Here you go:
[root@packetfence ~]# netstat -nlp | grep 1813
udp 0 0 10.0.21.20:1813 0.0.0.0:*
1660/pfacct
It seems that pfacct is only bound towards my management interface and
not my "radius interface"
If I check the udp-1812 port I can see following:
[root@packetfence ~]# netstat -nlp | grep 1812
udp 0 0 127.0.0.1:18121 0.0.0.0:*
2651/radiusd
udp 0 0 10.0.21.20:1812 0.0.0.0:*
2651/radiusd
udp 0 0 10.0.20.14:1812 0.0.0.0:*
2651/radiusd
my radius network interface is following:
--> pf.conf
[interface eth1]
ip=10.0.20.14
type=none,radius,dhcp-listener
mask=255.255.255.0
On raddb/acct.conf
I found a listen block for the radius interface
listen {
ipaddr = 10.0.20.14
port = 0
type = acct
virtual_server = packetfence
}
this explains why I receive accounting-replies at my switch, when I
enable the radiusd-acct service.
But I couldn't find any conf files for pfacct
Is my interface correctly configured?
If I restart pfacct service over the GUI I can see the deamon
listening on the right interface
[root@packetfence raddb]# netstat -nlp | grep 1813
udp 0 0 10.0.21.20:1813 0.0.0.0:*
4133/pfacct
udp 4352 0 10.0.20.14:1813 0.0.0.0:*
4133/pfacct
But if I power cycle my device or reevaluate switchport the netstat
looks the same like in the beginning...
Best regards
Am Di., 20. Okt. 2020 um 14:41 Uhr schrieb Ludovic Zammit <[email protected]>:
>
> Hello,
>
> Can you show me the output of:
>
> netstat -nlp | grep 1813
>
> Thanks,
>
>
> Ludovic Zammit
> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
>
>
> On Oct 18, 2020, at 5:21 AM, Kenny Wallrath <[email protected]> wrote:
>
> Hi Ludovic,
>
> I took another debug on the switch and packetfence. It seems that
> Radius Accounting Start Packets are sent from
> the switch to PF, anyways the online/offline state still is not
> getting updated and PF is not sending accounting-response.
> Also the pfacct.log remains empty
> I attached the radsniff and my cisco debug below.
>
> This is what I configured on the switch side:
>
> aaa new-model
> aaa group server radius PACKETFENCE
> server name PACKETFENCE
> aaa authentication login default local group radius
> aaa authentication enable default enable
> aaa authentication dot1x default group PACKETFENCE
> aaa authorization console
> aaa authorization exec default local group radius if-authenticated
> aaa authorization network default group PACKETFENCE
> aaa accounting update newinfo
> aaa accounting dot1x default start-stop group PACKETFENCE
> aaa accounting network default start-stop group PACKETFENCE
> aaa accounting connection default start-stop group PACKETFENCE
> aaa server radius dynamic-author
> client 10.0.20.14 server-key xxxxxxxxxxxxxxxx
> port 3799
> aaa session-id common
> radius-server vsa send accounting
> radius-server vsa send authentication
>
>
>
> Cisco "debug aaa accounting"
> Oct 18 11:00:02.554: AAA/ACCT/DOT1X(0000005A): Pick method list 'default'
> Oct 18 11:00:02.554: AAA/ACCT/SETMLIST(0000005A): Handle 0, mlist
> 05861080, Name default
> Oct 18 11:00:02.554: Getting session id for DOT1X(0000005A) : db=55391F0
> Oct 18 11:00:02.554: AAA/ACCT/DOT1X(0000005A): add, count 2
> Oct 18 11:00:03.513: AAA/ACCT/EVENT/(0000005A): ATTR REPLACE
> Oct 18 11:00:03.513: AAA/ACCT(0000005A): Accounting response status = FAILURE
> Oct 18 11:00:03.513: AAA/ACCT(0000005A): Send NEWINFO accounting
> notification to EM failed
>
> Oct 18 11:00:03.550: %AUTHMGR-5-SUCCESS: Authorization succeeded for
> client (b827.eb3f.01c8) on Interface Gi1/0/2 Aud itSessionID
> 0A0014FD0000002ED5397B59
> Oct 18 11:00:03.550: AAA/ACCT/EVENT/(0000005A): NET UP
> Oct 18 11:00:03.550: AAA/ACCT/HC(0000005A): Update Dot1X/2E00002F
> Oct 18 11:00:03.550: AAA/ACCT/HC(0000005A): no HC Dot1X/2E00002F
> Oct 18 11:00:03.550: AAA/ACCT/DOT1X(0000005A): Queueing record is START
> Oct 18 11:00:03.550: AAA/ACCT(0000005A): Accounting method=PACKETFENCE
> (RADIUS)
> Oct 18 11:00:15.011: AAA/ACCT/EVENT/(0000005A): ATTR REPLACE
> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): Update Dot1X/2E00002F
> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): no HC Dot1X/2E00002F
> Oct 18 11:00:15.011: AAA/ACCT/DOT1X(0000005A): Queueing record is NEWINFO
> Oct 18 11:00:15.011: AAA/ACCT/EVENT/(0000005A): SESSION INFO
> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): Update Dot1X/2E00002F
> Oct 18 11:00:15.011: AAA/ACCT/HC(0000005A): no HC Dot1X/2E00002F
> Oct 18 11:00:15.011: AAA/ACCT/DOT1X(0000005A): Queueing record is UPDATE
> Oct 18 11:00:15.016: AAA/ACCT(0000005A): Accounting method=PACKETFENCE
> (RADIUS)
> Oct 18 11:00:15.016: AAA/ACCT(0000005A): Accounting method=PACKETFENCE
> (RADIUS)
> Oct 18 11:00:23.719: AAA/ACCT/DOT1X(0000005A): START protocol reply FAIL
> Oct 18 11:00:23.719: AAA/ACCT(0000005A): Accounting method=NOT_SET
> Oct 18 11:00:23.719: AAA/ACCT(0000005A): Accounting response status = FAILURE
> Oct 18 11:00:23.719: AAA/ACCT(0000005A): Send START accounting
> notification to EM failed
> Oct 18 11:00:23.719: AAA/ACCT(0000005A): mlist_periodic is not set, interval 0
> Oct 18 11:00:30.095: %RADIUS-4-RADIUS_DEAD: RADIUS server
> 10.0.20.14:1812,1813 is not responding.
> Oct 18 11:00:30.152: %RADIUS-4-RADIUS_ALIVE: RADIUS server
> 10.0.20.14:1812,1813 is being marked alive.
> Oct 18 11:00:35.107: AAA/ACCT/DOT1X(0000005A): NEWINFO protocol reply FAIL
> Oct 18 11:00:35.107: AAA/ACCT(0000005A): Accounting method=NOT_SET
> Oct 18 11:00:35.107: AAA/ACCT(0000005A): mlist_periodic is not set, interval 0
>
>
> Packetfence radsniff:
> 2020-10-18 11:00:32.445522 (5) Accounting-Request Id 158
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +23.614
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 169.254.118.80
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Start
> Acct-Delay-Time = 0
> Acct-Session-Id = "00000050"
> Acct-Authentic = RADIUS
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56
> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59"
> Cisco-AVPair = "connect-progress=Call Up"
> Authenticator-Field = 0x603bc2274431edd546dc9c758d86191f
> 2020-10-18 11:00:37.497158 (6) Accounting-Request Id 159
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +28.665
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 169.254.118.80
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Start
> Acct-Delay-Time = 5
> Acct-Session-Id = "00000050"
> Acct-Authentic = RADIUS
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56
> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59"
> Cisco-AVPair = "connect-progress=Call Up"
> Authenticator-Field = 0xfb92fbb9cc7ef65439c9c4e49d8283c6
> 2020-10-18 11:00:37.645522 (5) ** norsp ** Accounting-Request Id 158
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813
> 2020-10-18 11:00:37.645522 (5) Cleaning up request packet ID 158
> 2020-10-18 11:00:42.551582 (7) Accounting-Request Id 160
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +33.720
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 169.254.118.80
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Start
> Acct-Delay-Time = 10
> Acct-Session-Id = "00000050"
> Acct-Authentic = RADIUS
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56
> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59"
> Cisco-AVPair = "connect-progress=Call Up"
> Authenticator-Field = 0x42233d99f083a7639d3684208165238f
> 2020-10-18 11:00:42.697158 (6) ** norsp ** Accounting-Request Id 159
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813
> 2020-10-18 11:00:42.697158 (6) Cleaning up request packet ID 159
> 2020-10-18 11:00:43.911491 (8) Accounting-Request Id 161
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +35.080
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 10.0.40.61
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Interim-Update
> Acct-Delay-Time = 0
> Acct-Input-Octets = 2857
> Acct-Output-Octets = 9508
> Acct-Session-Id = "00000050"
> Acct-Authentic = RADIUS
> Acct-Session-Time = 12
> Acct-Input-Packets = 17
> Acct-Output-Packets = 35
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56
> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59"
> Cisco-AVPair = "connect-progress=Call Up"
> Authenticator-Field = 0x2dbd87095bebf4a1b6ee64255131b410
> 2020-10-18 11:00:43.912010 (9) Accounting-Request Id 162
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +35.080
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 10.0.40.61
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Interim-Update
> Acct-Delay-Time = 0
> Acct-Input-Octets = 2857
> Acct-Output-Octets = 9508
> Acct-Session-Id = "00000050"
> Acct-Authentic = RADIUS
> Acct-Session-Time = 12
> Acct-Input-Packets = 17
> Acct-Output-Packets = 35
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56
> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59"
> Cisco-AVPair = "connect-progress=Call Up"
> Authenticator-Field = 0xb0a63e46552c8152ef507257f9e10b72
> 2020-10-18 11:00:47.595411 (10) Accounting-Request Id 163
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +38.763
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 169.254.118.80
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Start
> Acct-Delay-Time = 15
> Acct-Session-Id = "00000050"
> Acct-Authentic = RADIUS
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3039:4330:3842::/56
> Cisco-AVPair = "audit-session-id=0A0014FD0000002ED5397B59"
> Cisco-AVPair = "connect-progress=Call Up"
> Authenticator-Field = 0xdc631f70c7df87de580a8d5c38561393
> 2020-10-18 11:00:47.751582 (7) ** norsp ** Accounting-Request Id 160
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813
> 2020-10-18 11:00:47.751582 (7) Cleaning up request packet ID 160
>
> Am Fr., 16. Okt. 2020 um 14:30 Uhr schrieb Ludovic Zammit
> <[email protected]>:
>
>
> Hello Kenny,
>
> PacketFence is looking for Accouting start / stop packet for the online
> offline.
>
> It looks like the device does not send the Acct-Status-Type: Start or Stop.
>
> Thanks,
>
>
> Ludovic Zammit
> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
>
>
> On Oct 15, 2020, at 5:52 AM, Kenny Wallrath via PacketFence-users
> <[email protected]> wrote:
>
> Hi everyone,
>
> I am currently trying to get the online/offline state working. It
> seems that the state is working if requests are coming from Wireless
> AccessPoints (My device gets registered when online and unregistered
> when offline)
> But if I try the same with my Cisco 2960S switches the nodes remain "unknown".
>
> From what I understood pfacct supersedes radiusd-acct. The service
> pfacct is running and there is no firewall in between. Switch is
> configured to send accounting to PF on port 1813.
> My switch debug tells me that there is no response from Server, which
> I also can verify on PF side. A TCPDUMP shows that Radius Accounting
> Requests arrive at the PF but no response is being generated.
> If I check the pfacct.log it is empty... I pasted a radsniff on port
> 1813 below...
>
> Interestingly, if I disable pfacct and enable radiusd-acct a
> Accounting-Reply is generated to the switch but the online/offline
> state remains unknown.
>
> 2020-10-15 11:42:21.448660 (5) Accounting-Request Id 49
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +10.924
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 10.0.40.61
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Interim-Update
> Acct-Delay-Time = 10
> Acct-Input-Octets = 15178
> Acct-Output-Octets = 1620296
> Acct-Session-Id = "0000004B"
> Acct-Authentic = RADIUS
> Acct-Session-Time = 6229
> Acct-Input-Packets = 225
> Acct-Output-Packets = 9530
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3831:3437:4232::/57
> Cisco-AVPair = "audit-session-id=0A0014FD0000002AC57E41EC"
> Cisco-AVPair = "connect-progress=Auth Open"
> Authenticator-Field = 0xe184ba9b392f14f26741c4f7c64c815a
> 2020-10-15 11:42:21.214706 (4) ** norsp ** Accounting-Request Id 48
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813
> 2020-10-15 11:42:21.214706 (4) Cleaning up request packet ID 48
> 2020-10-15 11:42:26.606010 (6) Accounting-Request Id 50
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813 +15.940
> User-Name = "b8:27:eb:3f:01:c8"
> NAS-IP-Address = 10.0.20.253
> NAS-Port = 50102
> Service-Type = Framed-User
> Framed-IP-Address = 10.0.40.61
> Called-Station-Id = "3C-0E-23-5A-3E-02"
> Calling-Station-Id = "B8-27-EB-3F-01-C8"
> NAS-Port-Type = Ethernet
> Acct-Status-Type = Interim-Update
> Acct-Delay-Time = 15
> Acct-Input-Octets = 15178
> Acct-Output-Octets = 1620296
> Acct-Session-Id = "0000004B"
> Acct-Authentic = RADIUS
> Acct-Session-Time = 6229
> Acct-Input-Packets = 225
> Acct-Output-Packets = 9530
> NAS-Port-Id = "GigabitEthernet1/0/2"
> PMIP6-Home-HN-Prefix = 3831:3437:4232::/57
> Cisco-AVPair = "audit-session-id=0A0014FD0000002AC57E41EC"
> Cisco-AVPair = "connect-progress=Auth Open"
> Authenticator-Field = 0xe77e42cc33f62dcd1164461139b59e6d
> 2020-10-15 11:42:26.244866 (5) ** norsp ** Accounting-Request Id 49
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813
> 2020-10-15 11:42:26.244866 (5) Cleaning up request packet ID 49
> 2020-10-15 11:42:31.260601 (6) ** norsp ** Accounting-Request Id 50
> eth1:10.0.20.253:1646 -> 10.0.20.14:1813
> 2020-10-15 11:42:31.260601 (6) Cleaning up request packet ID 50
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
