Original Message:
Sent: Mar 07, 2023 03:05 PM
From: alagoutte
Subject: Connection avec Radius en All deny sur Wifi Aruba
Etrange !
La configuration des postes est poussé comment ?
------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...
PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)
PowerArubaCL: Powershell Module to use Aruba Central
PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..
ACEP / ACMX #107 / ACDX #1281
Original Message:
Sent: Mar 07, 2023 10:50 AM
From: Toyama
Subject: Connection avec Radius en All deny sur Wifi Aruba
Bon j'ai reussi a trouver le problème
une collaborateur a généré une nouveau certificat sur le serveur
et je ne sais pas pourquoi ça as modifier les paramètre de mon wifi
il as généré le certificat wb02 et ca as utiliser ce certificat dans les paramètre
j'èspère que ca ne vas pas ce modifier a chaque fois que l'on va générer un certificat .
merci en tous cas pour vos bon conseils
Original Message:
Sent: Mar 06, 2023 08:38 AM
From: Toyama
Subject: Connection avec Radius en All deny sur Wifi Aruba
*********************************************************************************************************
3/6/2023 14:35:24 PM Target: AP-WIFIS-01 (VC) Command: show log user
*********************************************************************************************************
Mar 6 14:34:56 cli[4981]: <541004> <WARN> |AP AP-WIFIS-01@172.21.120.1 cli| recv_sta_online: receive station msg, mac-c4:03:a8:9e:90:9e bssid-a8:bd:27:78:01:93 essid-UTPT_SECURE timestamp-1678109696-283002.Mar 6 14:34:56 cli[4981]: <541004> <WARN> |AP AP-WIFIS-01@172.21.120.1 cli| recv_stm_sta_update: receive station msg, mac-c4:03:a8:9e:90:9e bssid-a8:bd:27:78:01:93 essid-UTPT_SECURE timestamp-1678109696-426874.Mar 6 14:34:56 cli[4981]: <541003> <WARN> |AP AP-WIFIS-01@172.21.120.1 cli| Client c4:03:a8:9e:90:9e is failed to authenticate, failure count is 23.
pour la partie role/firewall de la configuration WiFi y'a pas de restriction c'est en illimité
Original Message:
Sent: Mar 06, 2023 08:14 AM
From: alagoutte
Subject: Connection avec Radius en All deny sur Wifi Aruba
Rien d'interresant dans ses logs...
show log user ?
Il faudrait la partie role/firewall de la configuration WiFi (le dernier onglet)
------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...
PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)
PowerArubaCL: Powershell Module to use Aruba Central
PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..
ACEP / ACMX #107 / ACDX #1281
Original Message:
Sent: Mar 06, 2023 08:01 AM
From: Toyama
Subject: Connection avec Radius en All deny sur Wifi Aruba
Original Message:
Sent: Mar 06, 2023 06:00 AM
From: alagoutte
Subject: Connection avec Radius en All deny sur Wifi Aruba
je ne sais pas si c'est ce genre de log
03]: iap_fmt_called_station_id: Called Station ID buffer is (a8bd27cf8018)
Mar 6 13:55:23 stm[5003]: iap_fmt_called_station_id: Called Station ID Type is (0)
Mar 6 13:55:23 stm[5003]: iap_fmt_called_station_id: Called Station ID buffer is (a8bd27cf8018)
Mar 6 13:55:23 cli[4981]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 3450453321
Mar 6 13:55:23 cli[4981]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 3450453321 ,received defaultcert_csum =3450453321
Mar 6 13:55:23 cli[4981]: receive ap 127.0.0.1 with drt status 0
Mar 6 13:55:23 stm[5003]: iap_fmt_called_station_id: Called Station ID Type is (0)
Mar 6 13:55:23 stm[5003]: iap_fmt_called_station_id: Called Station ID buffer is (a8bd27cf8018)
Mar 6 13:55:23 stm[5003]: iap_fmt_called_station_id: Called Station ID Type is (0)
Mar 6 13:55:23 stm[5003]: iap_fmt_called_station_id: Called Station ID buffer is (a8bd27cf8018)
Mar 6 13:55:23 stm[5003]: stm_send_sta_update: Sending sta update msg to CLI0, mac='e4:a7:a0:d6:8d:af'
Mar 6 13:55:23 stm[5003]: stm_update_machine_auth_token: Sending machine auth token update to CLI0, mac='e4:a7:a0:d6:8d:af', state=0, time='Mon Mar 6 13:55:23 2023 ', timeouts=86400)
Mar 6 13:55:23 cli[4981]: <541004> <WARN> |AP
AP-WIFIS-01@172.21.120.1
cli| recv_stm_sta_update: receive station msg, mac-e4:a7:a0:d6:8d:af bssid-a8:bd:27:78:01:93 essid-UTPT_SECURE timestamp-1678107323-778881.
Mar 6 13:55:23 cli[4981]: <541003> <WARN> |AP
AP-WIFIS-01@172.21.120.1
cli| Client e4:a7:a0:d6:8d:af is failed to authenticate, failure count is 1.
Mar 6 13:55:31 cli[4981]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 3450453321 ,received defaultcert_csum =3450453321
Mar 6 13:55:31 cli[4981]: receive ap 172.21.120.2 with drt status 0
Mar 6 13:55:31 cli[4981]: recv_user_sync_message set client f2:fb:0b:f5:20:10 connect status: 1, through ip: 172.21.125.163, acl: 159
Mar 6 13:55:32 cli[4981]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 3450453321 ,received defaultcert_csum =3450453321
Mar 6 13:55:32 cli[4981]: receive ap 172.21.120.4 with drt status 0
Mar 6 13:55:32 cli[4981]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 3450453321 ,received defaultcert_csum =3450453321
Mar 6 13:55:32 cli[4981]: receive ap 172.21.120.3 with drt status 0
Mar 6 13:55:32 mini_httpd[11856]: handle_request, 2865: 172.24.116.29, 60544, size 568
Mar 6 13:55:32 syslog: main, 3362: opcode is show
Mar 6 13:55:32 cli[4981]: <341004> <WARN> |AP
AP-WIFIS-01@172.21.120.1
cli| The DRT version is not newer than current DRT table
Mar 6 13:55:33 cli[4981]: <341004> <WARN> |AP
AP-WIFIS-01@172.21.120.1
cli| arping ongoing for central rollback
Mar 6 13:55:33 cli[4981]: arping 77131 times to 172.21.120.254 and arp_result is 0x0
Mar 6 13:55:33 cli[4981]: send_register_local,slave send defaultcert checksum at heartbeat,cs_defaultcert_csum= 3450453321
Mar 6 13:55:33 cli[4981]: recv_heartbeat_local,compare defaultcert checksum,cs_defaultcert_csum= 3450453321 ,received defaultcert_csum =3450453321
Mar 6 13:55:33 cli[4981]: receive ap 127.0.0.1 with drt status 0
Mar 6 13:55:33 cli[4981]: swarm_timer_handler,check_ssh
Mar 6 13:55:35 mini_httpd[11922]: handle_request, 2865: 172.24.116.29, 60546, size 568
Mar 6 13:55:35 syslog: main, 3362: opcode is support
Mar 6 13:55:35 sapd[4995]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15200 to 127.0.0.1:8223
Mar 6 13:55:35 sapd[4995]: executeCommandObject: Executing AMAPI Command Type: 100
Mar 6 13:55:35 mini_httpd[11923]: handle_request, 2865: 172.24.116.29, 60548, size 568
Mar 6 13:55:35 sapd[4995]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15200 to 127.0.0.1:8223
Mar 6 13:55:35 sapd[4995]: executeCommandObject: Executing AMAPI Command Type: 100
Mar 6 13:55:35 sapd[4995]: sapd_papi_rcv_cb: Received AMAPI Packet from 127.0.0.1:15200 to 127.0.0.1:8223
mais je ne comprend pas bien ses log
voici la partie securité de mon SSID SECURE
Bonjour Christophe,
Tu as regardé les logs (sur la borne ?)
tu as quoi dans les parties securites de etn SSID ?
------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...
PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)
PowerArubaCL: Powershell Module to use Aruba Central
PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..
ACEP / ACMX #107 / ACDX #1281
Original Message:
Sent: Mar 06, 2023 04:53 AM
From: Toyama
Subject: Connection avec Radius en All deny sur Wifi Aruba
rebonjour
depuis ce matin je suis en alerte :D
j'ai mis en place un wifi basé sur les certificats
cela fait un moi que ca fonctionne bien
mais depuis se matin plus aucune connexion possible
dans la borne ca apparait avec le rôle "deny all"
voici un extres de ma propre connexion impossible de savoir pourquoi ça ne marche pas
donc je fait apelle a des experts qui on surement rencontrer ce genre de probleme
merci par avance
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
NAS-IP-Address: 172.21.120.1
NAS-Port: 0
NAS-Identifier: 172.21.120.1
NAS-Port-Type: Wireless - IEEE 802.11
Calling-Station-ID: e4a7a0d68daf
Called-Station-ID: a8bd27cf8018
Service-Type: 1
Framed-MTU: 1100
Vendor-Specific: Aruba 5(13) UTPT_SECURE
Vendor-Specific: Aruba 6(13) AP-WIFIS-01
Vendor-Specific: Aruba 10(10) VC-WIFIS
Vendor-Specific: Aruba 12(6) NOFP
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Provider-Type: Windows
SAM-Account-Name: domaine\POR017$
Fully-Qualified-User-Name: domaine\POR017$
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19512
Packet-Type: Accept-Request
Reason-Code: Success
--------------------------------------------
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19512
Session-Timeout: 30
Fully-Qualified-User-Name: domaine\POR017$
SAM-Account-Name: domaine\POR017$
Provider-Type: Windows
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Packet-Type: Access-Challenge
Reason-Code: Success
--------------------------------------------
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
NAS-IP-Address: 172.21.120.1
NAS-Port: 0
NAS-Identifier: 172.21.120.1
NAS-Port-Type: Wireless - IEEE 802.11
Calling-Station-ID: e4a7a0d68daf
Called-Station-ID: a8bd27cf8018
Service-Type: 1
Framed-MTU: 1100
Vendor-Specific: Aruba 5(13) UTPT_SECURE
Vendor-Specific: Aruba 6(13) AP-WIFIS-01
Vendor-Specific: Aruba 10(10) VC-WIFIS
Vendor-Specific: Aruba 12(6) NOFP
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Provider-Type: Windows
SAM-Account-Name: domaine\POR017$
Fully-Qualified-User-Name: domaine\POR017$
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19513
Packet-Type: Accept-Request
Reason-Code: Success
--------------------------------------------
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19513
Session-Timeout: 30
Fully-Qualified-User-Name: domaine\POR017$
SAM-Account-Name: domaine\POR017$
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Provider-Type: Windows
Packet-Type: Access-Challenge
Reason-Code: Success
--------------------------------------------
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
NAS-IP-Address: 172.21.120.1
NAS-Port: 0
NAS-Identifier: 172.21.120.1
NAS-Port-Type: Wireless - IEEE 802.11
Calling-Station-ID: e4a7a0d68daf
Called-Station-ID: a8bd27cf8018
Service-Type: 1
Framed-MTU: 1100
Vendor-Specific: Aruba 5(13) UTPT_SECURE
Vendor-Specific: Aruba 6(13) AP-WIFIS-01
Vendor-Specific: Aruba 10(10) VC-WIFIS
Vendor-Specific: Aruba 12(6) NOFP
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Provider-Type: Windows
SAM-Account-Name: domaine\POR017$
Fully-Qualified-User-Name: domaine\POR017$
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19514
Packet-Type: Accept-Request
Reason-Code: Success
--------------------------------------------
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19514
Session-Timeout: 30
Fully-Qualified-User-Name: domaine\POR017$
SAM-Account-Name: domaine\POR017$
Provider-Type: Windows
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Packet-Type: Access-Challenge
Reason-Code: Success
--------------------------------------------
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
NAS-IP-Address: 172.21.120.1
NAS-Port: 0
NAS-Identifier: 172.21.120.1
NAS-Port-Type: Wireless - IEEE 802.11
Calling-Station-ID: e4a7a0d68daf
Called-Station-ID: a8bd27cf8018
Service-Type: 1
Framed-MTU: 1100
Vendor-Specific: Aruba 5(13) UTPT_SECURE
Vendor-Specific: Aruba 6(13) AP-WIFIS-01
Vendor-Specific: Aruba 10(10) VC-WIFIS
Vendor-Specific: Aruba 12(6) NOFP
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Provider-Type: Windows
SAM-Account-Name: domaine\POR017$
Fully-Qualified-User-Name: domaine\POR017$
EAP-Friendly-Name: Microsoft: Carte à puce ou autre certificat
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19515
Authentication-Type: 5
Packet-Type: Accept-Request
Reason-Code: Success
--------------------------------------------
NAS IP: 172.21.120.1
Client Username: host/POR017.mondomaine.local
Timestamp: 03/06/2023 10:43:56
Service: IAS
RADIUS Server: APPAD01
Class: 311 1 172.24.116.27 12/01/2022 12:37:57 19515
Authentication-Type: 5
EAP-Friendly-Name: Microsoft: Carte à puce ou autre certificat
Fully-Qualified-User-Name: domaine\POR017$
SAM-Account-Name: domaine\POR017$
Provider-Type: Windows
Proxy-Policy-Name: Connexions sans fil sécurisées UTPT_SECURE
Client-IP-Address: 172.21.120.1
NAS-Manufacturer: 0
Client-Friendly-Name: AP-WIFIS-01
Packet-Type: Access-Reject
Reason-Code: undefined
--------------------------------------------