Re: [PacketFence-users] Eduroam unable to process request local REALM from other university

Wed, 06 Jun 2018 07:50:50 -0700 

Hello Jabang,
your issue is because in the Ruckus radius request it miss the NAS-Port-Type attribute. 


Can you try that:

diff --git a/lib/pf/Switch.pm b/lib/pf/Switch.pm
index 22bd94288..db9ee3921 100644
--- a/lib/pf/Switch.pm
+++ b/lib/pf/Switch.pm
@@ -3015,7 +3015,7 @@ sub parseRequest {

                            ? 
clean_mac($radius_request->{'Calling-Station-Id'}[0])
                            : 
clean_mac($radius_request->{'Calling-Station-Id'});
     my $user_name       = 
$radius_request->{'TLS-Client-Cert-Common-Name'} || 
$radius_request->{'User-Name'};

-    my $nas_port_type   = $radius_request->{'NAS-Port-Type'};

+    my $nas_port_type   = ( defined($radius_request->{'NAS-Port-Type'}) 
? $radius_request->{'NAS-Port-Type'} : ( 
defined($radius_request->{'Called-Station-SSID'}) ? "Wireless-802.11" : 
undef ) );

     my $port            = $radius_request->{'NAS-Port'};

     my $eap_type        = ( exists($radius_request->{'EAP-Type'}) ? 
$radius_request->{'EAP-Type'} : 0 );
     my $nas_port_id     = ( defined($radius_request->{'NAS-Port-Id'}) 
? $radius_request->{'NAS-Port-Id'} : undef );



Regards

Fabrice



Le 2018-06-05 à 23:45, jabang konate via PacketFence-users a écrit :

im using packetfence 8.0.1


my user from other university complain can't connect to eduroam with 
local REALM my university.


from raddebug output i see error message like this.

(79) Wed Jun  6 10:17:11 2018: ERROR: rest: Server returned:

(79) Wed Jun  6 10:17:11 2018: ERROR: rest: {"Reply-Message":"Network 
device does not support this mode of 
operation","control:PacketFence-Eap-Type":26,"control:PacketFence-Authorization-Status":"allow","control:PacketFence-Mac":"64:cc:2e:4f:39:3b","control:PacketFence-Switch-Ip-Address":"10.43.1.2","control:PacketFence-Request-Time":1528255031,"control:PacketFence-UserName":"ae...@xyz.edu 
<mailto:ae...@xyz.edu>","control:PacketFence-Connection-Type":"Ethernet-EAP","control:PacketFence-Switch-Mac":"38:ff:36:c2:33:69","control:PacketFence-Switch-Id":"10.43.1.2"}


packetfence log:


Jun  6 10:16:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
INFO: [mac:64:cc:2e:4f:39:3b] handling radius autz request: from 
switch_ip => (10.43.1.2), connection_type => Ethernet-EAP,switch_mac 
=> (38:ff:36:c2:33:69), mac => [64:cc:2e:4f:39:3b], port => , username 
=> "ae...@xyz.edu <mailto:ae...@xyz.edu>" (pf::radius::authorize)
Jun  6 10:16:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
ERROR: [mac:64:cc:2e:4f:39:3b] Wired 802.1X is not supported on switch 
type pf::Switch::Ruckus. Please let us know what hardware you are 
using. (pf::Switch::supportsWiredDot1x)
Jun  6 10:16:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
WARN: [mac:64:cc:2e:4f:39:3b] (10.43.1.2) Sending REJECT since switch 
is unsupported (pf::radius::_switchUnsupportedReply)
Jun  6 10:17:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
WARN: [mac:64:cc:2e:4f:39:3b] Use of uninitialized value $nas_port in 
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 2545.

 (pf::Switch::NasPortToIfIndex)

Jun  6 10:17:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
WARN: [mac:64:cc:2e:4f:39:3b] Use of uninitialized value $port in 
concatenation (.) or string at /usr/local/pf/lib/pf/radius.pm 
<http://radius.pm> line 179.

 (pf::radius::authorize)

Jun  6 10:17:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
INFO: [mac:64:cc:2e:4f:39:3b] handling radius autz request: from 
switch_ip => (10.43.1.2), connection_type => Ethernet-EAP,switch_mac 
=> (38:ff:36:c2:33:69), mac => [64:cc:2e:4f:39:3b], port => , username 
=> "ae...@xyz.edu <mailto:ae...@xyz.edu>" (pf::radius::authorize)
Jun  6 10:17:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
ERROR: [mac:64:cc:2e:4f:39:3b] Wired 802.1X is not supported on switch 
type pf::Switch::Ruckus. Please let us know what hardware you are 
using. (pf::Switch::supportsWiredDot1x)
Jun  6 10:17:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2986) 
WARN: [mac:64:cc:2e:4f:39:3b] (10.43.1.2) Sending REJECT since switch 
is unsupported (pf::radius::_switchUnsupportedReply)


please give me some advice.
thanks.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to