search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.39k stars 291 forks source link

changing "Secret Passphrase" requires radiusd restart #3472

Open ag-guvenlik opened 6 years ago

ag-guvenlik commented 6 years ago

IN version 8.1.0:

if you change "Secret Passphrase" from below, then switch can not mac-auth , until you restart radiusd.

WebGui => Configuration => Policies and Access Control => Network Devices => Switch Groups => RADIUS => "Secret Passphrase"

in switch debug log says: Reply packet: Invalid packet authenticator.

Detailed logs:

...... Jan 1 04:33:55:785 2013 HPE RADIUS/7/EVENT: Sent request packet and create request context successfully. Jan 1 04:33:55:785 2013 HPE RADIUS/7/EVENT: Added request context to global table successfully. Jan 1 04:33:55:822 2013 HPE RADIUS/7/EVENT: Reply SocketFd received EPOLLIN event. Jan 1 04:33:55:823 2013 HPE RADIUS/7/EVENT: Received reply packet succuessfully. Jan 1 04:33:55:823 2013 HPE RADIUS/7/EVENT: Found request context, dstIP: 192.168.147.5, dstPort: 1812, VPN instance: --(public), socketFd: 57, pktID: 3. Jan 1 04:33:55:824 2013 HPE RADIUS/7/ERROR: Reply packet: Invalid packet authenticator. *Jan 1 04:33:55:825 2013 HPE RADIUS/7/ERROR: The reply packet is invalid. .......

julsemaan commented 6 years ago

Actually its that there is a 5 minutes cache for secrets. So waiting 5 minutes will have the secret reloaded in FreeRADIUS

julsemaan commented 6 years ago

More of a documentation issue than an actual issue, we'll have to see where we can document this