Thanks for the response. That was one of the first things I checked when I did not see any traffic between my WLC and PF server using tcpdump. CoA and the disconnect option are enabled.
On Fri, Mar 22, 2024 at 7:23 AM Zammit, Ludovic <luza...@akamai.com> wrote: > Hello Giovanni, > > It looks like the device is not getting kicked out with a Radius > disconnect or access changed with the CoA (Change of Authorization) and > that’s what caused the non role assignation. > > Make sure that the CoA is enabled on the PF Radius authentication server > in your WLC config. > > Thanks, > > *Ludovic Zammit* > *Product Support Engineer Principal Lead* > *Cell:* +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Mar 19, 2024, at 8:16 PM, Giovanni Trapasso via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > Hello, > > I am running Packetfence 13.1 ZEN. I have configured the server as a > captive portal using social media as external sources, Windows, Facebook > and Google. I am using a Cisco WLC as a test box, running 8.5.x code. > > I have the server and the WLC configured as the documentation recommended > but I am having a slight issue after authentication. I have the 2 ACL for > Pre-Registration and authorized-all and in the logs I can see the > pre-registration ACL being applied as well as the registration vlan. But > after a successful authentication to the social media external source I am > not getting the guest role I configured in my catchall action applies, as > well I am not getting the vlan or authorized-all ACL which I have > configured on my WLC under switches under switch role. > > I attached the packetfence.log section during an authentication attempt > and I am guessing the issue is with this error in the log: > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] person > usern...@telusplanet.net added (pf::person::person_add) > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] OAuth2 successfull for > username usern...@telusplanet.net > (captiveportal::PacketFence::DynamicRouting::Module::Authentication::OAuth::handle_callback) > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) WARN: [mac:10:02:b5:3a:bd:21] Calling match with > empty/invalid rule class. Defaulting to 'authentication' > (pf::authentication::match) > > Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: > httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] Using sources Windows_Live > for matching (pf::authentication::match) > > > I did find if I quickly bump wireless, disconnect and reconnect, it will > assign the guest roles and assign the guest vlan. > > I have attached a few log files, one is during the authentication attempt > and the other is when I bumped my wireless connection. > > I hope someone can help. > -- > _______________________________________________________________ > Giovanni Trapasso > University of Alberta > _______________________________________________________________ > <bump wireless.txt><packetfence.log> > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!R9-uOGEc7z-cCjIUtDJkeirKaua48b3OHSMSUSurB2dyIOOYNN3mtkP-0aDzUpbCElQgx_gOMteafGWZotvm12fh1updatqHeUUewg$ > > > -- _______________________________________________________________ Giovanni Trapasso Digital Networks and Data Center Services Information Services & Technology (IST) 269 General Services Building University of Alberta Edmonton, Alberta, Canada T6G 2E5 Phone: (780) 492-4696 To open a Technical Service call with IST go to: https://ist.ualberta.ca/ <https://otrs.srv.ualberta.ca/otrs/customer.pl> ** This communication is intended for the use of the recipient to whom it is addressed, and may contain confidential, personal, and/or privileged information. Please contact me immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed.** _______________________________________________________________
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
