Contenu | Rechercher | Menus

Annonce

Ubuntu 16.04 LTS
Commandez vos DVD et clés USB Ubuntu-fr !

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

#1 Le 17/10/2016, à 16:20

volcky

[802.1X] - Echec d'authentification au bout de quelques minutes

Hello,

Lors de l'activation du 802.1X sur un poste  Ubuntu 16.04 LTS (HPZ220) à l'aide NetworkManager, j’obtiens un échec d’authentification provoquant la perte de me connexion (cf capture plus bas).

PICARD Florian a écrit :

Je tiens à préciser que sur un poste Windows et sur un poste Macintosh connecté au même switch (HP) au même port configuré --> RAS smile

Voici ma configuration (Poste Ubuntu) :

/etc/NetworkManager/system-connections# cat Lan_802.1X
[connection]
id=Lan_802.1X
uuid=4b115b58-5bf2-451b-8519-168e17f84158
type=ethernet
permissions=
secondaries=

[ethernet]
duplex=full
mac-address-blacklist=

[802-1x]
ca-cert=/etc/ssl/certs/machainecomplete.pem
client-cert=/etc/ssl/private/HOSTNAME@mondomaine.ext.p12
eap=tls;
identity=mondomaine.ext/DOM/Computers_Linux/HOSTNAME
private-key=/etc/ssl/private/HOSTNAME@mondomaine.ext.p12
private-key-password=xxxxxxxxxxx

[ipv4]
dns-search=mondomaine.ext;
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto

Configuration du Switch :

interface GigabitEthernet3/0/3
description USER
undo enable snmp trap updown
port link-type hybrid
port hybrid vlan 1 untagged
mac-vlan enable
stp edged-port
dot1x
dot1x handshake reply enable
dot1x handshake secure
dot1x mandatory-domain groupevsc
dot1x max-user 7
dot1x guest-vlan 100
dot1x auth-fail vlan 100

Capture Wireshark :


1476715157.png
en (300x300) ça risque d’être non-lisible, mais j'ai corrigé tongue


Avez-vous déjà rencontré ce symptôme ?


Merci d'avance pour vos réponses.


Modération : merci d'utiliser des images de petite taille (300x300) ou des miniatures pointant sur ces images (Des hébergeurs comme Toile Libre ou TDCT'Pix le permettent).

Dernière modification par volcky (Le 15/11/2016, à 12:02)

Hors ligne

#2 Le 15/11/2016, à 11:58

volcky

Re : [802.1X] - Echec d'authentification au bout de quelques minutes

Hello,

Voici un extrait (syslog)

Nov 15 10:33:05 DX-CZC23732PY ntpd[1280]: Listen normally on 9 eno1 10.1.14.180:123
Nov 15 10:33:05 DX-CZC23732PY ntpd[1280]: Listen normally on 10 eno1 [fe80::6cd2:35f3:79fe:a278%2]:123
Nov 15 10:33:05 DX-CZC23732PY ntpd[1280]: new interface(s) found: waking up resolver
Nov 15 10:34:28 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:34:28 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 15 10:34:28 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 15 10:34:28 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
Nov 15 10:34:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:35:18 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:35:18 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 15 10:35:18 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 15 10:35:18 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
Nov 15 10:35:24 DX-CZC23732PY systemd[1]: Started Session 3 of user root.
Nov 15 10:36:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:36:34 DX-CZC23732PY AptDaemon: INFO: Quitting due to inactivity
Nov 15 10:36:34 DX-CZC23732PY AptDaemon: INFO: Quitting was requested
Nov 15 10:36:34 DX-CZC23732PY org.debian.apt[695]: 10:36:34 AptDaemon [INFO]: Quitting due to inactivity
Nov 15 10:36:34 DX-CZC23732PY org.debian.apt[695]: 10:36:34 AptDaemon [INFO]: Quitting was requested
Nov 15 10:37:02 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:37:02 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 15 10:37:02 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 15 10:37:02 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
Nov 15 10:38:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:39:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:39:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 15 10:39:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 15 10:39:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
Nov 15 10:40:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:41:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Nov 15 10:42:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:43:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:43:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 15 10:43:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 15 10:43:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=FR/O=VSC GROUP/OU=VSC/CN=VSC - AC Racine Production' hash=f15e91894ef383edde17e5e426e02739cc2feb04abd2a1319fff853f2a7f1d54
Nov 15 10:43:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/O=VSC GROUP/OU=VSCT/CN=VSC - AC C2 Authentification Infrastructure' hash=ba99683e3af6b4787ea5c57ca5d196662f4995a8450778d9f63eb225d22c2cd8
Nov 15 10:43:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=Riflor.groupevsc.com' hash=d14749bf7bf6f8fc760af0598f5919140418519eac844df292d754998f8835ba
Nov 15 10:43:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
Nov 15 10:44:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:45:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Nov 15 10:46:30 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:47:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-STARTED EAP authentication started
Nov 15 10:47:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
Nov 15 10:47:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
Nov 15 10:47:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=FR/O=VSC GROUP/OU=VSC/CN=VSC - AC Racine Production' hash=f15e91894ef383edde17e5e426e02739cc2feb04abd2a1319fff853f2a7f1d54
Nov 15 10:47:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/O=VSC GROUP/OU=VSCT/CN=VSC - AC C2 Authentification Infrastructure' hash=ba99683e3af6b4787ea5c57ca5d196662f4995a8450778d9f63eb225d22c2cd8
Nov 15 10:47:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=Riflor.groupevsc.com' hash=d14749bf7bf6f8fc760af0598f5919140418519eac844df292d754998f8835ba
Nov 15 10:47:01 DX-CZC23732PY wpa_supplicant[2909]: eno1: CTRL-EVENT-EAP-FAILURE EAP authentication failed

Hors ligne