Hello Ruth,
First you need to check if the code of the AP in PacketFence support
CoA, if no then it's not something really complicate to add.
Next , remove the local user you created in radius and create a local
account in PacketFence in order to use it on the portal (User tab).
Next configure your AP to talk to the radius server (mac auth) and when
you will hit the portal then use the credential of the local user.
Regards
Fabrice
Le 2017-05-15 à 13:17, Ruth Tsai a écrit :
>
> Hi Fabrice,
>
>
>
> Our AP or management station will support CoA. Do I need to enable any
> configuration for PacketFence to send CoA to switch?
>
>
>
> I installed PacketFence 7.0.0 and tried it and received "invalid login
> or password" from browser login page.
>
> The "guest Cleartext-Password := "guest"" was added to raddb/users file.
>
> The /usr/local/pf/logs/radius.log does not have login failure log.
>
>
>
> I tried the "radtest" command and got Access-Reject on the post
> authentication.
>
> The "/usr/local/pf/logs/radius.log" showed the following error logs.
>
> (1) rest: ERROR:
> {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"CLI
> Access is not allowed by PacketFence on this switch"}
>
> (1) Rejected in post-auth: [guest] (from client localhost port 12)
>
>
>
> [admin@pretoria ~]$ radtest guest guest localhost:18120 12 testing123
>
> Sent Access-Request Id 85 from 0.0.0.0:34835 to 127.0.0.1:18120 length 75
>
> User-Name = "guest"
>
> User-Password = "guest"
>
> NAS-IP-Address = 172.21.7.53
>
> NAS-Port = 12
>
> Message-Authenticator = 0x00
>
> Cleartext-Password = "guest"
>
> Received Access-Reject Id 85 from 127.0.0.1:18120 to 0.0.0.0:0 length 20
>
> (0) -: Expected Access-Accept got Access-Reject
>
>
>
> Attached are the radius log from "radiusd -X" and screen shot of login
> failure page.
>
>
>
> Do I need to configure anything else?
>
>
>
> Thanks
>
>
>
> Ruth
>
> *From: *Durand fabrice <[email protected]>
> *Reply-To: *"[email protected]"
> <[email protected]>
> *Date: *Monday, May 8, 2017 at 6:04 AM
> *To: *"[email protected]"
> <[email protected]>
> *Subject: *Re: [PacketFence-users] WebAuth & CoA
>
>
>
> Hello Ruth,
>
> it depend if the AP support CoA.
>
> Regards
>
> Fabrice
>
>
>
>
>
> Le 2017-05-07 à 14:48, Ruth Tsai a écrit :
>
> Hi,
>
>
>
> We are considering using PacketFence as hotspot for wireless
> client. I have question on CoA. We will register AP or management
> station as switch Web Auth role.
>
> Will PacketFence notify switch by using CoA after client
> authentication completion (authorize or reject)? Or there is any
> other way switch is notified of the authentication status?
>
>
>
> Thanks
>
>
> Ruth
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> [email protected]
> <mailto:[email protected]>
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
