Please see the result below. I noted also that RADIUS does not send new
ACL AVP after authentication:
RADIUS Request User-Name = "2c:0e:3d:f2:bd:e4" User-Password = "******"
NAS-IP-Address = 10.49.253.84 NAS-Port = 4 Service-Type = Call-Check
Framed-MTU = 1300 Called-Station-Id = "00:35:1a:9e:1e:10:Free_Wifi_IPGL"
Calling-Station-Id = "2c:0e:3d:f2:bd:e4" NAS-Identifier = "PS"
NAS-Port-Type = Wireless-802.11 Acct-Session-Id =
"59f19f9f/2c:0e:3d:f2:bd:e4/491147" Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "77"
Event-Timestamp = "Oct 26 2017 12:14:19 CEST" Airespace-Wlan-Id = 41
Cisco-AVPair = "audit-session-id=54fd310a00053eab9f9ff159"
Stripped-User-Name = "2c:0e:3d:f2:bd:e4" Realm = "null"
FreeRADIUS-Client-IP-Address = 10.49.253.84 Called-Station-SSID =
"Free_Wifi_IPGL" SQL-User-Name = "2c:0e:3d:f2:bd:e4" RADIUS Reply
Cisco-AVPair = "url-redirect-acl=Pre-Auth-For-WebRedirect" Cisco-AVPair =
"url-redirect=https://ipgl-bu-pf.ipgphotonics.com/Cisco::WLC/sid1b812b";
PacketFence-Authorization-Status = "allow"
[root@COA bin]# ./pftest authentication test1 test1
Testing authentication for "test1"
Authenticating against local
Authentication SUCCEEDED against local (Authentication successful.)
Matched against local for 'authentication' rules
set_access_duration : 5D
set_access_level : NONE
set_unreg_date : 0000-00-00 00:00:00
set_role : guest
Matched against local for 'administration' rules
set_access_duration : 5D
set_access_level : NONE
set_unreg_date : 0000-00-00 00:00:00
set_role : guest
Authenticating against file1
Authentication FAILED against file1 ()
Did not match against file1 for 'authentication' rules
Did not match against file1 for 'administration' rules
Authenticating against sms
Authentication FAILED against sms ()
Matched against sms for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against sms for 'administration' rules
Authenticating against email
Authentication SUCCEEDED against email ()
Matched against email for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against email for 'administration' rules
Authenticating against sponsor
Authentication SUCCEEDED against sponsor ()
Matched against sponsor for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against sponsor for 'administration' rules
Authenticating against null
Authentication SUCCEEDED against null ()
Matched against null for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against null for 'administration' rules
Authenticating against My_SMS
Authentication FAILED against My_SMS ()
Matched against My_SMS for 'authentication' rules
set_role : guest
set_access_duration : 1D
Did not match against My_SMS for 'administration' rules
2017-10-26 15:13 GMT+02:00 Fabrice Durand via PacketFence-users <
[email protected]>:
> Can you do that:
>
> bin/pftest authentication user password
>
> and give me the output
>
> Le 2017-10-26 à 09:09, Nicolay Rytchev via PacketFence-users a écrit :
>
> Yes , I did.
>
> [image: Встроенное изображение 1]
>
> 2017-10-26 15:00 GMT+02:00 Fabrice Durand via PacketFence-users <
> [email protected]>:
>
>> Hello Nicolay,
>>
>> did you define a role and an access duration for the user ?
>>
>> Regards
>>
>> Fabrice
>>
>>
>>
>> Le 2017-10-26 à 04:09, Nicolay Rytchev via PacketFence-users a écrit :
>>
>> Hello All,
>>
>> I can`t get access to the network by local Packetfence authentication ,
>> but the authentication process is successful please see the error log
>> message below:
>>
>> Oct 26 11:35:53 httpd.aaa(1677) INFO: [mac:2c:0e:3d:f2:bd:e4] handling
>> radius autz request: from switch_ip => (10.49.253.84), connection_type =>
>> Wireless-802.11-NoEAP,switch_mac => (00:35:1a:9e:1e:10), mac =>
>> [2c:0e:3d:f2:bd:e4], port => 4, username => "2c:0e:3d:f2:bd:e4", ssid =>
>> Free_Wifi (pf::radius::authorize)
>> Oct 26 11:35:53 httpd.aaa(1677) INFO: [mac:2c:0e:3d:f2:bd:e4] Instantiate
>> profile Guest_network (pf::Portal::ProfileFactory::_from_profile)
>> Oct 26 11:35:53 httpd.aaa(1677) INFO: [mac:2c:0e:3d:f2:bd:e4] is of
>> status unreg; belongs into registration VLAN (pf::role::getRegistrationRole
>> )
>> Oct 26 11:35:53 httpd.aaa(1677) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> (10.49.253.84) Added role Pre-Auth-For-WebRedirect to the returned RADIUS
>> Access-Accept (pf::Switch::returnRadiusAccessAccept)
>> Oct 26 11:35:53 httpd.aaa(1677) INFO: [mac:2c:0e:3d:f2:bd:e4] Adding web
>> authentication redirection to reply using role: 'Pre-Auth-For-WebRedirect'
>> and URL: 'https://ipgl-bu-pf.ipgphotonics.com/Cisco::WLC/sid6b79ba'
>> (pf::Switch::Cisco::WLC::returnRadiusAccessAccept)
>> Oct 26 11:36:04 httpd.portal(25803) INFO: [mac:2c:0e:3d:f2:bd:e4] URI
>> '/Cisco::WLC/sid6b79ba' is detected as an external captive portal URI
>> (pf::web::externalportal::handle)
>> Oct 26 11:36:04 httpd.portal(25903) INFO: [mac:unknown] External captive
>> portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:04 httpd.portal(25903) INFO: [mac:unknown] Detected external
>> portal client. Using the IP 10.49.36.49 address in it's session.
>> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIp)
>> Oct 26 11:36:04 httpd.portal(25903) ERROR: [mac:unknown] Can't bind :
>> IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:04 httpd.portal(25903) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> External captive portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:04 httpd.portal(25903) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Detected external portal client. Using the IP 10.49.36.49 address in it's
>> session. (captiveportal::PacketFence::Model::Portal::Session::_build_
>> clientIp)
>> Oct 26 11:36:04 httpd.portal(25903) ERROR: [mac:2c:0e:3d:f2:bd:e4] Can't
>> bind : IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:04 httpd.portal(25903) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Instantiate profile Guest_network (pf::Portal::ProfileFactory::_
>> from_profile)
>> Oct 26 11:36:04 httpd.portal(25676) INFO: [mac:unknown] External captive
>> portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:04 httpd.portal(25676) INFO: [mac:unknown] Detected external
>> portal client. Using the IP 10.49.36.49 address in it's session.
>> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIp)
>> Oct 26 11:36:04 httpd.portal(25676) ERROR: [mac:unknown] Can't bind :
>> IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:04 httpd.portal(25676) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> External captive portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:04 httpd.portal(25676) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Detected external portal client. Using the IP 10.49.36.49 address in it's
>> session. (captiveportal::PacketFence::Model::Portal::Session::_build_
>> clientIp)
>> Oct 26 11:36:04 httpd.portal(25676) ERROR: [mac:2c:0e:3d:f2:bd:e4] Can't
>> bind : IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:04 httpd.portal(25676) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Instantiate profile Guest_network (pf::Portal::ProfileFactory::_
>> from_profile)
>> Oct 26 11:36:08 httpd.portal(25869) INFO: [mac:unknown] External captive
>> portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:08 httpd.portal(25869) INFO: [mac:unknown] Detected external
>> portal client. Using the IP 10.49.36.49 address in it's session.
>> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIp)
>> Oct 26 11:36:08 httpd.portal(25869) ERROR: [mac:unknown] Can't bind :
>> IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:08 httpd.portal(25869) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> External captive portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:08 httpd.portal(25869) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Detected external portal client. Using the IP 10.49.36.49 address in it's
>> session. (captiveportal::PacketFence::Model::Portal::Session::_build_
>> clientIp)
>> Oct 26 11:36:08 httpd.portal(25869) ERROR: [mac:2c:0e:3d:f2:bd:e4] Can't
>> bind : IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:08 httpd.portal(25869) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Instantiate profile Guest_network (pf::Portal::ProfileFactory::_
>> from_profile)
>> Oct 26 11:36:09 httpd.portal(25676) INFO: [mac:unknown] External captive
>> portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:09 httpd.portal(25676) INFO: [mac:unknown] Detected external
>> portal client. Using the IP 10.49.36.49 address in it's session.
>> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIp)
>> Oct 26 11:36:09 httpd.portal(25676) ERROR: [mac:unknown] Can't bind :
>> IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:09 httpd.portal(25676) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> External captive portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:09 httpd.portal(25676) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Detected external portal client. Using the IP 10.49.36.49 address in it's
>> session. (captiveportal::PacketFence::Model::Portal::Session::_build_
>> clientIp)
>> Oct 26 11:36:09 httpd.portal(25676) ERROR: [mac:2c:0e:3d:f2:bd:e4] Can't
>> bind : IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:09 httpd.portal(25676) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Instantiate profile Guest_network (pf::Portal::ProfileFactory::_
>> from_profile)
>> Oct 26 11:36:21 httpd.portal(26050) INFO: [mac:unknown] External captive
>> portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:21 httpd.portal(26050) INFO: [mac:unknown] Detected external
>> portal client. Using the IP 10.49.36.49 address in it's session.
>> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIp)
>> Oct 26 11:36:21 httpd.portal(26050) ERROR: [mac:unknown] Can't bind :
>> IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:21 httpd.portal(26050) INFO: [mac:unknown] Memory
>> configuration is not valid anymore for key resource::stats_levels in local
>> cached_hash (pfconfig::cached::is_valid)
>> Oct 26 11:36:21 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> External captive portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:21 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Detected external portal client. Using the IP 10.49.36.49 address in it's
>> session. (captiveportal::PacketFence::Model::Portal::Session::_build_
>> clientIp)
>> Oct 26 11:36:21 httpd.portal(26050) ERROR: [mac:2c:0e:3d:f2:bd:e4] Can't
>> bind : IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:21 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Instantiate profile Guest_network (pf::Portal::ProfileFactory::_
>> from_profile)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Authenticating user using sources : local (captiveportal::PacketFence::D
>> ynamicRouting::Module::Authentication::Login::authenticate)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Authentication successful for 'test1' in source local (SQL)
>> (pf::authentication::authenticate)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] User
>> test1 has authenticated on the portal. (Class::MOP::Class:::after)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Successfully authenticated test1 (captiveportal::PacketFence::D
>> ynamicRouting::Module::Authentication::Login::authenticate)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] User
>> test1 has authenticated on the portal. (Class::MOP::Class:::after)
>> Oct 26 11:36:22 httpd.portal(26050) WARN: [mac:2c:0e:3d:f2:bd:e4] Calling
>> match with empty/invalid rule class. Defaulting to 'authentication'
>> (pf::authentication::match)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Using
>> sources local for matching (pf::authentication::match)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] User
>> test1 has authenticated on the portal. (Class::MOP::Class:::after)
>> Oct 26 11:36:22 httpd.portal(26050) WARN: [mac:2c:0e:3d:f2:bd:e4] Calling
>> match with empty/invalid rule class. Defaulting to 'authentication'
>> (pf::authentication::match)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Using
>> sources local for matching (pf::authentication::match)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(26050) INFO: [mac:2c:0e:3d:f2:bd:e4] Found
>> source local in session. (Class::MOP::Class:::around)
>> Oct 26 11:36:22 httpd.portal(25869) INFO: [mac:unknown] External captive
>> portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:22 httpd.portal(25869) INFO: [mac:unknown] Detected external
>> portal client. Using the IP 10.49.36.49 address in it's session.
>> (captiveportal::PacketFence::Model::Portal::Session::_build_clientIp)
>> Oct 26 11:36:22 httpd.portal(25869) ERROR: [mac:unknown] Can't bind :
>> IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:22 httpd.portal(25869) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> External captive portal detected ! (captiveportal::PacketFence::M
>> odel::Portal::Session::_build_dispatcherSession)
>> Oct 26 11:36:22 httpd.portal(25869) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Detected external portal client. Using the IP 10.49.36.49 address in it's
>> session. (captiveportal::PacketFence::Model::Portal::Session::_build_
>> clientIp)
>> Oct 26 11:36:22 httpd.portal(25869) ERROR: [mac:2c:0e:3d:f2:bd:e4] Can't
>> bind : IO::Socket::INET: connect: Connection refused
>> (pf::iplog::_get_lease_from_omapi)
>> Oct 26 11:36:22 httpd.portal(25869) INFO: [mac:2c:0e:3d:f2:bd:e4]
>> Instantiate profile Guest_network (pf::Portal::ProfileFactory::_
>> from_profile)
>>
>> Thank you in advance.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 <%28514%29%20447-4918>
>> (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 <(514)%20447-4918>
> (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
