[PacketFence-users] How to set pf to use FreeRADIUS-Client-IP-Address filter Inbound authentication instead of NAS-IP-Address ?

Mon, 31 Jan 2022 14:21:46 -0800 

Hello All,


I have seen from the guide  how to configure eduroam:
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_eduroam
.
My server is running  Packetfence 10.3.0.
outbound eduroam authentication works successfully.


*Inbound eduroam authentication : *
But  i'm facing issue with inbound  eduroam authentication with the
following message:

Reply-Message = "Switch is not managed by PacketFence"

*The reason :*
My pf server is making a filter on NAS-IP-Address = 193.54.188.34  instead
of FreeRADIUS-Client-IP-Address = 194.57.7.15.
The server with IP 194.57.7.15 is the eduroam.fr proxy radius and it's a
client radius of my pf server.
The radius requests from NAS-IP-Address = 193.54.188.34 are fording by
FreeRADIUS-Client-IP-Address = 194.57.7.15.


*synoptic: *
"Paris" RADIUS : is my radius server
"Marseilles" RADIUS:  is the radius server of another institution.

Access-Point -- [radius] -->  "Marseilles" RADIUS -- [radius] --> Country
Proxys (rad1|2.eduroam.fr) -- [radius] -->  "Paris" RADIUS


*Log :*

Radius Request:

User-Name = "us...@soleil.fr"
NAS-IP-Address = 193.54.188.34
NAS-Port = 1
Service-Type = Framed-User
Framed-MTU = 1300
Called-Station-Id = "11:22:33:44:55:66:eduroam"
Calling-Station-Id = "AA:BB:CC:EE:DD:FF"
NAS-Identifier = "WLC8510-1"
Proxy-State = 0x313639
Proxy-State = 0x3933
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "61f7db3a/AA:BB:CC:EE:DD:FF/15621780"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "12"
Event-Timestamp = "Jan 31 2022 13:51:17 CET"
EAP-Message = 0x020100140160406365612e6672
Message-Authenticator = 0x118d65d70758e05e470d9
Chargeable-User-Identity = 0x22
Location-Capable = Civic-Location
Airespace-Wlan-Id = 51
Cisco-AVPair = "audit-session-id=22bcdbf761"
Cisco-AVPair = "mDNS=true"
Stripped-User-Name = "user2"
Realm = "cea.fr"
FreeRADIUS-Client-IP-Address = 194.57.7.15
Called-Station-SSID = "eduroam"
PacketFence-ShortName = "eduroam_tlrs1"
PacketFence-KeyBalanced = "183d134047864398846ac987aa0435a2"
PacketFence-Radius-Ip = "213.186.33.5"
User-Password = "******"
SQL-User-Name = "us...@soleil.fr"

 RADIUS Reply:

Reply-Message = "Switch is not managed by PacketFence"

Proxy-State = 0x313639

Proxy-State = 0x3933



Helps:
How to set pf to use FreeRADIUS-Client-IP-Address  filter Inbound
 authentication  ?

Thank You.

Regards
Mickael BOUBALA

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to