Hey Fabrice thanks for the very quick reply :-)
I have replaced the file (and rebooted Packetfence though I dunno if it was
needed)
For now I still get this :
Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] User default has
authenticated on the portal. (Class::MOP::Class:::after)
Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] Reevaluating access of
device.
(captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] re-evaluating access
(manage_register called) (pf::enforcement::reevaluate_access)
Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] VLAN reassignment is
forced. (pf::enforcement::_should_we_reassign_vlan)
Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] switch port is
(00:18:0a:b3:fd:4f) ifIndex 1 connection type: Wired MAC Auth
(pf::enforcement::_vlan_reevaluation)
Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
httpd.portal(4645) INFO: [mac:00:e1:4c:68:51:0c] Instantiate profile
default (pf::Connection::ProfileFactory::_from_profile)
*Oct 31 09:54:05 PacketFence-ZEN pfqueue: pfqueue(5134) WARN:
[mac:00:e1:4c:68:51:0c] Until CoA is implemented we will bounce the port on
VLAN re-assignment traps for MAC-Auth
(pf::Switch::handleReAssignVlanTrapForWiredMacAuth)*
Oct 31 09:54:09 PacketFence-ZEN pfqueue: pfqueue(5134) ERROR:
[mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
192.168.10.128: No response from remote host "192.168.10.128"
(pf::Switch::connectWriteTo)
Oct 31 09:54:17 PacketFence-ZEN pfqueue: pfqueue(5134) ERROR:
[mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
192.168.10.128: No response from remote host "192.168.10.128"
(pf::Switch::connectWriteTo)
Oct 31 09:55:41 PacketFence-ZEN pfqueue: pfqueue(5143) WARN:
[mac:00:e1:4c:68:51:0c] Until CoA is implemented we will bounce the port on
VLAN re-assignment traps for MAC-Auth
(pf::Switch::handleReAssignVlanTrapForWiredMacAuth)
Oct 31 09:55:45 PacketFence-ZEN pfqueue: pfqueue(5143) ERROR:
[mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
192.168.10.128: No response from remote host "192.168.10.128"
(pf::Switch::connectWriteTo)
Oct 31 09:55:53 PacketFence-ZEN pfqueue: pfqueue(5143) ERROR:
[mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
192.168.10.128: No response from remote host "192.168.10.128"
(pf::Switch::connectWriteTo)
Oct 31 09:56:08 PacketFence-ZEN pfqueue: pfqueue(5030) WARN:
[mac:00:1c:2e:01:70:00] Use of uninitialized value in concatenation (.) or
string at /usr/local/pf/lib/fingerbank/SourceMatcher.pm line 49.
(fingerbank::SourceMatcher::match_best)
So it doesn't work yet or I did something wrong :-)
My switch settings are as follow :
I added it with its MAC address , type MS220_8 / production mode / Desauth
Method : RADIUS / CoA is ticked , I dont know if there is anything else I
should set ?
For 802.1X I did not bind Packetfence to an AD, I thought it could use the
local user database ?
thanks
On Mon, Oct 30, 2017 at 7:40 PM, Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:
> Hello Gonzague,
>
> it will not really complicate to add the CoA support for Meraki switches
> in PacketFence.
>
> Can you try the attached switch module and let me know.
>
> Also for the 802.1x issue , did you joined the server to your AD ?
>
> Did you created realm associated to your domain ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-10-30 à 14:04, Gonzague Dambricourt via PacketFence-users a écrit :
>
> Hi guys
>
> I have installed the latest version of PacketFence (ZEN) on my network do
> try integration with Cisco Meraki devices. I have both MR access points and
> a MS220 8 port switch
>
> I found the Meraki::MS220_8 switch type for my switch .. but I think it
> might be a package that was developed back when Meraki didn't support CoA -
> Change of Authorization which is now possible both on switches and access
> points ( https://documentation.meraki.com/MS/Access_Control/Change_
> of_Authorization_with_RADIUS_(CoA)_on_MS_Switches )
>
> So the result for now when I use wired auth on my switch is as follows :
>
> Oct 30 18:50:03 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(3003) INFO: [mac:00:e1:4c:68:51:0c] VLAN reassignment is
> forced. (pf::enforcement::_should_we_reassign_vlan)
> Oct 30 18:50:03 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(3003) INFO: [mac:00:e1:4c:68:51:0c] switch port is
> (00:18:0a:b3:fd:4f) ifIndex 1 connection type: Wired MAC Auth
> (pf::enforcement::_vlan_reevaluation)
> *Oct 30 18:50:04 PacketFence-ZEN pfqueue: pfqueue(3269) WARN:
> [mac:00:e1:4c:68:51:0c] Until CoA is implemented we will bounce the port on
> VLAN re-assignment traps for MAC-Auth
> (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)*
> Oct 30 18:50:08 PacketFence-ZEN pfqueue: pfqueue(3269) ERROR:
> [mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
> 192.168.10.128: No response from remote host "192.168.10.128"
> (pf::Switch::connectWriteTo)
>
> Is is difficult to fix the MS228_8.pm file so that it could use CoA ?
>
> I tried adding *use pf::util::radius qw(perform_coa); *to the file with
> the cute little hope it would do the trick but it doesn't seem to be enough.
>
> *Also unrelated but :*
> - With my ZEN config I cant use 802.1X .. But I dont really get why,I get
> the following error :
> Module-Failure-Message = "mschap: Program returned code (1) and output
> 'Reading winbind reply failed! (0xc0000001)'"
> Module-Failure-Message = "mschap: External script says: Reading winbind
> reply failed! (0xc0000001)"
> Module-Failure-Message = "mschap: MS-CHAP2-Response is incorrect"
> User-Password = "******"
> Module-Failure-Message = "Failed retrieving values required to evaluate
> condition"
> - It would be awesome to have some sort of view of the switches status,
> like a "last heartbeat" or a way to see quickly the log events related to
> one of them
>
> Thanks a lot :-)
>
> Gonzague
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 <+1%20514-447-4918>
> (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
