Hello Joshua,
let's run that:
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 -c '(
Calling-Station-Id =~ /78[-:]?4f[-:]?43[-:]?97[-:]?f5[-:]?fe/i )'
And paste the output.
Regards
Fabrice
Le 21-03-26 à 18 h 22, Joshua Wise via PacketFence-users a écrit :
RADIUS Reply is empty.
I ran the specified patch, restarted services, same error.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 1:47 PM Ludovic Zammit <lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
I never seen that error message.
It needs more investigation.
What is the radius reply given by pf for that authentication ?
Just below the radius request.
Did you patch your server with :
/usr/local/pf/addons/pf-maint.pl <http://pf-maint.pl>
Then restart all pf services:
/usr/local/pf/bin/pfcmd service pf restart
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
On Mar 26, 2021, at 2:24 PM, Joshua Wise
<joshuaw...@celinaisd.com <mailto:joshuaw...@celinaisd.com>> wrote:
RADIS Request Audit log:
NAS-Port-Type = Wireless-802.11 PacketFence-Outer-User =
"testw...@celinaisd.com <mailto:testw...@celinaisd.com>"
PacketFence-Radius-Ip = "10.56.64.44" Service-Type = Framed-User
Called-Station-Id = "00-1A-1E-01-EC-98-cisd.1x" State =
0x6f17c8406f1fd21550a9f72c8da28ab6 FreeRADIUS-Proxied-To =
127.0.0.1 Realm = "default" NAS-IP-Address = 10.56.64.44
PacketFence-NTLMv2-Only = "" Calling-Station-Id =
"78:4f:43:97:f5:fe" Aruba-Essid-Name = "cisd.1x"
PacketFence-KeyBalanced = "e779e78c1ea9a92dab5dc5d6d30a8dc7"
PacketFence-Domain = "celinaisd" Aruba-AP-Group = "CS701"
User-Name = "testw...@celinaisd.com
<mailto:testw...@celinaisd.com>" Aruba-Location-Id =
"ADMIN-MDF-AP16" NAS-Identifier = "10.56.64.222" Event-Timestamp
= "Mar 25 2021 08:33:08 CDT" EAP-Message =
0x020800511a0208004c316ec62dd3023b6ff16890ed459e79818b0000000000000000175ed1760cce67ff48491f88d067ce8bc17ec36c65b75de60074657374776966694063656c696e616973642e636f6d
Stripped-User-Name = "testwifi" NAS-Port = 0 Framed-MTU = 1100
EAP-Type = MSCHAPv2 PacketFence-UserNameAttribute =
"testw...@celinaisd.com <mailto:testw...@celinaisd.com>"
Module-Failure-Message = "celinaisd: Attribute \"User-Password\"
is required for authentication" User-Password = "******"
SQL-User-Name = "testw...@celinaisd.com
<mailto:testw...@celinaisd.com>"
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 12:12 PM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>> wrote:
For that radius request, go check Auditing and show me the
radius request.
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence
(http://packetfence.org <http://packetfence.org/>)
On Mar 26, 2021, at 8:43 AM, Joshua Wise
<joshuaw...@celinaisd.com <mailto:joshuaw...@celinaisd.com>>
wrote:
Here we go:
Mar 26 07:40:11 packetfence auth[2770]: (10350) Login
incorrect (celinaisd: Attribute "User-Password" is required
for authentication): [testw...@celinaisd.com
<mailto:testw...@celinaisd.com>] (from client
10.56.64.222/32 <http://10.56.64.222/32> port 0 cli
78:4f:43:97:f5:fe via TLS tunnel)
Mar 26 07:40:11 packetfence auth[2770]:
[mac:78:4f:43:97:f5:fe] Rejected user:
testw...@celinaisd.com <mailto:testw...@celinaisd.com>
Mar 26 07:40:11 packetfence auth[2770]: (10351) Login
incorrect (eap_peap: The users session was previously
rejected: returning reject (again.)):
[testw...@celinaisd.com <mailto:testw...@celinaisd.com>]
(from client 10.56.64.222/32 <http://10.56.64.222/32> port 0
cli 78:4f:43:97:f5:fe)
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 7:00 AM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>> wrote:
That’s not good, you should have something in the log
related to that Mac address. Try another computer or
clear the cache info related to your Mac in the wifi
controller.
Check:
grep MAC_ADDRESS /usr/local/pf/logs/radius.log
Use 00:11:22:33:44:55 for the Mac address format.
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence
(http://packetfence.org <http://packetfence.org/>)
On Mar 25, 2021, at 2:20 PM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
I don't get a response when using that command. I can
see the log file exists, modifying with vi shows the
following repeatedly.
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: Using 300 resolution threshold
(pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: All cluster members are running
the same configuration version
(pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0 security_events
during security_event maintenance (1616662378.2789
1616662378.28441)
(pf::security_event::security_event_maintenance)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0 security_events
during security_event maintenance (1616662378.2855
1616662378.2874)
(pf::security_event::security_event_maintenance)
Mar 25 03:53:58 packetfence packetfence:
pfperl-api(2204) INFO: Using 300 resolution threshold
(pf::pfcron::task::cluster_check::run)
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 10:08 AM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>> wrote:
Give me the output of:
grep MAC_ADDRESS /usr/local/pf/logs/packetfence.log
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 25, 2021, at 8:39 AM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
SSID type is 802.1x with WPA2-Enterprise.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 7:08 AM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>>
wrote:
Hello,
What’s your SSID type ? Open SSID or 8021.x
with WPA2 Entreprise?
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 24, 2021, at 3:06 PM, Joshua Wise via
PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
I'm in the process of testing Packefence with
our Aruba Controller. I've added our on-prem
Active Directory to Packetfence, and can test
authentication fine with pftest, no issues.
I've configured our Aruba Controller with an
802.1x SSID, RADIUS, etc.
When I attempt to connect with
username/password, it fails. I can see in the
RADIUS log that I get an error "Attribute
"User-Password" is required for authentication."
Within that log, I can go to the RADIUS
section and see: User-Password = "******"
This makes me think the password is being
passed from our Controller to Packetfence
just fine.
Not sure what I'm missing, any ideas or
suggestions?
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users