[PacketFence-users] Freeradius Telnet 1812 and 1813 fails

Discussion:

Grant Hathaway

2016-12-16 14:29:07 UTC

Hello,

The Packetfence server is up and running with AD bind and we can see devices checking in via DHCP but not via the test switch, the test switch is a Cisco 3750 and I can see it in packetfence in Configuration/switches. We have 3 VLANS configured on the switch and packetfence however we are not sure whether the switch and server are communicating with each other and are unsure where the logs are in packetfence in order to troubleshoot the connection issue?

The plan is to test packetfence by plugging a device into a network port on the switch, and see how the roles work in each VLAN.

We can telnet and SSH to the server succesfully on normal ports (22 and 23) from the switch but when we telnet to ports 1812/1813 it rejects the connection
No response from (10.25.3.122:1812,1813) for id 1645/16

Ports 1812 and 1813 udp are definitely listening on the packetfence server but telnet fails. Is there something we need to configure in freeradius to accept incoming connections?

Thanks
G

Grant Hathaway
Network and Infrastructure Analyst

Certas Energy UK Limited
The Switch
1-7 The Grove - Slough - SL1 1QP
Phone : 01753756965 - Mobile : 07920075818
***@certasenergy.co.uk<mailto:***@certasenergy.co.uk>

[cid:certas_76080deb-6dcc-42fd-a96d-7a823f6a7a45.gif][cid:safetyf1rst_50886216-b7ea-4c50-abc3-78998a1b9b88.gif] [cid:finalist-logo_c2180ca4-c389-40e0-a9d4-ca51ef41c8ff.gif]

Antoine Amacher

2016-12-16 15:06:47 UTC

Permalink

Hello Grant,

If your switch has the proper RADIUS secret and he is able to talk to
the management interface, then you should be all set.

You could try the following,

1. Ensure that communication is working (ping between mgmt interface and
switch IP)

2. ensure that RADIUS receive requests from the switch, (tcpdump -i
mgmt.interface port 1812)

2. verify /usr/local/pf/logs/radius.log for error,

3. launch a raddebug and try to log for error. (raddebug -f
/usr/local/pf/var/run/radiusd.socks -t 3600)

Let us know if that's help

Thanks

Post by Grant Hathaway
Hello,
The Packetfence server is up and running with AD bind and we can see
devices checking in via DHCP but not via the test switch, the test
switch is a Cisco 3750 and I can see it in packetfence in
Configuration/switches. We have 3 VLANS configured on the switch and
packetfence however we are not sure whether the switch and server are
communicating with each other and are unsure where the logs are in
packetfence in order to troubleshoot the connection issue?
The plan is to test packetfence by plugging a device into a network
port on the switch, and see how the roles work in each VLAN.
We can telnet and SSH to the server succesfully on normal ports (22
and 23) from the switch but when we telnet to ports 1812/1813 it
rejects the connection
*No response from (10.25.3.122:1812,1813) for id 1645/16*
**
Ports 1812 and 1813 udp are definitely listening on the packetfence
server but telnet fails*. *Is there something we need to configure in
freeradius to accept incoming connections?
Thanks
G
**
Grant Hathaway
Network and Infrastructure Analyst
Certas Energy UK Limited
The Switch
1-7 The Grove - Slough - SL1 1QP
Phone : 01753756965 - Mobile : 07920075818

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Antoine Amacher
***@inverse.ca :: www.inverse.ca
+1.514.447.4918 x130 :: +1 (866) 353-6153 x130
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)

Grant Hathaway

2016-12-16 15:33:45 UTC

Permalink

Hello,

Thanks for the response, I assume I need to download and install TCPDUMP on packetfence as its not in /usr/sbin ?

The command fails with tcpdump : command not found

Thanks

Grant

Grant Hathaway
Network and Infrastructure Analyst

Certas Energy UK Limited
The Switch
1-7 The Grove - Slough - SL1 1QP
Phone : 01753756965 - Mobile : 07920075818
***@certasenergy.co.uk<mailto:***@certasenergy.co.uk>

[cid:certas_76080deb-6dcc-42fd-a96d-7a823f6a7a45.gif][cid:safetyf1rst_50886216-b7ea-4c50-abc3-78998a1b9b88.gif] [cid:finalist-logo_c2180ca4-c389-40e0-a9d4-ca51ef41c8ff.gif]
From: Antoine Amacher [mailto:***@inverse.ca]
Sent: Friday, December 16, 2016 3:07 PM
To: packetfence-***@lists.sourceforge.net
Subject: Re: [PacketFence-users] Freeradius Telnet 1812 and 1813 fails

Hello Grant,

If your switch has the proper RADIUS secret and he is able to talk to the management interface, then you should be all set.

You could try the following,

1. Ensure that communication is working (ping between mgmt interface and switch IP)

2. ensure that RADIUS receive requests from the switch, (tcpdump -i mgmt.interface port 1812)

2. verify /usr/local/pf/logs/radius.log for error,

3. launch a raddebug and try to log for error. (raddebug -f /usr/local/pf/var/run/radiusd.socks -t 3600)

Let us know if that's help

Thanks
On 12/16/2016 09:29 AM, Grant Hathaway wrote:
Hello,

The Packetfence server is up and running with AD bind and we can see devices checking in via DHCP but not via the test switch, the test switch is a Cisco 3750 and I can see it in packetfence in Configuration/switches. We have 3 VLANS configured on the switch and packetfence however we are not sure whether the switch and server are communicating with each other and are unsure where the logs are in packetfence in order to troubleshoot the connection issue?

The plan is to test packetfence by plugging a device into a network port on the switch, and see how the roles work in each VLAN.

We can telnet and SSH to the server succesfully on normal ports (22 and 23) from the switch but when we telnet to ports 1812/1813 it rejects the connection
No response from (10.25.3.122:1812,1813) for id 1645/16

Ports 1812 and 1813 udp are definitely listening on the packetfence server but telnet fails. Is there something we need to configure in freeradius to accept incoming connections?

Thanks
G

Grant Hathaway
Network and Infrastructure Analyst

Certas Energy UK Limited
The Switch
1-7 The Grove - Slough - SL1 1QP
Phone : 01753756965 - Mobile : 07920075818
***@certasenergy.co.uk<mailto:***@certasenergy.co.uk>

[cid:***@01D257B1.C94DE940][cid:***@01D257B1.C94DE940] [cid:***@01D257B1.C94DE940]

------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most

engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________

PacketFence-users mailing list

PacketFence-***@lists.sourceforge.net<mailto:PacketFence-***@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--

Antoine Amacher

***@inverse.ca<mailto:***@inverse.ca> :: www.inverse.ca<http://www.inverse.ca>

+1.514.447.4918 x130 :: +1 (866) 353-6153 x130

Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>)