I don't know if it helps, but I'm doing PEAP authentication with MSCHAPv2. I tried using the Provisioner, but that doesn't work from my Pixel 3a. So I'm just manually putting in the connection information. I do have a legit certificate. And of course, the phone is authenticating... it's just that the post-auth (post-proxy?) isn't assigning the VLAN.
I did have this working in PF 9.0, except that now my Pixel 3a phone won't connect to that, even when it has a legit certificate. Joshua Nathan *IT Supervisor* Black Forest Academy p: +49 (0) 7626 9161 631 m: +49 (0) 152 3452 0056 a: w: Hammersteiner Straße 50, 79400 Kandern bfacademy.de On Mon, Apr 26, 2021 at 3:51 PM Nathan, Josh <josh.nat...@bfacademy.de> wrote: > Hello Ludovic, > > OK, I made those changes, then did a "pfcmd service pf restart". > > No dice. Exact same results. Here's the end of the raddebug again in > case that helps. Still nothing in packetfence.log. > > (17) Mon Apr 26 15:46:04 2021: Debug: Received Access-Request Id 93 from > 172.20.50.76:43555 to 172.20.104.31:1812 length 277 > (17) Mon Apr 26 15:46:04 2021: Debug: User-Name = "josh.nathan" > (17) Mon Apr 26 15:46:04 2021: Debug: NAS-Identifier = "66d9e7f8b8a4" > (17) Mon Apr 26 15:46:04 2021: Debug: Called-Station-Id = > "66-D9-E7-F8-B8-A4:BFA-EAP-Test" > (17) Mon Apr 26 15:46:04 2021: Debug: NAS-Port-Type = Wireless-802.11 > (17) Mon Apr 26 15:46:04 2021: Debug: Service-Type = Framed-User > (17) Mon Apr 26 15:46:04 2021: Debug: Calling-Station-Id = > "58-CB-52-37-5D-AB" > (17) Mon Apr 26 15:46:04 2021: Debug: Connect-Info = "CONNECT 0Mbps > 802.11b" > (17) Mon Apr 26 15:46:04 2021: Debug: Acct-Session-Id = > "52DAD7D4BB763411" > (17) Mon Apr 26 15:46:04 2021: Debug: Acct-Multi-Session-Id = > "DBEED5366DD430AE" > (17) Mon Apr 26 15:46:04 2021: Debug: WLAN-Pairwise-Cipher = 1027076 > (17) Mon Apr 26 15:46:04 2021: Debug: WLAN-Group-Cipher = 1027076 > (17) Mon Apr 26 15:46:04 2021: Debug: WLAN-AKM-Suite = 1027073 > (17) Mon Apr 26 15:46:04 2021: Debug: Framed-MTU = 1400 > (17) Mon Apr 26 15:46:04 2021: Debug: EAP-Message = > 0x02e4002e1900170303002300000000000000057749b9bde9be1ec64f7c9567e2867e5dc1d76f261821842d90f500 > (17) Mon Apr 26 15:46:04 2021: Debug: State = > 0xacaf705da54b69970120abcaacda4228 > (17) Mon Apr 26 15:46:04 2021: Debug: Message-Authenticator = > 0x0bed628cf8ff12e2250c3de6e9c1cc45 > (17) Mon Apr 26 15:46:04 2021: Debug: Restoring &session-state > (17) Mon Apr 26 15:46:04 2021: Debug: > &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256" > (17) Mon Apr 26 15:46:04 2021: Debug: &session-state:TLS-Session-Version > = "TLS 1.2" > (17) Mon Apr 26 15:46:04 2021: Debug: # Executing section authorize from > file /usr/local/pf/raddb/sites-enabled/packetfence > (17) Mon Apr 26 15:46:04 2021: Debug: authorize { > (17) Mon Apr 26 15:46:04 2021: Debug: policy > packetfence-nas-ip-address { > (17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0"){ > (17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") -> TRUE > (17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") { > (17) Mon Apr 26 15:46:04 2021: Debug: update request { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{Packet-Src-IP-Address} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76 > (17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy > packetfence-nas-ip-address = noop > (17) Mon Apr 26 15:46:04 2021: Debug: update { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Src-IP-Address} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76 > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Dst-IP-Address} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.104.31 > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %l > (17) Mon Apr 26 15:46:04 2021: Debug: --> 1619444764 > (17) Mon Apr 26 15:46:04 2021: Debug: } # update = noop > (17) Mon Apr 26 15:46:04 2021: Debug: policy > packetfence-set-realm-if-machine { > (17) Mon Apr 26 15:46:04 2021: Debug: if (User-Name =~ > /host\/([a-z0-9_-]*)[\.](.*)/i) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (User-Name =~ > /host\/([a-z0-9_-]*)[\.](.*)/i) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy > packetfence-set-realm-if-machine = noop > (17) Mon Apr 26 15:46:04 2021: Debug: policy > packetfence-balanced-key-policy { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&PacketFence-KeyBalanced > && (&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&PacketFence-KeyBalanced > && (&PacketFence-KeyBalanced =~ /^(.*)(.)$/i)) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: else { > (17) Mon Apr 26 15:46:04 2021: Debug: update { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{md5:%{Calling-Station-Id}%{User-Name}} > (17) Mon Apr 26 15:46:04 2021: Debug: --> > 50bc5046614b032967fc88f562a08c92 > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{md5:%{Calling-Station-Id}%{User-Name}} > (17) Mon Apr 26 15:46:04 2021: Debug: --> > 50bc5046614b032967fc88f562a08c92 > (17) Mon Apr 26 15:46:04 2021: Debug: } # update = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # else = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy > packetfence-balanced-key-policy = noop > (17) Mon Apr 26 15:46:04 2021: Debug: policy packetfence-set-tenant-id > { > (17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0"){ > (17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{%{control:PacketFence-Tenant-Id}:-0} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 0 > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> TRUE > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { > (17) Mon Apr 26 15:46:04 2021: Debug: update control { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{User-Name} > (17) Mon Apr 26 15:46:04 2021: Debug: --> josh.nathan > (17) Mon Apr 26 15:46:04 2021: Debug: SQL-User-Name set to > 'josh.nathan' > (17) Mon Apr 26 15:46:04 2021: Debug: Executing select query: > SELECT IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = > '172.20.50.76'), 0) > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{sql: SELECT > IFNULL((SELECT tenant_id FROM radius_nas WHERE nasname = > '%{NAS-IP-Address}'), 0)} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 0 > (17) Mon Apr 26 15:46:04 2021: Debug: } # update control = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") = noop > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) { > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) -> TRUE > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) { > (17) Mon Apr 26 15:46:04 2021: Debug: update control { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{User-Name} > (17) Mon Apr 26 15:46:04 2021: Debug: --> josh.nathan > (17) Mon Apr 26 15:46:04 2021: Debug: SQL-User-Name set to > 'josh.nathan' > (17) Mon Apr 26 15:46:04 2021: Debug: Executing select query: > SELECT IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= > INET_ATON('172.20.50.76') and INET_ATON('172.20.50.76') <= end_ip order by > range_length limit 1), 1) > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{sql: SELECT > IFNULL((SELECT tenant_id from radius_nas WHERE start_ip <= > INET_ATON('%{NAS-IP-Address}') and INET_ATON('%{NAS-IP-Address}') <= end_ip > order by range_length limit 1), 1)} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 1 > (17) Mon Apr 26 15:46:04 2021: Debug: } # update control = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # if ( > &control:PacketFence-Tenant-Id == 0 ) = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy > packetfence-set-tenant-id = noop > (17) Mon Apr 26 15:46:04 2021: Debug: policy > rewrite_calling_station_id { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > -> TRUE > (17) Mon Apr 26 15:46:04 2021: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > { > (17) Mon Apr 26 15:46:04 2021: Debug: update request { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 58:cb:52:37:5d:ab > (17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop > (17) Mon Apr 26 15:46:04 2021: Debug: [updated] = updated > (17) Mon Apr 26 15:46:04 2021: Debug: } # if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > = updated > (17) Mon Apr 26 15:46:04 2021: Debug: ... skipping else: Preceding > "if" was taken > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy > rewrite_calling_station_id = updated > (17) Mon Apr 26 15:46:04 2021: Debug: policy rewrite_called_station_id > { > (17) Mon Apr 26 15:46:04 2021: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > { > (17) Mon Apr 26 15:46:04 2021: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > -> TRUE > (17) Mon Apr 26 15:46:04 2021: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > { > (17) Mon Apr 26 15:46:04 2021: Debug: update request { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 66:d9:e7:f8:b8:a4 > (17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop > (17) Mon Apr 26 15:46:04 2021: Debug: if ("%{8}") { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{8} > (17) Mon Apr 26 15:46:04 2021: Debug: --> BFA-EAP-Test > (17) Mon Apr 26 15:46:04 2021: Debug: if ("%{8}") -> TRUE > (17) Mon Apr 26 15:46:04 2021: Debug: if ("%{8}") { > (17) Mon Apr 26 15:46:04 2021: Debug: update request { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{Called-Station-Id}:%{8} > (17) Mon Apr 26 15:46:04 2021: Debug: --> > 66:d9:e7:f8:b8:a4:BFA-EAP-Test > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{8} > (17) Mon Apr 26 15:46:04 2021: Debug: --> BFA-EAP-Test > (17) Mon Apr 26 15:46:04 2021: Debug: } # update request = noop > (17) Mon Apr 26 15:46:04 2021: Debug: } # if ("%{8}") = noop > (17) Mon Apr 26 15:46:04 2021: Debug: ... skipping elsif: > Preceding "if" was taken > (17) Mon Apr 26 15:46:04 2021: Debug: ... skipping elsif: > Preceding "if" was taken > (17) Mon Apr 26 15:46:04 2021: Debug: ... skipping elsif: > Preceding "if" was taken > (17) Mon Apr 26 15:46:04 2021: Debug: [updated] = updated > (17) Mon Apr 26 15:46:04 2021: Debug: } # if ((&Called-Station-Id) > && (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > = updated > (17) Mon Apr 26 15:46:04 2021: Debug: ... skipping else: Preceding > "if" was taken > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy > rewrite_called_station_id = updated > (17) Mon Apr 26 15:46:04 2021: Debug: if ( "%{client:shortname}" =~ > /eduroam_tlrs/ ) { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{client:shortname} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76/32 > (17) Mon Apr 26 15:46:04 2021: Debug: if ( "%{client:shortname}" =~ > /eduroam_tlrs/ ) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: policy filter_username { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name) -> TRUE > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ / /) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ / /) -> > FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@[^@]*@/ > ) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@[^@]*@/ > ) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.\./ ) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.\./ ) > -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if ((&User-Name =~ /@/) && > (&User-Name !~ /@(.+)\.(.+)$/)) { > (17) Mon Apr 26 15:46:04 2021: Debug: if ((&User-Name =~ /@/) && > (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.$/) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /\.$/) > -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@\./) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Name =~ /@\./) > -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: } # if (&User-Name) = updated > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy filter_username = > updated > (17) Mon Apr 26 15:46:04 2021: Debug: policy filter_password { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Password && > (&User-Password != "%{string:User-Password}")) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (&User-Password && > (&User-Password != "%{string:User-Password}")) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy filter_password = > updated > (17) Mon Apr 26 15:46:04 2021: Debug: [preprocess] = ok > (17) Mon Apr 26 15:46:04 2021: Debug: [mschap] = noop > (17) Mon Apr 26 15:46:04 2021: Debug: suffix: Checking for suffix after "@" > (17) Mon Apr 26 15:46:04 2021: Debug: suffix: No '@' in User-Name = > "josh.nathan", skipping NULL due to config. > (17) Mon Apr 26 15:46:04 2021: Debug: [suffix] = noop > (17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Checking for prefix before > "\" > (17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: No '\' in User-Name = > "josh.nathan", looking up realm NULL > (17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Found realm "null" > (17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Adding Stripped-User-Name > = "josh.nathan" > (17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Adding Realm = "null" > (17) Mon Apr 26 15:46:04 2021: Debug: ntdomain: Authentication realm is > LOCAL > (17) Mon Apr 26 15:46:04 2021: Debug: [ntdomain] = ok > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Expanding URI components > (17) Mon Apr 26 15:46:04 2021: Debug: rest: EXPAND http://127.0.0.1:7070 > (17) Mon Apr 26 15:46:04 2021: Debug: rest: --> http://127.0.0.1:7070 > (17) Mon Apr 26 15:46:04 2021: Debug: rest: EXPAND //radius/rest/filter > (17) Mon Apr 26 15:46:04 2021: Debug: rest: --> //radius/rest/filter > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Sending HTTP POST to " > http://127.0.0.1:7070//radius/rest/filter" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "User-Name" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "NAS-IP-Address" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Service-Type" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "Framed-MTU" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "State" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Called-Station-Id" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Calling-Station-Id" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "NAS-Identifier" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "NAS-Port-Type" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Acct-Session-Id" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Acct-Multi-Session-Id" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Event-Timestamp" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Connect-Info" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "EAP-Message" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Message-Authenticator" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "WLAN-Pairwise-Cipher" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "WLAN-Group-Cipher" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "WLAN-AKM-Suite" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Stripped-User-Name" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute "Realm" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "SQL-User-Name" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "FreeRADIUS-Client-IP-Address" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "Called-Station-SSID" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "PacketFence-KeyBalanced" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Encoding attribute > "PacketFence-Radius-Ip" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Processing response header > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Status : 100 (Continue) > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Continuing... > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Processing response header > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Status : 200 (OK) > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Type : json > (application/json) > (17) Mon Apr 26 15:46:04 2021: Debug: rest: Parsing attribute > "control:PacketFence-Authorization-Status" > (17) Mon Apr 26 15:46:04 2021: Debug: rest: EXPAND allow > (17) Mon Apr 26 15:46:04 2021: Debug: rest: --> allow > (17) Mon Apr 26 15:46:04 2021: Debug: rest: > PacketFence-Authorization-Status := "allow" > (17) Mon Apr 26 15:46:04 2021: Debug: [rest] = updated > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Peer sent EAP Response (code 2) > ID 228 length 46 > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Continuing tunnel setup > (17) Mon Apr 26 15:46:04 2021: Debug: [eap] = ok > (17) Mon Apr 26 15:46:04 2021: Debug: } # authorize = ok > (17) Mon Apr 26 15:46:04 2021: Debug: Found Auth-Type = eap > (17) Mon Apr 26 15:46:04 2021: Debug: # Executing group from file > /usr/local/pf/raddb/sites-enabled/packetfence > (17) Mon Apr 26 15:46:04 2021: Debug: authenticate { > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Expiring EAP session with state > 0xacaf705da54b6997 > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Finished EAP session with state > 0xacaf705da54b6997 > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Previous EAP request found for > state 0xacaf705da54b6997, released from the list > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Peer sent packet with method > EAP PEAP (25) > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Calling submodule eap_peap to > process data > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Continuing EAP-TLS > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: [eaptls verify] = ok > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Done initial handshake > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: [eaptls process] = ok > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Session established. > Decoding tunneled attributes > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: PEAP state send tlv success > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Received EAP-TLV response > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Success > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: Using saved attributes > from the original Access-Accept > (17) Mon Apr 26 15:46:04 2021: Debug: eap_peap: User-Name = "josh.nathan" > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Sending EAP Success (code 3) ID > 228 length 4 > (17) Mon Apr 26 15:46:04 2021: Debug: eap: Freeing handler > (17) Mon Apr 26 15:46:04 2021: Debug: [eap] = ok > (17) Mon Apr 26 15:46:04 2021: Debug: } # authenticate = ok > (17) Mon Apr 26 15:46:04 2021: Debug: # Executing section post-auth from > file /usr/local/pf/raddb/sites-enabled/packetfence > (17) Mon Apr 26 15:46:04 2021: Debug: post-auth { > (17) Mon Apr 26 15:46:04 2021: Debug: update { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Src-IP-Address} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.50.76 > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND %{Packet-Dst-IP-Address} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 172.20.104.31 > (17) Mon Apr 26 15:46:04 2021: Debug: } # update = noop > (17) Mon Apr 26 15:46:04 2021: Debug: policy packetfence-set-tenant-id > { > (17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0"){ > (17) Mon Apr 26 15:46:04 2021: Debug: if (!NAS-IP-Address || > NAS-IP-Address == "0.0.0.0") -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{%{control:PacketFence-Tenant-Id}:-0} > (17) Mon Apr 26 15:46:04 2021: Debug: --> 1 > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > "%{%{control:PacketFence-Tenant-Id}:-0}" == "0") -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) { > (17) Mon Apr 26 15:46:04 2021: Debug: if ( > &control:PacketFence-Tenant-Id == 0 ) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: } # policy > packetfence-set-tenant-id = noop > (17) Mon Apr 26 15:46:04 2021: Debug: if > ("%{%{control:PacketFence-Proxied-From}:-False}" == "True") { > (17) Mon Apr 26 15:46:04 2021: Debug: EXPAND > %{%{control:PacketFence-Proxied-From}:-False} > (17) Mon Apr 26 15:46:04 2021: Debug: --> False > (17) Mon Apr 26 15:46:04 2021: Debug: if > ("%{%{control:PacketFence-Proxied-From}:-False}" == "True") -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) { > (17) Mon Apr 26 15:46:04 2021: Debug: if (! EAP-Type || (EAP-Type != > TTLS && EAP-Type != PEAP) ) -> FALSE > (17) Mon Apr 26 15:46:04 2021: Debug: attr_filter.packetfence_post_auth: > EXPAND %{User-Name} > (17) Mon Apr 26 15:46:04 2021: Debug: attr_filter.packetfence_post_auth: > --> josh.nathan > (17) Mon Apr 26 15:46:04 2021: Debug: attr_filter.packetfence_post_auth: > Matched entry DEFAULT at line 10 > (17) Mon Apr 26 15:46:04 2021: Debug: > [attr_filter.packetfence_post_auth] = updated > (17) Mon Apr 26 15:46:04 2021: Debug: linelog: EXPAND > messages.%{%{reply:Packet-Type}:-default} > (17) Mon Apr 26 15:46:04 2021: Debug: linelog: --> > messages.Access-Accept > (17) Mon Apr 26 15:46:04 2021: Debug: linelog: EXPAND > [mac:%{Calling-Station-Id}] Accepted user: %{reply:User-Name} and returned > VLAN %{reply:Tunnel-Private-Group-ID} > (17) Mon Apr 26 15:46:04 2021: Debug: linelog: --> > [mac:58:cb:52:37:5d:ab] Accepted user: josh.nathan and returned VLAN > (17) Mon Apr 26 15:46:04 2021: Debug: [linelog] = ok > (17) Mon Apr 26 15:46:04 2021: Debug: } # post-auth = updated > (17) Mon Apr 26 15:46:04 2021: Debug: Sent Access-Accept Id 93 from > 172.20.104.31:1812 to 172.20.50.76:43555 length 0 > (17) Mon Apr 26 15:46:04 2021: Debug: User-Name = "josh.nathan" > (17) Mon Apr 26 15:46:04 2021: Debug: MS-MPPE-Recv-Key = > 0x7c0a1d6d086882905490447f73c59438006b8fb7a497cd446582272729ff160a > (17) Mon Apr 26 15:46:04 2021: Debug: MS-MPPE-Send-Key = > 0xaf527d253335b877cd2073364c49c1e79a15da97037db30b95de703b20fe0aa3 > (17) Mon Apr 26 15:46:04 2021: Debug: EAP-Message = 0x03e40004 > (17) Mon Apr 26 15:46:04 2021: Debug: Message-Authenticator = > 0x00000000000000000000000000000000 > (17) Mon Apr 26 15:46:04 2021: Debug: Finished request > (6) Mon Apr 26 15:46:05 2021: Debug: Cleaning up request packet ID 14 with > timestamp +93 > > > Joshua Nathan > *IT Supervisor* > Black Forest Academy > > p: +49 (0) 7626 9161 631 m: +49 (0) 152 3452 0056 > a: > w: Hammersteiner Straße 50, 79400 Kandern > bfacademy.de > > > > > On Mon, Apr 26, 2021 at 3:31 PM Zammit, Ludovic <luza...@akamai.com> > wrote: > >> Hello Josh, >> >> In authentication.conf remove all realm configuration related to all >> sources, leave the automatic selection to happen. >> >> I’m assuming your are using that connection profile "BFA-WiFi”. Add the >> "JumpCloud-RADIUS” source. >> >> Try again and let me know. >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> >> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> >> <http://www.linkedin.com/company/akamai-technologies> >> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >> >>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users