Thanks,
I should have included this previously. I know PF is logging into the
switch. I get this log each time it tries:
Mar 19 01:47:39 RGB-L2-140 sshd[18905]: Accepted keyboard-interactive/pam
for root from 10.2.0.3 port 57418 ssh2
Mar 19 01:48:05 RGB-L2-140 sshd[18921]: Accepted
Run a debug session on the switch. Should clear up why it's failing and at
least five a starting point.
On Wed, Mar 18, 2020, 6:15 PM Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:
> Hello Nicholas,
>
> can you verify when you reevaluate the access of the
Hello Nicholas,
can you verify when you reevaluate the access of the device packetfence
try to do ssh ? (with tcpdump per example).
Also it looks that there is a way to trace the connection:
https://github.com/inverse-inc/packetfence/blob/maintenance/9.3/lib/pf/Switch/Juniper.pm#L134
add
Hello Brant,
first i think you need to remove:
Role by switch – default=”Authorized devices”, guest=”COMPANY_GUEST”
Role by Web Auth – registration=http://10.10.181.250/Meraki::MR_v2,
guest=”COMPANY_GUEST”
your are doing vlan enforcement and not web auth.
Once done, connect your device on
Try with the Catalyst_2960 switch module instead of the generic one
Le 20-03-18 à 20 h 23, Zacharry Williams via PacketFence-users a écrit :
Not sure if it's supported as it's not in the device config guide. But
that doesn't mean it's not possible. I think you'd have to make a
different
Hi Brandt,
>From the log message, it almost sounds to me like Packetfence doesn't know
the MAC of the device it's trying to move to the guest VLAN. I'm referring
to this:
"Unable to extract audit-session-id"
Maybe something isn't getting passed with WebAuth that would normally be
passed with
Try that:
pftest authentication ANA\pereira ""
and
pftest authentication pereira ""
to see if the user is found and if it match a rule.
If the second one works then in the ANA realm enable strip in radius.
Regards
Fabrice
Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a
Not sure if it's supported as it's not in the device config guide. But that
doesn't mean it's not possible. I think you'd have to make a different
connection profile though.
On Wed, Mar 18, 2020, 11:39 AM Christian Hillebrand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:
What firewalls are you using?
On Wed, Mar 18, 2020, 5:23 AM Etienne Vella via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:
> Hi,
>
> Is it possible to have packet fence radius to do LDAP authentication and
> OTP with google authentication or sending an OTP via SMS / EMAIL?
Gonna take a wild guess here, in your realms config turn on strip radius
for null and your domain and and try logging on with just your username and
password. I'm guessing your realms config isn't matching. For us we had
three domains and we had to add them all. For example COMPANY.ORG,
Good afternoon,
Follow the requested files attached.
Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit
escreveu:
> Hello,
>
> Could you post the result fo those two commands:
>
> cat /usr/local/pf/conf/authentication.conf
>
> cat /usr/local/pf/conf/profiles.conf
>
> remove your
Hi,
At the moment I am testing the user authorization of requests coming from my
openVPN server which is part of my pfSense machine.
I added the pfSense machine as a "Generic" Switch and enabled CLI Access.
However when I am testing the access, I am rejected with the following log
output:
Mar
Hi,
Is it possible to have packet fence radius to do LDAP authentication and
OTP with google authentication or sending an OTP via SMS / EMAIL?
Basically my idea is to have a VPN FW which does authentication with Pack
fence via radius with multi-factor authentication. Then packet fence
would
Dear Ludovic
as you can see in my previous post "registration" works fine but wifi
devices
(Cisco Virtual Wireless Lan Controller) are "unknown" in online/offline
field:
/[root@pfsrv pf]# bin/pftest authentication becchett XX RADIUS-AAI//
//Testing authentication for "becchett"//
//
14 matches
Mail list logo
