Okay! Figured it out. Turns out if I edit the switch.conf file directly via CLI it poses a problem, although it looks correct in everything I verify...
So, I edited it from the PF web GUI and that seems to have fixed the problem. I'm not sure why this caused an issue.... Anyhow, deauthentication now works! Joy! Thanks Francois. -----Original Message----- From: Thomas Tsai Sent: Monday, October 22, 2012 12:51 PM To: 'packetfence-users@lists.sourceforge.net' Subject: RE: [PacketFence-users] Cisco WLC 5508 DeAuth / COA issue - Invalid RADIUS message authenticator I see where I went wrong. I had added the client into the client.conf file, which you had mentioned is in the admin guide on several other postings. I removed it from the clients.conf file and added the secret to the switches.conf file. Now, when I try to connect to the SSID, it fails outright -- whereas when I had it in clients.conf, I was able to at least connect. When I run radiusd -X here is the output: Received packet from [packetfence IP] with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response. Any ideas? I'm 100% the key is typed in correctly -----Original Message----- From: Thomas Tsai Sent: Monday, October 22, 2012 11:54 AM To: 'packetfence-users@lists.sourceforge.net' Subject: RE: [PacketFence-users] Cisco WLC 5508 DeAuth / COA issue - Invalid RADIUS message authenticator Actually I did not put radiusSecret in switches.conf. Let me try that now. -----Original Message----- From: Francois Gaudreault [mailto:fgaudrea...@inverse.ca] Sent: Monday, October 22, 2012 11:39 AM To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Cisco WLC 5508 DeAuth / COA issue - Invalid RADIUS message authenticator On 2012-10-22 2:27 PM, Thomas Tsai wrote: > *radiusRFC3576TransportThread: Oct 19 11:02:14.140: Request >>Authenticator(recv'd) - >>*31:42:70:62:b8:0e:0e:ea:a3:ef:01:1e:fa:c5:58:5a* >> >>*radiusRFC3576TransportThread: Oct 19 11:02:14.140: Request >>Authenticator(calc'd) - >>*8e:5f:11:72:7e:f4:28:bf:02:e9:8e:18:ce:e2:97:44* Well the calculated Authenticator value is not the same as the received Authenticator value... So something is Wrong. Did you put the radiusSecret in your switches.conf for your device? Do you see it in the radius nas table in the PF database? Do you use HA (aka having a VIP)? -- Francois Gaudreault, ing. jr fgaudrea...@inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ********************************************** Email Disclaimer: This email, including attachments, may contain proprietary, confidential or privileged information. If you are not the intended recipient, please (i) do not use, disclose, save or retransmit this message or any attachments, (ii) alert the sender by reply email and (iii) destroy or delete this message and any attachments. Delivery of this email to a person other than the intended recipient(s) shall not constitute a waiver of privilege or confidentiality. CP Investments, member FINRA and SIPC, serves as placement agent for investment products advised by Canyon Capital Advisors LLC. This email is not intended to be an offer to sell or a solicitation of an offer to buy any security in any jurisdiction. We review and retain electronic communications traveling through our network. ********************************************** ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
