
Login incorrect (celinaisd: Attribute
"User-Password" is required for authentication):
[testw...@celinaisd.com
<mailto:testw...@celinaisd.com>] (from client
10.56.64.222/32 <http://10.56.64.222/32> port 0
cli 78:4f:43:97:f5:fe via TLS tunnel)
Mar 26 07:40:11 packetfence auth[2770]:
[mac:78:4f:43:97:f5:fe] Rejected user:
testw...@celinaisd.com <mailto:testw...@celinaisd.com>
Mar 26 07:40:11 packetfence auth[2770]: (10351)
Login incorrect (eap_peap: The users session was
previously rejected: returning reject (again.)):
[testw...@celinaisd.com
<mailto:testw...@celinaisd.com>] (from client
10.56.64.222/32 <http://10.56.64.222/32> port 0
cli 78:4f:43:97:f5:fe)
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 7:00 AM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>>
wrote:
That’s not good, you should have something in
the log related to that Mac address. Try
another computer or clear the cache info
related to your Mac in the wifi controller.
Check:
grep MAC_ADDRESS /usr/local/pf/logs/radius.log
Use 00:11:22:33:44:55 for the Mac address format.
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 25, 2021, at 2:20 PM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
I don't get a response when using that
command. I can see the log file exists,
modifying with vi shows the following
repeatedly.
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: Using 300 resolution
threshold (pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: All cluster members
are running the same configuration version
(pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0
security_events during security_event
maintenance (1616662378.2789
1616662378.28441)
(pf::security_event::security_event_maintenance)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0
security_events during security_event
maintenance (1616662378.2855 1616662378.2874)
(pf::security_event::security_event_maintenance)
Mar 25 03:53:58 packetfence packetfence:
pfperl-api(2204) INFO: Using 300 resolution
threshold (pf::pfcron::task::cluster_check::run)
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 10:08 AM Ludovic
Zammit <lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
Give me the output of:
grep MAC_ADDRESS
/usr/local/pf/logs/packetfence.log
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence
(http://packetfence.org
<http://packetfence.org/>)
On Mar 25, 2021, at 8:39 AM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
SSID type is 802.1x with WPA2-Enterprise.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 7:08 AM Ludovic
Zammit <lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
Hello,
What’s your SSID type ? Open SSID or
8021.x with WPA2 Entreprise?
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) ::
www.inverse.ca <https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu
<http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 24, 2021, at 3:06 PM, Joshua
Wise via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
I'm in the process of testing
Packefence with our Aruba
Controller. I've added our on-prem
Active Directory to Packetfence,
and can test authentication fine
with pftest, no issues.
I've configured our Aruba
Controller with an 802.1x SSID,
RADIUS, etc.
When I attempt to connect with
username/password, it fails. I can
see in the RADIUS log that I get an
error "Attribute "User-Password" is
required for authentication."
Within that log, I can go to the
RADIUS section and see:
User-Password = "******"
This makes me think the password is
being passed from our Controller to
Packetfence just fine.
Not sure what I'm missing, any
ideas or suggestions?
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users