And in your connection profile are you matching like SSID? El jue, 18 jul 2024 a las 15:57, Rexford Nyarko (<rexfordn...@gmail.com>) escribió:
> Hello Enrique, > > Yes, they are all reachable one to the other, AP, Unifi controller and PF. > This is quite weird for me considering the Web auth works fine without > problems. > The radius server is using PF's IP. apart from setting the radius password > on the switch in PF and the Unifi controller is there anything else I need > to do for radius config? > > Warm regards, > Rexford A. Nyarko. > > > On Thu, Jul 18, 2024 at 6:03 PM Enrique Gross <egr...@jcc-advance.com.ar> > wrote: > >> Hi Rexford >> >> Try to troubleshoot connection between APs and Radius server IP (PF >> management address). Can you ICMP that ip address? the radius server you >> configured on the radius profile on Unifi controller, and applied to SSID. >> >> El jue, 18 jul 2024 a las 14:48, Rexford Nyarko (<rexfordn...@gmail.com>) >> escribió: >> >>> Hello Enrique, >>> >>> Thanks again for getting back to me. >>> Yes I have mapped the VLAN ID on the switch config for the AP. But >>> still, the client devices are unable to get an IP. so they just disconnect >>> once you try to connect. >>> >>> I have also checked the logs, there isn't anything happening when I try >>> to connect a client to the open SSID. I can't figure out what I am missing. >>> >>> Warm regards, >>> Rexford A. Nyarko. >>> >>> >>> On Thu, Jul 18, 2024 at 4:07 PM Enrique Gross via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> wrote: >>> >>>> Hi Rexford >>>> >>>> You don't need to put registration VLAN as default/untagged, >>>> registration vlan goes with tag. >>>> >>>> Have you mapped roles and VLAN ID on the switch config, on the PF side? >>>> >>>> Looking at packetfence.log, will help you to know what is happening >>>> with the user/device when connecting to AP. >>>> >>>> Enrique >>>> >>>> El jue, 18 jul 2024 a las 11:10, Rexford Nyarko (<rexfordn...@gmail.com>) >>>> escribió: >>>> >>>>> Hello Enrique, >>>>> Thank you for your response. >>>>> Yes I have AP the AP connected via Trunk. However the same still >>>>> happens, clients are not able to connect to the Open network in order to >>>>> access the registration portal. >>>>> Do I need to make the registration VLAN 20 the default /untagged VLAN >>>>> on the trunk ports? In that case, the AP can directly communicate with PF >>>>> on the default network. Thanks in advance. >>>>> >>>>> Warm regards, >>>>> Rexford A. Nyarko. >>>>> >>>>> >>>>> On Wed, Jul 17, 2024 at 8:14 AM Enrique Gross via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>>> Hi Rexford >>>>>> >>>>>> Hope you are doing well >>>>>> >>>>>> When configuring SSID on the Unifi side with Radius, it is ok that >>>>>> you can not set VLAN 20 as registration. On the PF side, it's in the >>>>>> roles >>>>>> (Role mapping by VLAN ID) when configuring APs that you will set up your >>>>>> VLAN for registration, prod or other vlan. So, as long registration >>>>>> vlan, >>>>>> prod, etc vlans are vlan trunk to AP, that's fine. >>>>>> >>>>>> So, an unreg user will be evaluated upon connection, as the condition >>>>>> is unreg it will be placed on registration vlan that is defined on your >>>>>> Switch roles. >>>>>> >>>>>> Sorry for my bad english, hope it helps. >>>>>> >>>>>> Enrique. >>>>>> >>>>>> >>>>>> >>>>>> El lun, 15 jul 2024 a las 5:22, Rexford Nyarko via PacketFence-users >>>>>> (<packetfence-users@lists.sourceforge.net>) escribió: >>>>>> >>>>>>> Hello All, >>>>>>> >>>>>>> First, my user environment consists mostly of Linux, windows users >>>>>>> and occasionally Mac. Network hardware consists of Cisco 2960 switches >>>>>>> for >>>>>>> LAN and Unifi AP AC Pro for wireless connectivity. I need to have an >>>>>>> authentication setup such that users log in with their LDAP credentials >>>>>>> and >>>>>>> users are assigned VLANS based on their *memberOf* LDAP attribute. >>>>>>> >>>>>>> Here's what I have done so far, >>>>>>> 1. Installed PF 13.2 with two interfaces, 1 separate for management >>>>>>> and another trunk with all VLAN interfaces added. >>>>>>> 2. Configured LDAP Authentication source >>>>>>> 3. Configured a connection Profile using the LDAP auth source. >>>>>>> 4. Added Unifi APs individually to PF via MAC Address. (Initially, I >>>>>>> tried adding the controller IP method but that didn't work with some >>>>>>> weird >>>>>>> errors about not being able to instantiate Switch) >>>>>>> 5. Configured Unifi Controller and Wifi with guest profile and >>>>>>> external Captive portal pointing to PF as instructed in the >>>>>>> documentation. >>>>>>> 6. Enabled the captive portal and respective services on the trunk >>>>>>> interface. >>>>>>> All to this point everything works great. As soon as a user connects >>>>>>> to the open SSID they get redirected to the captive portal on PF and >>>>>>> authenticate successfully with LDAP. This works great no problem. I >>>>>>> intend >>>>>>> to keep that and later change the auth source for guest Portal. >>>>>>> >>>>>>> Now I am trying to do vlan assignment. I followed the PF >>>>>>> documentation for Ubiquity to set up the controller with the Raduis >>>>>>> profile >>>>>>> SSID and all. However, things are not working as expected. I am a bit >>>>>>> confused here. >>>>>>> 1. I have created interfaces, registration VLAN - 20 and Isolation >>>>>>> VLAN - 30 on the trunk interface. >>>>>>> 2. I also have added 3 other production VLANs where I manage DNS and >>>>>>> DHCP >>>>>>> 3. the open SSID on unifi controller cannot be set to the >>>>>>> Registration VLAN 20 when Radius is enabled. So there is no way to >>>>>>> communicate with PF via the Registration VLAN hence users cannot get IPs >>>>>>> from PF on the open SSID and therefore cannot log in. >>>>>>> I need advice on how to get this working. Do I have to make the >>>>>>> registration VLAN the native or default vlan on the trunk and configure >>>>>>> the >>>>>>> guest captive portal on a different vlan which i can assign in the unifi >>>>>>> controller? >>>>>>> >>>>>>> Also, I have a problem where DNS queries on each vlan/subnet points >>>>>>> to the PF interface outside that subnet. eg pf.example.com - >>>>>>> 192.168.0.1/24 on registration vlan, and PF on captive portal vlan >>>>>>> 40 the IP is 192.168.1.1/24 but DNS query from captive portal >>>>>>> interface gives registration vlan IP of PF. >>>>>>> I would prefer that queries from each vlan would provide the >>>>>>> respective PF interface on that vlan, >>>>>>> Any help is appreciated. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Warm regards, >>>>>>> Rexford. >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> [image: Imágenes integradas 1] >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> >>>> >>>> -- >>>> >>>> [image: Imágenes integradas 1] >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >> >> -- >> >> [image: Imágenes integradas 1] >> > -- [image: Imágenes integradas 1]
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
