Re: [PacketFence-users] Attribute User-Password Required

Joshua Wise via PacketFence-users Sat, 27 Mar 2021 05:50:15 -0700

Command appears to run endlessly, I grabbed a snippet that appears to be
what is repeated.


(3440) Sat Mar 27 07:25:15 2021: Debug: Received Status-Server Id 51 from
127.0.0.1:51452 to 127.0.0.1:18121 length 50
(3440) Sat Mar 27 07:25:15 2021: Debug:   Message-Authenticator =
0x9257e8cab94913463172d8be5663c80b
(3440) Sat Mar 27 07:25:15 2021: Debug:   FreeRADIUS-Statistics-Type = 15
(3440) Sat Mar 27 07:25:15 2021: Debug: # Executing group from file
/usr/local/pf/raddb/sites-enabled/status
(3440) Sat Mar 27 07:25:15 2021: Debug:   Autz-Type Status-Server {
(3440) Sat Mar 27 07:25:15 2021: Debug:     [ok] = ok
(3440) Sat Mar 27 07:25:15 2021: Debug:   } # Autz-Type Status-Server = ok
(3440) Sat Mar 27 07:25:15 2021: Debug: Sent Access-Accept Id 51 from
127.0.0.1:18121 to 127.0.0.1:51452 length 0
(3440) Sat Mar 27 07:25:15 2021: Debug:   FreeRADIUS-Total-Access-Requests
= 3441
(3440) Sat Mar 27 07:25:15 2021: Debug:   FreeRADIUS-Total-Access-Accepts =
0
(3440) Sat Mar 27 07:25:15 2021: Debug:   FreeRADIUS-Total-Access-Rejects =
2
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Challenges = 16
(3440) Sat Mar 27 07:25:15 2021: Debug:   FreeRADIUS-Total-Auth-Responses =
18
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Accounting-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Accounting-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Accepts = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Rejects = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Challenges = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Accounting-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Accounting-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug: Finished request
(3440) Sat Mar 27 07:25:20 2021: Debug: Cleaning up request packet ID 51
with timestamp +51321

*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com


On Fri, Mar 26, 2021 at 9:00 PM Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Joshua,
>
> let's run that:
>
> raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 -c '(
> Calling-Station-Id =~ /78[-:]?4f[-:]?43[-:]?97[-:]?f5[-:]?fe/i )'
>
>
> And paste the output.
>
> Regards
>
> Fabrice
>
>
> Le 21-03-26 à 18 h 22, Joshua Wise via PacketFence-users a écrit :
>
> RADIUS Reply is empty.
>
> I ran the specified patch, restarted services, same error.
>
> *Joshua Wise*
> Systems Engineer, Celina ISD
> 469-742-9113
> https://www.celinaisd.com
>
>
> On Fri, Mar 26, 2021 at 1:47 PM Ludovic Zammit <lzam...@inverse.ca> wrote:
>
>> I never seen that error message.
>>
>> It needs more investigation.
>>
>> What is the radius reply given by pf for that authentication ? Just below
>> the radius request.
>>
>> Did you patch your server with :
>>
>> /usr/local/pf/addons/pf-maint.pl
>>
>> Then restart all pf services:
>>
>> /usr/local/pf/bin/pfcmd service pf restart
>>
>> Thanks,
>>
>> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>> (http://packetfence.org)
>>
>>
>>
>>
>>
>> On Mar 26, 2021, at 2:24 PM, Joshua Wise <joshuaw...@celinaisd.com>
>> wrote:
>>
>> RADIS Request Audit log:
>>
>> NAS-Port-Type = Wireless-802.11 PacketFence-Outer-User = "
>> testw...@celinaisd.com" PacketFence-Radius-Ip = "10.56.64.44"
>> Service-Type = Framed-User Called-Station-Id = "00-1A-1E-01-EC-98-cisd.1x"
>> State = 0x6f17c8406f1fd21550a9f72c8da28ab6 FreeRADIUS-Proxied-To =
>> 127.0.0.1 Realm = "default" NAS-IP-Address = 10.56.64.44
>> PacketFence-NTLMv2-Only = "" Calling-Station-Id = "78:4f:43:97:f5:fe"
>> Aruba-Essid-Name = "cisd.1x" PacketFence-KeyBalanced =
>> "e779e78c1ea9a92dab5dc5d6d30a8dc7" PacketFence-Domain = "celinaisd"
>> Aruba-AP-Group = "CS701" User-Name = "testw...@celinaisd.com"
>> Aruba-Location-Id = "ADMIN-MDF-AP16" NAS-Identifier = "10.56.64.222"
>> Event-Timestamp = "Mar 25 2021 08:33:08 CDT" EAP-Message =
>> 0x020800511a0208004c316ec62dd3023b6ff16890ed459e79818b0000000000000000175ed1760cce67ff48491f88d067ce8bc17ec36c65b75de60074657374776966694063656c696e616973642e636f6d
>> Stripped-User-Name = "testwifi" NAS-Port = 0 Framed-MTU = 1100 EAP-Type =
>> MSCHAPv2 PacketFence-UserNameAttribute = "testw...@celinaisd.com"
>> Module-Failure-Message = "celinaisd: Attribute \"User-Password\" is
>> required for authentication" User-Password = "******" SQL-User-Name = "
>> testw...@celinaisd.com"
>>
>> *Joshua Wise*
>> Systems Engineer, Celina ISD
>> 469-742-9113
>> https://www.celinaisd.com
>>
>>
>> On Fri, Mar 26, 2021 at 12:12 PM Ludovic Zammit <lzam...@inverse.ca>
>> wrote:
>>
>>> For that radius request, go check Auditing and show me the radius
>>> request.
>>> Thanks,
>>>
>>>
>>> Ludovic Zammit
>>> lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>>> (http://packetfence.org)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Mar 26, 2021, at 8:43 AM, Joshua Wise <joshuaw...@celinaisd.com>
>>> wrote:
>>>
>>> Here we go:
>>>
>>> Mar 26 07:40:11 packetfence auth[2770]: (10350)   Login incorrect
>>> (celinaisd: Attribute "User-Password" is required for authentication): [
>>> testw...@celinaisd.com] (from client 10.56.64.222/32 port 0 cli
>>> 78:4f:43:97:f5:fe via TLS tunnel)
>>> Mar 26 07:40:11 packetfence auth[2770]: [mac:78:4f:43:97:f5:fe] Rejected
>>> user: testw...@celinaisd.com
>>> Mar 26 07:40:11 packetfence auth[2770]: (10351) Login incorrect
>>> (eap_peap: The users session was previously rejected: returning reject
>>> (again.)): [testw...@celinaisd.com] (from client 10.56.64.222/32 port 0
>>> cli 78:4f:43:97:f5:fe)
>>>
>>> *Joshua Wise*
>>> Systems Engineer, Celina ISD
>>> 469-742-9113
>>> https://www.celinaisd.com
>>>
>>>
>>> On Fri, Mar 26, 2021 at 7:00 AM Ludovic Zammit <lzam...@inverse.ca>
>>> wrote:
>>>
>>>> That’s not good, you should have something in the log related to that
>>>> Mac address. Try another computer or clear the cache info related to your
>>>> Mac in the wifi controller.
>>>>
>>>> Check:
>>>>
>>>> grep MAC_ADDRESS /usr/local/pf/logs/radius.log
>>>>
>>>> Use 00:11:22:33:44:55 for the Mac address format.
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Ludovic Zammit
>>>> lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  www.inverse.ca
>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>>>> (http://packetfence.org)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Mar 25, 2021, at 2:20 PM, Joshua Wise <joshuaw...@celinaisd.com>
>>>> wrote:
>>>>
>>>> I don't get a response when using that command. I can see the log file
>>>> exists, modifying with vi shows the following repeatedly.
>>>>
>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2202) INFO: Using
>>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run)
>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2202) INFO: All
>>>> cluster members are running the same configuration version
>>>> (pf::pfcron::task::cluster_check::run)
>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2204) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1616662378.2789 1616662378.28441)
>>>> (pf::security_event::security_event_maintenance)
>>>> Mar 25 03:52:58 packetfence packetfence: pfperl-api(2204) INFO:
>>>> processed 0 security_events during security_event maintenance
>>>> (1616662378.2855 1616662378.2874)
>>>> (pf::security_event::security_event_maintenance)
>>>> Mar 25 03:53:58 packetfence packetfence: pfperl-api(2204) INFO: Using
>>>> 300 resolution threshold (pf::pfcron::task::cluster_check::run)
>>>>
>>>> *Joshua Wise*
>>>> Systems Engineer, Celina ISD
>>>> 469-742-9113
>>>> https://www.celinaisd.com
>>>>
>>>>
>>>> On Thu, Mar 25, 2021 at 10:08 AM Ludovic Zammit <lzam...@inverse.ca>
>>>> wrote:
>>>>
>>>>> Give me the output of:
>>>>>
>>>>> grep MAC_ADDRESS /usr/local/pf/logs/packetfence.log
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>> Ludovic Zammit
>>>>> lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  www.inverse.ca
>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>>>>> (http://packetfence.org)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Mar 25, 2021, at 8:39 AM, Joshua Wise <joshuaw...@celinaisd.com>
>>>>> wrote:
>>>>>
>>>>> SSID type is 802.1x with WPA2-Enterprise.
>>>>>
>>>>> *Joshua Wise*
>>>>> Systems Engineer, Celina ISD
>>>>> 469-742-9113
>>>>> https://www.celinaisd.com
>>>>>
>>>>>
>>>>> On Thu, Mar 25, 2021 at 7:08 AM Ludovic Zammit <lzam...@inverse.ca>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> What’s your SSID type ? Open SSID or 8021.x with WPA2 Entreprise?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>> Ludovic Zammit
>>>>>> lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  www.inverse.ca
>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
>>>>>> (http://packetfence.org)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mar 24, 2021, at 3:06 PM, Joshua Wise via PacketFence-users <
>>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>>
>>>>>> I'm in the process of testing Packefence with our Aruba Controller.
>>>>>> I've added our on-prem Active Directory to Packetfence, and can test
>>>>>> authentication fine with pftest, no issues.
>>>>>>
>>>>>> I've configured our Aruba Controller with an 802.1x SSID, RADIUS, etc.
>>>>>>
>>>>>> When I attempt to connect with username/password, it fails. I can see
>>>>>> in the RADIUS log that I get an error "Attribute "User-Password" is
>>>>>> required for authentication."
>>>>>>
>>>>>> Within that log, I can go to the RADIUS section and see:
>>>>>> User-Password = "******"
>>>>>>
>>>>>> This makes me think the password is being passed from our Controller
>>>>>> to Packetfence just fine.
>>>>>>
>>>>>> Not sure what I'm missing, any ideas or suggestions?
>>>>>>
>>>>>> *Joshua Wise*
>>>>>> Systems Engineer, Celina ISD
>>>>>> 469-742-9113
>>>>>> https://www.celinaisd.com
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
> _______________________________________________
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Attribute User-Password Required

Reply via email to