Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Ok so you need to add support of 802.1x in the switch module. In this file, https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Netgear/MSeries.pm#L19 add that: sub supportsWiredDot1x { return $TRUE; } Then restart packetfence. Paste me the packetfence.log after that. Regards Fabrice Le 2017-11-01 à 18:04, James Garcellano via PacketFence-users a écrit : Hello Fabrice, Here is the last few entries from the /usr/local/pf/logs/packetfence.log file: Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) INFO: [mac:00:21:70:d8:ac:45] handling radius autz request: from switch_ip => (192.168.1.12), connection_type => Ethernet-EAP,switch_mac => (b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, username => "PFDOMAIN\testme" (pf::radius::authorize) Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) ERROR: [mac:00:21:70:d8:ac:45] Wired 802.1X is not supported on switch type pf::Switch::Netgear::MSeries. Please let us know what hardware you are using. (pf::Switch::supportsWiredDot1x) Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) WARN: [mac:00:21:70:d8:ac:45] (192.168.1.12) Sending REJECT since switch is unsupported (pf::radius::_switchUnsupportedReply) Nov 1 22:03:07 packetfence-zen packetfence_httpd.aaa: httpd.aaa(3730) INFO: [mac:00:21:70:d8:ac:45] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) Ok it's better now. Now can you check on the packetfence.log, you are suppose to see different messages now. Le 2017-11-01 à 17:27, James Garcellano via PacketFence-users a écrit : It looks like the other test still showed the NAS IP as 192.168.1.5. I rebooted the switch and did another test. Here is the raddebug from that... (38) Wed Nov 1 21:13:13 2017: Debug: Received Access-Request Id 201 from 192.168.1.12:42371 to 192.168.1.5:1812 length 158 (38) Wed Nov 1 21:13:13 2017: Debug: User-Name = "PFDOMAIN\\testme" (38) Wed Nov 1 21:13:13 2017: Debug: Called-Station-Id = "b0-b9-8a-46-3d-0e" (38) Wed Nov 1 21:13:13 2017: Debug: Calling-Station-Id = "00:21:70:d8:ac:45" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-IP-Address = 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port = 1 (38) Wed Nov 1 21:13:13 2017: Debug: Framed-MTU = 1500 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port-Type = Ethernet (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = 0x0214015046444f4d41494e5c746573746d65 (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = 0x935d535299b823f31e7748c9271d6225 (38) Wed Nov 1 21:13:13 2017: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (38) Wed Nov 1 21:13:13 2017: Debug: authorize { (38) Wed Nov 1 21:13:13 2017: Debug: update { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{Packet-Src-IP-Address} (38) Wed Nov 1 21:13:13 2017: Debug: --> 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %l (38) Wed Nov 1 21:13:13 2017: Debug: --> 1509570793 (38) Wed Nov 1 21:13:13 2017: Debug: } # update = noop (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_calling_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: update request { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (38) Wed Nov 1 21:13:13 2017: Debug: --> 00:21:70:d8:ac:45 (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding "if" was taken (38) Wed Nov 1 21:13:13 2017: Debug: } # policy rewrite_calling_station_id = updated (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_called_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Hello Fabrice, Here is the last few entries from the /usr/local/pf/logs/packetfence.log file: Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) INFO: [mac:00:21:70:d8:ac:45] handling radius autz request: from switch_ip => (192.168.1.12), connection_type => Ethernet-EAP,switch_mac => (b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, username => "PFDOMAIN\testme" (pf::radius::authorize) Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) ERROR: [mac:00:21:70:d8:ac:45] Wired 802.1X is not supported on switch type pf::Switch::Netgear::MSeries. Please let us know what hardware you are using. (pf::Switch::supportsWiredDot1x) Nov 1 22:03:06 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) WARN: [mac:00:21:70:d8:ac:45] (192.168.1.12) Sending REJECT since switch is unsupported (pf::radius::_switchUnsupportedReply) Nov 1 22:03:07 packetfence-zen packetfence_httpd.aaa: httpd.aaa(3730) INFO: [mac:00:21:70:d8:ac:45] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) >Ok it's better now. > >Now can you check on the packetfence.log, you are suppose to see >different messages now. > > >Le 2017-11-01 à 17:27, James Garcellano via PacketFence-users a écrit : >> It looks like the other test still showed the NAS IP as 192.168.1.5. >> >> I rebooted the switch and did another test. >> >> Here is the raddebug from that... >> >> (38) Wed Nov 1 21:13:13 2017: Debug: Received Access-Request Id 201 from >> 192.168.1.12:42371 to 192.168.1.5:1812 length 158 >> (38) Wed Nov 1 21:13:13 2017: Debug: User-Name = "PFDOMAIN\\testme" >> (38) Wed Nov 1 21:13:13 2017: Debug: Called-Station-Id = >> "b0-b9-8a-46-3d-0e" >> (38) Wed Nov 1 21:13:13 2017: Debug: Calling-Station-Id = >> "00:21:70:d8:ac:45" >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-IP-Address = 192.168.1.12 >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port = 1 >> (38) Wed Nov 1 21:13:13 2017: Debug: Framed-MTU = 1500 >> (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port-Type = Ethernet >> (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = >> 0x0214015046444f4d41494e5c746573746d65 >> (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = >> 0x935d535299b823f31e7748c9271d6225 >> (38) Wed Nov 1 21:13:13 2017: Debug: # Executing section authorize from >> file /usr/local/pf/raddb/sites-enabled/packetfence >> (38) Wed Nov 1 21:13:13 2017: Debug: authorize { >> (38) Wed Nov 1 21:13:13 2017: Debug: update { >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{Packet-Src-IP-Address} >> (38) Wed Nov 1 21:13:13 2017: Debug: --> 192.168.1.12 >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %l >> (38) Wed Nov 1 21:13:13 2017: Debug: --> 1509570793 >> (38) Wed Nov 1 21:13:13 2017: Debug: } # update = noop >> (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_calling_station_id { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> { >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> -> TRUE >> (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> { >> (38) Wed Nov 1 21:13:13 2017: Debug: update request { >> (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND >> %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} >> (38) Wed Nov 1 21:13:13 2017: Debug: --> 00:21:70:d8:ac:45 >> (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop >> (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&Calling-Station-Id && >> (&Calling-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) >> = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding >> "if" was taken >> (38) Wed Nov 1 21:13:13 2017: Debug: } # policy >> rewrite_calling_station_id = updated >> (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_called_station_id { >> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && >> (&Called-Station-Id =~ >> /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) >> { >> (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Ok it's better now. Now can you check on the packetfence.log, you are suppose to see different messages now. Le 2017-11-01 à 17:27, James Garcellano via PacketFence-users a écrit : It looks like the other test still showed the NAS IP as 192.168.1.5. I rebooted the switch and did another test. Here is the raddebug from that... (38) Wed Nov 1 21:13:13 2017: Debug: Received Access-Request Id 201 from 192.168.1.12:42371 to 192.168.1.5:1812 length 158 (38) Wed Nov 1 21:13:13 2017: Debug: User-Name = "PFDOMAIN\\testme" (38) Wed Nov 1 21:13:13 2017: Debug: Called-Station-Id = "b0-b9-8a-46-3d-0e" (38) Wed Nov 1 21:13:13 2017: Debug: Calling-Station-Id = "00:21:70:d8:ac:45" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-IP-Address = 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port = 1 (38) Wed Nov 1 21:13:13 2017: Debug: Framed-MTU = 1500 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port-Type = Ethernet (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = 0x0214015046444f4d41494e5c746573746d65 (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = 0x935d535299b823f31e7748c9271d6225 (38) Wed Nov 1 21:13:13 2017: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (38) Wed Nov 1 21:13:13 2017: Debug: authorize { (38) Wed Nov 1 21:13:13 2017: Debug: update { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{Packet-Src-IP-Address} (38) Wed Nov 1 21:13:13 2017: Debug: --> 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %l (38) Wed Nov 1 21:13:13 2017: Debug: --> 1509570793 (38) Wed Nov 1 21:13:13 2017: Debug: } # update = noop (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_calling_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: update request { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (38) Wed Nov 1 21:13:13 2017: Debug: --> 00:21:70:d8:ac:45 (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding "if" was taken (38) Wed Nov 1 21:13:13 2017: Debug: } # policy rewrite_calling_station_id = updated (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_called_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: update request { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (38) Wed Nov 1 21:13:13 2017: Debug: --> b0:b9:8a:46:3d:0e (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{8} (38) Wed Nov 1 21:13:13 2017: Debug:--> (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug:
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Hello Fabrice, Not that I am aware of, but then again, the Netgear switch is new to me. I am more familiar with Cisco equipment. Here are the relevant commands on the Netgear switch; maybe the NAS-IP-Address will be spotted with a second set of eyes. :-) (Passwords have been edited) (M4300-52G-PoE+) #show run !Current Configuration: ! !System Description "M4300-52G-PoE+ ProSAFE 48-port 1G PoE+ and 2-port 10GBASE-T and 2-port 10G SFP+, 12.0.2.15, 1.0.0.8" !System Software Version "12.0.2.15" !System Up Time "1 days 5 hrs 38 mins 42 secs" !Additional Packages QOS,Multicast,IPv6,IPv6 Management,Stacking,Routing !Current SNTP Synchronized Time: SNTP Last Attempt Status Is Not Successful ! vlan database vlan 20,30,100-101 vlan name 20 "PF_Registration" vlan name 30 "PF_Isolation" vlan name 100 "PF_Production" vlan routing 1 1 vlan routing 101 2 exit configure stack member 1 4 exit ip name server 192.168.1.1 slot 1/0 4 set slot power 1/0 no set slot disable 1/0 snmptrap "ngTrap" ipaddr 192.168.8.5 aaa session-id unique dot1x system-auth-control dot1x system-auth-control monitor aaa authentication dot1x default radius authorization network radius radius accounting mode radius server host auth "192.168.1.5" name "Default-RADIUS-Server" radius server key auth "192.168.1.5" encrypted * radius server primary "192.168.1.5" radius server attribute 4 192.168.1.5 radius server host acct "192.168.1.5" name Default-RADIUS-Server radius server key acct "192.168.1.5" encrypted * aaa server radius dynamic-author client 192.168.8.5 server-key "*" exit line console exit line telnet exit line ssh exit ! snmp-server community "ngRead" snmp-server community "ngWrite" snmp-server community rw ngWrite interface 1/0/1 dot1x port-control mac-based dot1x mac-auth-bypass exit interface 1/0/3 dot1x mac-auth-bypass exit interface 1/0/48 dot1x port-control force-authorized vlan pvid 101 vlan participation include 20,30,101 vlan tagging 1,20,30 exit interface vlan 1 routing ip address dhcp exit interface vlan 101 routing ip address 192.168.1.12 255.255.255.0 exit ip management vlan 101 192.168.1.12 255.255.255.0 ip management source-interface vlan 101 router rip exit router ospf exit ipv6 router ospf exit ip default-gateway 192.168.1.1 exit >Hello James, > >little bit weird , the NAS-IP-Address is equal to 192.168.1.5 and should >be equal to 192.168.1.12. > >Did you changed something the the Netgear config to set NAS IP Address >with the wrong value ? > >Regards > >Fabrice James Garcellano -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Here's is the other test with the 'radius server attribute 4 192.168.1.5' command taken out. (19) Wed Nov 1 20:23:01 2017: Debug: Received Access-Request Id 199 from 192.168.1.12:42371 to 192.168.1.5:1812 length 193 (19) Wed Nov 1 20:23:01 2017: Debug: User-Name = "PFDOMAIN\\testme" (19) Wed Nov 1 20:23:01 2017: Debug: Called-Station-Id = "b0-b9-8a-46-3d-0e" (19) Wed Nov 1 20:23:01 2017: Debug: Calling-Station-Id = "00:21:70:d8:ac:45" (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" (19) Wed Nov 1 20:23:01 2017: Debug: NAS-IP-Address = 192.168.1.5 (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Port = 1 (19) Wed Nov 1 20:23:01 2017: Debug: Framed-MTU = 1500 (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Port-Type = Ethernet (19) Wed Nov 1 20:23:01 2017: Debug: State = 0x8486bcf2838ea5c8f46e2d7c49360c33 (19) Wed Nov 1 20:23:01 2017: Debug: EAP-Message = 0x020800251900170303001a00036316860ca21a6feb5ba6b143952509a3497c (19) Wed Nov 1 20:23:01 2017: Debug: Message-Authenticator = 0xa5b0c93919523b9f5645ee9214488c57 (19) Wed Nov 1 20:23:01 2017: Debug: session-state: No cached attributes (19) Wed Nov 1 20:23:01 2017: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (19) Wed Nov 1 20:23:01 2017: Debug: authorize { (19) Wed Nov 1 20:23:01 2017: Debug: update { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{Packet-Src-IP-Address} (19) Wed Nov 1 20:23:01 2017: Debug: --> 192.168.1.12 (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %l (19) Wed Nov 1 20:23:01 2017: Debug: --> 1509567781 (19) Wed Nov 1 20:23:01 2017: Debug: } # update = noop (19) Wed Nov 1 20:23:01 2017: Debug: policy rewrite_calling_station_id { (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: update request { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (19) Wed Nov 1 20:23:01 2017: Debug: --> 00:21:70:d8:ac:45 (19) Wed Nov 1 20:23:01 2017: Debug: } # update request = noop (19) Wed Nov 1 20:23:01 2017: Debug: [updated] = updated (19) Wed Nov 1 20:23:01 2017: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (19) Wed Nov 1 20:23:01 2017: Debug: ... skipping else: Preceding "if" was taken (19) Wed Nov 1 20:23:01 2017: Debug: } # policy rewrite_calling_station_id = updated (19) Wed Nov 1 20:23:01 2017: Debug: policy rewrite_called_station_id { (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: update request { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (19) Wed Nov 1 20:23:01 2017: Debug: --> b0:b9:8a:46:3d:0e (19) Wed Nov 1 20:23:01 2017: Debug: } # update request = noop (19) Wed Nov 1 20:23:01 2017: Debug: if ("%{8}") { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{8} (19) Wed Nov 1 20:23:01 2017: Debug:--> (19) Wed Nov 1 20:23:01 2017: Debug: if ("%{8}") -> FALSE (19) Wed Nov 1 20:23:01 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (19) Wed Nov 1 20:23:01 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (19) Wed Nov 1 20:23:01 2017: Debug: elsif (Aruba-Essid-Name) { (19) Wed Nov 1 20:
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
After looking at the configuration, there was one line that seemed to stand out... radius server attribute 4 192.168.1.5 Other Netgear documentation that I have found states the following in regards to the 'radius server attribute' command: radius server attribute Use this command to specify the RADIUS client to use the NAS-IPAddress attribute in the RADIUS requests. If the specific IP address is configured while enabling this attribute, the RADIUS client uses that IP address while sendingNAS-IP-Addressattribute in RADIUS communication. Format radius server attribute <4> [] Mode Global Config Let me take that out and test again. >Hello Fabrice, > >Not that I am aware of, but then again, the Netgear switch is new to me. I am >more familiar with Cisco equipment. > >Here are the relevant commands on the Netgear switch; maybe the >NAS-IP-Address will be spotted with a second set of eyes. :-) (Passwords have >been edited) > >(M4300-52G-PoE+) #show run > >!Current Configuration: >! >!System Description "M4300-52G-PoE+ ProSAFE 48-port 1G PoE+ and 2-port >10GBASE-T and 2-port 10G SFP+, 12.0.2.15, 1.0.0.8" >!System Software Version "12.0.2.15" >!System Up Time "1 days 5 hrs 38 mins 42 secs" >!Additional Packages QOS,Multicast,IPv6,IPv6 Management,Stacking,Routing >!Current SNTP Synchronized Time: SNTP Last Attempt Status Is Not Successful ! >vlan database >vlan 20,30,100-101 >vlan name 20 "PF_Registration" >vlan name 30 "PF_Isolation" >vlan name 100 "PF_Production" >vlan routing 1 1 >vlan routing 101 2 >exit > >configure >stack >member 1 4 >exit >ip name server 192.168.1.1 >slot 1/0 4 >set slot power 1/0 >no set slot disable 1/0 >snmptrap "ngTrap" ipaddr 192.168.8.5 >aaa session-id unique >dot1x system-auth-control >dot1x system-auth-control monitor >aaa authentication dot1x default radius >authorization network radius >radius accounting mode >radius server host auth "192.168.1.5" name "Default-RADIUS-Server" >radius server key auth "192.168.1.5" encrypted * radius server primary >"192.168.1.5" >radius server attribute 4 192.168.1.5 >radius server host acct "192.168.1.5" name Default-RADIUS-Server radius server >key acct "192.168.1.5" encrypted * aaa server radius dynamic-author client >192.168.8.5 server-key "*" >exit >line console >exit > >line telnet >exit > >line ssh >exit >! >snmp-server community "ngRead" >snmp-server community "ngWrite" >snmp-server community rw ngWrite > >interface 1/0/1 >dot1x port-control mac-based >dot1x mac-auth-bypass >exit > > > >interface 1/0/3 >dot1x mac-auth-bypass >exit > > > >interface 1/0/48 >dot1x port-control force-authorized >vlan pvid 101 >vlan participation include 20,30,101 >vlan tagging 1,20,30 >exit > > > >interface vlan 1 >routing >ip address dhcp >exit > > > >interface vlan 101 >routing >ip address 192.168.1.12 255.255.255.0 >exit > > >ip management vlan 101 192.168.1.12 255.255.255.0 ip management >source-interface vlan 101 router rip exit router ospf exit >ipv6 router ospf >exit >ip default-gateway 192.168.1.1 >exit > >>Hello James, >> >>little bit weird , the NAS-IP-Address is equal to 192.168.1.5 and >>should be equal to 192.168.1.12. >> >>Did you changed something the the Netgear config to set NAS IP Address >>with the wrong value ? >> >>Regards >> >>Fabrice > >James Garcellano James Garcellano -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
It looks like the other test still showed the NAS IP as 192.168.1.5. I rebooted the switch and did another test. Here is the raddebug from that... (38) Wed Nov 1 21:13:13 2017: Debug: Received Access-Request Id 201 from 192.168.1.12:42371 to 192.168.1.5:1812 length 158 (38) Wed Nov 1 21:13:13 2017: Debug: User-Name = "PFDOMAIN\\testme" (38) Wed Nov 1 21:13:13 2017: Debug: Called-Station-Id = "b0-b9-8a-46-3d-0e" (38) Wed Nov 1 21:13:13 2017: Debug: Calling-Station-Id = "00:21:70:d8:ac:45" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" (38) Wed Nov 1 21:13:13 2017: Debug: NAS-IP-Address = 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port = 1 (38) Wed Nov 1 21:13:13 2017: Debug: Framed-MTU = 1500 (38) Wed Nov 1 21:13:13 2017: Debug: NAS-Port-Type = Ethernet (38) Wed Nov 1 21:13:13 2017: Debug: EAP-Message = 0x0214015046444f4d41494e5c746573746d65 (38) Wed Nov 1 21:13:13 2017: Debug: Message-Authenticator = 0x935d535299b823f31e7748c9271d6225 (38) Wed Nov 1 21:13:13 2017: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (38) Wed Nov 1 21:13:13 2017: Debug: authorize { (38) Wed Nov 1 21:13:13 2017: Debug: update { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{Packet-Src-IP-Address} (38) Wed Nov 1 21:13:13 2017: Debug: --> 192.168.1.12 (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %l (38) Wed Nov 1 21:13:13 2017: Debug: --> 1509570793 (38) Wed Nov 1 21:13:13 2017: Debug: } # update = noop (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_calling_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: update request { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (38) Wed Nov 1 21:13:13 2017: Debug: --> 00:21:70:d8:ac:45 (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop (38) Wed Nov 1 21:13:13 2017: Debug: [updated] = updated (38) Wed Nov 1 21:13:13 2017: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (38) Wed Nov 1 21:13:13 2017: Debug: ... skipping else: Preceding "if" was taken (38) Wed Nov 1 21:13:13 2017: Debug: } # policy rewrite_calling_station_id = updated (38) Wed Nov 1 21:13:13 2017: Debug: policy rewrite_called_station_id { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (38) Wed Nov 1 21:13:13 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (38) Wed Nov 1 21:13:13 2017: Debug: update request { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (38) Wed Nov 1 21:13:13 2017: Debug: --> b0:b9:8a:46:3d:0e (38) Wed Nov 1 21:13:13 2017: Debug: } # update request = noop (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") { (38) Wed Nov 1 21:13:13 2017: Debug: EXPAND %{8} (38) Wed Nov 1 21:13:13 2017: Debug:--> (38) Wed Nov 1 21:13:13 2017: Debug: if ("%{8}") -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) { (38) Wed Nov 1 21:13:13 2017: Debug: elsif (Aruba-Essid-Name) -> FALSE (38) Wed Nov 1 21:13:13 2017: Debug: elsif ( (Cisco-AVPair) &&
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Hello James, little bit weird , the NAS-IP-Address is equal to 192.168.1.5 and should be equal to 192.168.1.12. Did you changed something the the Netgear config to set NAS IP Address with the wrong value ? Regards Fabrice Le 2017-11-01 à 16:48, James Garcellano via PacketFence-users a écrit : > Hello Fabrice, > > Here is the raddebug ouput when the laptop is plugged into port 1/0/1 on the > Netgear switch. > > (19) Wed Nov 1 20:23:01 2017: Debug: Received Access-Request Id 199 from > 192.168.1.12:42371 to 192.168.1.5:1812 length 193 > (19) Wed Nov 1 20:23:01 2017: Debug: User-Name = "PFDOMAIN\\testme" > (19) Wed Nov 1 20:23:01 2017: Debug: Called-Station-Id = > "b0-b9-8a-46-3d-0e" > (19) Wed Nov 1 20:23:01 2017: Debug: Calling-Station-Id = > "00:21:70:d8:ac:45" > (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" > (19) Wed Nov 1 20:23:01 2017: Debug: NAS-IP-Address = 192.168.1.5 > (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Port = 1 > (19) Wed Nov 1 20:23:01 2017: Debug: Framed-MTU = 1500 > (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Port-Type = Ethernet > (19) Wed Nov 1 20:23:01 2017: Debug: State = > 0x8486bcf2838ea5c8f46e2d7c49360c33 > (19) Wed Nov 1 20:23:01 2017: Debug: EAP-Message = > 0x020800251900170303001a00036316860ca21a6feb5ba6b143952509a3497c > (19) Wed Nov 1 20:23:01 2017: Debug: Message-Authenticator = > 0xa5b0c93919523b9f5645ee9214488c57 > (19) Wed Nov 1 20:23:01 2017: Debug: session-state: No cached attributes > (19) Wed Nov 1 20:23:01 2017: Debug: # Executing section authorize from file > /usr/local/pf/raddb/sites-enabled/packetfence > (19) Wed Nov 1 20:23:01 2017: Debug: authorize { > (19) Wed Nov 1 20:23:01 2017: Debug: update { > (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{Packet-Src-IP-Address} > (19) Wed Nov 1 20:23:01 2017: Debug: --> 192.168.1.12 > (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %l > (19) Wed Nov 1 20:23:01 2017: Debug: --> 1509567781 > (19) Wed Nov 1 20:23:01 2017: Debug: } # update = noop > (19) Wed Nov 1 20:23:01 2017: Debug: policy rewrite_calling_station_id { > (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > { > (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > -> TRUE > (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > { > (19) Wed Nov 1 20:23:01 2017: Debug: update request { > (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND > %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} > (19) Wed Nov 1 20:23:01 2017: Debug: --> 00:21:70:d8:ac:45 > (19) Wed Nov 1 20:23:01 2017: Debug: } # update request = noop > (19) Wed Nov 1 20:23:01 2017: Debug: [updated] = updated > (19) Wed Nov 1 20:23:01 2017: Debug: } # if (&Calling-Station-Id && > (&Calling-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) > = updated > (19) Wed Nov 1 20:23:01 2017: Debug: ... skipping else: Preceding "if" > was taken > (19) Wed Nov 1 20:23:01 2017: Debug: } # policy > rewrite_calling_station_id = updated > (19) Wed Nov 1 20:23:01 2017: Debug: policy rewrite_called_station_id { > (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > { > (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > -> TRUE > (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && > (&Called-Station-Id =~ > /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) > { > (19) Wed Nov 1 20:23:01 2017: Debug: update request { > (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND > %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} > (19) Wed Nov 1 20:23:01 2017: Debug: --> b0:b9:8a:46:3d:0e > (19) Wed Nov 1 20:23:01 2017: Debug: } # update request = noop > (19) Wed Nov 1 20:23:01 2017: Debug: if ("%{8}") { > (19) Wed Nov 1 20:23:01 2017: Debug:
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Hello Fabrice, Here is the raddebug ouput when the laptop is plugged into port 1/0/1 on the Netgear switch. (19) Wed Nov 1 20:23:01 2017: Debug: Received Access-Request Id 199 from 192.168.1.12:42371 to 192.168.1.5:1812 length 193 (19) Wed Nov 1 20:23:01 2017: Debug: User-Name = "PFDOMAIN\\testme" (19) Wed Nov 1 20:23:01 2017: Debug: Called-Station-Id = "b0-b9-8a-46-3d-0e" (19) Wed Nov 1 20:23:01 2017: Debug: Calling-Station-Id = "00:21:70:d8:ac:45" (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Identifier = "b0-b9-8a-46-3d-0c" (19) Wed Nov 1 20:23:01 2017: Debug: NAS-IP-Address = 192.168.1.5 (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Port = 1 (19) Wed Nov 1 20:23:01 2017: Debug: Framed-MTU = 1500 (19) Wed Nov 1 20:23:01 2017: Debug: NAS-Port-Type = Ethernet (19) Wed Nov 1 20:23:01 2017: Debug: State = 0x8486bcf2838ea5c8f46e2d7c49360c33 (19) Wed Nov 1 20:23:01 2017: Debug: EAP-Message = 0x020800251900170303001a00036316860ca21a6feb5ba6b143952509a3497c (19) Wed Nov 1 20:23:01 2017: Debug: Message-Authenticator = 0xa5b0c93919523b9f5645ee9214488c57 (19) Wed Nov 1 20:23:01 2017: Debug: session-state: No cached attributes (19) Wed Nov 1 20:23:01 2017: Debug: # Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence (19) Wed Nov 1 20:23:01 2017: Debug: authorize { (19) Wed Nov 1 20:23:01 2017: Debug: update { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{Packet-Src-IP-Address} (19) Wed Nov 1 20:23:01 2017: Debug: --> 192.168.1.12 (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %l (19) Wed Nov 1 20:23:01 2017: Debug: --> 1509567781 (19) Wed Nov 1 20:23:01 2017: Debug: } # update = noop (19) Wed Nov 1 20:23:01 2017: Debug: policy rewrite_calling_station_id { (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE (19) Wed Nov 1 20:23:01 2017: Debug: if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: update request { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (19) Wed Nov 1 20:23:01 2017: Debug: --> 00:21:70:d8:ac:45 (19) Wed Nov 1 20:23:01 2017: Debug: } # update request = noop (19) Wed Nov 1 20:23:01 2017: Debug: [updated] = updated (19) Wed Nov 1 20:23:01 2017: Debug: } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated (19) Wed Nov 1 20:23:01 2017: Debug: ... skipping else: Preceding "if" was taken (19) Wed Nov 1 20:23:01 2017: Debug: } # policy rewrite_calling_station_id = updated (19) Wed Nov 1 20:23:01 2017: Debug: policy rewrite_called_station_id { (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) -> TRUE (19) Wed Nov 1 20:23:01 2017: Debug: if ((&Called-Station-Id) && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})(:(.+))?$/i)) { (19) Wed Nov 1 20:23:01 2017: Debug: update request { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} (19) Wed Nov 1 20:23:01 2017: Debug: --> b0:b9:8a:46:3d:0e (19) Wed Nov 1 20:23:01 2017: Debug: } # update request = noop (19) Wed Nov 1 20:23:01 2017: Debug: if ("%{8}") { (19) Wed Nov 1 20:23:01 2017: Debug: EXPAND %{8} (19) Wed Nov 1 20:23:01 2017: Debug:--> (19) Wed Nov 1 20:23:01 2017: Debug: if ("%{8}") -> FALSE (19) Wed Nov 1 20:23:01 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) { (19) Wed Nov 1 20:23:01 2017: Debug: elsif ( (Colubris-AVPair) && "%{Colubris-AVPair}" =~ /^ssid=(.*)$/i) -> FALSE (19) Wed Nov 1 20:23:01 2017: Debug: elsif (Aruba-Essid-Name) { (19
Re: [PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Hello James, can you run radius in debug mode and retry a connection, i would like to see the radius request. raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 Regards Fabrice Le 2017-11-01 à 14:21, James Garcellano via PacketFence-users a écrit : > > Hello everyone, > > > > I would like to find out if the Netgear GSM4325PS (M4300 series) > switch is supported with PacketFence. > > > > The documentation for support network switches state that the Netgear > M-Series switches are supported for 802.1x Wired Authentication, so > I’m assuming the configuration guidelines that are given should work. > > > > I have configured one such switch in a test lab that I put together. > When I plug in a laptop, while monitoring the > /usr/local/pf/log/packetfence.log, I see the following messages: > > > > Nov 1 18:18:33 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) > INFO: [mac:00:21:70:d8:ac:45] handling radius autz request: from > switch_ip => (192.168.1.5), connection_type => Ethernet-EAP,switch_mac > => (b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, > username => "PFDOMAIN\testme" (pf::radius::authorize) > > Nov 1 18:18:33 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) > ERROR: [mac:00:21:70:d8:ac:45] Wired 802.1X is not supported on switch > type pf::Switch::PacketFence. Please let us know what hardware you are > using. (pf::Switch::supportsWiredDot1x) > > Nov 1 18:18:33 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) > WARN: [mac:00:21:70:d8:ac:45] (192.168.1.5) Sending REJECT since > switch is unsupported (pf::radius::_switchUnsupportedReply) > > > > 192.168.1.5 is the PacketFence server. > > 00:21:70:d8:ac:45 is a Dell laptop with Windows 10 configured with > 802.1x Security and associated credentials. > > > > A similar setup is working with the same laptop connected to a Cisco > 2960G series switch. > > > > If any more information is required, please let me know. > > > > Thank you all! > > > > James Garcellano > > > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Netgear GSM4352PS (M4300-52G) Switch Support
Hello everyone, I would like to find out if the Netgear GSM4325PS (M4300 series) switch is supported with PacketFence. The documentation for support network switches state that the Netgear M-Series switches are supported for 802.1x Wired Authentication, so I'm assuming the configuration guidelines that are given should work. I have configured one such switch in a test lab that I put together. When I plug in a laptop, while monitoring the /usr/local/pf/log/packetfence.log, I see the following messages: Nov 1 18:18:33 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) INFO: [mac:00:21:70:d8:ac:45] handling radius autz request: from switch_ip => (192.168.1.5), connection_type => Ethernet-EAP,switch_mac => (b0:b9:8a:46:3d:0e), mac => [00:21:70:d8:ac:45], port => 1, username => "PFDOMAIN\testme" (pf::radius::authorize) Nov 1 18:18:33 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) ERROR: [mac:00:21:70:d8:ac:45] Wired 802.1X is not supported on switch type pf::Switch::PacketFence. Please let us know what hardware you are using. (pf::Switch::supportsWiredDot1x) Nov 1 18:18:33 packetfence-zen packetfence_httpd.aaa: httpd.aaa(2852) WARN: [mac:00:21:70:d8:ac:45] (192.168.1.5) Sending REJECT since switch is unsupported (pf::radius::_switchUnsupportedReply) 192.168.1.5 is the PacketFence server. 00:21:70:d8:ac:45 is a Dell laptop with Windows 10 configured with 802.1x Security and associated credentials. A similar setup is working with the same laptop connected to a Cisco 2960G series switch. If any more information is required, please let me know. Thank you all! James Garcellano -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users