Hello Xavier,
when you want to test 802.1x you need to use eapol_test instead of radtest.
Regards
Fabrice
Le 2018-05-07 à 06:00, Xav Tauran via PacketFence-users a écrit :
Hello Fabrice,
Thank you for your help.
Effectivly, it was the wrong radiusd service. The correct one, works.
I configured my Cisco, and the radius on packetfence and when I try to
test with the radtest command, I have this result :
[root@packetfence raddb]# radtest admin adminadmin localhost:18120 12
testing123
Sent Access-Request Id 172 from 0.0.0.0:39530 <http://0.0.0.0:39530>
to 127.0.0.1:18120 <http://127.0.0.1:18120> length 75
User-Name = "admin"
User-Password = "adminadmin"
NAS-IP-Address = 169.254.0.2
NAS-Port = 12
Message-Authenticator = 0x00
Cleartext-Password = "adminadmin"
Received Access-Reject Id 172 from 127.0.0.1:18120
<http://127.0.0.1:18120> to 0.0.0.0:0 <http://0.0.0.0:0> length 20
(0) -: Expected Access-Accept got Access-Reject
I don't understand why I have an Access-Reject and not an
Access-Accept when I try my Radius in localhost connection.
Thank you in advance for your help.
Regards,
Xavier
2018-04-30 14:52 GMT+02:00 Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>:
Hello Xavier,
you are dealing with the wrong radiusd service , the correct one
is packetfence-radiusd-auth.
Also what you can try is the following (in /usr/local/pf/)
radiusd -d raddb/ -n auth -fxx -l stdout
And paste me the result.
Regards
Fabrice
Le 2018-04-26 à 05:00, Xav Tauran via PacketFence-users a écrit :
Hello everyone !
I'm deploying a NAC solution for a customer with PacketFence. I
use freeradius (freeradius is automatically installed with
PacketFence).
However, I have a problem with FreeRadius. FreeRadius doesn't
want to start on my virtual machine. (I use Centos 7).
I have this issue when I want to start radiuds with the radius -X
command :
Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb
2013 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t
rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information
seehttps://www.openssl.org/news/secadv/20160922.txt
<https://www.openssl.org/news/secadv/20160922.txt>
Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2016-6304'
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb
2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f
release)
Security advisory CVE-2014-0160 (Heartbleed)
For more information seehttp://heartbleed.com
<http://heartbleed.com/>
When I check the status of radiusd with systemctl status radiusd,
I have this result :
root@localhost raddb]# systemctl status radiusd
● radiusd.service - FreeRADIUS multi-protocol policy server
Loaded: loaded (/usr/lib/systemd/system/radiusd.service;
disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:radiusd(8)
man:radiusd.conf(5)
http://wiki.freeradius.org/
http://networkradius.com/doc/
Can you help me ?
Thank you very much in advance !
Kind regards,
Xavier TAURAN
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users