Here is what I see.
rad_recv: Access-Request packet from host 172.16.32.30 port 32768, id=220,
length=167
User-Name = "0026c7a88a3e"
Called-Station-Id = "3c:0e:23:89:b0:40:1010"
Calling-Station-Id = "00:26:c7:a8:8a:3e"
NAS-Port = 1
NAS-IP-Address = 172.16.32.30
NAS-Identifier = "Wlan_core1"
Airespace-Wlan-Id = 3
User-Password = "0026c7a88a3e"
Service-Type = Call-Check
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2060"
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "0026c7a88a3e", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++[preprocess] = ok
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 1
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++update request {
expand: %{Packet-Src-IP-Address} -> 172.16.32.30
++} # update request = noop
++update control {
++} # update control = noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Calling-Station-Id = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Called-Station-Id = 3c:0e:23:89:b0:40:1010
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.16.32.30
rlm_perl: Added pair Airespace-Wlan-Id = 3
rlm_perl: Added pair User-Name = 0026c7a88a3e
rlm_perl: Added pair NAS-Identifier = Wlan_core1
rlm_perl: Added pair User-Password = 0026c7a88a3e
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair NAS-IP-Address = 172.16.32.30
rlm_perl: Added pair Tunnel-Private-Group-Id = 2060
rlm_perl: Added pair Framed-MTU = 1300
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 9090
++[packetfence] = noop
+} # group authorize = ok
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [0026c7a88a3e] (from client 172.16.32.30 port 1 cli 00:26:c7:a8:8a:3e)
} # server packetfence
# Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group post-auth {
++[exec] = noop
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP))
? Evaluating !(EAP-Type ) -> TRUE
?? Skipping (EAP-Type != EAP-TTLS )
?? Skipping (EAP-Type != PEAP)
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE
++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
+++update control {
+++} # update control = noop
rlm_perl: Returning vlan 3100 to request from 00:26:c7:a8:8a:3e port 1
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Called-Station-Id = 3c:0e:23:89:b0:40:1010
rlm_perl: Added pair Calling-Station-Id = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Airespace-Wlan-Id = 3
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.16.32.30
rlm_perl: Added pair User-Name = 0026c7a88a3e
rlm_perl: Added pair User-Password = 0026c7a88a3e
rlm_perl: Added pair NAS-Identifier = Wlan_core1
rlm_perl: Added pair NAS-IP-Address = 172.16.32.30
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1300
rlm_perl: Added pair Tunnel-Private-Group-Id = 2060
rlm_perl: Added pair Tunnel-Private-Group-ID = 3100
rlm_perl: Added pair User-Name = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair Airespace-ACL-Name = Authorize_any
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 9090
+++[packetfence] = ok
++} # if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = ok
+} # group post-auth = ok
Sending Access-Accept of id 220 to 172.16.32.30 port 32768
Tunnel-Private-Group-Id:0 = "3100"
User-Name = "00:26:c7:a8:8a:3e"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Airespace-ACL-Name = "Authorize_any"
Finished request 0.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 0 ID 220 with timestamp +321
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.32.30 port 32768, id=221,
length=167
User-Name = "0026c7a88a3e"
Called-Station-Id = "3c:0e:23:89:b0:40:1010"
Calling-Station-Id = "00:26:c7:a8:8a:3e"
NAS-Port = 1
NAS-IP-Address = 172.16.32.30
NAS-Identifier = "Wlan_core1"
Airespace-Wlan-Id = 3
User-Password = "0026c7a88a3e"
Service-Type = Call-Check
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2060"
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "0026c7a88a3e", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++[preprocess] = ok
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 1
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++update request {
expand: %{Packet-Src-IP-Address} -> 172.16.32.30
++} # update request = noop
++update control {
++} # update control = noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Calling-Station-Id = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Called-Station-Id = 3c:0e:23:89:b0:40:1010
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.16.32.30
rlm_perl: Added pair Airespace-Wlan-Id = 3
rlm_perl: Added pair User-Name = 0026c7a88a3e
rlm_perl: Added pair NAS-Identifier = Wlan_core1
rlm_perl: Added pair User-Password = 0026c7a88a3e
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair NAS-IP-Address = 172.16.32.30
rlm_perl: Added pair Tunnel-Private-Group-Id = 2060
rlm_perl: Added pair Framed-MTU = 1300
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 9090
++[packetfence] = noop
+} # group authorize = ok
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [0026c7a88a3e] (from client 172.16.32.30 port 1 cli 00:26:c7:a8:8a:3e)
} # server packetfence
# Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group post-auth {
++[exec] = noop
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP))
? Evaluating !(EAP-Type ) -> TRUE
?? Skipping (EAP-Type != EAP-TTLS )
?? Skipping (EAP-Type != PEAP)
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE
++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
+++update control {
+++} # update control = noop
rlm_perl: Returning vlan 3100 to request from 00:26:c7:a8:8a:3e port 1
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Called-Station-Id = 3c:0e:23:89:b0:40:1010
rlm_perl: Added pair Calling-Station-Id = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Airespace-Wlan-Id = 3
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.16.32.30
rlm_perl: Added pair User-Name = 0026c7a88a3e
rlm_perl: Added pair User-Password = 0026c7a88a3e
rlm_perl: Added pair NAS-Identifier = Wlan_core1
rlm_perl: Added pair NAS-IP-Address = 172.16.32.30
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1300
rlm_perl: Added pair Tunnel-Private-Group-Id = 2060
rlm_perl: Added pair Tunnel-Private-Group-ID = 3100
rlm_perl: Added pair User-Name = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair Airespace-ACL-Name = Authorize_any
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 9090
+++[packetfence] = ok
++} # if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = ok
+} # group post-auth = ok
Sending Access-Accept of id 221 to 172.16.32.30 port 32768
Tunnel-Private-Group-Id:0 = "3100"
User-Name = "00:26:c7:a8:8a:3e"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Airespace-ACL-Name = "Authorize_any"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 172.16.32.30 port 32768, id=211,
length=246
User-Name = "0026c7a88a3e"
NAS-Port = 1
NAS-IP-Address = 172.16.32.30
Framed-IP-Address = 172.16.50.15
Framed-IPv6-Prefix = fe80::/64
NAS-Identifier = "Wlan_core1"
Airespace-Wlan-Id = 3
Acct-Session-Id = "53fddedb/00:26:c7:a8:8a:3e/18"
NAS-Port-Type = Wireless-802.11
Cisco-AVPair = "audit-session-id=ac10201e0000002753fddebb"
Acct-Authentic = RADIUS
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "3100"
Event-Timestamp = "Aug 27 2014 09:36:27 EDT"
Acct-Status-Type = Start
Calling-Station-Id = "172.16.50.15"
Called-Station-Id = "172.16.32.30"
server packetfence {
# Executing section preacct from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group preacct {
++[preprocess] = ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
172.16.32.30,NAS-IP-Address = 172.16.32.30,Acct-Session-Id =
"53fddedb/00:26:c7:a8:8a:3e/18",User-Name = "0026c7a88a3e"'
[acct_unique] Acct-Unique-Session-ID = "5ee02df2a8bdcf4e".
++[acct_unique] = ok
[suffix] No '@' in User-Name = "0026c7a88a3e", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++[files] = noop
+} # group preacct = ok
# Executing section accounting from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group accounting {
[sql] expand: %{User-Name} -> 0026c7a88a3e
[sql] sql_set_user escaped user --> '0026c7a88a3e'
[sql] expand: %{Acct-Delay-Time} ->
[sql] ... expanding second conditional
[sql] expand: CALL acct_start ( '%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
'%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}',
'', '0', '0',
REPLACE(REPLACE('%{Called-Station-Id}','-',''),':',''),
REPLACE(REPLACE('%{Calling-Station-Id}','-',''),':',''), '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}',
'%{Acct-Status-Type}') -> CALL acct_start (
'53fddedb/00:26:c7:a8:8a:3e/18', '5ee02df2a8bdcf4e',
'0026c7a88a3e', '', '172.16.32.30', '1',
'Wireless-802.11', '2014-08-27 09:37:15', NULL, '0', 'RADIUS', '',
'', '0', '0',
REPLACE(REPLACE('172.16.32.30','-',''),':',''),
REPLACE(REPLACE('172.16.50.15','-',''),':',''), '', '',
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
++[sql] = ok
[attr_filter.accounting_response] expand: %{User-Name} -> 0026c7a88a3e
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] = updated
++update control {
++} # update control = noop
rlm_perl: MAC address is empty or invalid in this request. It could be normal
on certain radius calls
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Acct-Session-Id = 53fddedb/00:26:c7:a8:8a:3e/18
rlm_perl: Added pair Framed-IPv6-Prefix = fe80::/64
rlm_perl: Added pair Acct-Unique-Session-Id = 5ee02df2a8bdcf4e
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Called-Station-Id = 172.16.32.30
rlm_perl: Added pair Airespace-Wlan-Id = 3
rlm_perl: Added pair Acct-Authentic = RADIUS
rlm_perl: Added pair Acct-Status-Type = Start
rlm_perl: Added pair NAS-IP-Address = 172.16.32.30
rlm_perl: Added pair Tunnel-Private-Group-Id = 3100
rlm_perl: Added pair SQL-User-Name = 0026c7a88a3e
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Calling-Station-Id = 172.16.50.15
rlm_perl: Added pair Cisco-AVPair = audit-session-id=ac10201e0000002753fddebb
rlm_perl: Added pair User-Name = 0026c7a88a3e
rlm_perl: Added pair NAS-Identifier = Wlan_core1
rlm_perl: Added pair Event-Timestamp = Aug 27 2014 09:36:27 EDT
rlm_perl: Added pair Framed-IP-Address = 172.16.50.15
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair PacketFence-RPC-Port = 9090
++[packetfence] = ok
+} # group accounting = updated
} # server packetfence
Sending Accounting-Response of id 211 to 172.16.32.30 port 32768
Finished request 2.
Cleaning up request 2 ID 211 with timestamp +354
Going to the next request
Waking up in 1.0 seconds.
Cleaning up request 1 ID 221 with timestamp +350
Ready to process requests.
________________________________
From: Durand fabrice [fdur...@inverse.ca]
Sent: Tuesday, August 26, 2014 8:04 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Cisco WLC isssues
So what is the answer ?, something different ?
Regards
Fabrice
Le 2014-08-26 15:23, PFSupport a écrit :
I changed to the other auth module and the problem remains, I do not see the
answer as per your email to when I run a debug.
________________________________
From: Fabrice DURAND [fdur...@inverse.ca<mailto:fdur...@inverse.ca>]
Sent: Tuesday, August 26, 2014 1:47 PM
To:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Cisco WLC isssues
Ok so it look that you use the wrong module for web auth.
Use Cisco Wireless Controller (WLC HTTP).
After you will be able to have this type of answer:
$radius_reply_ref = {
'User-Name' => $mac,
'Cisco-AVPair' =>
["url-redirect-acl=$role","url-redirect=".$this->{'_portalURL'}."/cep$session_id{_session_id}"],
};
Le 2014-08-26 13:42, PFSupport a écrit :
Sure here is the debug
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.32.30 port 32768, id=213,
length=167
User-Name = "0026c7a88a3e"
Called-Station-Id = "3c:0e:23:89:b0:40:1010"
Calling-Station-Id = "00:26:c7:a8:8a:3e"
NAS-Port = 1
NAS-IP-Address = 172.16.32.30
NAS-Identifier = "Wlan_core1"
Airespace-Wlan-Id = 3
User-Password = "0026c7a88a3e"
Service-Type = Call-Check
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2060"
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "0026c7a88a3e", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
++[preprocess] = ok
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry DEFAULT at line 1
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++update request {
expand: %{Packet-Src-IP-Address} -> 172.16.32.30
++} # update request = noop
++update control {
++} # update control = noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Calling-Station-Id = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Called-Station-Id = 3c:0e:23:89:b0:40:1010
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.16.32.30
rlm_perl: Added pair Airespace-Wlan-Id = 3
rlm_perl: Added pair User-Name = 0026c7a88a3e
rlm_perl: Added pair NAS-Identifier = Wlan_core1
rlm_perl: Added pair User-Password = 0026c7a88a3e
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair NAS-IP-Address = 172.16.32.30
rlm_perl: Added pair Tunnel-Private-Group-Id = 2060
rlm_perl: Added pair Framed-MTU = 1300
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 9090
++[packetfence] = noop
+} # group authorize = ok
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [0026c7a88a3e] (from client 172.16.32.30 port 1 cli 00:26:c7:a8:8a:3e)
} # server packetfence
# Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/packetfence
+group post-auth {
++[exec] = noop
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP))
? Evaluating !(EAP-Type ) -> TRUE
?? Skipping (EAP-Type != EAP-TTLS )
?? Skipping (EAP-Type != PEAP)
++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE
++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
+++update control {
+++} # update control = noop
rlm_perl: Returning vlan 3100 to request from 00:26:c7:a8:8a:3e port 1
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Tunnel-Type = VLAN
rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
rlm_perl: Added pair Called-Station-Id = 3c:0e:23:89:b0:40:1010
rlm_perl: Added pair Calling-Station-Id = 00:26:c7:a8:8a:3e
rlm_perl: Added pair Airespace-Wlan-Id = 3
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 172.16.32.30
rlm_perl: Added pair User-Name = 0026c7a88a3e
rlm_perl: Added pair User-Password = 0026c7a88a3e
rlm_perl: Added pair NAS-Identifier = Wlan_core1
rlm_perl: Added pair NAS-IP-Address = 172.16.32.30
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1300
rlm_perl: Added pair Tunnel-Private-Group-Id = 2060
rlm_perl: Added pair Tunnel-Private-Group-ID = 3100
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair Airespace-ACL-Name = Authorize_any
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair Auth-Type = Accept
rlm_perl: Added pair PacketFence-RPC-Port = 9090
+++[packetfence] = ok
++} # if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = ok
+} # group post-auth = ok
Sending Access-Accept of id 213 to 172.16.32.30 port 32768
Tunnel-Private-Group-Id:0 = "3100"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Airespace-ACL-Name = "Authorize_any"
Finished request 0.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 213 with timestamp +336
Ready to process requests.
________________________________
From: Fabrice DURAND [fdur...@inverse.ca<mailto:fdur...@inverse.ca>]
Sent: Tuesday, August 26, 2014 11:24 AM
To:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Cisco WLC isssues
Hi PFSupport,
the secret is in radius, can you post the debug of radius request ?
(run radius with radiusd -d /usr/local/pf/raddb/ -X)
And after you register on the portal, pf send a CoA on the port 1700 (UDP) of
the cisco WLC controller. (Can you capture this traffic and send it as a pcap
file)
Regards
Fabrice
Le 2014-08-26 10:44, PFSupport a écrit :
I have confirmed that the data base is running and I can authenticate against
the radius server. The client does get an IP address from DHCP and is
redirected to the captive portal.
I am not running inline, I am using Vlans to assign client access and ACL on
the wirless controller.
________________________________
From: Lupe Silva [lupe.si...@gmail.com<mailto:lupe.si...@gmail.com>]
Sent: Tuesday, August 26, 2014 10:02 AM
To:
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Cisco WLC isssues
1) According to the errors, it seems that your database is not running or you
have or there is a mis-configuration.
2) Are you running inline? if not, it sounds to me like an issue of your dhcp
server setup and the dns server it is sending out.
Lupe Silva
On Mon, Aug 25, 2014 at 1:31 PM, PFSupport
<pfsupp...@qlogitek.com<mailto:pfsupp...@qlogitek.com>> wrote:
I am currently running PF 4.3 with a CISCO
wirless controller 2500 series version 8.0.100.0.
I have the system setup to use an
unsecure network for registration and use an ACL to control network access. We
use the PF captive portal to redirect users and register them on the network.
Once my users have registered they are
continually directed to the captive portal and although they are registered and
have proper access receive the messages "Your network should be enabled ....".
I see that the user is logged in assigned the role default and the correct VLAN
When I look at the packet fence log I
see
Aug 25 15:19:49 httpd.webservices(1831) WARN:
database query failed with: Column 'switch' cannot be null (errno: 1048), will
try again (pf::db::db_query_execute)
Aug 25 15:19:49
httpd.webservices(1831) WARN: database query failed with: Column 'switch'
cannot be null (errno: 1048), will try again (pf::db::db_query_execute)
Aug 25 15:19:49
httpd.webservices(1831) WARN: database query failed with: Column 'switch'
cannot be null (errno: 1048), will try again (pf::db::db_query_execute)
Aug 25 15:19:49
httpd.webservices(1831) ERROR: Database issue: We tried 3 times to serve query
locationlog_insert_closed_sql called from
pf::locationlog::locationlog_insert_closed and we failed. Is the database
running? (pf::db::db_query_execute)
Aug 25 15:20:17 httpd.webservices(1831)
WARN: unable to convert connection_type to string. called from pf::api
pf::locationlog::locationlog_insert_closed (pf::util::connection_type_to_str)
Aug 25 15:20:17
httpd.webservices(1831) INFO: Asked to insert a locationlog entry with
connection
type unknown. (pf::locationlog::locationlog_insert_closed)
Aug 25 15:20:17
httpd.webservices(1831) WARN: database query failed with: Column 'switch'
cannot be null (errno: 1048), will try again (pf::db::db_query_execute)
Aug 25 15:20:17 httpd.webservices(1831)
WARN: database query failed with: Column 'switch' cannot be null (errno: 1048),
will try again (pf::db::db_query_execute)
Aug 25 15:20:17
httpd.webservices(1831) WARN: database query failed with: Column 'switch'
cannot be null (errno: 1048), will try again (pf::db::db_query_execute)
Aug 25 15:20:17
httpd.webservices(1831) ERROR: Database issue: We tried 3 times to serve query
locationlog_insert_closed_sql called from
pf::locationlog::locationlog_insert_closed and we failed. Is the database
running?
(pf::db::db_query_execute)
I have setup the controller as per
example
Chapter 5
Wireless LAN Controller (WLC) Web Auth
Any help would be greatly appreicated
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca<mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135) ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
