[PacketFence-users] Mikrotik routerboard cli/winbox access via Packetfence

Tue, 10 Mar 2020 00:15:03 -0700 

Hi,
I try to  use packetfence for mikrotik device cli access. I want to access
with my MS Active Directory users.
First i try with freeradius via ldap connection. It's working but when i
try with packetfence, it doesn't work.
To my understanding, mikrotik try to  ldap connection but packetfence
connect to Active Directory with NTLM.
(Cisco devices working successfully)
It is possible to solve this problem.
packetfence.log:









*Mar  9 18:08:12 debian packetfence_httpd.aaa: httpd.aaa(2089) WARN:
[mac:[undef]] Trying to match IP address with an invalid MAC address
'undef' (pf::ip4log::mac2ip)Mar  9 18:08:12 debian packetfence_httpd.aaa:
httpd.aaa(2089) WARN: [mac:[undef]] Trying to match IP address with an
invalid MAC address 'undef' (pf::ip4log::mac2ip)Mar  9 18:08:13 debian
packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] Instantiate
profile 8021x (pf::Connection::ProfileFactory::_from_profile)Mar  9
18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]]
Found authentication source(s) : 'AD-source' for realm 'null'
(pf::config::util::filter_authentication_sources)Mar  9 18:08:13 debian
packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] Instantiate
profile 8021x (pf::Connection::ProfileFactory::_from_profile)Mar  9
18:08:13 debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]]
Found authentication source(s) : 'AD-source' for realm 'null'
(pf::config::util::filter_authentication_sources)Mar  9 18:08:13 debian
packetfence_httpd.aaa: httpd.aaa(2089) WARN: [mac:[undef]] [AD-source] User
CN=net-admin,CN=Users,DC=evrenkorkmaz,DC=xyz cannot bind from
CN=Users,DC=evrenkorkmaz,DC=xyz on 192.168.56.102:389
<http://192.168.56.102:389>
(pf::Authentication::Source::LDAPSource::authenticate)Mar  9 18:08:13
debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] User
net-admin tried to login in 192.168.30.6 but authentication failed
(pf::radius::switch_access)Mar  9 18:08:13 debian packetfence_httpd.aaa:
httpd.aaa(2089) WARN: [mac:[undef]] [AD-source] User
CN=net-admin,CN=Users,DC=evrenkorkmaz,DC=xyz cannot bind from
CN=Users,DC=evrenkorkmaz,DC=xyz on 192.168.56.102:389
<http://192.168.56.102:389>
(pf::Authentication::Source::LDAPSource::authenticate)Mar  9 18:08:13
debian packetfence_httpd.aaa: httpd.aaa(2089) INFO: [mac:[undef]] User
net-admin tried to login in 192.168.30.6 but authentication failed
(pf::radius::switch_access)*

radius.log:


























*Mar  9 18:05:36 debian auth[5605]: Need 6 more connections to reach 10
sparesMar  9 18:05:36 debian auth[5605]: rlm_sql (sql): Opening additional
connection (4), 1 of 60 pending slots usedMar  9 18:05:36 debian
auth[5605]: Need 6 more connections to reach 10 sparesMar  9 18:05:36
debian auth[5605]: rlm_sql (sql): Opening additional connection (4), 1 of
60 pending slots usedMar  9 18:05:37 debian auth[5605]: (3) Ignoring
duplicate packet from client 192.168.30.6/32 <http://192.168.30.6/32> port
47498 - ID: 10 due to unfinished request in component post-auth module
restMar  9 18:05:37 debian auth[5605]: (3) Ignoring duplicate packet from
client 192.168.30.6/32 <http://192.168.30.6/32> port 47498 - ID: 10 due to
unfinished request in component post-auth module restMar  9 18:05:37 debian
auth[5605]: (3) Ignoring duplicate packet from client 192.168.30.6/32
<http://192.168.30.6/32> port 47498 - ID: 10 due to unfinished request in
component post-auth module restMar  9 18:05:37 debian auth[5605]: (3)
Ignoring duplicate packet from client 192.168.30.6/32
<http://192.168.30.6/32> port 47498 - ID: 10 due to unfinished request in
component post-auth module restMar  9 18:05:38 debian auth[5605]: (3) rest:
ERROR: Server returned:Mar  9 18:05:38 debian auth[5605]: (3) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Authentication
failed on PacketFence"}Mar  9 18:05:38 debian auth[5605]: Need 1 more
connections to reach min connections (3)Mar  9 18:05:38 debian auth[5605]:
rlm_rest (rest): Opening additional connection (2), 1 of 62 pending slots
usedMar  9 18:05:38 debian auth[5605]: Need 5 more connections to reach 10
sparesMar  9 18:05:38 debian auth[5605]: rlm_sql (sql): Opening additional
connection (5), 1 of 59 pending slots usedMar  9 18:05:38 debian
auth[5605]: (3) rest: ERROR: Server returned:Mar  9 18:05:38 debian
auth[5605]: (3) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Authentication
failed on PacketFence"}Mar  9 18:05:38 debian auth[5605]: Need 1 more
connections to reach min connections (3)Mar  9 18:05:38 debian auth[5605]:
rlm_rest (rest): Opening additional connection (2), 1 of 62 pending slots
usedMar  9 18:05:38 debian auth[5605]: Need 5 more connections to reach 10
sparesMar  9 18:05:38 debian auth[5605]: rlm_sql (sql): Opening additional
connection (5), 1 of 59 pending slots usedMar  9 18:05:38 debian
auth[5605]: [mac:192.168.30.2] Rejected user: net-adminMar  9 18:05:38
debian auth[5605]: (3) Rejected in post-auth: [net-admin] (from client
192.168.30.6/32 <http://192.168.30.6/32> port 0 cli 192.168.30.2)Mar  9
18:05:38 debian auth[5605]: (3) Login incorrect (rest: Server returned:):
[net-admin] (from client 192.168.30.6/32 <http://192.168.30.6/32> port 0
cli 192.168.30.2)Mar  9 18:05:38 debian auth[5605]: [mac:192.168.30.2]
Rejected user: net-adminMar  9 18:05:38 debian auth[5605]: (3) Rejected in
post-auth: [net-admin] (from client 192.168.30.6/32
<http://192.168.30.6/32> port 0 cli 192.168.30.2)Mar  9 18:05:38 debian
auth[5605]: (3) Login incorrect (rest: Server returned:): [net-admin] (from
client 192.168.30.6/32 <http://192.168.30.6/32> port 0 cli 192.168.30.2)*

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to