Re: [PacketFence-users] Auth: login OK but no vlan returned after upgrade from 4.05 to 4.2.2

Rossing, Will Thu, 26 Jun 2014 13:24:12 -0700

Ok, looks like this now.

[default]
vlans=184,220,221,223,224,225,226,227
normalVlan=223
registrationVlan=220
isolationVlan=221
macDetectionVlan=223
voiceVlan=223
inlineVlan=224
inlineTrigger=
VoIPEnabled=N
mode=production
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
radiusSecret=#####


 Still shows no vlan for unregistered, in radius debug for  a non
registered device it looks like this:

Thu Jun 26 15:12:49 2014 : Debug: Received Access-Request packet from host
143.110.1.17 port 32856, id=50, length=226
Thu Jun 26 15:12:49 2014 : Debug: NAS-IP-Address = 221.223.223.223
Thu Jun 26 15:12:49 2014 : Debug: NAS-Port = 0
Thu Jun 26 15:12:49 2014 : Debug: NAS-Port-Type = Wireless-802.11
Thu Jun 26 15:12:49 2014 : Debug: User-Name = "b0-e8-92-05-d9-8a"
Thu Jun 26 15:12:49 2014 : Debug: User-Password = "b0-e8-92-05-d9-8a"
Thu Jun 26 15:12:49 2014 : Debug: Service-Type = Login-User
Thu Jun 26 15:12:49 2014 : Debug: Calling-Station-Id = "B0E89205D98A"
Thu Jun 26 15:12:49 2014 : Debug: Called-Station-Id = "000B866E182C"
Thu Jun 26 15:12:49 2014 : Debug: Aruba-Essid-Name = "stormswirelessnet"
Thu Jun 26 15:12:49 2014 : Debug: Aruba-Location-Id = "BWC256"
Thu Jun 26 15:12:49 2014 : Debug: Aruba-AP-Group = "Wellness_PF"
Thu Jun 26 15:12:49 2014 : Debug: NAS-Identifier = "221.223.223.223"
Thu Jun 26 15:12:49 2014 : Debug: Message-Authenticator =
0xe6599e974fa2aa8c35c35c17c1c0e192
Thu Jun 26 15:12:49 2014 : Debug: server packetfence {
Thu Jun 26 15:12:49 2014 : Debug: # Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/packetfence
Thu Jun 26 15:12:49 2014 : Debug: +group authorize {
Thu Jun 26 15:12:49 2014 : Debug: [suffix] No '@' in User-Name =
"b0-e8-92-05-d9-8a", looking up realm NULL
Thu Jun 26 15:12:49 2014 : Debug: [suffix] No such realm "NULL"
Thu Jun 26 15:12:49 2014 : Debug: ++[suffix] = noop
Thu Jun 26 15:12:49 2014 : Debug: ++[preprocess] = ok
Thu Jun 26 15:12:49 2014 : Debug: [eap] No EAP-Message, not doing EAP
Thu Jun 26 15:12:49 2014 : Debug: ++[eap] = noop
Thu Jun 26 15:12:49 2014 : Debug: [files] users: Matched entry DEFAULT at
line 1
Thu Jun 26 15:12:49 2014 : Debug: ++[files] = ok
Thu Jun 26 15:12:49 2014 : Debug: ++[expiration] = noop
Thu Jun 26 15:12:49 2014 : Debug: ++[logintime] = noop
Thu Jun 26 15:12:49 2014 : Debug: ++update request {
Thu Jun 26 15:12:49 2014 : Debug: expand: %{Packet-Src-IP-Address} ->
143.110.1.17
Thu Jun 26 15:12:49 2014 : Debug: ++} # update request = noop
Thu Jun 26 15:12:49 2014 : Debug: ++update control {
Thu Jun 26 15:12:49 2014 : Debug: ++} # update control = noop
Thu Jun 26 15:12:49 2014 : Debug: ++[packetfence] = noop
Thu Jun 26 15:12:49 2014 : Debug: +} # group authorize = ok
Thu Jun 26 15:12:49 2014 : Debug: Found Auth-Type = Accept
Thu Jun 26 15:12:49 2014 : Debug: Auth-Type = Accept, accepting the user
Thu Jun 26 15:12:49 2014 : Debug: } # server packetfence
Thu Jun 26 15:12:49 2014 : Debug: # Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/packetfence
Thu Jun 26 15:12:49 2014 : Debug: +group post-auth {
Thu Jun 26 15:12:49 2014 : Debug: ++[exec] = noop
Thu Jun 26 15:12:49 2014 : Debug: ++? if (!EAP-Type || (EAP-Type !=
EAP-TTLS  && EAP-Type != PEAP))
Thu Jun 26 15:12:49 2014 : Debug: ? Evaluating !(EAP-Type ) -> TRUE
Thu Jun 26 15:12:49 2014 : Debug: ?? Skipping (EAP-Type != EAP-TTLS  )
Thu Jun 26 15:12:49 2014 : Debug: ?? Skipping (EAP-Type != PEAP)
Thu Jun 26 15:12:49 2014 : Debug: ++? if (!EAP-Type || (EAP-Type !=
EAP-TTLS  && EAP-Type != PEAP)) -> TRUE
Thu Jun 26 15:12:49 2014 : Debug: ++if (!EAP-Type || (EAP-Type != EAP-TTLS
 && EAP-Type != PEAP)) {
Thu Jun 26 15:12:49 2014 : Debug: +++update control {
Thu Jun 26 15:12:49 2014 : Debug: +++} # update control = noop
Thu Jun 26 15:12:49 2014 : Debug: +++[packetfence] = ok
Thu Jun 26 15:12:49 2014 : Debug: ++} # if (!EAP-Type || (EAP-Type !=
EAP-TTLS  && EAP-Type != PEAP)) = ok
Thu Jun 26 15:12:49 2014 : Debug: +} # group post-auth = ok
Thu Jun 26 15:12:49 2014 : Debug: Sending Access-Accept packet to host
143.110.1.17 port 32856, id=50, length=0
Thu Jun 26 15:12:49 2014 : Debug: Aruba-User-Role = "registration"
Thu Jun 26 15:12:49 2014 : Debug: Finished request 659.

in packetfence.log for that device

Jun 26 15:12:49 httpd.webservices(4960) INFO: handling radius autz request:
from switch_ip => 221.223.223.223, connection_type =>
Wireless-802.11-NoEAP,switch_mac => 00:0b:86:6e:18:2c, mac =>
b0:e8:92:05:d9:8a, port => 0, username => b0-e8-92-05-d9-8a
(pf::radius::authorize)
Jun 26 15:12:49 httpd.webservices(4960) INFO: MAC: b0:e8:92:05:d9:8a is of
status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jun 26 15:12:49 httpd.webservices(4960) INFO: Returning ACCEPT with Role:
registration (pf::Switch::Aruba::__ANON__)




On Thu, Jun 26, 2014 at 2:28 PM, Louis Munro <[email protected]> wrote:

> Hi Will,
> So I assume that the default section below is no longer current?
> You do have a registrationRole defined there.
>
> Regards,
>  --
> Louis Munro
> [email protected]  ::  www.inverse.ca
> +1.514.447.4918 *125  :: +1 (866) 353-6153
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On 2014-06-26, at 15:24 , "Rossing, Will" <[email protected]> wrote:
>
> Thanks  - Sooooo CLOSE!    There was a defaultRole=default which is now
> removed and then all of the VLANS where tunneled  through, EXCEPT
> Registration, any clues?  Here is the switches.conf
>
> #
> # Copyright 2006-2008 Inverse inc.
> #
> # See the enclosed file COPYING for license information (GPL).
> # If you did not receive this file, see
> # http://www.fsf.org/licensing/licenses/gpl.html
> [default]
> vlans=184,220,221,223,224,225,226,227
> normalVlan=223
> registrationVlan=220
> isolationVlan=221
> macDetectionVlan=223
> voiceVlan=223
> inlineVlan=224
> inlineTrigger=
> normalRole=normal
> *registrationRole=registration*
> isolationRole=isolation
> macDetectionRole=macDetection
> voiceRole=voice
> inlineRole=inline
> VoIPEnabled=N
> mode=production
> macSearchesMaxNb=30
> macSearchesSleepInterval=2
> uplink=dynamic
> radiusSecret=#####
>
>
>


-- 


Will Rossing
*Manager, Network Services * | 218.723.6729 | [email protected]

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Auth: login OK but no vlan returned after upgrade from 4.05 to 4.2.2

Reply via email to