Hello, Use the "Ruckus SmartZone Wireless Controllers” switch module. The "Ruckus SmartZone v2” does not support the Web authentication yet.
Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Mar 3, 2021, at 4:32 PM, Lamont, Pieter-Jan > <pieterjan.lam...@sgsintpaulus.eu> wrote: > > Hello Ludovic > > This is the config: > > [192.168.10.65] > radiusSecret=*** > description=test ruckus > controllerIp=192.168.10.65 > type=Ruckus::SmartZone_v2 > group=default > ExternalPortalEnforcement=Y > registrationVlan=-1 > wsPwd=*** > wsUser=*** > SNMPVersion=2c > SNMPVersionTrap=2c > > [192.168.149.0/24] > description=test > radiusSecret=*** > wsPwd=**** > registrationVlan=-1 > ExternalPortalEnforcement=Y > group=default > type=Ruckus::SmartZone_v2 > defaultVlan=149 > controllerIp=192.168.10.65 > wsUser=**** > > [192.168.150.0/24] > type=Ruckus::SmartZone_v2 > ExternalPortalEnforcement=Y > group=default > description=ap range > controllerIp=192.168.10.65 > registrationVlan=-1 > radiusSecret=*** > wsPwd=*** > wsUser=*** > > The added switches 192.168.149.0/24 and 192.168.150.0/24 was for testing > purpose. > > Kind regards > > > <EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png> > Pieter-Jan Lamont > IT-Coördinator > > Toekomststraat 75 - 8790 Waregem > Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu > <mailto:pieterjan.lam...@sgsintpaulus.eu> > > > From: Ludovic Zammit <lzam...@inverse.ca> > Sent: woensdag 3 maart 2021 22:19 > To: Lamont, Pieter-Jan <pieterjan.lam...@sgsintpaulus.eu> > Cc: packetfence-users@lists.sourceforge.net > Subject: Re: [PacketFence-users] Ruckus Smartzone > > Show me the content of your conf/switches.conf > > Removed the shared secret and password. > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.inverse.ca%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549077745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2BFucEc5FpX2XSoH3BmfjofS2Htsp2FOl4XCSlmNUVEI%3D&reserved=0> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=xWXRyt7Nr08ZQf74uqW5%2FpBUC9TrYl8VxZTRgYXYuDU%3D&reserved=0>) > and PacketFence (http://packetfence.org > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7gKpoCtNREOG51QvskTg9D4jiGPd6ZYVlRHPZqH4iTI%3D&reserved=0>) > > > > > > > > > On Mar 3, 2021, at 4:06 PM, Lamont, Pieter-Jan > <pieterjan.lam...@sgsintpaulus.eu <mailto:pieterjan.lam...@sgsintpaulus.eu>> > wrote: > > Hello Ludovic > > I have found the reason why there was a public ip in the info Ruckus was > sending. This was our Control NAT IP, which we don’t use… > After removing this config I’m getting our correct private IP in the nbiIP > field. > > GET > /captive-portal?nbiIP=192.168.10.65&client_mac=90-97-f3-6b-2d-4e&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=VTI-Test&dn=scg.ruckuswireless.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BpOsiulETyzh6cTz60RapJCCM7NdRAcNxOTvrWOXoFs%3D&reserved=0>&ssid=VTI-Test&mac=d8:38:fc:17:14:f0&url=http%3A%2F%2Fportal.fb.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2fportal.fb.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Wk%2Flv6HsmIxVjXNbE5eO%2B8lN1EzCtI938XqWPAff6NA%3D&reserved=0>%2Fmobile%2Fstatus.php&proxy=0&vlan=149&wlan=46&sip=scg.ruckuswireless.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549107729%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OQciOd3i5rF0jreLZJvJjw6KjN26WmQdfk0m3wcG1mI%3D&reserved=0>&zoneName=WYSlX0KJHIctnpAfJwtWt4paEFCQ8Rjz2NKJGU5YB2o_1614804563333&apip=192.168.150.34&sshTunnelStatus=1&uip=192.168.149.170 > HTTP/1.1" > > When the users goes to the captive portal they get the message “Your computer > was not found in the PacketFence database. Please reboot to solve this > issue.”. > The correct client ip is given (192.168.149.170) but the MAC is 0 (which > should be 90-97-f3-6b-2d-4e). This client mac is also in the client_mac field > given from the Ruckus Smartzone. > After enabling “Activate Preregistration” in the Default Connection Profile, > the user can login (demouser) but after the correct authentication he gets a > 502 bad gateway. > > Kind regards > > <EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png> > Pieter-Jan Lamont > IT-Coördinator > Toekomststraat 75 - 8790 Waregem > Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu > <mailto:pieterjan.lam...@sgsintpaulus.eu> > > > > From: Lamont, Pieter-Jan <pieterjan.lam...@sgsintpaulus.eu > <mailto:pieterjan.lam...@sgsintpaulus.eu>> > Sent: woensdag 3 maart 2021 21:24 > To: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Cc: Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca>> > Subject: RE: [PacketFence-users] Ruckus Smartzone > > Hello Ludovic > > When adding http://ip-of-packetfence/RuckusSmartZone > <http://ip-of-packetfence/RuckusSmartZone> to the Smartzone the users is only > getting “Not implemented” on the screen . > If we change this to http://ip-of-packetfence/captive-portal > <http://ip-of-packetfence/captive-portal> , I see that ruckus adds a bunch of > information to that link as you described . > > "GET > /captive-portal?nbiIP=84.199.*.*&client_mac=a8-9c-ed-91-80-d4&domain_name=Administration+Domain&reason=Un-Auth-Captive&wlanName=VTI-Test&dn=scg.ruckuswireless.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549107729%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OQciOd3i5rF0jreLZJvJjw6KjN26WmQdfk0m3wcG1mI%3D&reserved=0>&ssid=VTI-Test&mac=0c:f4:d5:2f:9e:a0&url=http%3A%2F%2Fconnect.rom.miui.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2fconnect.rom.miui.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549117726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lYd%2B7yX6RwEZWOX3ER4R4KB8OfrLuEQ%2BPToU0G3tHGA%3D&reserved=0>%2Fgenerate_204&proxy=0&vlan=149&wlan=46&sip=scg.ruckuswireless.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549117726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GlF08CvWR4eIhEJP0%2FJshepe%2BYWckeq6s2rYWAP563A%3D&reserved=0>&zoneName=4D-QLLuerkFXa3hgUdKB8v3hhjf1Q378oPRjYUdz2ew_1614610736148&apip=192.168.150.10&sshTunnelStatus=1&uip=192.168.149.157 > HTTP/1.1" 200 4418 1082 101226 "-" "Mozilla/5.0 (Linux; Android 10; MI 9 > Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 > Chrome/88.0.4324.181 Mobile Safari/537.36" > > The only weird thing about the url is the nbiIP info… it’s a public ip of > ours, but we don’t use this anywhere in our setup. The other info is correct. > Tomorrow i will test again with my device, so I’m sure the client_mac address > is correct. > > Kind regards > > <image001.png> > Pieter-Jan Lamont > IT-Coördinator > Toekomststraat 75 - 8790 Waregem > Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu > <mailto:pieterjan.lam...@sgsintpaulus.eu> > > From: Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca>> > Sent: woensdag 3 maart 2021 19:54 > To: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Cc: Lamont, Pieter-Jan <pieterjan.lam...@sgsintpaulus.eu > <mailto:pieterjan.lam...@sgsintpaulus.eu>> > Subject: Re: [PacketFence-users] Ruckus Smartzone > > Hello Pieter-Jan, > > You are not suppose to have access to > http://ip-of-packetfence/RuckusSmartZone > <http://ip-of-packetfence/RuckusSmartZone>. You should be redirected to that > URL via the SmartZone and also send out a http request to PF with a bunch of > other attribute like the client Mac and IP. > > Something along the line: > > ?nbiIP=192.168.x.y&client_mac=xxxxxxxxxxx&reason=Un-Auth-Captive&wlanName=MY_WIFI&dn=scg.ruckuswireless.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549117726%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GlF08CvWR4eIhEJP0%2FJshepe%2BYWckeq6s2rYWAP563A%3D&reserved=0>&ssid=MY_SSID&mac=44:1e:98:1e:31:a0&url=http%3A%2F%2Finit-p01st.push.apple.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2finit-p01st.push.apple.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549127713%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=61Hj2kzkdyC3hJKhI8RoQ9uinKE4OYaHkSi4xJZYBQQ%3D&reserved=0>&proxy=0&vlan=30&wlan=3&sip=scg.ruckuswireless.com > > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549137711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vLiUepRwGTrXjv7jJ%2B%2FojpMWjXqA1BSpKDCte5T1hjw%3D&reserved=0>&zoneName=WEDtGa9sj1EOy6-qqLWQBw_1570617665657&StartURL=&uip=ENCxxxxxxxxx > > You could see that in the logs/httpd.access.log. If you don’t see that, don’t > go further because PF will its critical information as you described. > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.inverse.ca%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549137711%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=A7W6qDf%2FW3nR8%2FB7kVL8FppG8boZ3Vo37jBGT7II8Xw%3D&reserved=0> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549147708%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=poV37EnOLYrNSUMQsZLrTS1eol7afAfZy0rdMoOS2pk%3D&reserved=0>) > and PacketFence (http://packetfence.org > <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549147708%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mLkiI7vf6Z6khDdXlvUa4ci%2BFDVqeSx8JVaS9vMaCtc%3D&reserved=0>) > > > > > > > > > On Mar 2, 2021, at 11:22 AM, Lamont, Pieter-Jan via PacketFence-users > <packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net>> wrote: > > Hello Packetfence Community > > I’m trying to deploy a Ruckus SmartZone WebAuth configuration . > I have followed the guide several times(Fresh Debian9 with apt-get > installation and Packetfence ZEN) but didn’t succeed the deployment.(6.24.1 – > Network Devices Configuration Guide) > When configuring the captive portal I can’t go to > http://ip-of-packetfence/RuckusSmartZone > <http://ip-of-packetfence/RuckusSmartZone> (Not implemented) but after > changing this to http://ip-of-packetfence/Captive-portal > <http://ip-of-packetfence/Captive-portal> , I’m seeing the portal. > > The user is guided to the captive portal but gets the “Your computer was not > found in the PF Database” with his IP correctly but no MAC address (MAC 0). > When enabling “Activate Preregistration” in the default connection Profile , > the users gets the Username/password fields to login. > But when entering the correct credentials, the users get a 502 bad gateway … > I have also tried to capture all data from the PF to the Ruckus Smartzone, > but I see no traffic to or from the Smartzone. > > > Already tried the new updated guide > (https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc > > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgarci66%2Fpacketfence%2Fblob%2F9da2608f131780eb7d9cd64246c9a767868d119f%2Fdocs%2Fnetwork%2Fnetworkdevice%2Fruckus_smartzone.asciidoc&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549157700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=otdUQ%2BcBGfULbPKHOk7UWj3iinIw6GS8g7ltj6NMgMQ%3D&reserved=0>) > but with the same outcome . > Mac Authentication with the update guide works perfectly, but we are > searching for the Captive portal solution (webauth) > > Is there someone with a working Web Auth on a Ruckus Smartzone that can help > me this is issue , or anyone with the same problems? > > Kind regards > Pieter-jan Lamont > <EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png> > Pieter-Jan Lamont > IT-Coördinator > Toekomststraat 75 - 8790 Waregem > Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu > <mailto:pieterjan.lam...@sgsintpaulus.eu> > > > > <SwitchConfigDefinition.png><SwitchConfigRoles.png><SwitchConfigWebServices.png>_______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549157700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3FK4GWRcCPkLECbDifPANVrjqBrJZuADS9K%2Fr2r%2BsLY%3D&reserved=0>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users