Il 07/05/2019 13:36, Nicolas Quiniou-Briand via PacketFence-users ha
scritto:
Hello Enrico,
Could you provide me a full example ?
1. a MAC address which has issue
2. Actual results
3. Expected results
4. packetfence.log for this MAC address
1) 70:54:d2:bc:be:91
2) login with 802.1X from cabled network with identity anonymous
3) log access with username. Packetfence is configured to proxy radius
request.
pfsrv, packetfence.log:
Apr 26 14:28:59 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] handling radius autz request: from switch_ip =>
(10.0.3.33), connection_type => Ethernet-EAP,switch_mac =>
(00:18:fe:e3:52:e0), mac => [70:54:d2:bc:be:91], port => 5, username =>
"*anonym...@pg.infn.it*" (pf::radius::authorize)
Apr 26 14:28:59 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] Instantiate profile INFN-WIRED
(pf::Connection::ProfileFactory::_from_profile)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] Found authentication source(s) : 'RADIUS-AAI'
for realm 'default' (pf::config::util::filter_authentication_sources)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) WARN:
[mac:70:54:d2:bc:be:91] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match2)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] Using sources RADIUS-AAI for matching
(pf::authentication::match2)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] Matched rule (catchall) in source RADIUS-AAI,
returning actions. (pf::Authentication::Source::match_rule)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] Matched rule (catchall) in source RADIUS-AAI,
returning actions. (pf::Authentication::Source::match)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] Role has already been computed and we don't want
to recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] Username was defined "anonym...@pg.infn.it" -
returning role 'default' (pf::role::getRegisteredRole)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] PID: "anonym...@pg.infn.it", Status: reg
Returned VLAN: (undefined), Role: default (pf::role::fetchRoleForNode)
Apr 26 14:29:00 pfsrv packetfence_httpd.aaa: httpd.aaa(20274) INFO:
[mac:70:54:d2:bc:be:91] (10.0.3.33) Added VLAN 25 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)
...
pfsrv, radius.log:
Apr 26 14:29:00 pfsrv auth[20791]: [mac:70:54:d2:bc:be:91] Accepted
user: and returned VLAN 25
Apr 26 14:29:00 pfsrv auth[20791]: (75) Login OK: [anonym...@pg.infn.it]
(from client 10.0.3.33 port 5 cli 70:54:d2:bc:be:91)
....
Log external radius server:
*
**(309) Login OK: [becchett] (from client pfsrv port 0 via TLS tunnel)*
2019-04-26T12:28:59.792Z Thanks a lot
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
