RADIUS Reply is empty. I ran the specified patch, restarted services, same error.
*Joshua Wise* Systems Engineer, Celina ISD 469-742-9113 https://www.celinaisd.com On Fri, Mar 26, 2021 at 1:47 PM Ludovic Zammit <lzam...@inverse.ca> wrote: > I never seen that error message. > > It needs more investigation. > > What is the radius reply given by pf for that authentication ? Just below > the radius request. > > Did you patch your server with : > > /usr/local/pf/addons/pf-maint.pl > > Then restart all pf services: > > /usr/local/pf/bin/pfcmd service pf restart > > Thanks, > > > Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > On Mar 26, 2021, at 2:24 PM, Joshua Wise <joshuaw...@celinaisd.com> wrote: > > RADIS Request Audit log: > > NAS-Port-Type = Wireless-802.11 PacketFence-Outer-User = " > testw...@celinaisd.com" PacketFence-Radius-Ip = "10.56.64.44" > Service-Type = Framed-User Called-Station-Id = "00-1A-1E-01-EC-98-cisd.1x" > State = 0x6f17c8406f1fd21550a9f72c8da28ab6 FreeRADIUS-Proxied-To = > 127.0.0.1 Realm = "default" NAS-IP-Address = 10.56.64.44 > PacketFence-NTLMv2-Only = "" Calling-Station-Id = "78:4f:43:97:f5:fe" > Aruba-Essid-Name = "cisd.1x" PacketFence-KeyBalanced = > "e779e78c1ea9a92dab5dc5d6d30a8dc7" PacketFence-Domain = "celinaisd" > Aruba-AP-Group = "CS701" User-Name = "testw...@celinaisd.com" > Aruba-Location-Id = "ADMIN-MDF-AP16" NAS-Identifier = "10.56.64.222" > Event-Timestamp = "Mar 25 2021 08:33:08 CDT" EAP-Message = > 0x020800511a0208004c316ec62dd3023b6ff16890ed459e79818b0000000000000000175ed1760cce67ff48491f88d067ce8bc17ec36c65b75de60074657374776966694063656c696e616973642e636f6d > Stripped-User-Name = "testwifi" NAS-Port = 0 Framed-MTU = 1100 EAP-Type = > MSCHAPv2 PacketFence-UserNameAttribute = "testw...@celinaisd.com" > Module-Failure-Message = "celinaisd: Attribute \"User-Password\" is > required for authentication" User-Password = "******" SQL-User-Name = " > testw...@celinaisd.com" > > *Joshua Wise* > Systems Engineer, Celina ISD > 469-742-9113 > https://www.celinaisd.com > > > On Fri, Mar 26, 2021 at 12:12 PM Ludovic Zammit <lzam...@inverse.ca> > wrote: > >> For that radius request, go check Auditing and show me the radius request. >> Thanks, >> >> >> Ludovic Zammit >> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> >> >> On Mar 26, 2021, at 8:43 AM, Joshua Wise <joshuaw...@celinaisd.com> >> wrote: >> >> Here we go: >> >> Mar 26 07:40:11 packetfence auth[2770]: (10350) Login incorrect >> (celinaisd: Attribute "User-Password" is required for authentication): [ >> testw...@celinaisd.com] (from client 10.56.64.222/32 port 0 cli >> 78:4f:43:97:f5:fe via TLS tunnel) >> Mar 26 07:40:11 packetfence auth[2770]: [mac:78:4f:43:97:f5:fe] Rejected >> user: testw...@celinaisd.com >> Mar 26 07:40:11 packetfence auth[2770]: (10351) Login incorrect >> (eap_peap: The users session was previously rejected: returning reject >> (again.)): [testw...@celinaisd.com] (from client 10.56.64.222/32 port 0 >> cli 78:4f:43:97:f5:fe) >> >> *Joshua Wise* >> Systems Engineer, Celina ISD >> 469-742-9113 >> https://www.celinaisd.com >> >> >> On Fri, Mar 26, 2021 at 7:00 AM Ludovic Zammit <lzam...@inverse.ca> >> wrote: >> >>> That’s not good, you should have something in the log related to that >>> Mac address. Try another computer or clear the cache info related to your >>> Mac in the wifi controller. >>> >>> Check: >>> >>> grep MAC_ADDRESS /usr/local/pf/logs/radius.log >>> >>> Use 00:11:22:33:44:55 for the Mac address format. >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> >>> >>> On Mar 25, 2021, at 2:20 PM, Joshua Wise <joshuaw...@celinaisd.com> >>> wrote: >>> >>> I don't get a response when using that command. I can see the log file >>> exists, modifying with vi shows the following repeatedly. >>> >>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2202) INFO: Using >>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2202) INFO: All >>> cluster members are running the same configuration version >>> (pf::pfcron::task::cluster_check::run) >>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2204) INFO: >>> processed 0 security_events during security_event maintenance >>> (1616662378.2789 1616662378.28441) >>> (pf::security_event::security_event_maintenance) >>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2204) INFO: >>> processed 0 security_events during security_event maintenance >>> (1616662378.2855 1616662378.2874) >>> (pf::security_event::security_event_maintenance) >>> Mar 25 03:53:58 packetfence packetfence: pfperl-api(2204) INFO: Using >>> 300 resolution threshold (pf::pfcron::task::cluster_check::run) >>> >>> *Joshua Wise* >>> Systems Engineer, Celina ISD >>> 469-742-9113 >>> https://www.celinaisd.com >>> >>> >>> On Thu, Mar 25, 2021 at 10:08 AM Ludovic Zammit <lzam...@inverse.ca> >>> wrote: >>> >>>> Give me the output of: >>>> >>>> grep MAC_ADDRESS /usr/local/pf/logs/packetfence.log >>>> >>>> Thanks, >>>> >>>> >>>> Ludovic Zammit >>>> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Mar 25, 2021, at 8:39 AM, Joshua Wise <joshuaw...@celinaisd.com> >>>> wrote: >>>> >>>> SSID type is 802.1x with WPA2-Enterprise. >>>> >>>> *Joshua Wise* >>>> Systems Engineer, Celina ISD >>>> 469-742-9113 >>>> https://www.celinaisd.com >>>> >>>> >>>> On Thu, Mar 25, 2021 at 7:08 AM Ludovic Zammit <lzam...@inverse.ca> >>>> wrote: >>>> >>>>> Hello, >>>>> >>>>> What’s your SSID type ? Open SSID or 8021.x with WPA2 Entreprise? >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> Ludovic Zammit >>>>> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Mar 24, 2021, at 3:06 PM, Joshua Wise via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>> I'm in the process of testing Packefence with our Aruba Controller. >>>>> I've added our on-prem Active Directory to Packetfence, and can test >>>>> authentication fine with pftest, no issues. >>>>> >>>>> I've configured our Aruba Controller with an 802.1x SSID, RADIUS, etc. >>>>> >>>>> When I attempt to connect with username/password, it fails. I can see >>>>> in the RADIUS log that I get an error "Attribute "User-Password" is >>>>> required for authentication." >>>>> >>>>> Within that log, I can go to the RADIUS section and see: User-Password >>>>> = "******" >>>>> >>>>> This makes me think the password is being passed from our Controller >>>>> to Packetfence just fine. >>>>> >>>>> Not sure what I'm missing, any ideas or suggestions? >>>>> >>>>> *Joshua Wise* >>>>> Systems Engineer, Celina ISD >>>>> 469-742-9113 >>>>> https://www.celinaisd.com >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> >>>> >>> >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users