Logs below:
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (106): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (108): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (107): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Closing connection (105): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (109), 1 of 64 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more
connections to reach min connections (3)
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (110), 1 of 63 pending slots used
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Closing connection (98): Hit idle_timeout, was idle for 431989
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Closing connection (97): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Closing connection (99): Hit idle_timeout, was idle for 431977
seconds
May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Opening additional connection (100), 1 of 64 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more
connections to reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Opening additional connection (101), 1 of 63 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more
connections to reach min connections (3)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (111), 1 of 62 pending slots used
May 21 11:39:51 youi-packetfence-p1 auth[25948]:
[mac:0c:4d:e9:b9:23:ac] Rejected user: 0c4de9b923ac
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Rejected
in post-auth: [0c4de9b923ac] (from client 10.100.64.67 port 49
cli 0c:4d:e9:b9:23:ac)
May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Login
incorrect: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more
connections to reach 10 spares
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql (sql):
Opening additional connection (112), 1 of 61 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more
connections to reach min connections (3)
May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest (rest):
Opening additional connection (102), 1 of 62 pending slots used
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106) Login
OK: [testradius] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac via TLS tunnel)
May 21 11:40:02 youi-packetfence-p1 auth[25948]:
[mac:0c:4d:e9:b9:23:ac] Accepted user: testradius and returned
VLAN 88
May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107) Login
OK: [testradius] (from client 10.100.64.67 port 49 cli
0c:4d:e9:b9:23:ac)
Looks like it's also sending port 49.
Is there somewhere to make a modification where I can say $Port =
$Port - 48 or something?
On Thu, May 16, 2019 at 9:27 PM Durand fabrice
<fdur...@inverse.ca <mailto:fdur...@inverse.ca>> wrote:
Hello Stuart,
it looks that the port is set to 49 in the radius request:
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius
autz request: from switch_ip => (10.100.64.67),
connection_type => Ethernet-NoEAP,switch_mac =>
(88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], port => 49,
username => "787b8ad3ae74" (pf::radius::authorize)
Are you able to check in the radius auditing what is the
radius request (with all the attributes) and paste it to me ?
Regards
Fabrice
Le 19-05-16 à 11 h 41, Stuart Gendron a écrit :
Logs below:
[root@youi-packetfence-p1 ~]# tail -f
/usr/local/pf/logs/packetfence.log| grep 78:7b:8a:d3:ae:74
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling
radius autz request: from switch_ip => (10.100.64.67),
connection_type => Ethernet-NoEAP,switch_mac =>
(88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], port => 49,
username => "787b8ad3ae74" (pf::radius::authorize)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate
profile default (pf::Connection::ProfileFactory::_from_profile)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Match rule
mac_lan:unknown&pf_wired_mac_auth (pf::access_filter::test)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] vlan filter
match ; belongs into REJECT VLAN (pf::role::getRegistrationRole)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] According to
rules in fetchRoleForNode this node must be kicked out.
Returning USERLOCK (pf::Switch::handleRadiusDeny)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling
radius autz request: from switch_ip => (10.100.64.67),
connection_type => Ethernet-EAP,switch_mac =>
(88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], port => 49,
username => "testradius" (pf::radius::authorize)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate
profile 802.1x (pf::Connection::ProfileFactory::_from_profile)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Found
authentication source(s) : 'YOUI-DC-P1' for realm 'null'
(pf::config::util::filter_authentication_sources)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] Calling match
with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match2)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Using sources
YOUI-DC-P1 for matching (pf::authentication::match2)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] LDAP testing
connection (pf::LDAP::expire_if)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) ERROR: [mac:78:7b:8a:d3:ae:74] Error
binding: 'Connection reset by peer' (pf::LDAP::log_error_msg)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] LDAP
connection expired (pf::LDAP::expire_if)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule
(youi_tv_employees) in source YOUI-DC-P1, returning actions.
(pf::Authentication::Source::match_rule)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule
(youi_tv_employees) in source YOUI-DC-P1, returning actions.
(pf::Authentication::Source::match)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Role has
already been computed and we don't want to recompute it.
Getting role from node_info (pf::role::getRegisteredRole)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Username was
defined "testradius" - returning role 'default'
(pf::role::getRegisteredRole)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] PID:
"testradius", Status: reg Returned VLAN: (undefined), Role:
default (pf::role::fetchRoleForNode)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] (10.100.64.67)
Added VLAN 88 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] violation
1300003 force-closed for 78:7b:8a:d3:ae:74
(pf::violation::violation_force_close)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate
profile 802.1x (pf::Connection::ProfileFactory::_from_profile)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa:
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Updating
locationlog from accounting request
(pf::api::handle_accounting_metadata)
May 16 11:40:14 youi-packetfence-p1 pfqueue: pfqueue(18291)
WARN: [mac:78:7b:8a:d3:ae:74] Unable to match MAC address to
IP '10.100.90.109' (pf::ip4log::ip2mac)
On Tue, May 14, 2019 at 9:18 PM Durand fabrice via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Stuart,
can you paste the log when you plug in the switch port ?
tail -f /usr/local/pf/logs/packetfence.log| grep
00:11:22:33:44:55
with the real mac address of course.
Regards
Fabrice
Le 19-05-14 à 10 h 43, Stuart Gendron via
PacketFence-users a écrit :
Hey there,
Was wondering if anyone else has their ports showing up
wrong for Cisco SG300 switches?
This is when plugged into port 1 on a 48 port switch:
Screen Shot 2019-05-14 at 10.42.07 AM.png
If there's a way to fix it that'd be really appreciated :-)
--
*Stuart Gendron*
IT Support Specialist
*You.i Labs*
307 Legget Drive, Kanata, ON, K2K 3C8
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
t (613) 228-9107 x258 | c (613) 697-6853
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
*Stuart Gendron*
IT Support Specialist
*You.i Labs*
307 Legget Drive, Kanata, ON, K2K 3C8
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
t (613) 228-9107 x258 | c (613) 697-6853
--
*Stuart Gendron*
IT Support Specialist
*You.i Labs*
307 Legget Drive, Kanata, ON, K2K 3C8
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
t (613) 228-9107 x258 | c (613) 697-6853