Hello Joshua,
yes it can be there and it can also be because you set a "LDAP Source
for TTLS PAP" in the realm.
I am just curious to see why it doesn't work, can you share the
realm.conf file ?
Regards
Fabrice
Le 2021-04-01 à 16 h 26, Joshua Wise a écrit :
Are you referring to the section under Configuration > Default > EAP
Profiles?
I reset it to defaults, but get the same error.
I actually had this all working, the authentication portion at least,
about a month ago. After an extended break, it's doing this.
I'm tempted to start over with a fresh installation.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Wed, Mar 31, 2021 at 7:22 AM Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Joshua,
sorry for the late reply.
So it looks that you played with the radius eap configuration.
Can you revert this section (put as default) and retry ?
Thanks
Regards
Fabrice
Le 2021-03-29 à 16 h 15, Joshua Wise via PacketFence-users a écrit :
Pastebin of the response.
https://pastebin.com/L70fKEB7 <https://pastebin.com/L70fKEB7>
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Sat, Mar 27, 2021 at 8:13 AM Durand fabrice via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Then run the command without the filter and reconnect your
device.
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600
Le 21-03-27 à 08 h 29, Joshua Wise via PacketFence-users a
écrit :
Command appears to run endlessly, I grabbed a snippet that
appears to be what is repeated.
(3440) Sat Mar 27 07:25:15 2021: Debug: Received
Status-Server Id 51 from 127.0.0.1:51452
<http://127.0.0.1:51452> to 127.0.0.1:18121
<http://127.0.0.1:18121> length 50
(3440) Sat Mar 27 07:25:15 2021: Debug:
Message-Authenticator = 0x9257e8cab94913463172d8be5663c80b
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Statistics-Type = 15
(3440) Sat Mar 27 07:25:15 2021: Debug: # Executing group
from file /usr/local/pf/raddb/sites-enabled/status
(3440) Sat Mar 27 07:25:15 2021: Debug: Autz-Type
Status-Server {
(3440) Sat Mar 27 07:25:15 2021: Debug: [ok] = ok
(3440) Sat Mar 27 07:25:15 2021: Debug: } # Autz-Type
Status-Server = ok
(3440) Sat Mar 27 07:25:15 2021: Debug: Sent Access-Accept
Id 51 from 127.0.0.1:18121 <http://127.0.0.1:18121> to
127.0.0.1:51452 <http://127.0.0.1:51452> length 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Requests = 3441
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Accepts = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Rejects = 2
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Access-Challenges = 16
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Responses = 18
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Auth-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Accounting-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Accounting-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Acct-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Accepts = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Rejects = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Access-Challenges = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Auth-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Accounting-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Accounting-Responses = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0
(3440) Sat Mar 27 07:25:15 2021: Debug:
FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0
(3440) Sat Mar 27 07:25:15 2021: Debug: Finished request
(3440) Sat Mar 27 07:25:20 2021: Debug: Cleaning up request
packet ID 51 with timestamp +51321
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 9:00 PM Durand fabrice via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Joshua,
let's run that:
raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600
-c '( Calling-Station-Id =~
/78[-:]?4f[-:]?43[-:]?97[-:]?f5[-:]?fe/i )'
And paste the output.
Regards
Fabrice
Le 21-03-26 à 18 h 22, Joshua Wise via PacketFence-users
a écrit :
RADIUS Reply is empty.
I ran the specified patch, restarted services, same error.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 1:47 PM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>> wrote:
I never seen that error message.
It needs more investigation.
What is the radius reply given by pf for that
authentication ? Just below the radius request.
Did you patch your server with :
/usr/local/pf/addons/pf-maint.pl <http://pf-maint.pl>
Then restart all pf services:
/usr/local/pf/bin/pfcmd service pf restart
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918
(x145) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu>) and PacketFence (http://packetfence.org
<http://packetfence.org>)
On Mar 26, 2021, at 2:24 PM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
RADIS Request Audit log:
NAS-Port-Type = Wireless-802.11
PacketFence-Outer-User = "testw...@celinaisd.com
<mailto:testw...@celinaisd.com>"
PacketFence-Radius-Ip = "10.56.64.44" Service-Type
= Framed-User Called-Station-Id =
"00-1A-1E-01-EC-98-cisd.1x" State =
0x6f17c8406f1fd21550a9f72c8da28ab6
FreeRADIUS-Proxied-To = 127.0.0.1 Realm =
"default" NAS-IP-Address = 10.56.64.44
PacketFence-NTLMv2-Only = "" Calling-Station-Id =
"78:4f:43:97:f5:fe" Aruba-Essid-Name = "cisd.1x"
PacketFence-KeyBalanced =
"e779e78c1ea9a92dab5dc5d6d30a8dc7"
PacketFence-Domain = "celinaisd" Aruba-AP-Group =
"CS701" User-Name = "testw...@celinaisd.com
<mailto:testw...@celinaisd.com>" Aruba-Location-Id
= "ADMIN-MDF-AP16" NAS-Identifier = "10.56.64.222"
Event-Timestamp = "Mar 25 2021 08:33:08 CDT"
EAP-Message =
0x020800511a0208004c316ec62dd3023b6ff16890ed459e79818b0000000000000000175ed1760cce67ff48491f88d067ce8bc17ec36c65b75de60074657374776966694063656c696e616973642e636f6d
Stripped-User-Name = "testwifi" NAS-Port = 0
Framed-MTU = 1100 EAP-Type = MSCHAPv2
PacketFence-UserNameAttribute =
"testw...@celinaisd.com
<mailto:testw...@celinaisd.com>"
Module-Failure-Message = "celinaisd: Attribute
\"User-Password\" is required for authentication"
User-Password = "******" SQL-User-Name =
"testw...@celinaisd.com
<mailto:testw...@celinaisd.com>"
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com <https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 12:12 PM Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>>
wrote:
For that radius request, go check Auditing and
show me the radius request.
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 26, 2021, at 8:43 AM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
Here we go:
Mar 26 07:40:11 packetfence auth[2770]:
(10350) Login incorrect (celinaisd: Attribute
"User-Password" is required for
authentication): [testw...@celinaisd.com
<mailto:testw...@celinaisd.com>] (from client
10.56.64.222/32 <http://10.56.64.222/32> port
0 cli 78:4f:43:97:f5:fe via TLS tunnel)
Mar 26 07:40:11 packetfence auth[2770]:
[mac:78:4f:43:97:f5:fe] Rejected user:
testw...@celinaisd.com
<mailto:testw...@celinaisd.com>
Mar 26 07:40:11 packetfence auth[2770]:
(10351) Login incorrect (eap_peap: The users
session was previously rejected: returning
reject (again.)): [testw...@celinaisd.com
<mailto:testw...@celinaisd.com>] (from client
10.56.64.222/32 <http://10.56.64.222/32> port
0 cli 78:4f:43:97:f5:fe)
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
On Fri, Mar 26, 2021 at 7:00 AM Ludovic
Zammit <lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
That’s not good, you should have
something in the log related to that Mac
address. Try another computer or clear
the cache info related to your Mac in the
wifi controller.
Check:
grep MAC_ADDRESS
/usr/local/pf/logs/radius.log
Use 00:11:22:33:44:55 for the Mac address
format.
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) :: www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence
(http://packetfence.org
<http://packetfence.org/>)
On Mar 25, 2021, at 2:20 PM, Joshua Wise
<joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>> wrote:
I don't get a response when using that
command. I can see the log file exists,
modifying with vi shows the following
repeatedly.
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: Using 300
resolution threshold
(pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2202) INFO: All cluster
members are running the same
configuration version
(pf::pfcron::task::cluster_check::run)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0
security_events during security_event
maintenance (1616662378.2789
1616662378.28441)
(pf::security_event::security_event_maintenance)
Mar 25 03:52:58 packetfence packetfence:
pfperl-api(2204) INFO: processed 0
security_events during security_event
maintenance (1616662378.2855
1616662378.2874)
(pf::security_event::security_event_maintenance)
Mar 25 03:53:58 packetfence packetfence:
pfperl-api(2204) INFO: Using 300
resolution threshold
(pf::pfcron::task::cluster_check::run)
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 10:08 AM Ludovic
Zammit <lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
Give me the output of:
grep MAC_ADDRESS
/usr/local/pf/logs/packetfence.log
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) ::
www.inverse.ca <https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu
<http://www.sogo.nu/>) and
PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Mar 25, 2021, at 8:39 AM, Joshua
Wise <joshuaw...@celinaisd.com
<mailto:joshuaw...@celinaisd.com>>
wrote:
SSID type is 802.1x with
WPA2-Enterprise.
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
On Thu, Mar 25, 2021 at 7:08 AM
Ludovic Zammit <lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
Hello,
What’s your SSID type ? Open
SSID or 8021.x with WPA2
Entreprise?
Thanks,
Ludovic Zammit
lzam...@inverse.ca
<mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) ::
www.inverse.ca
<https://www.inverse.ca/>
Inverse inc. :: Leaders behind
SOGo (http://www.sogo.nu
<http://www.sogo.nu/>) and
PacketFence
(http://packetfence.org
<http://packetfence.org/>)
On Mar 24, 2021, at 3:06 PM,
Joshua Wise via
PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
I'm in the process of testing
Packefence with our Aruba
Controller. I've added our
on-prem Active Directory to
Packetfence, and can test
authentication fine with
pftest, no issues.
I've configured our Aruba
Controller with an 802.1x
SSID, RADIUS, etc.
When I attempt to connect with
username/password, it fails. I
can see in the RADIUS log that
I get an error "Attribute
"User-Password" is required
for authentication."
Within that log, I can go to
the RADIUS section and see:
User-Password = "******"
This makes me think the
password is being passed from
our Controller to Packetfence
just fine.
Not sure what I'm missing, any
ideas or suggestions?
*
*
*Joshua Wise*
Systems Engineer, Celina ISD
469-742-9113
https://www.celinaisd.com
<https://www.celinaisd.com/>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu>)
and PacketFence (http://packetfence.org <http://packetfence.org>)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users