Hi, Thanks for the respon. First, I apologize for masking the domain name using domain.edu. From now on I'll use the real domain name. I run the eapol_test again, open the /us/local/pf/logs/packetfence.log and /usr/local/pf/logs/radius.log. Here's what I got.
/usr/local/pf/logs/packetfence.log: Apr 11 10:06:29 packetfence packetfence[483956]: pfperl-api(432247) INFO: Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Apr 11 10:06:29 packetfence packetfence[483956]: pfperl-api(432247) INFO: All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Apr 11 10:06:29 packetfence packetfence[483957]: pfperl-api(432247) INFO: getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Apr 11 10:06:29 packetfence packetfence[483960]: pfperl-api(405077) INFO: processed 0 security_events during security_event maintenance (1649646389.11398 1649646389.12184) (pf::security_event::security_event_maintenance) Apr 11 10:06:29 packetfence packetfence[483960]: pfperl-api(405077) INFO: processed 0 security_events during security_event maintenance (1649646389.12392 1649646389.12672) (pf::security_event::security_event_maintenance) Apr 11 10:07:29 packetfence packetfence[484024]: pfperl-api(432247) INFO: processed 0 security_events during security_event maintenance (1649646449.0738 1649646449.08153) (pf::security_event::security_event_maintenance) Apr 11 10:07:29 packetfence packetfence[484024]: pfperl-api(432247) INFO: processed 0 security_events during security_event maintenance (1649646449.08332 1649646449.0853) (pf::security_event::security_event_maintenance) Apr 11 10:07:29 packetfence packetfence[484025]: pfperl-api(403770) INFO: Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Apr 11 10:07:29 packetfence packetfence[484025]: pfperl-api(403770) INFO: All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Apr 11 10:07:29 packetfence packetfence[484026]: pfperl-api(414007) INFO: getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Apr 11 10:08:29 packetfence packetfence[484109]: pfperl-api(403770) INFO: getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Apr 11 10:08:29 packetfence packetfence[484108]: pfperl-api(405077) INFO: Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Apr 11 10:08:29 packetfence packetfence[484108]: pfperl-api(405077) INFO: All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Apr 11 10:08:29 packetfence packetfence[484111]: pfperl-api(405077) INFO: processed 0 security_events during security_event maintenance (1649646509.10386 1649646509.11199) (pf::security_event::security_event_maintenance) Apr 11 10:08:29 packetfence packetfence[484111]: pfperl-api(405077) INFO: processed 0 security_events during security_event maintenance (1649646509.11402 1649646509.1159) (pf::security_event::security_event_maintenance) /usr/local/pf/logs/radius.log : Apr 11 10:04:45 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu): sync Apr 11 10:05:07 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu): died, sleeping for 100 seconds Apr 11 10:06:47 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu): sync Apr 11 10:07:08 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu): died, sleeping for 100 seconds Apr 11 10:07:56 packetfence auth[33321]: (46117) Ignoring duplicate packet from client pf port 57731 - ID: 6 due to unfinished request in component authenticate module eap_ttls Apr 11 10:08:02 packetfence auth[33321]: (46117) Ignoring duplicate packet from client pf port 57731 - ID: 6 due to unfinished request in component authenticate module eap_ttls Apr 11 10:08:04 packetfence auth[33321]: Unresponsive child for request 46117, in component authenticate module eap_ttls Apr 11 10:08:14 packetfence auth[33321]: (46119) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x04996e9c01657bf4 Apr 11 10:08:14 packetfence auth[33321]: (46119) eap: ERROR: rlm_eap (EAP): No EAP session matching state 0x04996e9c01657bf4 Apr 11 10:08:14 packetfence auth[33321]: [mac:02:00:00:00:00:01] Rejected user: testing.netw...@binus.edu Apr 11 10:08:14 packetfence auth[33321]: (46119) Login incorrect (eap: rlm_eap (EAP): No EAP session matching state 0x04996e9c01657bf4): [ testing.netw...@binus.edu] (from client pf port 0 cli 02:00:00:00:00:01) Apr 11 10:08:48 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu): sync Apr 11 10:09:08 packetfence auth[33321]: rlm_perl: oauth2 worker (binus.edu): died, sleeping for 100 seconds Any help would be appreciated Regards, Irvan. On Sat, Apr 9, 2022 at 3:19 AM Zammit, Ludovic <luza...@akamai.com> wrote: > Hello there, > > The reject in post auth means that it’s PF that rejects you. > > Check into the /usr/local/pf/logs/packetfence.log to see the exact error. > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 2, 2022, at 4:31 AM, z3r0byt3 via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hi all, > > I tried to setup 802.1x with Azure AD using this guide > https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration > I did user authentication test using /usr/local/pf/bin/pftest. The auth > test succeeded. > > But when I tried to test using eapol_test using this config file > network={ > ssid="Test" > key_mgmt=WPA-EAP > eap=TTLS > identity="testing.netw...@domain.edu" > anonymous_identity="anonymous" > password="hLVrK8bWt6QseUfF" > phase2="auth=PAP" > # > # Uncomment the following to perform server certificate > # validation. > # ca_cert="/etc/raddb/certs/ca.der" > } > > eapol_test -c ttls-pap.conf -s MTg3ODIzNTc2MGM0MTg3Mzc4MmYzZjhj -A > 172.30.172.87 -a 172.30.172.87 > > It failed. > > The radius log output is like this > > EAP-Type = TTLS PacketFence-NTLMv2-Only = "" Service-Type = Framed-User > PacketFence-KeyBalanced = "7b5e66fcfb47d73ddafbadd1eb0ddb70" NAS-Port-Type > = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" User-Name = " > testing.netw...@domain.edu" PacketFence-Outer-User = "anonymous" > PacketFence-Radius-Ip = "172.30.172.87" Calling-Station-Id = > "02:00:00:00:00:01" FreeRADIUS-Proxied-To = 127.0.0.1 Framed-MTU = 1400 > NAS-IP-Address = 127.0.0.1 Event-Timestamp = "Apr 2 2022 08:28:17 UTC" > Realm = "domain.edu > <https://urldefense.com/v3/__http://domain.edu__;!!GjvTz_vk!F8kp8NqJgkQN7_IOHHkpwk5HPOPBNwBFZ6V2ny1F3nYVjp9CAcv6AHbNmxUPNSWQ$>" > User-Password = "******" Stripped-User-Name = "testing.network" > Module-Failure-Message = "No Auth-Type found: rejecting the user via > Post-Auth-Type = Reject" > SQL-User-Name = "testing.netw...@domain.edu" > > Any idea what did I miss? > > Regards, > Irvan > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!F8kp8NqJgkQN7_IOHHkpwk5HPOPBNwBFZ6V2ny1F3nYVjp9CAcv6AHbNm_Zwwepq$ > > > -- Software is just like parachute, it doesn't work if it is not open..
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users