Hi,
we use packetfence 10.3 on a Debian 9 to secure an open WLAN. Users are authenticated via RADIUS (on Active Directory). The client is assigned an IP address and the login to the portal works and the device is visible as registered. But the client does not get internet access after activation. Where could the mistake be? Our setup: Pf.conf [general] domain=YYYY.ZZZZ hostname=XXXX timezone=Europe/Berlin [database] pass=xxxxxxxxxx [inline] ports_redirect=80/tcp,443/tcp,8080/tcp interfaceSNAT=ens33 [captive_portal] network_detection_ip=192.168.203.1 secure_redirect=disabled [advanced] language=de_DE configurator=disabled [dns_configuration] record_dns_in_sql=enabled [interface ens32] type=management ip=192.168.8.2 mask=255.255.255.224 [interface ens33] enforcement=inlinel2 type=internal ip=192.168.203.1 mask=255.255.255.0 [interface ens34] ip=192.168.8.34 ipv6_address=2003:00d4:1f17:9500:020c:29ff:fe31:e3b7 type=other mask=255.255.255.224 ipv6_prefix=64 Networks.conf [192.168.203.0] nat_enabled=enabled gateway=192.168.203.1 dns=192.168.203.1 pool_backend=memory nat_dns=disabled netflow_accounting_enabled=enabled domain-name=inlinel2.XXXX.YYYY.ZZZZ dhcp_start=192.168.203.10 dhcp_max_lease_time=86400 dhcp_default_lease_time=86400 coa=disabled type=inlinel2 netmask=255.255.255.0 split_network=disabled fake_mac_enabled=disabled dhcp_end=192.168.203.246 named=enabled dhcpd=enabled id=192.168.203.0 algorithm=1 portal_fqdn=XXXX.YYYY.ZZZZ tenant_id=1 [192.168.8.32] dhcpd=disabled dhcp_end=192.168.8.54 split_network=disabled netmask=255.255.255.224 type=other coa=disabled dhcp_default_lease_time=86400 dhcp_max_lease_time=86400 dhcp_start=192.168.8.42 nat_dns=disabled netflow_accounting_enabled=disabled pool_backend=memory gateway=192.168.8.34 nat_enabled=disabled cat /proc/sys/net/ipv4/ip_forward 1 Kernel-IP-Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface default 192.168.8.62 0.0.0.0 UG 0 0 0 ens34 localnet 0.0.0.0 255.255.255.224 U 0 0 0 ens32 192.168.8.32 0.0.0.0 255.255.255.224 U 0 0 0 ens34 192.168.203.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33 su - pf $ sudo ipset -L Name: PF-iL2_ID1_192.168.203.0 Type: bitmap:ip Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 120 References: 2 Members: 192.168.203.211 timeout 86110 Name: PF-iL2_ID3_192.168.203.0 Type: bitmap:ip Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 120 References: 2 Members: Name: PF-iL2_ID2_192.168.203.0 Type: bitmap:ip Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 120 References: 2 Members: Name: PF-iL2_ID5_192.168.203.0 Type: bitmap:ip Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 120 References: 2 Members: Name: PF-iL2_ID4_192.168.203.0 Type: bitmap:ip Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 120 References: 2 Members: Name: pfsession_Unreg_192.168.203.0 Type: bitmap:ip,mac Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 112 References: 1 Members: 192.168.203.124,54:72:4F:1D:8D:36 timeout 79687 Name: pfsession_Reg_192.168.203.0 Type: bitmap:ip,mac Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 112 References: 1 Members: 192.168.203.211,7C:B2:7D:69:4D:E4 timeout 86110 <<- registered client Name: pfsession_Isol_192.168.203.0 Type: bitmap:ip,mac Revision: 3 Header: range 192.168.203.0-192.168.203.255 timeout 86400 Size in memory: 112 References: 1 Members: Name: pfsession_passthrough Type: hash:ip,port Revision: 5 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 224 References: 4 Members: 172.217.13.99,tcp:443 172.217.13.99,tcp:80 Name: pfsession_isol_passthrough Type: hash:ip,port Revision: 5 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 96 References: 4 Members: mit besten Grüßen Ronald Zestermann SB System/Netzwerk ------------------------------------------------------ Landkreis Sächsische Schweiz-Osterzgebirge Bereich Landrat Haupt- und Personalamt Referat Informationstechnik (IT) Schloßhof 2/4 01796 Pirna Tel.: 03501 515-4132 Fax: 03501 515-84132 mail: ronald.zesterm...@landratsamt-pirna.de http://www.landratsamt-pirna.de/ ------------------------------------------------------ Kein Zugang für elektronisch signierte sowie für verschlüsselte elektronische Dokumente! Voraussetzungen, Bedingungen und Einschränkungen für die Zugangseröffnung für signierte und/oder verschlüsselte elektronische Dokumente unter: www.landratsamt-pirna.de
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users