Hi Diego, Yes, sure, we are using Web Auth rather than a Mac-auth. We are pushing everything through the smartzone controller and using it as a proxy for RADIUS requests as well as using external portal enforcement to force portal access to PF. I have followed the guide here: https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone
As stated in my previous emails we are able to enrol to PF fine. However, after enrolment we do not get a authorization message to the Ruckus SZ. Also as previously stated we have PF running with our Cisco controllers using Web Auth and usually after an enrolment PF sends a CoA disconnect to the controller and when it re-connects it performs the RADIUS accept and allows our users on. I will get you some print screens tomorrow when I am back in the office. Thanks for taking a look and any advice you could provide would be fantastic. Regards, Talan From: Diego Garcia del Rio <garc...@gmail.com> Sent: 02 September 2019 19:31 To: packetfence-users@lists.sourceforge.net Cc: Nicolas Quiniou-Briand <n...@inverse.ca>; Talan Westby <talan.wes...@derby-college.ac.uk> Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9 Dear Talan, Can you provide more details on how you're doing the authentication? Is this radius with mac-auth on the SSID or are you doing "captive portal" in the AP itself? I have PF working fine with ruckus' smartzone (albeit 3.6.1 but I don't expect any differences with 5.1) but I did have to make a small change in PF to get it working properly. I am doing radius in non-proxy mode from the AP directly to PF (so I can't use radius de-auth and need to use the northbound API for de-auth). if you can provide some screenshots on how you configured smartzone I can help you most probably. On Mon, Sep 2, 2019 at 1:09 PM Talan Westby via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi Nicolas, Thanks for getting back in touch and sorry for the delay. I have had Ruckus spend some time working with us on this to no avail. What they have managed to do is run some RADIUS test from their SmartZone controller back to PF which always seem to fail. I would have thought that the RADIUS request would have been a MAC request so we have tried putting in a MAC Address as the username and the password which always seems to fail. This does work when going via our Cisco WLCs, so I guess the Ruckus is doing something slightly different. One thing I have noticed is the SmartZone.pm file in PF creates a API call to the Ruckus controller and when I take that payload and try the request myself the Ruckus controller responds with "Bad Request". At this point I am wondering if Ruckus have updated their API Northbound endpoints in their later versions of software, we are running 5.1 which is a relatively new piece of software. Could you confirm whether the PF integration has been tested with this newer version of controller? Also could you confirm the process of on boarding a user to PF from a Ruckus controller so we can be sure we are investigating the right section? To clarify users are being forwarded to the portal and they are able to enrol but the Ruckus SmartZone never receives/recognises that PF has authorized that user for access. If we could understand what PF does to send that authorization then we can concentrate on what might be causing the issue. Thanks, Talan -----Original Message----- From: Nicolas Quiniou-Briand <n...@inverse.ca<mailto:n...@inverse.ca>> Sent: 23 August 2019 16:16 To: Talan Westby <talan.wes...@derby-college.ac.uk<mailto:talan.wes...@derby-college.ac.uk>>; packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9 On 2019-08-23 5:08 p.m., Talan Westby wrote: > If you could let me know which logs I should be looking at that would be > great. I really don't know which logs. Did you check on Ruckus documentation ? I found this link [0] Otherwise, you can try to capture traffic between PacketFence and Ruckus Smartzone when a device try to register. If traffic is not encrypted, you could have some hint. [0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf /usr/local/pf/sbin/ -- Nicolas Quiniou-Briand n...@inverse.ca<mailto:n...@inverse.ca> :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank (http://fingerbank.org) _____________________________________ This electronic message contains information from Derby College which may be privileged and confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Internet communications are not secure and therefore Derby College does not accept legal responsibility for the contents of this message. Any views or opinions presented are only those of the author and not those of Derby College. If you have received this message in error, please reply to this message and include d...@derby-college.ac.uk<mailto:d...@derby-college.ac.uk> immediately. _________________________________________ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users _____________________________________ This electronic message contains information from Derby College which may be privileged and confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Internet communications are not secure and therefore Derby College does not accept legal responsibility for the contents of this message. Any views or opinions presented are only those of the author and not those of Derby College. If you have received this message in error, please reply to this message and include d...@derby-college.ac.uk immediately. _________________________________________
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
