Hello Ruth,
first , what is the AP ?
Next the radtest send a radius request without calling-station-id so
PacketFence think that it's a CLI access.
Regards
Fabrice
Le 2017-05-15 à 13:17, Ruth Tsai a écrit :
Hi Fabrice,
Our AP or management station will support CoA. Do I need to enable any
configuration for PacketFence to send CoA to switch?
I installed PacketFence 7.0.0 and tried it and received "invalid login
or password" from browser login page.
The "guest Cleartext-Password := "guest"" was added to raddb/users file.
The /usr/local/pf/logs/radius.log does not have login failure log.
I tried the "radtest" command and got Access-Reject on the post
authentication.
The "/usr/local/pf/logs/radius.log" showed the following error logs.
(1) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"CLI
Access is not allowed by PacketFence on this switch"}
(1) Rejected in post-auth: [guest] (from client localhost port 12)
[admin@pretoria ~]$ radtest guest guest localhost:18120 12 testing123
Sent Access-Request Id 85 from 0.0.0.0:34835 to 127.0.0.1:18120 length 75
User-Name = "guest"
User-Password = "guest"
NAS-IP-Address = 172.21.7.53
NAS-Port = 12
Message-Authenticator = 0x00
Cleartext-Password = "guest"
Received Access-Reject Id 85 from 127.0.0.1:18120 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject
Attached are the radius log from "radiusd -X" and screen shot of login
failure page.
Do I need to configure anything else?
Thanks
Ruth
*From: *Durand fabrice <[email protected]>
*Reply-To: *"[email protected]"
<[email protected]>
*Date: *Monday, May 8, 2017 at 6:04 AM
*To: *"[email protected]"
<[email protected]>
*Subject: *Re: [PacketFence-users] WebAuth & CoA
Hello Ruth,
it depend if the AP support CoA.
Regards
Fabrice
Le 2017-05-07 à 14:48, Ruth Tsai a écrit :
Hi,
We are considering using PacketFence as hotspot for wireless
client. I have question on CoA. We will register AP or management
station as switch Web Auth role.
Will PacketFence notify switch by using CoA after client
authentication completion (authorize or reject)? Or there is any
other way switch is notified of the authentication status?
Thanks
Ruth
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
