Grant Hathaway
2017-01-23 11:25:01 UTC
Hello,
Thanks in advance to anyone who can help me.
AD is successfully added as a user source and there are basic rules added, the rule conditions are for AD group membership so if an AD user account is in a group which matches the rule then its assigned a role.
We are only interested in 802.1x wired connections not wifi, the portal profile is set as the default (not sure if I need to change this to automatically register devices?)
If I connect a windows client to the packetfence switch the device appears in packetfence as "unregistered" and so it appears its not registering the user/device based on the roles.
So the rules aren't working and I'm unsure how to troubleshoot it further. I noticed that our domain isn't added in Radius/Domains and get an error "Test join failed". Could this be the reason why its failing?
I used the pftest script to check the authentication and I get the below output.
[***@PacketFence-6_4_0 ~]# sudo /usr/local/pf/bin/pftest authentication my_domain_user "password"
Testing authentication for " my_domain_user "
Authenticating against local
Authentication FAILED against local (Invalid login or password)
Did not match against local
Did not match against local
Authenticating against file1
Authentication FAILED against file1 ()
Did not match against file1
Did not match against file1
Authenticating against sms
Authentication FAILED against sms ()
Matched against sms for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against sms
Authenticating against email
Authentication SUCCEEDED against email ()
Matched against email for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against email
Authenticating against sponsor
Authentication SUCCEEDED against sponsor ()
Matched against sponsor for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against sponsor
Authenticating against null
Authentication SUCCEEDED against null ()
Matched against null for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against null
Authenticating against AD
Authentication FAILED against AD (Invalid login or password)
Did not match against AD
Did not match against AD
Grant Hathaway
Network and Infrastructure Analyst
Certas Energy UK Limited
The Switch
1-7 The Grove - Slough - SL1 1QP
Phone : 01753756965 - Mobile : 07920075818
***@certasenergy.co.uk<mailto:***@certasenergy.co.uk>
[cid:certas_76080deb-6dcc-42fd-a96d-7a823f6a7a45.gif][cid:safetyf1rst_50886216-b7ea-4c50-abc3-78998a1b9b88.gif] [cid:finalist-logo_c2180ca4-c389-40e0-a9d4-ca51ef41c8ff.gif]
Thanks in advance to anyone who can help me.
AD is successfully added as a user source and there are basic rules added, the rule conditions are for AD group membership so if an AD user account is in a group which matches the rule then its assigned a role.
We are only interested in 802.1x wired connections not wifi, the portal profile is set as the default (not sure if I need to change this to automatically register devices?)
If I connect a windows client to the packetfence switch the device appears in packetfence as "unregistered" and so it appears its not registering the user/device based on the roles.
So the rules aren't working and I'm unsure how to troubleshoot it further. I noticed that our domain isn't added in Radius/Domains and get an error "Test join failed". Could this be the reason why its failing?
I used the pftest script to check the authentication and I get the below output.
[***@PacketFence-6_4_0 ~]# sudo /usr/local/pf/bin/pftest authentication my_domain_user "password"
Testing authentication for " my_domain_user "
Authenticating against local
Authentication FAILED against local (Invalid login or password)
Did not match against local
Did not match against local
Authenticating against file1
Authentication FAILED against file1 ()
Did not match against file1
Did not match against file1
Authenticating against sms
Authentication FAILED against sms ()
Matched against sms for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against sms
Authenticating against email
Authentication SUCCEEDED against email ()
Matched against email for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against email
Authenticating against sponsor
Authentication SUCCEEDED against sponsor ()
Matched against sponsor for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against sponsor
Authenticating against null
Authentication SUCCEEDED against null ()
Matched against null for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against null
Authenticating against AD
Authentication FAILED against AD (Invalid login or password)
Did not match against AD
Did not match against AD
Grant Hathaway
Network and Infrastructure Analyst
Certas Energy UK Limited
The Switch
1-7 The Grove - Slough - SL1 1QP
Phone : 01753756965 - Mobile : 07920075818
***@certasenergy.co.uk<mailto:***@certasenergy.co.uk>
[cid:certas_76080deb-6dcc-42fd-a96d-7a823f6a7a45.gif][cid:safetyf1rst_50886216-b7ea-4c50-abc3-78998a1b9b88.gif] [cid:finalist-logo_c2180ca4-c389-40e0-a9d4-ca51ef41c8ff.gif]