Hello Giovanni, It looks like the device is not getting kicked out with a Radius disconnect or access changed with the CoA (Change of Authorization) and that’s what caused the non role assignation.
Make sure that the CoA is enabled on the PF Radius authentication server in your WLC config. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Mar 19, 2024, at 8:16 PM, Giovanni Trapasso via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello, > > I am running Packetfence 13.1 ZEN. I have configured the server as a captive > portal using social media as external sources, Windows, Facebook and Google. > I am using a Cisco WLC as a test box, running 8.5.x code. > > I have the server and the WLC configured as the documentation recommended but > I am having a slight issue after authentication. I have the 2 ACL for > Pre-Registration and authorized-all and in the logs I can see the > pre-registration ACL being applied as well as the registration vlan. But > after a successful authentication to the social media external source I am > not getting the guest role I configured in my catchall action applies, as > well I am not getting the vlan or authorized-all ACL which I have configured > on my WLC under switches under switch role. > > I attached the packetfence.log section during an authentication attempt and I > am guessing the issue is with this error in the log: > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] person > usern...@telusplanet.net <mailto:usern...@telusplanet.net> added > (pf::person::person_add) > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] OAuth2 successfull for > username usern...@telusplanet.net <mailto:usern...@telusplanet.net> > (captiveportal::PacketFence::DynamicRouting::Module::Authentication::OAuth::handle_callback) > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) WARN: [mac:10:02:b5:3a:bd:21] Calling match with > empty/invalid rule class. Defaulting to 'authentication' > (pf::authentication::match) > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] Using sources Windows_Live for > matching (pf::authentication::match) > > > I did find if I quickly bump wireless, disconnect and reconnect, it will > assign the guest roles and assign the guest vlan. > > I have attached a few log files, one is during the authentication attempt and > the other is when I bumped my wireless connection. > > I hope someone can help. > -- > _______________________________________________________________ > Giovanni Trapasso > University of Alberta > _______________________________________________________________ > <bump > wireless.txt><packetfence.log>_______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!R9-uOGEc7z-cCjIUtDJkeirKaua48b3OHSMSUSurB2dyIOOYNN3mtkP-0aDzUpbCElQgx_gOMteafGWZotvm12fh1updatqHeUUewg$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
