As a work around, you could disable PFacct in the services and enable radius-acct and it should work.
It’s fixed in 10.2 version. Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Oct 20, 2020, at 12:14 PM, Ludovic Zammit via PacketFence-users > <[email protected]> wrote: > > Hello Kenny, > > I did open a bug for it, thanks for reporting it. > > https://github.com/inverse-inc/packetfence/issues/5930 > <https://github.com/inverse-inc/packetfence/issues/5930> > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > >> On Oct 20, 2020, at 9:58 AM, Kenny Wallrath <[email protected] >> <mailto:[email protected]>> wrote: >> >> Here you go: >> >> [root@packetfence ~]# netstat -nlp | grep 1813 >> udp 0 0 10.0.21.20:1813 0.0.0.0:* >> 1660/pfacct >> >> >> It seems that pfacct is only bound towards my management interface and >> not my "radius interface" >> If I check the udp-1812 port I can see following: >> >> [root@packetfence ~]# netstat -nlp | grep 1812 >> udp 0 0 127.0.0.1:18121 0.0.0.0:* >> 2651/radiusd >> udp 0 0 10.0.21.20:1812 0.0.0.0:* >> 2651/radiusd >> udp 0 0 10.0.20.14:1812 0.0.0.0:* >> 2651/radiusd >> >> my radius network interface is following: >> --> pf.conf >> [interface eth1] >> ip=10.0.20.14 >> type=none,radius,dhcp-listener >> mask=255.255.255.0 >> >> On raddb/acct.conf >> I found a listen block for the radius interface >> >> listen { >> ipaddr = 10.0.20.14 >> port = 0 >> type = acct >> virtual_server = packetfence >> } >> this explains why I receive accounting-replies at my switch, when I >> enable the radiusd-acct service. >> But I couldn't find any conf files for pfacct >> >> Is my interface correctly configured? >> >> If I restart pfacct service over the GUI I can see the deamon >> listening on the right interface >> [root@packetfence raddb]# netstat -nlp | grep 1813 >> udp 0 0 10.0.21.20:1813 0.0.0.0:* >> 4133/pfacct >> udp 4352 0 10.0.20.14:1813 0.0.0.0:* >> 4133/pfacct >> >> But if I power cycle my device or reevaluate switchport the netstat >> looks the same like in the beginning... >> >> Best regards >> >> Am Di., 20. Okt. 2020 um 14:41 Uhr schrieb Ludovic Zammit >> <[email protected] <mailto:[email protected]>>: >>> >>> Hello, >>> >>> Can you show me the output of: >>> >>> netstat -nlp | grep 1813 >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>> :: www.inverse.ca <http://www.inverse.ca/> >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>> <http://packetfence.org/>) >>> >>> >>> >>> >>> >>> On Oct 18, 2020, at 5:21 AM, Kenny Wallrath <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Ludovic, >>> >>> I took another debug on the switch and packetfence. It seems that >>> Radius Accounting Start Packets are sent from >>> the switch to PF, anyways the online/offline state still is not >>> getting updated and PF is not sending accounting-response. >>> Also the pfacct.log remains empty >>> I attached the radsniff and my cisco debug below. >>> >>> This is what I configured on the switch side: >>> >>> aaa new-model >>> aaa group server radius PACKETFENCE >>> server name PACKETFENCE >>> aaa authentication login default local group radius >>> aaa authentication enable default enable >>> aaa authentication dot1x default group PACKETFENCE >>> aaa authorization console >>> aaa authorization exec default local group radius if-authenticated >>> aaa authorization network default group PACKETFENCE >>> aaa accounting update newinfo >>> aaa accounting dot1x default start-stop group PACKETFENCE >>> aaa accounting network default start-stop group PACKETFENCE >>> aaa accounting connection default start-stop group PACKETFENCE >>> aaa server radius dynamic-author >>> client 10.0.20.14 server-key xxxxxxxxxxxxxxxx >>> port 3799 >>> aaa session-id common >>> radius-server vsa send accounting >>> radius-server vsa send authentication >>> >>> >>> >>> Cisco "debug aaa accounting" >>> Oct 18 11:00:02.554: AAA/ACCT/DOT1X(0000005A): Pick method list 'default' >>> Oct 18 11:00:02.554: AAA/ACCT/SETMLIST(0000005A): Handle 0, mlist >>> 05861080, Name default >>> Oct 18 11:00:02.554: Getting session id for DOT1X(0000005A) : db=55391F0 >>> Oct 18 11:00:02.554: AAA/ACCT/DOT1X(0000005A): add, count 2 >>> Oct 18 11:00:03.513: AAA/ACCT/EVENT/(0000005A): ATTR REPLACE >>> Oct 18 11:00:03.513: AAA/ACCT(0000005A): Accounting response status = >>> FAILURE >>> Oct 18 11:00:03.513: AAA/ACCT(0000005A): Send NEWINFO accounting >>> notification to EM failed >>> >>> Oct 18 11:00:03.550: %AUTHMGR-5-SUCCESS: Authorization succeeded for >>> client (b827.eb3f.01c8) on Interface Gi1/0/2 Aud itSessionID >>> 0A0014FD0000002ED5397B59 >>> Oct 18 11:00:03.550: AAA/ACCT/EVENT/(0000005A): NET UP >>> Oct 18 11:00:03.550: AAA/ACCT/HC(0000005A): Update Dot1X/2E00002F >>> Oct 18 11:00:03.550: AAA/ACCT/HC(0000005A): no HC Dot1X/2E00002F >>> Oct 18 11:00:03.550: AAA/ACCT/DOT1X(0000005A): Queueing record is START >>> Oct 18 11:00:03.550: AAA/ACCT(0000005A): Accounting method=PACKETFENCE >>> (RADIUS) >>> Oct 18 11:00:15.011: AAA/ACCT/EVENT/(0000005A): ATTR REPLACE >>> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): Update Dot1X/2E00002F >>> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): no HC Dot1X/2E00002F >>> Oct 18 11:00:15.011: AAA/ACCT/DOT1X(0000005A): Queueing record is NEWINFO >>> Oct 18 11:00:15.011: AAA/ACCT/EVENT/(0000005A): SESSION INFO >>> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): Update Dot1X/2E00002F >>> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): no HC Dot1X/2E00002F >>> Oct 18 11:00:15.011: AAA/ACCT/DOT1X(0000005A): Queueing record is UPDATE >>> Oct 18 11:00:15.016: AAA/ACCT(0000005A): Accounting method=PACKETFENCE >>> (RADIUS) >>> Oct 18 11:00:15.016: AAA/ACCT(0000005A): Accounting method=PACKETFENCE >>> (RADIUS) >>> Oct 18 11:00:23.719: AAA/ACCT/DOT1X(0000005A): START protocol reply FAIL >>> Oct 18 11:00:23.719: AAA/ACCT(0000005A): Accounting method=NOT_SET >>> Oct 18 11:00:23.719: AAA/ACCT(0000005A): Accounting response status = >>> FAILURE >>> Oct 18 11:00:23.719: AAA/ACCT(0000005A): Send START accounting >>> notification to EM failed >>> Oct 18 11:00:23.719: AAA/ACCT(0000005A): mlist_periodic is not set, >>> interval 0 >>> Oct 18 11:00:30.095: %RADIUS-4-RADIUS_DEAD: RADIUS server >>> 10.0.20.14:1812,1813 is not responding. >>> Oct 18 11:00:30.152: %RADIUS-4-RADIUS_ALIVE: RADIUS server >>> 10.0.20.14:1812,1813 is being marked alive. >>> Oct 18 11:00:35.107: AAA/ACCT/DOT1X(0000005A): NEWINFO protocol reply FAIL >>> Oct 18 11:00:35.107: AAA/ACCT(0000005A): Accounting method=NOT_SET >>> Oct 18 11:00:35.107: AAA/ACCT(0000005A): mlist_periodic is not set, >>> interval 0 >>> >>> >>> Packetfence radsniff: >>> 2020-10-18 11:00:32.445522 (5) Accounting-Request Id 158 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +23.614 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 169.254.118.80 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Start >>> Acct-Delay-Time = 0 >>> Acct-Session-Id = "00000050" >>> Acct-Authentic = RADIUS >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59" >>> Cisco-AVPair = "connect-progress=Call Up" >>> Authenticator-Field = 0x603bc2274431edd546dc9c758d86191f >>> 2020-10-18 11:00:37.497158 (6) Accounting-Request Id 159 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +28.665 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 169.254.118.80 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Start >>> Acct-Delay-Time = 5 >>> Acct-Session-Id = "00000050" >>> Acct-Authentic = RADIUS >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59" >>> Cisco-AVPair = "connect-progress=Call Up" >>> Authenticator-Field = 0xfb92fbb9cc7ef65439c9c4e49d8283c6 >>> 2020-10-18 11:00:37.645522 (5) ** norsp ** Accounting-Request Id 158 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 >>> 2020-10-18 11:00:37.645522 (5) Cleaning up request packet ID 158 >>> 2020-10-18 11:00:42.551582 (7) Accounting-Request Id 160 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +33.720 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 169.254.118.80 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Start >>> Acct-Delay-Time = 10 >>> Acct-Session-Id = "00000050" >>> Acct-Authentic = RADIUS >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59" >>> Cisco-AVPair = "connect-progress=Call Up" >>> Authenticator-Field = 0x42233d99f083a7639d3684208165238f >>> 2020-10-18 11:00:42.697158 (6) ** norsp ** Accounting-Request Id 159 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 >>> 2020-10-18 11:00:42.697158 (6) Cleaning up request packet ID 159 >>> 2020-10-18 11:00:43.911491 (8) Accounting-Request Id 161 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +35.080 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 10.0.40.61 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Interim-Update >>> Acct-Delay-Time = 0 >>> Acct-Input-Octets = 2857 >>> Acct-Output-Octets = 9508 >>> Acct-Session-Id = "00000050" >>> Acct-Authentic = RADIUS >>> Acct-Session-Time = 12 >>> Acct-Input-Packets = 17 >>> Acct-Output-Packets = 35 >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59" >>> Cisco-AVPair = "connect-progress=Call Up" >>> Authenticator-Field = 0x2dbd87095bebf4a1b6ee64255131b410 >>> 2020-10-18 11:00:43.912010 (9) Accounting-Request Id 162 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +35.080 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 10.0.40.61 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Interim-Update >>> Acct-Delay-Time = 0 >>> Acct-Input-Octets = 2857 >>> Acct-Output-Octets = 9508 >>> Acct-Session-Id = "00000050" >>> Acct-Authentic = RADIUS >>> Acct-Session-Time = 12 >>> Acct-Input-Packets = 17 >>> Acct-Output-Packets = 35 >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59" >>> Cisco-AVPair = "connect-progress=Call Up" >>> Authenticator-Field = 0xb0a63e46552c8152ef507257f9e10b72 >>> 2020-10-18 11:00:47.595411 (10) Accounting-Request Id 163 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +38.763 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 169.254.118.80 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Start >>> Acct-Delay-Time = 15 >>> Acct-Session-Id = "00000050" >>> Acct-Authentic = RADIUS >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59" >>> Cisco-AVPair = "connect-progress=Call Up" >>> Authenticator-Field = 0xdc631f70c7df87de580a8d5c38561393 >>> 2020-10-18 11:00:47.751582 (7) ** norsp ** Accounting-Request Id 160 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 >>> 2020-10-18 11:00:47.751582 (7) Cleaning up request packet ID 160 >>> >>> Am Fr., 16. Okt. 2020 um 14:30 Uhr schrieb Ludovic Zammit >>> <[email protected] <mailto:[email protected]>>: >>> >>> >>> Hello Kenny, >>> >>> PacketFence is looking for Accouting start / stop packet for the online >>> offline. >>> >>> It looks like the device does not send the Acct-Status-Type: Start or Stop. >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>> :: www.inverse.ca <http://www.inverse.ca/> >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>> <http://packetfence.org/>) >>> >>> >>> >>> >>> >>> On Oct 15, 2020, at 5:52 AM, Kenny Wallrath via PacketFence-users >>> <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi everyone, >>> >>> I am currently trying to get the online/offline state working. It >>> seems that the state is working if requests are coming from Wireless >>> AccessPoints (My device gets registered when online and unregistered >>> when offline) >>> But if I try the same with my Cisco 2960S switches the nodes remain >>> "unknown". >>> >>> From what I understood pfacct supersedes radiusd-acct. The service >>> pfacct is running and there is no firewall in between. Switch is >>> configured to send accounting to PF on port 1813. >>> My switch debug tells me that there is no response from Server, which >>> I also can verify on PF side. A TCPDUMP shows that Radius Accounting >>> Requests arrive at the PF but no response is being generated. >>> If I check the pfacct.log it is empty... I pasted a radsniff on port >>> 1813 below... >>> >>> Interestingly, if I disable pfacct and enable radiusd-acct a >>> Accounting-Reply is generated to the switch but the online/offline >>> state remains unknown. >>> >>> 2020-10-15 11:42:21.448660 (5) Accounting-Request Id 49 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +10.924 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 10.0.40.61 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Interim-Update >>> Acct-Delay-Time = 10 >>> Acct-Input-Octets = 15178 >>> Acct-Output-Octets = 1620296 >>> Acct-Session-Id = "0000004B" >>> Acct-Authentic = RADIUS >>> Acct-Session-Time = 6229 >>> Acct-Input-Packets = 225 >>> Acct-Output-Packets = 9530 >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3831:3437:4232::/57 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002AC57E41EC" >>> Cisco-AVPair = "connect-progress=Auth Open" >>> Authenticator-Field = 0xe184ba9b392f14f26741c4f7c64c815a >>> 2020-10-15 11:42:21.214706 (4) ** norsp ** Accounting-Request Id 48 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 >>> 2020-10-15 11:42:21.214706 (4) Cleaning up request packet ID 48 >>> 2020-10-15 11:42:26.606010 (6) Accounting-Request Id 50 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +15.940 >>> User-Name = "b8:27:eb:3f:01:c8" >>> NAS-IP-Address = 10.0.20.253 >>> NAS-Port = 50102 >>> Service-Type = Framed-User >>> Framed-IP-Address = 10.0.40.61 >>> Called-Station-Id = "3C-0E-23-5A-3E-02" >>> Calling-Station-Id = "B8-27-EB-3F-01-C8" >>> NAS-Port-Type = Ethernet >>> Acct-Status-Type = Interim-Update >>> Acct-Delay-Time = 15 >>> Acct-Input-Octets = 15178 >>> Acct-Output-Octets = 1620296 >>> Acct-Session-Id = "0000004B" >>> Acct-Authentic = RADIUS >>> Acct-Session-Time = 6229 >>> Acct-Input-Packets = 225 >>> Acct-Output-Packets = 9530 >>> NAS-Port-Id = "GigabitEthernet1/0/2" >>> PMIP6-Home-HN-Prefix = 3831:3437:4232::/57 >>> Cisco-AVPair = "audit-session-id=0A0014FD0000002AC57E41EC" >>> Cisco-AVPair = "connect-progress=Auth Open" >>> Authenticator-Field = 0xe77e42cc33f62dcd1164461139b59e6d >>> 2020-10-15 11:42:26.244866 (5) ** norsp ** Accounting-Request Id 49 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 >>> 2020-10-15 11:42:26.244866 (5) Cleaning up request packet ID 49 >>> 2020-10-15 11:42:31.260601 (6) ** norsp ** Accounting-Request Id 50 >>> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 >>> 2020-10-15 11:42:31.260601 (6) Cleaning up request packet ID 50 >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> >>> > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
