Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support -- Solved

James Garcellano via PacketFence-users Thu, 02 Nov 2017 06:58:00 -0700

Hello Fabrice,

Adding the line "sub supportsWiredDot1x { return $TRUE; }" to 
/usr/local/pf/lib/pf/Switch/Netgear/MSeries.pm and then rebooting PacketFence 
has worked.


Here are the latest entries from the /usr/local/pf/logs/packetfence.log file:

Nov  2 12:46:30 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2908) INFO: 
[mac:00:21:70:d8:ac:45] handling radius autz request: from switch_ip => 
(192.168.1.12), connection_type => Ethernet-EAP,switch_mac => 
(b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, username => 
"PFDOMAIN\testme" (pf::radius::authorize)
Nov  2 12:46:30 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2908) INFO: 
[mac:00:21:70:d8:ac:45] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
Nov  2 12:46:30 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2908) INFO: 
[mac:00:21:70:d8:ac:45] is of status unreg; belongs into registration VLAN 
(pf::role::getRegistrationRole)
Nov  2 12:46:30 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2908) INFO: 
[mac:00:21:70:d8:ac:45] (192.168.1.12) Added VLAN 20 to the returned RADIUS 
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Nov  2 12:46:30 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2908) INFO: 
[mac:[undef]] Updating locationlog from accounting request 
(pf::api::handle_accounting_metadata)


Thank you, Fabrice, for your time and assistance in helping to troubleshoot my 
issue!

James Garcellano

>Ok so you need to add support of 802.1x in the switch module.
>
>In this file, 
>https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Netgear/MSeries.pm#L19
> 
>add that:
>
>sub supportsWiredDot1x { return $TRUE; }
>
>Then restart packetfence.
>
>Paste me the packetfence.log after that.
>Regards
>Fabrice
>
>Le 2017-11-01 à 18:04, James Garcellano via PacketFence-users a écrit :
>> Hello Fabrice,
>>
>> Here is the last few entries from the /usr/local/pf/logs/packetfence.log 
>> file:
>>
>> Nov  1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) INFO: 
>> [mac:00:21:70:d8:ac:45] handling radius autz request: from switch_ip => 
>> (192.168.1.12), connection_type => Ethernet-EAP,switch_mac => 
>> (b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, username => 
>> "PFDOMAIN\testme" (pf::radius::authorize)
>> Nov  1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) 
>> ERROR: [mac:00:21:70:d8:ac:45] Wired 802.1X is not supported on switch type 
>> pf::Switch::Netgear::MSeries. Please let us know what hardware you are 
>> using. (pf::Switch::supportsWiredDot1x)
>> Nov  1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) WARN: 
>> [mac:00:21:70:d8:ac:45] (192.168.1.12) Sending REJECT since switch is 
>> unsupported (pf::radius::_switchUnsupportedReply)
>> Nov  1 22:03:07 packetfence-zen packetfence_httpd.aaa: httpd.aaa(3730) INFO: 
>> [mac:00:21:70:d8:ac:45] Updating locationlog from accounting request 
>> (pf::api::handle_accounting_metadata)
>>
>>
>>> Ok it's better now.
>>>
>>> Now can you check on the packetfence.log, you are suppose to see
>>> different messages now.
>>>
>>>
>>> Le 2017-11-01 à 17:27, James Garcellano via PacketFence-users a écrit :
>>>> It looks like the other test still showed the NAS IP as 192.168.1.5.
>>>>
>>>> I rebooted the switch and did another test.
>>>>
>>>> Here is the raddebug from that...
>>>>
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: Received Access-Request Id 201 from 
>>>> 192.168.1.12:42371 to 192.168.1.5:1812 length 158
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   User-Name = "PFDOMAIN\\testme"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   Called-Station-Id = 
>>>> "b0-b9-8a-46-3d-0e"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   Calling-Station-Id = 
>>>> "00:21:70:d8:ac:45"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   NAS-Identifier = 
>>>> "b0-b9-8a-46-3d-0c"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   NAS-IP-Address = 192.168.1.12
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   NAS-Port = 1
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   Framed-MTU = 1500
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   NAS-Port-Type = Ethernet
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   EAP-Message = 
>>>> 0x02000014015046444f4d41494e5c746573746d65
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   Message-Authenticator = 
>>>> 0x935d535299b823f31e7748c9271d6225
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: # Executing section authorize from 
>>>> file /usr/local/pf/raddb/sites-enabled/packetfence
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   authorize {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     update {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       EXPAND %{Packet-Src-IP-Address}
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:          --> 192.168.1.12
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       EXPAND %l
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:          --> 1509570793
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     } # update = noop
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     policy 
>>>> rewrite_calling_station_id {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&Calling-Station-Id && 
>>>> (&Calling-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>>>>  {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&Calling-Station-Id && 
>>>> (&Calling-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>>>>   -> TRUE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&Calling-Station-Id && 
>>>> (&Calling-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>>>>   {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         update request {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:           EXPAND 
>>>> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:              --> 00:21:70:d8:ac:45
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         } # update request = noop
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         [updated] = updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       } # if (&Calling-Station-Id && 
>>>> (&Calling-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i))
>>>>   = updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       ... skipping else: Preceding 
>>>> "if" was taken
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     } # policy 
>>>> rewrite_calling_station_id = updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     policy rewrite_called_station_id 
>>>> {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if ((&Called-Station-Id) && 
>>>> (&Called-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>>>>  {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if ((&Called-Station-Id) && 
>>>> (&Called-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>>>>   -> TRUE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if ((&Called-Station-Id) && 
>>>> (&Called-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>>>>   {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         update request {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:           EXPAND 
>>>> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:              --> b0:b9:8a:46:3d:0e
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         } # update request = noop
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if ("%{8}") {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         EXPAND %{8}
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:            -->
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if ("%{8}")  -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Colubris-AVPair) && 
>>>> "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Colubris-AVPair) && 
>>>> "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i)  -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         elsif (Aruba-Essid-Name) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         elsif (Aruba-Essid-Name)  -> 
>>>> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Cisco-AVPair)  && 
>>>> "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         elsif ( (Cisco-AVPair)  && 
>>>> "%{Cisco-AVPair}" =~ /^ssid=(.*)$/i)  -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         [updated] = updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       } # if ((&Called-Station-Id) 
>>>> && (&Called-Station-Id =~ 
>>>> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i))
>>>>   = updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       ... skipping else: Preceding 
>>>> "if" was taken
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     } # policy 
>>>> rewrite_called_station_id = updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     policy filter_username {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Name) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Name)  -> TRUE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Name)  {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ / /) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ / /)  -> 
>>>> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@[^@]*@/ 
>>>> ) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@[^@]*@/ 
>>>> )  -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.\./ ) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.\./ )  
>>>> -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if ((&User-Name =~ /@/) && 
>>>> (&User-Name !~ /@(.+)\.(.+)$/))  {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if ((&User-Name =~ /@/) && 
>>>> (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.$/)  {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /\.$/)   
>>>> -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@\./)  {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:         if (&User-Name =~ /@\./)   
>>>> -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       } # if (&User-Name)  = updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     } # policy filter_username = 
>>>> updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     policy filter_password {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Password &&          
>>>> (&User-Password != "%{string:User-Password}")) {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:       if (&User-Password &&          
>>>> (&User-Password != "%{string:User-Password}"))  -> FALSE
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     } # policy filter_password = 
>>>> updated
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     [preprocess] = ok
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: suffix: Checking for suffix after "@"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: suffix: No '@' in User-Name = 
>>>> "PFDOMAIN\testme", skipping NULL due to config.
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     [suffix] = noop
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Checking for prefix before 
>>>> "\"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Looking up realm 
>>>> "PFDOMAIN" for User-Name = "PFDOMAIN\testme"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Found realm "pfdomain"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Adding Stripped-User-Name 
>>>> = "testme"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Adding Realm = "pfdomain"
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: ntdomain: Authentication realm is 
>>>> LOCAL
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     [ntdomain] = ok
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap: Peer sent EAP Response (code 2) 
>>>> ID 0 length 20
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap: EAP-Identity reply, returning 
>>>> 'ok' so we can short-circuit the rest of authorize
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     [eap] = ok
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   } # authorize = ok
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: Found Auth-Type = eap
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: # Executing group from file 
>>>> /usr/local/pf/raddb/sites-enabled/packetfence
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   authenticate {
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap: Peer sent packet with method 
>>>> EAP Identity (1)
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap: Calling submodule eap_peap to 
>>>> process data
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap_peap: Initiating new EAP-TLS 
>>>> session
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap_peap: [eaptls start] = request
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap: Sending EAP Request (code 1) ID 
>>>> 1 length 6
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: eap: EAP session adding &reply:State 
>>>> = 0x3e2077383e216e13
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:     [eap] = handled
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   } # authenticate = handled
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: Using Post-Auth-Type Challenge
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: Post-Auth-Type sub-section not 
>>>> found.  Ignoring.
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: # Executing group from file 
>>>> /usr/local/pf/raddb/sites-enabled/packetfence
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: Sent Access-Challenge Id 201 from 
>>>> 192.168.1.5:1812 to 192.168.1.12:42371 length 0
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   EAP-Message = 0x010100061920
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   Message-Authenticator = 
>>>> 0x00000000000000000000000000000000
>>>> (38) Wed Nov  1 21:13:13 2017: Debug:   State = 
>>>> 0x3e2077383e216e134e967a956fd013fe
>>>> (38) Wed Nov  1 21:13:13 2017: Debug: Finished request
>>>>
>>>> James Garcellano
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> PacketFence-users@...
>> James Garcellano
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@...



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support -- Solved

Reply via email to