Menu
▾
▴
Re: [PacketFence-users] Can't link PacketFence with AD Server.
|
From: Durand f. <fd...@in...> - 2019-02-08 01:54:20
|
Hello Adrian, if the switch send two Calling-Station-Id then it's a bug on the switch side. But i made a patch in order to test if there is multiple attributes and test if one of them is a mac address. So go in /usr/local/pf patch -p1 --dry-run < ./mulpiples_attributes.diff if there is no error: patch -p1 < ./mulpiples_attributes.diff Let me know if it helps. Regards Fabrice Le 19-02-07 à 06 h 05, Adrian Dessaigne via PacketFence-users a écrit : > Hello Fabrice, > In case, I have reset my switch configuration and reconfigure it has shown in the Network Device Configuration Guide, Part 4.8.2 2950 > > Here, the running-config of my switch: > > Current configuration : 2467 bytes > ! > version 12.1 > no service pad > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname Switch > ! > aaa new-model > aaa group server radius packetfence > server 192.168.1.112 auth-port 1812 acct-port 1813 > ! > aaa authentication login default local > aaa authentication dot1x default group packetfence > aaa authorization network default group packetfence > enable password ade > ! > username ade privilege 15 password 0 ade > ip subnet-zero > ! > ! > spanning-tree mode pvst > no spanning-tree optimize bpdu transmission > spanning-tree extend system-id > dot1x system-auth-control > ! > ! > interface FastEthernet0/1 > ! > ... > ! > interface FastEthernet0/17 > switchport mode access > dot1x port-control auto > dot1x host-mode multi-host > dot1x reauthentication > spanning-tree portfast > ! > interface FastEthernet0/18 > ! > ... > ! > interface Vlan1 > ip address 192.168.1.201 255.255.255.0 > no ip route-cache > ! > ip http server > ! > radius-server host 192.168.1.112 auth-port 1812 acct-port 1812 key pf-ade > radius-server retransmit 3 > radius-server vsa send authentication > ! > line con 0 > line vty 0 4 > password ade > line vty 5 15 > ! > end > > I've tried to edit the configuration file in site-enable, but all change get lost on the restart of the service. > > To be sure my switch is working correctly, I've installed and configured Freeradius on a fresh debian8 system. After some change on the switch configuration, I have an EAP-Success: > > Current configuration : 2236 bytes > ! > version 12.1 > no service pad > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname Switch > ! > aaa new-model > aaa authentication dot1x default group radius > aaa authorization network default group radius > enable password ade > ! > username ade privilege 15 password 0 ade > ip subnet-zero > ! > ! > spanning-tree mode pvst > no spanning-tree optimize bpdu transmission > spanning-tree extend system-id > dot1x system-auth-control > ! > ! > ... > ! > interface FastEthernet0/16 > ! > interface FastEthernet0/17 > switchport mode access > dot1x port-control auto > spanning-tree portfast > ! > ... > ! > Interface GigabitEthernet0/2 > ! > interface Vlan1 > ip address 192.168.1.201 255.255.255.0 > no ip route-cache > ! > ip http server > ! > radius-server host 192.168.1.112 auth-port 1812 acct-port 1812 key pf-ade > radius-server retransmit 3 > ! > line con 0 > line vty 0 4 > password ade > line vty 5 15 > ! > end > > So I switched back to my system with PF on it and keeped this switch configuration. I tested it, failure. > > By checking back the log, I still have to Calling-Station-ID. If it work on a basic FreeRadius configuration, does it mean the issue is with my PF FreeRadius ? > > Best Regard > > Adrian > > ----- Mail original ----- > De: "packetfence-users" <pac...@li...> > À: "packetfence-users" <pac...@li...> > Cc: "Durand fabrice" <fd...@in...> > Envoyé: Jeudi 7 Février 2019 00:26:02 > Objet: Re: [PacketFence-users] Can't link PacketFence with AD Server. > > > > Hello Adrian, > > your issue looks to be because you have 2 Calling-Station-Id attributes in the request. > > (33) Wed Feb 6 11:08:00 2019: Debug: Calling-Station-Id = "4\227\366\024I\344" > (33) Wed Feb 6 11:08:00 2019: Debug: Service-Type = Framed-User > (33) Wed Feb 6 11:08:00 2019: Debug: Framed-MTU = 1500 > (33) Wed Feb 6 11:08:00 2019: Debug: Calling-Station-Id = "34-97-f6-14-49-e4" > > Check the switch config to see if there a configuration parameter that add it. > > Also you will be able to remove it with the freeradius configuration (raddb/sites-enable/packetfence) > > Regards > > Fabrice > > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
