Hello Fabrice, Here is the last few entries from the /usr/local/pf/logs/packetfence.log file:
Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) INFO: [mac:00:21:70:d8:ac:45] handling radius autz request: from switch_ip => (192.168.1.12), connection_type => Ethernet-EAP,switch_mac => (b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, username => "PFDOMAIN\testme" (pf::radius::authorize) Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) ERROR: [mac:00:21:70:d8:ac:45] Wired 802.1X is not supported on switch type pf::Switch::Netgear::MSeries. Please let us know what hardware you are using. (pf::Switch::supportsWiredDot1x) Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) WARN: [mac:00:21:70:d8:ac:45] (192.168.1.12) Sending REJECT since switch is unsupported (pf::radius::_switchUnsupportedReply) Nov 1 22:03:07 packetfence-zen packetfence_httpd.aaa: httpd.aaa(3730) INFO: [mac:00:21:70:d8:ac:45] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) >Ok it's better now. > >Now can you check on the packetfence.log, you are suppose to see >different messages now. > > >Le 2017-11-01 à 17:27, James Garcellano via PacketFence-users a écrit : >> It looks like the other test still showed the NAS IP as 192.168.1.5. >> >> I rebooted the switch and did another test. >> >> Here is the raddebug from that... >> >> (38) Wed Nov 1 21:13:13 2017: Debug: Received Access-Request Id 201 from >> 192.168.1.12:42371 to 192.168.1.5:1812 length 158 >> (38) Wed Nov 1 21:13:13 2017: Debug: User-Name = "PFDOMAIN\\testme" >> (38) Wed Nov 1 21:13:13 2017: Debug: Called-Station-Id = >> "b0-b9-8a-46-3d-0e" >> (38) Wed Nov 1 21:13:13 2017: Debug: Calling-Station-Id = >> "00:21:70:d8:ac:45" >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-IP-Address = 192.168.1.12 >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port = 1 >> (38) Wed Nov 1 21:13:13 2017: Debug: Framed-MTU = 1500 >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port-Type = Ethernet >> (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = >> 0x02000014015046444f4d41494e5c746573746d65 >> (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = >> 0x935d535299b823f31e7748c9271d6225 >> (38) Wed Nov 1 21:13:13 2017: Debug: # Executing section authorize from >> file /usr/local/pf/raddb/sites-enabled/packetfence >> (38) Wed Nov 1 21:13:13 2017: Debug: authorize { >> (38) Wed Nov 1 21:13:13 2017: Debug: update { >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{Packet-Src-IP-Address} >> (38) Wed Nov 1 21:13:13 2017: Debug: --> 192.168.1.12 >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %l >> (38) Wed Nov 1 21:13:13 2017: Debug: --> 1509570793 >> (38) Wed Nov 1 21:13:13 2017: Debug: } # update = noop >> (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_calling_station_id { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> -> TRUE >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> { >> (38) Wed Nov 1 21:13:13 2017: Debug: update request { >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND >> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} >> (38) Wed Nov 1 21:13:13 2017: Debug: --> 00:21:70:d8:ac:45 >> (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop >> (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding >> "if" was taken >> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy >> rewrite_calling_station_id = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_called_station_id { >> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> { >> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> -> TRUE >> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> { >> (38) Wed Nov 1 21:13:13 2017: Debug: update request { >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND >> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} >> (38) Wed Nov 1 21:13:13 2017: Debug: --> b0:b9:8a:46:3d:0e >> (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop >> (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") { >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{8} >> (38) Wed Nov 1 21:13:13 2017: Debug: --> >> (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") -> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && >> "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { >> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && >> "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) { >> (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) -> >> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Cisco-AVPair) && >> "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) { >> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Cisco-AVPair) && >> "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: } # if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding >> "if" was taken >> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy >> rewrite_called_station_id = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: policy filter_username { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) -> TRUE >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ / /) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ / /) -> >> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@[^@]*@/ ) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@[^@]*@/ ) >> -> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.\./ ) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.\./ ) -> >> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&User-Name =~ /@/) && >> (&User-Name !~ /@(.+)\.(.+)$/)) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&User-Name =~ /@/) && >> (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.$/) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.$/) -> >> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@\./) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@\./) -> >> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&User-Name) = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy filter_username = >> updated >> (38) Wed Nov 1 21:13:13 2017: Debug: policy filter_password { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Password && >> (&User-Password != "%{string:User-Password}")) { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Password && >> (&User-Password != "%{string:User-Password}")) -> FALSE >> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy filter_password = >> updated >> (38) Wed Nov 1 21:13:13 2017: Debug: [preprocess] = ok >> (38) Wed Nov 1 21:13:13 2017: Debug: suffix: Checking for suffix after "@" >> (38) Wed Nov 1 21:13:13 2017: Debug: suffix: No '@' in User-Name = >> "PFDOMAIN\testme", skipping NULL due to config. >> (38) Wed Nov 1 21:13:13 2017: Debug: [suffix] = noop >> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Checking for prefix before >> "\" >> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Looking up realm "PFDOMAIN" >> for User-Name = "PFDOMAIN\testme" >> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Found realm "pfdomain" >> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Adding Stripped-User-Name = >> "testme" >> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Adding Realm = "pfdomain" >> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Authentication realm is LOCAL >> (38) Wed Nov 1 21:13:13 2017: Debug: [ntdomain] = ok >> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Peer sent EAP Response (code 2) >> ID 0 length 20 >> (38) Wed Nov 1 21:13:13 2017: Debug: eap: EAP-Identity reply, returning >> 'ok' so we can short-circuit the rest of authorize >> (38) Wed Nov 1 21:13:13 2017: Debug: [eap] = ok >> (38) Wed Nov 1 21:13:13 2017: Debug: } # authorize = ok >> (38) Wed Nov 1 21:13:13 2017: Debug: Found Auth-Type = eap >> (38) Wed Nov 1 21:13:13 2017: Debug: # Executing group from file >> /usr/local/pf/raddb/sites-enabled/packetfence >> (38) Wed Nov 1 21:13:13 2017: Debug: authenticate { >> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Peer sent packet with method EAP >> Identity (1) >> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Calling submodule eap_peap to >> process data >> (38) Wed Nov 1 21:13:13 2017: Debug: eap_peap: Initiating new EAP-TLS >> session >> (38) Wed Nov 1 21:13:13 2017: Debug: eap_peap: [eaptls start] = request >> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Sending EAP Request (code 1) ID 1 >> length 6 >> (38) Wed Nov 1 21:13:13 2017: Debug: eap: EAP session adding &reply:State = >> 0x3e2077383e216e13 >> (38) Wed Nov 1 21:13:13 2017: Debug: [eap] = handled >> (38) Wed Nov 1 21:13:13 2017: Debug: } # authenticate = handled >> (38) Wed Nov 1 21:13:13 2017: Debug: Using Post-Auth-Type Challenge >> (38) Wed Nov 1 21:13:13 2017: Debug: Post-Auth-Type sub-section not found. >> Ignoring. >> (38) Wed Nov 1 21:13:13 2017: Debug: # Executing group from file >> /usr/local/pf/raddb/sites-enabled/packetfence >> (38) Wed Nov 1 21:13:13 2017: Debug: Sent Access-Challenge Id 201 from >> 192.168.1.5:1812 to 192.168.1.12:42371 length 0 >> (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = 0x010100061920 >> (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = >> 0x00000000000000000000000000000000 >> (38) Wed Nov 1 21:13:13 2017: Debug: State = >> 0x3e2077383e216e134e967a956fd013fe >> (38) Wed Nov 1 21:13:13 2017: Debug: Finished request >> >> James Garcellano >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@... James Garcellano ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users