Hi Fabrice,
Can you please help with this one? If I can get this working then my PF setup is complete and I can put my wifi to use :) Most appreciated. Regards, Greg From: Greg M [mailto:[email protected]] Sent: Monday, 6 July 2015 11:15 PM To: [email protected] Subject: Re: [PacketFence-users] Issues with Packetfence 5.2 fresh install and Cisco WLC Thanks again Fabrice. So I have created a Portal Profile for the Guest SSID that has the filter of the Guest SSD configured what part of the portal profile configuration do I specify the secure SSID that an authenticated user is redirected to? Regards, Greg From: Fabrice DURAND [mailto:[email protected]] Sent: Monday, 6 July 2015 8:55 PM To: [email protected] <mailto:[email protected]> Subject: Re: [PacketFence-users] Issues with Packetfence 5.2 fresh install and Cisco WLC Hello Greg, yes this is normal that you stay in the unsecure ssid. The next step will be to configure the secure ssid and test it , next you will have to do provisioning on the guest ssid (Portal profile -> add provisioning). Regards Fabrice Le 2015-07-05 21:11, Greg M a écrit : Hello again, I've managed to fix it - sort of - on the WLC. I created an interface group and assigned all of the VLAN's (Isolation, Registration, Default) to that group. I then assigned that Interface group to the SSID rather than just the Registration VLAN. Now what happens is when a user logs in, they get moved by Radius into the correct VLAN, but this is still on the unsecured, 'Guest' Wireless, not the 802.1x WPA'd secure one. Is this something else I am missing in the Roles section of the WLC definition in Packetfence? Thanks! Regards, Greg _____ From: Durand fabrice <mailto:[email protected]> <[email protected]> Sent: Monday, 6 July 2015 8:41 AM To: [email protected] <mailto:[email protected]> Subject: Re: [PacketFence-users] Issues with Packetfence 5.2 fresh install and Cisco WLC Hi Greg, probably the WLC again because PacketFence return the vlan 25. What you can do is on the WLC , first create an interface on the vlan 25 and try to ping it from another device on the vlan 25. If it's not working then debug what happen on the wlc: debug aaa event enable debug client <client_mac> Regards Fabrice Le 2015-07-05 19:52, Greg M a écrit : Hi Fabrice, Progress! Mon Jul 6 07:30:37 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:30:37 2015 : Auth: rlm_perl: Returning vlan 21 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:31:40 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:31:40 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:32:12 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:32:12 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:32:59 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:32:59 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:33:31 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:33:31 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:39:46 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:39:46 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:40:19 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:40:19 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:41:48 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:41:48 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:42:11 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:42:11 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 Mon Jul 6 07:42:21 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client 10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27) Mon Jul 6 07:42:21 2015 : Auth: rlm_perl: Returning vlan 25 to request from c0:bd:d1:b3:dd:27 port 1 So Im now able to connect to the Guest wifi with MAC auth turned on, login to the Captive portal, however the redirect to the Internet SSID which is bound to VLAN 25 is not working. Ive confirmed AAA override option is ticked in the SSIDs. Regards, Greg From: Durand fabrice [ <mailto:[email protected]> mailto:[email protected]] Sent: Monday, 6 July 2015 2:30 AM To: <mailto:[email protected]> [email protected] Subject: Re: [PacketFence-users] Issues with Packetfence 5.2 fresh install and Cisco WLC Hi Greg, ok so it mean something is missing on the WLC. Are you able to ping the management interface of the WLC from packetfence (and the inverse)? Did you follow this guide <http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_De vices_Configuration_Guide-5.2.0.pdf> http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Dev ices_Configuration_Guide-5.2.0.pdf page 77 ? Regards Fabrice Le 2015-07-04 21:37, Greg M a écrit : Hi Fabice, Many thanks for your email. When I run the raddebug command and login, there is no entries/logs displayed during a login/connection to the captive portal. Thanks, Greg From: Durand fabrice [ <mailto:[email protected]> mailto:[email protected]] Sent: Sunday, 5 July 2015 2:30 AM To: <mailto:[email protected]> [email protected] Subject: Re: [PacketFence-users] Issues with Packetfence 5.2 fresh install and Cisco WLC Hello Greg, did you configure the WLC (Configuration -> Switch) in packetfence ? What about "raddebug -d /usr/local/pf/raddb -t 3000" when you try to connect on the ssid ? Regards Fabrice Le 2015-07-04 13:35, Greg M a écrit : Hi, I am trying to get Packetfence setup with a Cisco WLC 2106 controller and a number of various APs. The APs and WLC themselves are fine, and I can successfully connect to the unsecured Guest SSID, enter my username and password and sign in. >From there, however I get either the unable to detect network connectivity or your network should be enabled within a minute or two and PF doesnt move me from my guest SSID to my secure, Internet-access SSID. In the packetfence logs I see: Jul 05 00:59:51 httpd.portal(2764) INFO: Authentication successful for greg in source local (SQL) (pf::authentication::authenticate) Jul 05 00:59:51 httpd.portal(2764) ERROR: attempt to add existing person greg (pf::person::person_add) Jul 05 00:59:51 httpd.portal(2764) INFO: Just finished seting the node up (captiveportal::PacketFence::Controller::Authenticate::postAuthentication) Jul 05 00:59:51 httpd.portal(2764) INFO: Passed by the provisioning (captiveportal::PacketFence::Controller::Authenticate::postAuthentication) Jul 05 00:59:51 httpd.portal(2764) INFO: [00:24:d6:02:71:e2] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) Jul 05 00:59:51 httpd.portal(2764) WARN: [00:24:d6:02:71:e2] Can't re-evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) Jul 05 00:59:51 httpd.portal(3433) INFO: Matched IP '10.10.21.11' to MAC address '00:24:d6:02:71:e2' using SQL 'iplog' table (pf::iplog::ip2mac) On the WLC I am seeing : 17 Sun Jul 5 00:36:11 2015 RADIUS server 10.10.17.250:1812 failed to respond to request (ID 10) for client 00:24:d6:02:71:e2 / user 'unknown' And further testing: root@pf:/usr/local/pf/logs# radtest execution query 10.10.17.250 12 testing123 Sending Access-Request of id 20 to 10.10.17.250 port 1812 User-Name = "execution" User-Password = "query" NAS-IP-Address = 10.10.17.250 NAS-Port = 12 Message-Authenticator = 0x00000000000000000000000000000000 Sending Access-Request of id 20 to 10.10.17.250 port 1812 User-Name = "execution" User-Password = "query" NAS-IP-Address = 10.10.17.250 NAS-Port = 12 Message-Authenticator = 0x00000000000000000000000000000000 Sending Access-Request of id 20 to 10.10.17.250 port 1812 User-Name = "execution" User-Password = "query" NAS-IP-Address = 10.10.17.250 NAS-Port = 12 Message-Authenticator = 0x00000000000000000000000000000000 radclient: no response from server for ID 20 socket 3 So is the issue with the PF Radius install? Is there something simple that needs to be done to fix this ? Many thanks, Greg ---------------------------------------------------------------------------- -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. <https://www.gigenetcloud.com/> https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list <mailto:[email protected]> [email protected] <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users ---------------------------------------------------------------------------- -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. <https://www.gigenetcloud.com/> https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list <mailto:[email protected]> [email protected] <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users ---------------------------------------------------------------------------- -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. <https://www.gigenetcloud.com/> https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list <mailto:[email protected]> [email protected] <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users ---------------------------------------------------------------------------- -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list [email protected] <mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
