Hello Gonzague, it will not really complicate to add the CoA support for Meraki switches in PacketFence.
Can you try the attached switch module and let me know. Also for the 802.1x issue , did you joined the server to your AD ? Did you created realm associated to your domain ? Regards Fabrice Le 2017-10-30 à 14:04, Gonzague Dambricourt via PacketFence-users a écrit : > Hi guys > > I have installed the latest version of PacketFence (ZEN) on my network > do try integration with Cisco Meraki devices. I have both MR access > points and a MS220 8 port switch > > I found the Meraki::MS220_8 switch type for my switch .. but I think > it might be a package that was developed back when Meraki didn't > support CoA - Change of Authorization which is now possible both on > switches and access points > ( > https://documentation.meraki.com/MS/Access_Control/Change_of_Authorization_with_RADIUS_(CoA)_on_MS_Switches > <https://documentation.meraki.com/MS/Access_Control/Change_of_Authorization_with_RADIUS_%28CoA%29_on_MS_Switches> > ) > > So the result for now when I use wired auth on my switch is as follows : > > Oct 30 18:50:03 PacketFence-ZEN packetfence_httpd.portal: > httpd.portal(3003) INFO: [mac:00:e1:4c:68:51:0c] VLAN reassignment is > forced. (pf::enforcement::_should_we_reassign_vlan) > Oct 30 18:50:03 PacketFence-ZEN packetfence_httpd.portal: > httpd.portal(3003) INFO: [mac:00:e1:4c:68:51:0c] switch port is > (00:18:0a:b3:fd:4f) ifIndex 1 connection type: Wired MAC Auth > (pf::enforcement::_vlan_reevaluation) > *Oct 30 18:50:04 PacketFence-ZEN pfqueue: pfqueue(3269) WARN: > [mac:00:e1:4c:68:51:0c] Until CoA is implemented we will bounce the > port on VLAN re-assignment traps for MAC-Auth > (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)* > Oct 30 18:50:08 PacketFence-ZEN pfqueue: pfqueue(3269) ERROR: > [mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection > to 192.168.10.128 <http://192.168.10.128/>: No response from remote > host "192.168.10.128" (pf::Switch::connectWriteTo) > > Is is difficult to fix the MS228_8.pm file so that it could use CoA ? > > I tried adding /use pf::util::radius qw(perform_coa); /to the file > with the cute little hope it would do the trick but it doesn't seem to > be enough. > > *Also unrelated but :* > - With my ZEN config I cant use 802.1X .. But I dont really get why,I > get the following error : > Module-Failure-Message = "mschap: Program returned code (1) and output > 'Reading winbind reply failed! (0xc0000001)'" > Module-Failure-Message = "mschap: External script says: Reading > winbind reply failed! (0xc0000001)" > Module-Failure-Message = "mschap: MS-CHAP2-Response is incorrect" > User-Password = "******" > Module-Failure-Message = "Failed retrieving values required to > evaluate condition" > - It would be awesome to have some sort of view of the switches > status, like a "last heartbeat" or a way to see quickly the log events > related to one of them > > Thanks a lot :-) > > Gonzague > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
MS220_8.pm
Description: Perl program
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
