Hello, I am trying to get MAC auth working on packetfence-8.3.0-1.el7.noarch to replicate a legacy system we currently have going. (We may use more advanced features later.)
I have exported some systems from the old system via MySQL CSV and imported them into PF; they show up as registered in the web UI and via "pfcmd node view <mac>". I have added a 'switch' to PF: [10.0.0.22] description=Nagios useCoA=N radiusSecret=rads3cret group=Desktops inlineTrigger= [group Desktops] inlineTrigger=always::1 description=Desktops VLAN_101Vlan=101 VLAN_100Vlan=100 [...] VLAN_544Vlan=544 VLAN_125Vlan=125 VLAN_562Vlan=562 cliAccess=Y I have also added the following to "pf/raddb/users" so that we can monitor via Nagios (which is what we're doing with the legacy system): nagios Cleartext-Password := "nagPass" However, when I try to test MACauth: $ echo "User-Name=08:00:29:d2:51:91,User-Password=08:00:29:d2:51:91" | /usr/bin/radclient -s pf1.net auth rads3cret Received response ID 189, code 3, length = 20 Total approved auths: 0 Total denied auths: 1 Total lost auths: 0 I get the following in "pf/logs/packetfence.log": May 6 12:58:23 net-pf1 packetfence_httpd.aaa: httpd.aaa(6385) ERROR: [mac:[undef]] unable to read password file '/usr/local/pf/conf/admin.conf' (pf::Authentication::Source::HtpasswdSource::authenticate) May 6 12:58:23 net-pf1 packetfence_httpd.aaa: httpd.aaa(6385) INFO: [mac:[undef]] User 08:00:27:d2:51:90 tried to login in 10.0.0.22 but authentication failed (pf::radius::switch_access) And the following in "pf/logs/radius.log": May 6 12:59:01 pf1 auth[8108]: Need 7 more connections to reach 10 spares May 6 12:59:01 pf1 auth[8108]: rlm_sql (sql): Opening additional connection (9), 1 of 61 pending slots used May 6 12:59:01 pf1 auth[8108]: rlm_rest (rest): Closing connection (6): Hit idle_timeout, was idle for 85 seconds May 6 12:59:01 pf1 auth[8108]: (5) rest: ERROR: Server returned: May 6 12:59:01 pf1 auth[8108]: (5) rest: ERROR: {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Authentication failed on PacketFence"} May 6 12:59:01 pf1 auth[8108]: Need 1 more connections to reach min connections (3) May 6 12:59:01 pf1 auth[8108]: rlm_rest (rest): Opening additional connection (8), 1 of 62 pending slots used May 6 12:59:01 pf1 auth[8108]: [mac:] Rejected user: 08:00:29:d2:51:91 May 6 12:59:01 pf1 auth[8108]: (5) Rejected in post-auth: [08:00:29:d2:51:91] (from client 10.0.0.22 port 0) May 6 12:59:01 pf1 auth[8108]: (5) Login incorrect (rest: Server returned:): [08:00:29:d2:51:91] (from client 10.0.0.22 port 0) The file "pf/conf/authentication.conf" is basically the default: [local] description=Local Users type=SQL dynamic_routing_module=AuthModule [file1] description=Legacy Source path=/usr/local/pf/conf/admin.conf type=Htpasswd realms=null dynamic_routing_module=AuthModule [...] Pointing it at the current setup: $ echo "User-Name=08:00:29:d2:51:91,User-Password=08:00:29:d2:51:91" | /usr/bin/radclient radius1.net auth rads3cret Received response ID 218, code 2, length = 37 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" Similar results if I use 'echo "User-Name=nagios,User-Password=nagPass"': works on the legacy systems where the nagios account is in /etc/freeradius/users, does not work with PF. How do I get MACauth working? radiusd(8) does not seem to be talking to MySQL to look up the MAC addresses. Thanks for any info. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users