Hello Yan,
you need to check on the PacketFence side what happen:
run that (raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000) , try
to connect and paste the result
Also take a look in audit in packetfence gui and check for a mac address
where you have the issue.
Regards
Fabrice
Le 2018-01-10 ?? 08:27, Yan via PacketFence-users a ??crit?0?2:
>
> And now this issue happened with ruckus and aruba. Our network team
> noticed us they??ll change 2 big offices?? authentication to acs
> again... The issue with ruckus behaves also normal with pf logs. But I
> noticed AC sent out an accounting stop packet immediately after it
> sent accounting start packet with reason ??admin reset??.
> Really need a clue on this issue...Thanks in advance.
>
> ------------------ Original ------------------
> *From:* packetfence-users <packetfence-users@lists.sourceforge.net>
> *Date:* ????,1?? 10,2018 20:41
> *To:* packetfence-users <packetfence-users@lists.sourceforge.net>
> *Cc:* Yan <1136723...@qq.com>
> *Subject:* Re: [PacketFence-users] Successfully passed 802.1x auth but
> no networkaccess
>
> Hi dear users,
>
> We use PF V7.3 in our office integrated with Aruba AC. Recently our
> wireless behaves very strange. Some users can connected to wireless,
> passed the 802.1x auth and can get the correct role and IP, but they
> just couldn't access any network. There is no wired in PF logs. But as
> we check Aruba AC logs, we can see many "User miss" logs.
> I don't know what caused this issue but now our network team said
> previous ACS didn't have this issue and let us check pf's problem.
> Anyone ever met this issue ?
>
> Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1
> authmgr[4111]: <522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230>
> MAC=f4:cc:89:e8:2a:d3,IP=172.26.36.202 User data downloaded to
> datapath, new Role=Didi-Guest-acl-prof/80, bw Contract=0/0, reason=New
> user IP processing, idle-timeout=300
> Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1
> authmgr[4111]: <522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230>
> MAC=f4:cc:89:e8:2a:d3 IP=172.26.36.202 User miss: ingress=0x1041e,
> VLAN=205 flags=0x4000c040
> Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1
> authmgr[4111]: <522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230>
> MAC=8e:85:00:80:79:ff,IP=172.26.18.2 User data downloaded to datapath,
> new Role=employees/78, bw Contract=0/0, reason=New user IP processing,
> idle-timeout=15300
> Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1
> authmgr[4111]: <522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230>
> MAC=8e:85:00:80:79:ff IP=172.26.18.2 User miss: ingress=0x1048c,
> VLAN=204 flags=0x4000c040
> Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1
> authmgr[4111]: <522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230>
> MAC=84:44:67:4f:57:55,IP=172.26.33.243 User data downloaded to
> datapath, new Role=employees/78, bw Contract=0/0, reason=New user IP
> processing, idle-timeout=15300
> Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1
> authmgr[4111]: <522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230>
> MAC=84:44:67:4f:57:55 IP=172.26.33.243 User miss: ingress=0x10399,
> VLAN=203
>
>
> BTW I comment out acct-session-id in
> /usr/local/pf/lib/pf/Switch/Aruba.pm since we found pf can't
> disconnect device with acctsessionid. Not sure if this action caused
> error.
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
