Hello all,
I'm using PacketFence ZEN 6.2.1 and want to authenticate clients with our
MSPKI. I followed the instructions in
https://packetfence.org/doc/PacketFence_MSPKI_Quick_Install_Guide.html up to
'3.2.2 RADIUS EAP-TLS and MSPKI' except enabling oscp.
However, the clients are always put into the registration vlan instead of the
default vlan:
[root@PacketFence-6_2_1 logs]# tail -f /usr/local/pf/logs/radius.log
Wed Oct 5 10:48:55 2016 : Warning: rlm_sql (sql_reject): authorize_check_query
is empty. Please delete it from the configuration
Wed Oct 5 10:48:55 2016 : Info: rlm_sql (sql_reject): Attempting to connect to
database "pf"
Wed Oct 5 10:48:55 2016 : Warning:
[raddb//mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
Wed Oct 5 10:48:55 2016 : Warning:
[raddb//mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
Wed Oct 5 10:48:55 2016 : Info: Loaded virtual server <default>
Wed Oct 5 10:48:55 2016 : Info: Loaded virtual server packetfence-tunnel
Wed Oct 5 10:48:55 2016 : Info: Loaded virtual server packetfence-cli
Wed Oct 5 10:48:55 2016 : Info: Loaded virtual server dynamic_clients
Wed Oct 5 10:48:55 2016 : Info: Loaded virtual server packetfence
Wed Oct 5 10:48:55 2016 : Info: Ready to process requests
Wed Oct 5 10:49:39 2016 : Error: (10) Ignoring duplicate packet from client
172.20.10.118 port 1645 - ID: 133 due to unfinished request in component
post-auth module packetfence
Wed Oct 5 10:49:41 2016 : Error: (10) Ignoring duplicate packet from client
172.20.10.118 port 1645 - ID: 133 due to unfinished request in component
post-auth module packetfence
Wed Oct 5 10:49:41 2016 : Auth: rlm_perl: Returning vlan 11 to request from
74:2b:62:6d:47:d4 port 50101
Wed Oct 5 10:49:41 2016 : rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2
means OK)
Wed Oct 5 10:49:42 2016 : Info: rlm_sql (sql): Need 4 more connections to
reach 10 spares
Wed Oct 5 10:49:42 2016 : Info: rlm_sql (sql): Opening additional connection
(6), 1 of 58 pending slots used
Wed Oct 5 10:49:37 2016 : [mac:74:2b:62:6d:47:d4] Accepted user: and returned
VLAN 11
Wed Oct 5 10:49:42 2016 : Auth: (10) Login OK: [host/D1527.dorsten.local]
(from client 172.20.10.118 port 50101 cli 74:2b:62:6d:47:d4)
I don't know how to debug the error 'due to unfinished request in component
post-auth module packetfence'.
However, openssl is able to verify the certificate:
[root@PacketFence-6_2_1 logs]# openssl verify -CAfile
/usr/local/pf/conf/ssl/tls_certs/ca.pem ~/d1527.cer
/root/d1527.cer: OK
[root@PacketFence-6_2_1 logs]# openssl verify -CApath
/usr/local/pf/conf/ssl/tls_certs ~/d1527.cer
/root/d1527.cer: OK
I've managed to get it working with PacketFence 5.1.0 but not with the current
version. Can anyone help?
Kind regards
Stefan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
