I had this very similar problem recently. Does A3 manage DHCP in the reg VLAN?
The role should be assigned following a disconnect / COA packet sent to the client device to get them to reconnect, I believe. You should do a packet trace and check. You might also want to check corresponding log entries in httpd.portal.error to see if you can spot the issue there. Jonathan On Thu, 23 Apr 2020 at 01:32, Bill Handler via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > I’m running on v10, using the default whitelist in the Google Auth > config. The end system is talking to google, verified with wireshark, and > by inputting wrong password. > > The end system’s role never gets updated, even though I have a catchall > rule in place that should move it to a different VLAN. > > I have not done a packet capture on server’s interface yet. The end > system stays as unregistered, so the issue may be authenticating the token > between PF and google. > > I’ve only tested using Chrome and Firefox browsers and only if Chrome is > used does the redirect show accounts.blogger.com in the address field > after entering the google account credentials. > > Both browser windows show the you may need to login to your network with a > button; the button sends you back to the AUP. > > Is there a certain log that I would be able to see PF talking to google, > or just checking wireshark packets? > > Thanks, > > > > Bill > > Sent from my iPad > > On Apr 22, 2020, at 5:15 PM, Diego Garcia del Rio <garc...@gmail.com> > wrote: > > Just to be sure, do you have all the proper whitelists as well? Its weird > that the user is directed to accounts.blogger.com... Also, you should be > able to see your PF server making a request to google to validate the > returned token. > > > On which version of PF are you? I've been using google auth > successfully all the way up to 9.2 (I haven tested anything newer though). > > Also, not sure the logic you're using but you might want to check that the > google source is assigning a role to the device in question.. > > > > On Wed, Apr 22, 2020 at 5:51 PM Bill Handler via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Running into an issue with Google oauth2 authentication via Captive >> Portal… >> >> >> >> - Have it configured and set as an External Authentication Source >> - Have all the correct settings on Google Developer site >> >> >> >> What’s happening is that after entering the username/password in the >> Google display on the captive portal, the user is not put into the correct >> VLAN/redirected. Authentication via AD/SMS/E-Mail works without issue. >> >> >> >> If using Chrome Browser, user is redirected to accounts.blogger.com with >> a long string afterwards, within Firefox, the url shows as the portal url >> with “?code=” with a long string – this is the token from Google I believe, >> based on some of the documentation. >> >> >> >> The user stays in the registration VLAN and is not moved to the correct >> role. Not sure where to check to see why the user is not moving. >> >> >> >> Any help is appreciated. >> >> >> >> Thanks, >> >> >> >> Bill >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
