I am attempting to set up PacketFence to do WebAuth for a Cisco WLC and also
for some Meraki APs. I am following the relevant portions of the Network Device
Configuration Guide. Things appear to be working, with the exception of the
RFC5176 portion where PacketFence sends the url-redirect Cisco AV Pair to the
controller or APs.
Here is my switches.conf:
[default]
VlanMap=N
RoleMap=Y
UrlMap=Y
registrationUrl=https://packetfence.rochester.k12.mn.us/$session_id
[10.2.0.134]
coaPort=1700
deauthMethod=RADIUS
registrationRole=Pre-Auth-For-WebRedirect
Staff-BYODRole=RPS-BYOD
description=WLC2504-TSSC
controllerIp=10.2.0.134
mode=production
VoIPDHCPDetect=N
type=Cisco::WiSM2
REJECTRole=Pre-Auth-For-WebRedirect
VoIPCDPDetect=N
VoIPLLDPDetect=N
Student-BYODRole=RPS-BYOD
IT-BYODRole=RPS
SNMPCommunityRead=SuperSecretCommunityString
radiusSecret=SuperSecretPassword
SNMPVersion=2c
RoleMap=N
[10.102.239.0/24]
description=Test Lab APs
group=Meraki-APs
[group Meraki-APs]
VoIPCDPDetect=N
VoIPLLDPDetect=N
deauthMethod=RADIUS
coaPort=1700
mode=production
description=Meraki AP Default Values
type=Meraki::MR_v2
VoIPDHCPDetect=N
radiusSecret=SuperSecretPassword
UrlMap=Y
registrationUrl=http://packetfence.rochester.k12.mn.us/$session_id
RoleMap=Y
IT-BYODRole=IT-BYOD
Student-BYODRole=Student-BYOD
VlanMap=N
Staff-BYODRole=Staff-BYOD
And the relevant snippet from the RADIUS debug:
(74) Wed Mar 15 13:09:00 2017: Debug: linelog: EXPAND
/usr/local/pf/logs/radius.log
(74) Wed Mar 15 13:09:00 2017: Debug: linelog: -->
/usr/local/pf/logs/radius.log
(74) Wed Mar 15 13:09:00 2017: Debug: [linelog] = ok
(74) Wed Mar 15 13:09:00 2017: Debug: } # post-auth = updated
(74) Wed Mar 15 13:09:00 2017: Debug: Sent Access-Accept Id 10 from
10.1.4.76:1812 to 10.102.239.101:42797 length 0
(74) Wed Mar 15 13:09:00 2017: Debug: PacketFence-Authorization-Status =
"allow"
(74) Wed Mar 15 13:09:00 2017: Debug: Airespace-ACL-Name = "registration"
(74) Wed Mar 15 13:09:00 2017: Debug: Finished request
I am only getting the "Airespace-ACL-Name" AV Pair sent to both the Cisco WLC
and the Meraki APs. What do I need to change to get the url-redirect AV pair
sent to the devices? I can see the ACLs (or group policies in the case of
Meraki) are correctly assigned. I can also access the login page manually so I
know the ACLs are permitting access.
Thanks,
Ben
Notice
This E-mail transmission may contain confidential or legally privileged
information that is intended for the individual or entity named in the E-mail
address. Use of such information by any intended recipient shall be limited to
the purpose for which such information was sent. Unauthorized use, disclosure,
or copying is strictly prohibited. If you received this E-mail transmission in
error, please reply to the sender and delete the message. Thank you.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
