We fixed this a few days ago, it turns out our network administrator has 2 IP addresses for the Aruba controllers due to how HA/Clustering works, so I needed 4 authorized switch IP addresses to make sure the Radius connections were allowed.
Thanks, Reese Herber Systems Integration Analyst Department of Learning and Innovation Phone: 253-530-3715 "The fusion of technology and education is the canvas on which we paint the masterpiece of our collective future, one pixel at a time." On Fri, Feb 16, 2024 at 1:41 PM Zammit, Ludovic <luza...@akamai.com> wrote: > Hello Reese, > > You have to have the controller IP in PF. > > The error here says rejected in Post auth meaning that the Cert based > authentication worked, it’s PacketFence now that does not match any rule to > assign a role and access duration. > > Create an EAP TLS source and add it to the profile that connection matches. > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal Lead* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Feb 13, 2024, at 7:20 PM, Herber, Reese via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > I recently switched our test environment from a windows based NPS to > Packetfence (with Packetfence PKI) however I am currently running into an > issue when attempting to include the two Aruba Mobility Controllers (we run > HA with dual controllers). We have one Aruba AP setup for radius and yet I > somehow get different results between my Mac and Windows clients when > attempting to connect, the Mac devices work fine but the radius.log shows > them connecting from one of the controllers, whereas the windows devices > fail to connect by saying that the switch is not managed: > > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: Adding client 10.81.0.9/32 > <https://urldefense.com/v3/__http://10.81.0.9/32__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1m8MHdsXQ$> > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) rest: ERROR: Server > returned: > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) rest: ERROR: > {"Reply-Message":"Switch is not managed by > PacketFence","control:PacketFence-Authorization-Status":"allow","control:PacketFence-Request-Time":1707869148} > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) Rejected in post-auth: > [host/WindowsTestCert] (from client 10.81.0.9/32 > <https://urldefense.com/v3/__http://10.81.0.9/32__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1m8MHdsXQ$> > port 0 cli c8:34:8e:3d:f2:fd) > Feb 13 16:05:48 VMNOCNMPAKFEN auth[5612]: (255) Login incorrect (rest: > Server returned:): [host/WindowsTestCert] (from client 10.81.0.9/32 > <https://urldefense.com/v3/__http://10.81.0.9/32__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1m8MHdsXQ$> > port 0 cli c8:34:8e:3d:f2:fd) > > When troubleshooting this I deleted the 2 controller addresses from my > packetfence setup and now I get an error that my identifier is already in > use when trying to re-add it (this behavior continues after I reboot > packetfence via the CLI) > > Hopefully someone with experience with Aruba devices can chime in here as > the documentation is a few Aruba OS's behind. > > Thanks, > > Reese Herber > Systems Integration Analyst > Department of Learning and Innovation > Phone: 253-530-3715 > "The fusion of technology and education is the canvas on which we paint the > masterpiece of our collective future, one pixel at a time." > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!W884KzJP9hBW7SRk7CEIeX3RgQVmmDl0YtTCiSWbYLhazHVmZTYTTA3MVBSqDcWxoM7sL4gclb5OTFTKWH7MdEiuezYXz1mym2L5jQ$ > > >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
