Hello Greg, yes this is normal that you stay in the unsecure ssid.
The next step will be to configure the secure ssid and test it , next you will have to do provisioning on the guest ssid (Portal profile -> add provisioning). Regards Fabrice Le 2015-07-05 21:11, Greg M a écrit : > > Hello again, > > > I've managed to fix it - sort of - on the WLC. I created an interface > group and assigned all of the VLAN's (Isolation, Registration, > Default) to that group. I then assigned that Interface group to the > SSID rather than just the Registration VLAN. > > > Now what happens is when a user logs in, they get moved by Radius into > the correct VLAN, but this is still on the unsecured, 'Guest' > Wireless, not the 802.1x WPA'd secure one. > > > Is this something else I am missing in the Roles section of the WLC > definition in Packetfence? > > > Thanks! > > > Regards, > > > Greg > > > > ------------------------------------------------------------------------ > *From:* Durand fabrice <[email protected]> > *Sent:* Monday, 6 July 2015 8:41 AM > *To:* [email protected] > *Subject:* Re: [PacketFence-users] Issues with Packetfence 5.2 fresh > install and Cisco WLC > > Hi Greg, > > probably the WLC again because PacketFence return the vlan 25. > > What you can do is on the WLC , first create an interface on the vlan > 25 and try to ping it from another device on the vlan 25. > If it's not working then debug what happen on the wlc: > debug aaa event enable > debug client <client_mac> > > Regards > Fabrice > > > Le 2015-07-05 19:52, Greg M a écrit : >> >> Hi Fabrice, >> >> >> >> Progress! >> >> >> >> Mon Jul 6 07:30:37 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:30:37 2015 : Auth: rlm_perl: Returning vlan 21 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:31:40 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:31:40 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:32:12 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:32:12 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:32:59 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:32:59 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:33:31 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:33:31 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:39:46 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:39:46 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:40:19 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:40:19 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:41:48 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:41:48 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:42:11 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:42:11 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> Mon Jul 6 07:42:21 2015 : Auth: Login OK: [c0bdd1b3dd27] (from >> client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) >> >> Mon Jul 6 07:42:21 2015 : Auth: rlm_perl: Returning vlan 25 to >> request from c0:bd:d1:b3:dd:27 port 1 >> >> >> >> >> >> So I’m now able to connect to the Guest wifi with MAC auth turned on, >> login to the Captive portal, however the redirect to the “Internet” >> SSID which is bound to VLAN 25 is not working. I’ve confirmed AAA >> override option is ticked in the SSID’s. >> >> >> >> Regards, >> >> >> >> Greg >> >> >> >> *From:*Durand fabrice [mailto:[email protected]] >> *Sent:* Monday, 6 July 2015 2:30 AM >> *To:* [email protected] >> <mailto:[email protected]> >> *Subject:* Re: [PacketFence-users] Issues with Packetfence 5.2 fresh >> install and Cisco WLC >> >> >> >> Hi Greg, >> >> ok so it mean something is missing on the WLC. >> Are you able to ping the management interface of the WLC from >> packetfence (and the inverse)? >> >> Did you follow this guide >> http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.2.0.pdf >> page 77 ? >> >> Regards >> Fabrice >> >> Le 2015-07-04 21:37, Greg M a écrit : >> >> Hi Fabice, >> >> >> >> Many thanks for your email. >> >> >> >> When I run the raddebug command and login, there is no >> entries/logs displayed during a login/connection to the captive >> portal. >> >> >> >> Thanks, >> >> >> >> Greg >> >> >> >> *From:*Durand fabrice [mailto:[email protected]] >> *Sent:* Sunday, 5 July 2015 2:30 AM >> *To:* [email protected] >> <mailto:[email protected]> >> *Subject:* Re: [PacketFence-users] Issues with Packetfence 5.2 >> fresh install and Cisco WLC >> >> >> >> Hello Greg, >> >> did you configure the WLC (Configuration -> Switch) in packetfence ? >> What about "raddebug -d /usr/local/pf/raddb -t 3000" when you try >> to connect on the ssid ? >> >> Regards >> Fabrice >> >> >> Le 2015-07-04 13:35, Greg M a écrit : >> >> Hi, >> >> >> >> I am trying to get Packetfence setup with a Cisco WLC 2106 >> controller and a number of various AP’s. >> >> >> >> The AP’s and WLC themselves are fine, and I can successfully >> connect to the unsecured Guest SSID, enter my username and >> password and sign in. >> >> >> >> From there, however I get either the ‘unable to detect >> network connectivity’ or ‘your network should be enabled >> within a minute or two’ – and PF doesn’t move me from my >> guest SSID to my secure, Internet-access SSID. >> >> >> >> In the packetfence logs I see: >> >> >> >> Jul 05 00:59:51 httpd.portal(2764) INFO: Authentication >> successful for greg in source local (SQL) >> (pf::authentication::authenticate) >> >> Jul 05 00:59:51 httpd.portal(2764) ERROR: attempt to add >> existing person greg (pf::person::person_add) >> >> Jul 05 00:59:51 httpd.portal(2764) INFO: Just finished seting >> the node up >> >> (captiveportal::PacketFence::Controller::Authenticate::postAuthentication) >> >> Jul 05 00:59:51 httpd.portal(2764) INFO: Passed by the >> provisioning >> >> (captiveportal::PacketFence::Controller::Authenticate::postAuthentication) >> >> Jul 05 00:59:51 httpd.portal(2764) INFO: [00:24:d6:02:71:e2] >> re-evaluating access (manage_register called) >> (pf::enforcement::reevaluate_access) >> >> Jul 05 00:59:51 httpd.portal(2764) WARN: [00:24:d6:02:71:e2] >> Can't re-evaluate access because no open locationlog entry >> was found (pf::enforcement::reevaluate_access) >> >> Jul 05 00:59:51 httpd.portal(3433) INFO: Matched IP >> '10.10.21.11' to MAC address '00:24:d6:02:71:e2' using SQL >> 'iplog' table (pf::iplog::ip2mac) >> >> >> >> On the WLC I am seeing : >> >> >> >> 17 Sun Jul 5 00:36:11 2015 RADIUS server >> 10.10.17.250:1812 failed to respond to request (ID 10) for >> client 00:24:d6:02:71:e2 / user 'unknown' >> >> >> >> And further testing: >> >> >> >> root@pf:/usr/local/pf/logs# radtest execution query >> 10.10.17.250 12 testing123 >> >> Sending Access-Request of id 20 to 10.10.17.250 port 1812 >> >> User-Name = "execution" >> >> User-Password = "query" >> >> NAS-IP-Address = 10.10.17.250 >> >> NAS-Port = 12 >> >> Message-Authenticator = >> 0x00000000000000000000000000000000 >> >> Sending Access-Request of id 20 to 10.10.17.250 port 1812 >> >> User-Name = "execution" >> >> User-Password = "query" >> >> NAS-IP-Address = 10.10.17.250 >> >> NAS-Port = 12 >> >> Message-Authenticator = >> 0x00000000000000000000000000000000 >> >> Sending Access-Request of id 20 to 10.10.17.250 port 1812 >> >> User-Name = "execution" >> >> User-Password = "query" >> >> NAS-IP-Address = 10.10.17.250 >> >> NAS-Port = 12 >> >> Message-Authenticator = >> 0x00000000000000000000000000000000 >> >> radclient: no response from server for ID 20 socket 3 >> >> >> >> >> >> So is the issue with the PF Radius install? Is there >> something simple that needs to be done to fix this ? >> >> >> >> Many thanks, >> >> >> >> Greg >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Don't Limit Your Business. Reach for the Cloud. >> >> GigeNET's Cloud Solutions provide you with the tools and support that >> >> you need to offload your IT needs and focus on growing your business. >> >> Configured For All Businesses. Start Your Cloud Today. >> >> https://www.gigenetcloud.com/ >> >> >> >> >> >> _______________________________________________ >> >> PacketFence-users mailing list >> >> [email protected] >> <mailto:[email protected]> >> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Don't Limit Your Business. Reach for the Cloud. >> >> GigeNET's Cloud Solutions provide you with the tools and support that >> >> you need to offload your IT needs and focus on growing your business. >> >> Configured For All Businesses. Start Your Cloud Today. >> >> https://www.gigenetcloud.com/ >> >> >> >> >> _______________________________________________ >> >> PacketFence-users mailing list >> >> [email protected] >> <mailto:[email protected]> >> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> >> >> ------------------------------------------------------------------------------ >> Don't Limit Your Business. Reach for the Cloud. >> GigeNET's Cloud Solutions provide you with the tools and support that >> you need to offload your IT needs and focus on growing your business. >> Configured For All Businesses. Start Your Cloud Today. >> https://www.gigenetcloud.com/ >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
