Hello Fabrice,
Here is the last few entries from the /usr/local/pf/logs/packetfence.log file:
Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) INFO:
[mac:00:21:70:d8:ac:45] handling radius autz request: from switch_ip =>
(192.168.1.12), connection_type => Ethernet-EAP,switch_mac =>
(b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, username =>
"PFDOMAIN\testme" (pf::radius::authorize)
Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) ERROR:
[mac:00:21:70:d8:ac:45] Wired 802.1X is not supported on switch type
pf::Switch::Netgear::MSeries. Please let us know what hardware you are using.
(pf::Switch::supportsWiredDot1x)
Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) WARN:
[mac:00:21:70:d8:ac:45] (192.168.1.12) Sending REJECT since switch is
unsupported (pf::radius::_switchUnsupportedReply)
Nov 1 22:03:07 packetfence-zen packetfence_httpd.aaa: httpd.aaa(3730) INFO:
[mac:00:21:70:d8:ac:45] Updating locationlog from accounting request
(pf::api::handle_accounting_metadata)
>Ok it's better now.
>
>Now can you check on the packetfence.log, you are suppose to see
>different messages now.
>
>
>Le 2017-11-01 à 17:27, James Garcellano via PacketFence-users a écrit :
>> It looks like the other test still showed the NAS IP as 192.168.1.5.
>>
>> I rebooted the switch and did another test.
>>
>> Here is the raddebug from that...
>>
>> (38) Wed Nov 1 21:13:13 2017: Debug: Received Access-Request Id 201 from
>> 192.168.1.12:42371 to 192.168.1.5:1812 length 158
>> (38) Wed Nov 1 21:13:13 2017: Debug: User-Name = "PFDOMAIN\\testme"
>> (38) Wed Nov 1 21:13:13 2017: Debug: Called-Station-Id =
>> "b0-b9-8a-46-3d-0e"
>> (38) Wed Nov 1 21:13:13 2017: Debug: Calling-Station-Id =
>> "00:21:70:d8:ac:45"
>> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c"
>> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-IP-Address = 192.168.1.12
>> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port = 1
>> (38) Wed Nov 1 21:13:13 2017: Debug: Framed-MTU = 1500
>> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port-Type = Ethernet
>> (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message =
>> 0x02000014015046444f4d41494e5c746573746d65
>> (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator =
>> 0x935d535299b823f31e7748c9271d6225
>> (38) Wed Nov 1 21:13:13 2017: Debug: # Executing section authorize from
>> file /usr/local/pf/raddb/sites-enabled/packetfence
>> (38) Wed Nov 1 21:13:13 2017: Debug: authorize {
>> (38) Wed Nov 1 21:13:13 2017: Debug: update {
>> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{Packet-Src-IP-Address}
>> (38) Wed Nov 1 21:13:13 2017: Debug: --> 192.168.1.12
>> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %l
>> (38) Wed Nov 1 21:13:13 2017: Debug: --> 1509570793
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # update = noop
>> (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_calling_station_id {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id &&
>> (&Calling-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>> {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id &&
>> (&Calling-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>> -> TRUE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id &&
>> (&Calling-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>> {
>> (38) Wed Nov 1 21:13:13 2017: Debug: update request {
>> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND
>> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
>> (38) Wed Nov 1 21:13:13 2017: Debug: --> 00:21:70:d8:ac:45
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop
>> (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&Calling-Station-Id &&
>> (&Calling-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>> = updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding
>> "if" was taken
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy
>> rewrite_calling_station_id = updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_called_station_id {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) &&
>> (&Called-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>> {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) &&
>> (&Called-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>> -> TRUE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) &&
>> (&Called-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>> {
>> (38) Wed Nov 1 21:13:13 2017: Debug: update request {
>> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND
>> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
>> (38) Wed Nov 1 21:13:13 2017: Debug: --> b0:b9:8a:46:3d:0e
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop
>> (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") {
>> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{8}
>> (38) Wed Nov 1 21:13:13 2017: Debug: -->
>> (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") -> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) &&
>> "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) &&
>> "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) ->
>> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Cisco-AVPair) &&
>> "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Cisco-AVPair) &&
>> "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # if ((&Called-Station-Id) &&
>> (&Called-Station-Id =~
>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>> = updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding
>> "if" was taken
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy
>> rewrite_called_station_id = updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: policy filter_username {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) -> TRUE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ / /) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ / /) ->
>> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@[^@]*@/ ) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@[^@]*@/ )
>> -> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.\./ ) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.\./ ) ->
>> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&User-Name =~ /@/) &&
>> (&User-Name !~ /@(.+)\.(.+)$/)) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&User-Name =~ /@/) &&
>> (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.$/) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /\.$/) ->
>> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@\./) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Name =~ /@\./) ->
>> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&User-Name) = updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy filter_username =
>> updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: policy filter_password {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Password &&
>> (&User-Password != "%{string:User-Password}")) {
>> (38) Wed Nov 1 21:13:13 2017: Debug: if (&User-Password &&
>> (&User-Password != "%{string:User-Password}")) -> FALSE
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy filter_password =
>> updated
>> (38) Wed Nov 1 21:13:13 2017: Debug: [preprocess] = ok
>> (38) Wed Nov 1 21:13:13 2017: Debug: suffix: Checking for suffix after "@"
>> (38) Wed Nov 1 21:13:13 2017: Debug: suffix: No '@' in User-Name =
>> "PFDOMAIN\testme", skipping NULL due to config.
>> (38) Wed Nov 1 21:13:13 2017: Debug: [suffix] = noop
>> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Checking for prefix before
>> "\"
>> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Looking up realm "PFDOMAIN"
>> for User-Name = "PFDOMAIN\testme"
>> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Found realm "pfdomain"
>> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Adding Stripped-User-Name =
>> "testme"
>> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Adding Realm = "pfdomain"
>> (38) Wed Nov 1 21:13:13 2017: Debug: ntdomain: Authentication realm is LOCAL
>> (38) Wed Nov 1 21:13:13 2017: Debug: [ntdomain] = ok
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Peer sent EAP Response (code 2)
>> ID 0 length 20
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap: EAP-Identity reply, returning
>> 'ok' so we can short-circuit the rest of authorize
>> (38) Wed Nov 1 21:13:13 2017: Debug: [eap] = ok
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # authorize = ok
>> (38) Wed Nov 1 21:13:13 2017: Debug: Found Auth-Type = eap
>> (38) Wed Nov 1 21:13:13 2017: Debug: # Executing group from file
>> /usr/local/pf/raddb/sites-enabled/packetfence
>> (38) Wed Nov 1 21:13:13 2017: Debug: authenticate {
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Peer sent packet with method EAP
>> Identity (1)
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Calling submodule eap_peap to
>> process data
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap_peap: Initiating new EAP-TLS
>> session
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap_peap: [eaptls start] = request
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap: Sending EAP Request (code 1) ID 1
>> length 6
>> (38) Wed Nov 1 21:13:13 2017: Debug: eap: EAP session adding &reply:State =
>> 0x3e2077383e216e13
>> (38) Wed Nov 1 21:13:13 2017: Debug: [eap] = handled
>> (38) Wed Nov 1 21:13:13 2017: Debug: } # authenticate = handled
>> (38) Wed Nov 1 21:13:13 2017: Debug: Using Post-Auth-Type Challenge
>> (38) Wed Nov 1 21:13:13 2017: Debug: Post-Auth-Type sub-section not found.
>> Ignoring.
>> (38) Wed Nov 1 21:13:13 2017: Debug: # Executing group from file
>> /usr/local/pf/raddb/sites-enabled/packetfence
>> (38) Wed Nov 1 21:13:13 2017: Debug: Sent Access-Challenge Id 201 from
>> 192.168.1.5:1812 to 192.168.1.12:42371 length 0
>> (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = 0x010100061920
>> (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator =
>> 0x00000000000000000000000000000000
>> (38) Wed Nov 1 21:13:13 2017: Debug: State =
>> 0x3e2077383e216e134e967a956fd013fe
>> (38) Wed Nov 1 21:13:13 2017: Debug: Finished request
>>
>> James Garcellano
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@...
James Garcellano
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
