Here are the logs parts
packetfence.log Feb 11 08:35:57 nac9-1 pfipset[30180]: t=2020-02-11T08:35:57+0100 lvl=info msg="No Inline Network bypass ipsets reload" pid=30180 Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] handling radius autz request: from switch_ip => (192.168.2.7), connection_type => Ethernet-NoEAP,switch_mac => (04:09:73:8e:56:d8), mac => [10 :65:30:d5:bd:9c], port => 40, username => "106530d5bd9c" (pf::radius::authorize) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) WARN: [mac:10:65:30:d5:bd:9c] Switch type 'pf::Switch::HP::Procurve_2500' does not support MABFloatingDevices (pf::SwitchSupports::__ANON__) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] (192.168.2.7) Added VLAN 127 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] handling radius autz request: from switch_ip => (192.168.2.7), connection_type => Ethernet-NoEAP,switch_mac => (04:09:73:8e:56:d8), mac => [10 :65:30:d5:bd:9c], port => 40, username => "106530d5bd9c" (pf::radius::authorize) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) WARN: [mac:10:65:30:d5:bd:9c] Switch type 'pf::Switch::HP::Procurve_2500' does not support MABFloatingDevices (pf::SwitchSupports::__ANON__) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] (192.168.2.7) Added VLAN 127 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Feb 11 08:36:34 nac9-1 packetfence: rlm_perl(30862) WARN: (in cleanup) hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at /usr/local/pf/lib/pfconfig/cached.pm line 182. Feb 11 08:36:34 nac9-1 packetfence[30871]: rlm_perl(30862) WARN: (in cleanup) hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at /usr/local/pf/lib/pfconfig/cached.pm line 182. Feb 11 08:36:34 nac9-1 packetfence[30871]: (pfconfig::cached::_get_from_socket) Feb 11 08:36:34 nac9-1 packetfence: (pfconfig::cached::_get_from_socket) Radius.log Feb 11 08:35:57 nac9-1 pfipset[30180]: t=2020-02-11T08:35:57+0100 lvl=info msg="No Inline Network bypass ipsets reload" pid=30180 Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] handling radius autz request: from switch_ip => (192.168.2.7), connection_type => Ethernet-NoEAP,switch_mac => (04:09:73:8e:56:d8), mac => [10 :65:30:d5:bd:9c], port => 40, username => "106530d5bd9c" (pf::radius::authorize) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) WARN: [mac:10:65:30:d5:bd:9c] Switch type 'pf::Switch::HP::Procurve_2500' does not support MABFloatingDevices (pf::SwitchSupports::__ANON__) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] (192.168.2.7) Added VLAN 127 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] handling radius autz request: from switch_ip => (192.168.2.7), connection_type => Ethernet-NoEAP,switch_mac => (04:09:73:8e:56:d8), mac => [10 :65:30:d5:bd:9c], port => 40, username => "106530d5bd9c" (pf::radius::authorize) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) WARN: [mac:10:65:30:d5:bd:9c] Switch type 'pf::Switch::HP::Procurve_2500' does not support MABFloatingDevices (pf::SwitchSupports::__ANON__) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Feb 11 08:36:34 nac9-1 packetfence_httpd.aaa: httpd.aaa(30325) INFO: [mac:10:65:30:d5:bd:9c] (192.168.2.7) Added VLAN 127 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Feb 11 08:36:34 nac9-1 packetfence: rlm_perl(30862) WARN: (in cleanup) hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at /usr/local/pf/lib/pfconfig/cached.pm line 182. Feb 11 08:36:34 nac9-1 packetfence[30871]: rlm_perl(30862) WARN: (in cleanup) hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this) at /usr/local/pf/lib/pfconfig/cached.pm line 182. Feb 11 08:36:34 nac9-1 packetfence[30871]: (pfconfig::cached::_get_from_socket) Feb 11 08:36:34 nac9-1 packetfence: (pfconfig::cached::_get_from_socket) Yes I use EAP-PEAP The node is joined to the AD To be sure I left and rejoined the domain. B.R. Franck ________________________________ From: EXTERN Nicolas Quiniou-Briand via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Tuesday, February 11, 2020 1:50 PM To: packetfence-users@lists.sourceforge.net <packetfence-users@lists.sourceforge.net> Cc: Nicolas Quiniou-Briand <n...@inverse.ca> Subject: Re: [PacketFence-users] Packetfence Cluster, one member not authenticating clients Hi, On 11/02/2020 09:17, Franck Rakotonindrainy via PacketFence-users wrote: > but when radius (AD) authentication is send to the node I call 9-1, it > never succeed 1. Did you see something interesting in packetfence.log or radius.log on 9-1 node ? 2. If you use EAP-PEAP, are you sure 9-1 is correctly joined to an AD domain ? -- Nicolas Quiniou-Briand n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank (http://fingerbank.org) _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users