i want to use webauth for computers that don't have 8021x supplicant. currently I have the impression that everything is working correctly. however when I connect a computer that does not have an 8021x supplicant it moves into the registration vlan and it gets an IP address. when i try to launch a web page normally i should see the packetfence captive portal but nothing is displayed and an error message telling me that my packetfence server took too long to respond.
what is weird is that when I put a switch port in the registration vlan switchport access mode switchport access vlan 120 where 120 is my registration vlan. when I connect a computer it receives an IP address and the captive portal is displayed correctly what is the problem in your opinion Le mer. 11 nov. 2020 à 13:10, Ludovic Zammit <lzam...@inverse.ca> a écrit : > Hello, > > Do you want to do Web Auth or VLAN enforcement for the portal ? You can’t > do both. > > Thanks, > > > Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > On Nov 10, 2020, at 8:05 AM, Abdoul Raouf Diabagate via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > I just installed packetfence version 10.2 ZEN. after following the setup > guide i want to do my first test. the test with the 8021X supplicant works > and the customer is dynamically registered in the correct vlan > > However when I want to test the captive portal, I plug a windows computer > into one of the switch ports. after a few minutes, the computer is placed > in my registration vlan and receives a dynamically ip address from > packetfence. and I am redirected to the address > http://192.168.222.129/Cisco::Catalyst_2960/sidceab07. > after a few minutes of waiting, the browser displays 'waiting time > exceeded' > > However when I move a port of the switch manually in the registration > vlan, and I plug in a computer, the portal page automatically displays > > Any ideas? > > [switch port conf] > interface FastEthernet0/12 > switchport mode access > authentication order dot1x mab > authentication priority dot1x mab > authentication port-control auto > authentication periodic > authentication timer restart 10800 > authentication timer reauthenticate 7200 > authentication violation replace > mab > no snmp trap link-status > dot1x pae authenticator > dot1x timeout quiet-period 2 > dot1x timeout tx-period 3 > > [Packetfence LOG] > > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] handling radius autz request: from switch_ip => > (192.168.222.130), connection_type => Ethernet-NoEAP,switch_mac => > (88:90:8d:30:60:0c), mac => [b0:6e:bf:ab:3a:fe], port => 10012, username => > "b06ebfab3afe" (pf::radius::authorize) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] Instantiate profile noEAP > (pf::Connection::ProfileFactory::_from_profile) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] is of status unreg; belongs into registration VLAN > (pf::role::getRegistrationRole) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added VLAN 120 to the returned > RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added role registration to the > returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] Adding web authentication redirection to reply > using role: 'registration' and URL: ' > http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a' > (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: Using 300 > resolution threshold (pf::pfcron::task::cluster_check::run) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed > 0 security_events during security_event maintenance (1605013256.13453 > 1605013256.14244) (pf::security_event::security_event_maintenance) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: All > cluster members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed > 0 security_events during security_event maintenance (1605013256.1439 > 1605013256.14699) (pf::security_event::security_event_maintenance) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1485) INFO: getting > security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) WARN: > [mac:b0:6e:bf:ab:3a:fe] Unable to match MAC address to IP '192.168.120.103' > (pf::ip4log::ip2mac) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) INFO: > [mac:b0:6e:bf:ab:3a:fe] oldip (192.168.120.53) and newip (192.168.120.103) > are different for b0:6e:bf:ab:3a:fe - closing ip4log entry > (pf::api::update_ip4log) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: > [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device > b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. > (pf::accounting_events_history::latest_mac_history) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: > [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device > b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. > (pf::accounting_events_history::latest_mac_history) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: getting > security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed > 0 security_events during security_event maintenance (1605013316.14234 > 1605013316.1507) (pf::security_event::security_event_maintenance) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed > 0 security_events during security_event maintenance (1605013316.15212 > 1605013316.15555) (pf::security_event::security_event_maintenance) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: Using 300 > resolution threshold (pf::pfcron::task::cluster_check::run) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: All > cluster members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed > 0 security_events during security_event maintenance (1605013376.14526 > 1605013376.1536) (pf::security_event::security_event_maintenance) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: Using 300 > resolution threshold (pf::pfcron::task::cluster_check::run) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: All > cluster members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed > 0 security_events during security_event maintenance (1605013376.15512 > 1605013376.16199) (pf::security_event::security_event_maintenance) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1486) INFO: getting > security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Nov 10 13:03:02 packetfence pfipset[16318]: t=2020-11-10T13:03:02+0000 > lvl=info msg="No Inline Network bypass ipsets reload" pid=16318 > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
