Hello Ludovic This is the config:
[192.168.10.65] radiusSecret=*** description=test ruckus controllerIp=192.168.10.65 type=Ruckus::SmartZone_v2 group=default ExternalPortalEnforcement=Y registrationVlan=-1 wsPwd=*** wsUser=*** SNMPVersion=2c SNMPVersionTrap=2c [192.168.149.0/24] description=test radiusSecret=*** wsPwd=**** registrationVlan=-1 ExternalPortalEnforcement=Y group=default type=Ruckus::SmartZone_v2 defaultVlan=149 controllerIp=192.168.10.65 wsUser=**** [192.168.150.0/24] type=Ruckus::SmartZone_v2 ExternalPortalEnforcement=Y group=default description=ap range controllerIp=192.168.10.65 registrationVlan=-1 radiusSecret=*** wsPwd=*** wsUser=*** The added switches 192.168.149.0/24 and 192.168.150.0/24 was for testing purpose. Kind regards [cid:EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png] Pieter-Jan Lamont IT-Coördinator Toekomststraat 75 - 8790 Waregem Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu> From: Ludovic Zammit <lzam...@inverse.ca> Sent: woensdag 3 maart 2021 22:19 To: Lamont, Pieter-Jan <pieterjan.lam...@sgsintpaulus.eu> Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Ruckus Smartzone Show me the content of your conf/switches.conf Removed the shared secret and password. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.inverse.ca%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549077745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BFucEc5FpX2XSoH3BmfjofS2Htsp2FOl4XCSlmNUVEI%3D&reserved=0> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=xWXRyt7Nr08ZQf74uqW5%2FpBUC9TrYl8VxZTRgYXYuDU%3D&reserved=0>) and PacketFence (http://packetfence.org<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7gKpoCtNREOG51QvskTg9D4jiGPd6ZYVlRHPZqH4iTI%3D&reserved=0>) On Mar 3, 2021, at 4:06 PM, Lamont, Pieter-Jan <pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>> wrote: Hello Ludovic I have found the reason why there was a public ip in the info Ruckus was sending. This was our Control NAT IP, which we don't use... After removing this config I'm getting our correct private IP in the nbiIP field. GET /captive-portal?nbiIP=192.168.10.65&client_mac=90-97-f3-6b-2d-4e&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=VTI-Test&dn=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BpOsiulETyzh6cTz60RapJCCM7NdRAcNxOTvrWOXoFs%3D&reserved=0>&ssid=VTI-Test&mac=d8:38:fc:17:14:f0&url=http%3A%2F%2Fportal.fb.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2fportal.fb.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Wk%2Flv6HsmIxVjXNbE5eO%2B8lN1EzCtI938XqWPAff6NA%3D&reserved=0>%2Fmobile%2Fstatus.php&proxy=0&vlan=149&wlan=46&sip=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549107729%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OQciOd3i5rF0jreLZJvJjw6KjN26WmQdfk0m3wcG1mI%3D&reserved=0>&zoneName=WYSlX0KJHIctnpAfJwtWt4paEFCQ8Rjz2NKJGU5YB2o_1614804563333&apip=192.168.150.34&sshTunnelStatus=1&uip=192.168.149.170 HTTP/1.1" When the users goes to the captive portal they get the message "Your computer was not found in the PacketFence database. Please reboot to solve this issue.". The correct client ip is given (192.168.149.170) but the MAC is 0 (which should be 90-97-f3-6b-2d-4e). This client mac is also in the client_mac field given from the Ruckus Smartzone. After enabling "Activate Preregistration" in the Default Connection Profile, the user can login (demouser) but after the correct authentication he gets a 502 bad gateway. Kind regards <EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png> Pieter-Jan Lamont IT-Coördinator Toekomststraat 75 - 8790 Waregem Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu> From: Lamont, Pieter-Jan <pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>> Sent: woensdag 3 maart 2021 21:24 To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> Subject: RE: [PacketFence-users] Ruckus Smartzone Hello Ludovic When adding http://ip-of-packetfence/RuckusSmartZone to the Smartzone the users is only getting "Not implemented" on the screen . If we change this to http://ip-of-packetfence/captive-portal , I see that ruckus adds a bunch of information to that link as you described . "GET /captive-portal?nbiIP=84.199.*.*&client_mac=a8-9c-ed-91-80-d4&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=VTI-Test&dn=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549107729%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OQciOd3i5rF0jreLZJvJjw6KjN26WmQdfk0m3wcG1mI%3D&reserved=0>&ssid=VTI-Test&mac=0c:f4:d5:2f:9e:a0&url=http%3A%2F%2Fconnect.rom.miui.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2fconnect.rom.miui.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549117726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lYd%2B7yX6RwEZWOX3ER4R4KB8OfrLuEQ%2BPToU0G3tHGA%3D&reserved=0>%2Fgenerate_204&proxy=0&vlan=149&wlan=46&sip=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549117726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GlF08CvWR4eIhEJP0%2FJshepe%2BYWckeq6s2rYWAP563A%3D&reserved=0>&zoneName=4D-QLLuerkFXa3hgUdKB8v3hhjf1Q378oPRjYUdz2ew_1614610736148&apip=192.168.150.10&sshTunnelStatus=1&uip=192.168.149.157 HTTP/1.1" 200 4418 1082 101226 "-" "Mozilla/5.0 (Linux; Android 10; MI 9 Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/88.0.4324.181 Mobile Safari/537.36" The only weird thing about the url is the nbiIP info... it's a public ip of ours, but we don't use this anywhere in our setup. The other info is correct. Tomorrow i will test again with my device, so I'm sure the client_mac address is correct. Kind regards <image001.png> Pieter-Jan Lamont IT-Coördinator Toekomststraat 75 - 8790 Waregem Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu> From: Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> Sent: woensdag 3 maart 2021 19:54 To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Cc: Lamont, Pieter-Jan <pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>> Subject: Re: [PacketFence-users] Ruckus Smartzone Hello Pieter-Jan, You are not suppose to have access to http://ip-of-packetfence/RuckusSmartZone. You should be redirected to that URL via the SmartZone and also send out a http request to PF with a bunch of other attribute like the client Mac and IP. Something along the line: ?nbiIP=192.168.x.y&client_mac=xxxxxxxxxxx&reason=Un-Auth-Captive&wlanName=MY_WIFI&dn=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549117726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GlF08CvWR4eIhEJP0%2FJshepe%2BYWckeq6s2rYWAP563A%3D&reserved=0>&ssid=MY_SSID&mac=44:1e:98:1e:31:a0&url=http%3A%2F%2Finit-p01st.push.apple.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2finit-p01st.push.apple.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549127713%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=61Hj2kzkdyC3hJKhI8RoQ9uinKE4OYaHkSi4xJZYBQQ%3D&reserved=0>&proxy=0&vlan=30&wlan=3&sip=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549137711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vLiUepRwGTrXjv7jJ%2B%2FojpMWjXqA1BSpKDCte5T1hjw%3D&reserved=0>&zoneName=WEDtGa9sj1EOy6-qqLWQBw_1570617665657&StartURL=&uip=ENCxxxxxxxxx You could see that in the logs/httpd.access.log. If you don't see that, don't go further because PF will its critical information as you described. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.inverse.ca%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549137711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=A7W6qDf%2FW3nR8%2FB7kVL8FppG8boZ3Vo37jBGT7II8Xw%3D&reserved=0> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549147708%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=poV37EnOLYrNSUMQsZLrTS1eol7afAfZy0rdMoOS2pk%3D&reserved=0>) and PacketFence (http://packetfence.org<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549147708%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mLkiI7vf6Z6khDdXlvUa4ci%2BFDVqeSx8JVaS9vMaCtc%3D&reserved=0>) On Mar 2, 2021, at 11:22 AM, Lamont, Pieter-Jan via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello Packetfence Community I'm trying to deploy a Ruckus SmartZone WebAuth configuration . I have followed the guide several times(Fresh Debian9 with apt-get installation and Packetfence ZEN) but didn't succeed the deployment.(6.24.1 - Network Devices Configuration Guide) When configuring the captive portal I can't go to http://ip-of-packetfence/RuckusSmartZone (Not implemented) but after changing this to http://ip-of-packetfence/Captive-portal , I'm seeing the portal. The user is guided to the captive portal but gets the "Your computer was not found in the PF Database" with his IP correctly but no MAC address (MAC 0). When enabling "Activate Preregistration" in the default connection Profile , the users gets the Username/password fields to login. But when entering the correct credentials, the users get a 502 bad gateway ... I have also tried to capture all data from the PF to the Ruckus Smartzone, but I see no traffic to or from the Smartzone. Already tried the new updated guide (https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgarci66%2Fpacketfence%2Fblob%2F9da2608f131780eb7d9cd64246c9a767868d119f%2Fdocs%2Fnetwork%2Fnetworkdevice%2Fruckus_smartzone.asciidoc&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549157700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=otdUQ%2BcBGfULbPKHOk7UWj3iinIw6GS8g7ltj6NMgMQ%3D&reserved=0>) but with the same outcome . Mac Authentication with the update guide works perfectly, but we are searching for the Captive portal solution (webauth) Is there someone with a working Web Auth on a Ruckus Smartzone that can help me this is issue , or anyone with the same problems? Kind regards Pieter-jan Lamont <EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png> Pieter-Jan Lamont IT-Coördinator Toekomststraat 75 - 8790 Waregem Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu> <SwitchConfigDefinition.png><SwitchConfigRoles.png><SwitchConfigWebServices.png>_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549157700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3FK4GWRcCPkLECbDifPANVrjqBrJZuADS9K%2Fr2r%2BsLY%3D&reserved=0>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
