Hello Gonzague,
can i see your switches.conf , because it looks that the switch module
is not instantiate.
Regards
Fabrice
Le 2017-10-31 à 05:04, Gonzague Dambricourt a écrit :
> Hey Fabrice thanks for the very quick reply :-)
>
> I have replaced the file (and rebooted Packetfence though I dunno if
> it was needed)
>
> For now I still get this :
> Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] Instantiate profile
> default (pf::Connection::ProfileFactory::_from_profile)
> Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] User default has
> authenticated on the portal. (Class::MOP::Class:::after)
> Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] Reevaluating access
> of device.
> (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
> Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] re-evaluating access
> (manage_register called) (pf::enforcement::reevaluate_access)
> Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] VLAN reassignment is
> forced. (pf::enforcement::_should_we_reassign_vlan)
> Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(4695) INFO: [mac:00:e1:4c:68:51:0c] switch port is
> (00:18:0a:b3:fd:4f) ifIndex 1 connection type: Wired MAC Auth
> (pf::enforcement::_vlan_reevaluation)
> Oct 31 09:54:04 PacketFence-ZEN packetfence_httpd.portal:
> httpd.portal(4645) INFO: [mac:00:e1:4c:68:51:0c] Instantiate profile
> default (pf::Connection::ProfileFactory::_from_profile)
> *Oct 31 09:54:05 PacketFence-ZEN pfqueue: pfqueue(5134) WARN:
> [mac:00:e1:4c:68:51:0c] Until CoA is implemented we will bounce the
> port on VLAN re-assignment traps for MAC-Auth
> (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)*
> Oct 31 09:54:09 PacketFence-ZEN pfqueue: pfqueue(5134) ERROR:
> [mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
> 192.168.10.128 <http://192.168.10.128>: No response from remote host
> "192.168.10.128" (pf::Switch::connectWriteTo)
> Oct 31 09:54:17 PacketFence-ZEN pfqueue: pfqueue(5134) ERROR:
> [mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
> 192.168.10.128 <http://192.168.10.128>: No response from remote host
> "192.168.10.128" (pf::Switch::connectWriteTo)
> Oct 31 09:55:41 PacketFence-ZEN pfqueue: pfqueue(5143) WARN:
> [mac:00:e1:4c:68:51:0c] Until CoA is implemented we will bounce the
> port on VLAN re-assignment traps for MAC-Auth
> (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)
> Oct 31 09:55:45 PacketFence-ZEN pfqueue: pfqueue(5143) ERROR:
> [mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
> 192.168.10.128 <http://192.168.10.128>: No response from remote host
> "192.168.10.128" (pf::Switch::connectWriteTo)
> Oct 31 09:55:53 PacketFence-ZEN pfqueue: pfqueue(5143) ERROR:
> [mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection to
> 192.168.10.128 <http://192.168.10.128>: No response from remote host
> "192.168.10.128" (pf::Switch::connectWriteTo)
> Oct 31 09:56:08 PacketFence-ZEN pfqueue: pfqueue(5030) WARN:
> [mac:00:1c:2e:01:70:00] Use of uninitialized value in concatenation
> (.) or string at /usr/local/pf/lib/fingerbank/SourceMatcher.pm line 49.
> (fingerbank::SourceMatcher::match_best)
>
> So it doesn't work yet or I did something wrong :-)
> My switch settings are as follow :
>
> I added it with its MAC address , type MS220_8 / production mode /
> Desauth Method : RADIUS / CoA is ticked , I dont know if there is
> anything else I should set ?
>
> For 802.1X I did not bind Packetfence to an AD, I thought it could use
> the local user database ?
>
> thanks
>
> On Mon, Oct 30, 2017 at 7:40 PM, Fabrice Durand via PacketFence-users
> <packetfence-users@lists.sourceforge.net
> <mailto:packetfence-users@lists.sourceforge.net>> wrote:
>
> Hello Gonzague,
>
> it will not really complicate to add the CoA support for Meraki
> switches in PacketFence.
>
> Can you try the attached switch module and let me know.
>
> Also for the 802.1x issue , did you joined the server to your AD ?
>
> Did you created realm associated to your domain ?
>
> Regards
>
> Fabrice
>
>
>
> Le 2017-10-30 à 14:04, Gonzague Dambricourt via PacketFence-users
> a écrit :
>> Hi guys
>>
>> I have installed the latest version of PacketFence (ZEN) on my
>> network do try integration with Cisco Meraki devices. I have both
>> MR access points and a MS220 8 port switch
>>
>> I found the Meraki::MS220_8 switch type for my switch .. but I
>> think it might be a package that was developed back when Meraki
>> didn't support CoA - Change of Authorization which is now
>> possible both on switches and access points
>> (
>> https://documentation.meraki.com/MS/Access_Control/Change_of_Authorization_with_RADIUS_(CoA)_on_MS_Switches
>>
>> <https://documentation.meraki.com/MS/Access_Control/Change_of_Authorization_with_RADIUS_%28CoA%29_on_MS_Switches>
>> )
>>
>> So the result for now when I use wired auth on my switch is as
>> follows :
>>
>> Oct 30 18:50:03 PacketFence-ZEN packetfence_httpd.portal:
>> httpd.portal(3003) INFO: [mac:00:e1:4c:68:51:0c] VLAN
>> reassignment is forced. (pf::enforcement::_should_we_reassign_vlan)
>> Oct 30 18:50:03 PacketFence-ZEN packetfence_httpd.portal:
>> httpd.portal(3003) INFO: [mac:00:e1:4c:68:51:0c] switch port is
>> (00:18:0a:b3:fd:4f) ifIndex 1 connection type: Wired MAC Auth
>> (pf::enforcement::_vlan_reevaluation)
>> *Oct 30 18:50:04 PacketFence-ZEN pfqueue: pfqueue(3269) WARN:
>> [mac:00:e1:4c:68:51:0c] Until CoA is implemented we will bounce
>> the port on VLAN re-assignment traps for MAC-Auth
>> (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)*
>> Oct 30 18:50:08 PacketFence-ZEN pfqueue: pfqueue(3269) ERROR:
>> [mac:00:e1:4c:68:51:0c] error creating SNMP v1 write connection
>> to 192.168.10.128 <http://192.168.10.128/>: No response from
>> remote host "192.168.10.128" (pf::Switch::connectWriteTo)
>>
>> Is is difficult to fix the MS228_8.pm file so that it could use CoA ?
>>
>> I tried adding /use pf::util::radius qw(perform_coa); /to the
>> file with the cute little hope it would do the trick but it
>> doesn't seem to be enough.
>>
>> *Also unrelated but :*
>> - With my ZEN config I cant use 802.1X .. But I dont really get
>> why,I get the following error :
>> Module-Failure-Message = "mschap: Program returned code (1) and
>> output 'Reading winbind reply failed! (0xc0000001)'"
>> Module-Failure-Message = "mschap: External script says: Reading
>> winbind reply failed! (0xc0000001)"
>> Module-Failure-Message = "mschap: MS-CHAP2-Response is incorrect"
>> User-Password = "******"
>> Module-Failure-Message = "Failed retrieving values required to
>> evaluate condition"
>> - It would be awesome to have some sort of view of the switches
>> status, like a "last heartbeat" or a way to see quickly the log
>> events related to one of them
>>
>> Thanks a lot :-)
>>
>> Gonzague
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> <mailto:PacketFence-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> --
> Fabrice Durand
> fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918
> <tel:+1%20514-447-4918> (x135) :: www.inverse.ca <http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> <mailto:PacketFence-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
>
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
