Hello Umberto, You need to track down the device you are testing on the WLC, we can see that PacketFence send the ACL for the URL redirect "Pre-Auth_For_WebRedirect".
Does this device you are testing with have the ACL applied on the WLC(client list)? Does the ACL "Pre-Auth_For_WebRedirect" is written exactly the same way on the WLC? Note: When you are using the WLC 4400 module your ACL has - instead of _ The answer to those questions should help you to the solution. If it doesn't start by running "raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600" on your terminal and watch the RADIUS exchange between the WLC and PF you should see "Cisco-AVPair = url-redirect="http://PacketFence_Portal_IP/cepXXXXXX"; in the radius answer. Thank you. On 12/09/2015 09:35 AM, Umberto Ciocca wrote: > Hi all, > I’m trying to set up web authentication using a Cisco WLC 4402 ver. > 5.0.148.0. > I have installed PacketFence 5.5.2 and followed the instructions for > "Wireless LAN Controller (WLC) Web Auth" from the Network configuration > guide. > When I open a browser I am not redirect to the captive portal and the > client is connected and free to access the Internet. > Any suggestion? > Thanks, > Umberto Ciocca > University of Siena > > Here is the output of packetfence.log > 1) switch configured as WLC HTTP type: > ... > httpd.aaa(5621) INFO: [mac:b0-c5-59-1c-bc-05] Memory configuration is > not valid anymore for key config::Switch in local cached_hash > (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] handling radius autz > request: from switch_ip => (10.1.0.10), connection_type => > Wireless-802.11-NoEAP,switch_mac => (00:1b:2b:68:be:70), mac => > [b0:c5:59:1c:bc:05], port => 1, username => "b0c5591cbc05", ssid => > OnlyForTest (pf::radius::authorize) > httpd.aaa(5621) WARN: [mac:b0:c5:59:1c:bc:05] Filesystem timestamp is > not set for FilterEngine::VlanScopes. Considering memory as invalid. > (pfconfig::cached::is_valid) (pfconfig::cached::is_valid) > httpd.aaa(5621) WARN: [mac:b0:c5:59:1c:bc:05] Filesystem timestamp is > not set for config::FloatingDevices. Considering memory as invalid. > (pfconfig::cached::is_valid) (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] Memory configuration is > not valid anymore for key config::Pf in local cached_hash > (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] is of status unreg; > belongs into registration VLAN (pf::vlan::getRegistrationVlan) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] (10.1.0.10) Added role > Pre-Auth-For-WebRedirect to the returned RADIUS Access-Accept > (pf::Switch::returnRadiusAccessAccept) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] (10.1.0.10) Returning > ACCEPT with VLAN 2 and role Pre-Auth_For_WebRedirect > (pf::Switch::returnRadiusAccessAccept) > httpd.aaa(5621) WARN: [mac:b0:c5:59:1c:bc:05] Filesystem timestamp is > not set for FilterEngine::RadiusScopes. Considering memory as invalid. > (pfconfig::cached::is_valid) (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0-c5-59-1c-bc-05] Memory configuration is > not valid anymore for key config::Switch in local cached_hash > (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] handling radius autz > request: from switch_ip => (10.1.0.10), connection_type => > Wireless-802.11-NoEAP,switch_mac => (00:1b:2b:68:be:70), mac => > [b0:c5:59:1c:bc:05], port => 1, username => "b0c5591cbc05", ssid => > OnlyForTest (pf::radius::authorize) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] Memory configuration is > not valid anymore for key FilterEngine::VlanScopes in local cached_hash > (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] Memory configuration is > not valid anymore for key config::FloatingDevices in local cached_hash > (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] Memory configuration is > not valid anymore for key config::Pf in local cached_hash > (pfconfig::cached::is_valid) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] is of status unreg; > belongs into registration VLAN (pf::vlan::getRegistrationVlan) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] (10.1.0.10) Added role > Pre-Auth-For-WebRedirect to the returned RADIUS Access-Accept > (pf::Switch::returnRadiusAccessAccept) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] (10.1.0.10) Returning > ACCEPT with VLAN 2 and role Pre-Auth_For_WebRedirect > (pf::Switch::returnRadiusAccessAccept) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] Adding web authentication > redirection to reply using role : Pre-Auth_For_WebRedirect and URL : > http://10.1.212.2/cepb275f8. > (pf::Switch::Cisco::WLC_http::returnRadiusAccessAccept) > httpd.aaa(5621) INFO: [mac:b0:c5:59:1c:bc:05] Memory configuration is > not valid anymore for key FilterEngine::RadiusScopes in local > cached_hash (pfconfig::cached::is_valid) > ... > 2) switch configured as WLC 4400 type: > ... > httpd.aaa(5621) INFO: [mac:b0-c5-59-1c-bc-05] Memory configuration is > not valid anymore for key config::Switch in local cached_hash > (pfconfig::cached::is_valid) > INFO: [mac:b0:c5:59:1c:bc:05] handling radius autz request: from > switch_ip => (10.1.0.10), connection_type => > Wireless-802.11-NoEAP,switch_mac => (00:1b:2b:68:be:70), mac => > [b0:c5:59:1c:bc:05], port => 1, username => "b0c5591cbc05", ssid => > OnlyForTest (pf::radius::authorize) > httpd.aaa(5621) WARN: [mac:b0:c5:59:1c:bc:05] Filesystem timestamp is > not set for FilterEngine::VlanScopes. Considering memory as invalid. > (pfconfig::cached::is_valid) (pfconfig::cached::is_valid) > httpd.aaa(5621) WARN: [mac:b0:c5:59:1c:bc:05] Filesystem timestamp is > not set for config::FloatingDevices. Considering memory as invalid. > (pfconfig::cached::is_valid) (pfconfig::cached::is_valid) > INFO: [mac:b0:c5:59:1c:bc:05] Memory configuration is not valid anymore > for key config::Pf in local cached_hash (pfconfig::cached::is_valid) > INFO: [mac:b0:c5:59:1c:bc:05] is of status unreg; belongs into > registration VLAN (pf::vlan::getRegistrationVlan) > INFO: [mac:b0:c5:59:1c:bc:05] (10.1.0.10) Added role > Pre-Auth-For-WebRedirect to the returned RADIUS Access-Accept > (pf::Switch::returnRadiusAccessAccept) > INFO: [mac:b0:c5:59:1c:bc:05] (10.1.0.10) Returning ACCEPT with VLAN 2 > and role Pre-Auth-For-WebRedirect (pf::Switch::returnRadiusAccessAccept) > httpd.aaa(5621) WARN: [mac:b0:c5:59:1c:bc:05] Filesystem timestamp is > not set for FilterEngine::RadiusScopes. Considering memory as invalid. > (pfconfig::cached::is_valid) (pfconfig::cached::is_valid) > ... > > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Antoine Amacher [email protected] :: +1.514.447.4918 *130 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
