Martijn How did you install Packetfence 15.0 and what OS. I couldn't get local realms to work or outside users proxied to the eduroam servers, you seem to have gotten farther than I did. I used Rocky 8.10 and Debian 12 installed from packages for my testing.
Nick Madunich IT System Administrator (509)359-4964 [email protected]<mailto:[email protected]> ________________________________ From: Martijn Langendoen <[email protected]> Sent: Tuesday, December 16, 2025 3:58 AM To: [email protected] <[email protected]> Cc: Madunich, Nicholas <[email protected]>; Fabrice Durand <[email protected]> Subject: RE: [PacketFence-users] Eduroam not working in Packetfence 15.0 You don't often get email from [email protected]. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> Hi, I swapped my 11.2 packetfence with a new build up 15.0 but i also notced that the eduroam part i s not working. The local user that uses a known realm works but outside eduroam users with unkown realms are not proxied to eduroam radius servers. Met vriendelijke groet, [cid:[email protected]] Martijn Langendoen Network Administrator [email protected]<mailto:[email protected]> 0118654307 | 0683260904 Werkdagen: maandag t/m vrijdag Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg [cid:[email protected]]<https://www.facebook.com/dezbnl> [cid:[email protected]] <https://www.instagram.com/dezbnl> [cid:[email protected]] <https://nl.linkedin.com/company/dezbnl> dezb.nl<https://www.dezb.nl/> Van: Madunich, Nicholas via PacketFence-users <[email protected]> Verzonden: woensdag 10 december 2025 20:16 Aan: [email protected] CC: Madunich, Nicholas <[email protected]> Onderwerp: Re: [PacketFence-users] Eduroam not working in Packetfence 15.0 Opgelet: Deze e-mail is afkomstig van buiten de organisatie. Klik niet op links of open geen bijlagen tenzij je de afzender kent en weet dat de inhoud veilig is. Here is a more detailed packet capture using Wireshark cli. Results from running: tshark -V -i any port 11812 Frame 1: 497 bytes on wire (3976 bits), 497 bytes captured (3976 bits) on interface 0 Interface id: 0 (any) Interface name: any Encapsulation type: Linux cooked-mode capture (25) Arrival Time: Dec 10, 2025 10:19:15.744936649 PST [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1765390755.744936649 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 497 bytes (3976 bits) Capture Length: 497 bytes (3976 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: sll:ethertype:ip:udp:data] Linux cooked capture Packet type: Unicast to us (0) Link-layer address type: 1 Link-layer address length: 6 Source: PaloAlto_e0:80:01 (b4:0c:25:e0:80:01) Unused: 0000 Protocol: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.168.240.30, Dst: 10.203.0.150 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 481 Identification: 0xd2da (53978) Flags: 0x0000 0... .... .... .... = Reserved bit: Not set .0.. .... .... .... = Don't fragment: Not set ..0. .... .... .... = More fragments: Not set ...0 0000 0000 0000 = Fragment offset: 0 Time to live: 62 Protocol: UDP (17) Header checksum: 0xec09 [validation disabled] [Header checksum status: Unverified] Source: 192.168.240.30 Destination: 10.203.0.150 User Datagram Protocol, Src Port: 63570, Dst Port: 11812 Source Port: 63570 Destination Port: 11812 Length: 461 Checksum: 0x674d [unverified] [Checksum Status: Unverified] [Stream index: 0] Data (453 bytes) 0000 01 97 01 c5 f3 b8 57 ef 73 14 f7 e7 b2 b4 a3 e5 ......W.s....... 0010 a6 eb 13 c8 01 15 6e 6d 61 64 75 6e 69 63 68 32 ......nmadunich2 0020 38 40 65 77 75 2e 65 64 75 06 06 00 00 00 02 1a [email protected]<mailto:[email protected]>....... 0030 1b 00 00 00 09 01 15 73 65 72 76 69 63 65 2d 74 .......service-t 0040 79 70 65 3d 46 72 61 6d 65 64 0c 06 00 00 05 cd ype=Framed...... 0050 4f 1a 02 01 00 18 01 6e 6d 61 64 75 6e 69 63 68 O......nmadunich 0060 32 38 40 65 77 75 2e 65 64 75 50 12 2e 8c fb 09 [email protected]<mailto:[email protected]>..... 0070 2f f7 0f 3e 64 8c 1b 8f 54 6c 30 99 66 02 1a 31 /..>d...Tl0.f..1 0080 00 00 00 09 01 2b 61 75 64 69 74 2d 73 65 73 73 .....+audit-sess 0090 69 6f 6e 2d 69 64 3d 31 45 46 30 41 38 43 30 30 ion-id=1EF0A8C00 00a0 30 32 33 36 45 35 32 30 39 37 44 32 37 43 43 1a 0236E52097D27CC. 00b0 14 00 00 00 09 01 0e 6d 65 74 68 6f 64 3d 64 6f .......method=do 00c0 74 31 78 1a 20 00 00 00 09 01 1a 63 6c 69 65 6e t1x. ......clien 00d0 74 2d 69 69 66 2d 69 64 3d 34 31 37 37 35 33 30 t-iif-id=4177530 00e0 36 37 33 1a 13 00 00 00 09 01 0d 76 6c 61 6e 2d 673........vlan- 00f0 69 64 3d 38 37 32 04 06 c0 a8 f0 1e 57 11 63 61 id=872......W.ca 0100 70 77 61 70 5f 39 30 63 30 30 33 32 62 3d 06 00 pwap_90c0032b=.. 0110 00 00 13 05 06 00 01 54 4d 1a 23 00 00 00 09 01 .......TM.#..... 0120 1d 63 69 73 63 6f 2d 77 6c 61 6e 2d 73 73 69 64 .cisco-wlan-ssid 0130 3d 65 64 75 72 6f 61 6d 74 65 73 74 1a 25 00 00 =eduroamtest.%.. 0140 00 09 01 1f 77 6c 61 6e 2d 70 72 6f 66 69 6c 65 ....wlan-profile 0150 2d 6e 61 6d 65 3d 65 64 75 72 6f 61 6d 74 65 73 -name=eduroamtes 0160 74 1e 1f 65 34 2d 33 37 2d 39 66 2d 33 31 2d 38 t..e4-37-9f-31-8 0170 63 2d 63 30 3a 65 64 75 72 6f 61 6d 74 65 73 74 c-c0:eduroamtest 0180 1f 13 32 36 2d 65 64 2d 66 62 2d 35 30 2d 31 38 ..26-ed-fb-50-18 0190 2d 38 36 1a 0c 00 00 37 63 01 06 00 00 00 08 20 -86....7c...... 01a0 0e 43 4d 50 2d 44 43 2d 57 4c 43 30 31 bb 06 00 .CMP-DC-WLC01... 01b0 0f ac 04 ba 06 00 0f ac 04 bc 06 00 0f ac 03 bd ................ 01c0 06 00 0f ac 06 ..... Data: 019701c5f3b857ef7314f7e7b2b4a3e5a6eb13c801156e6d... [Length: 453] Nick Madunich IT System Administrator (509)359-4964 [email protected]<mailto:[email protected]> ________________________________ From: Madunich, Nicholas via PacketFence-users <[email protected]<mailto:[email protected]>> Sent: Tuesday, December 9, 2025 3:06 PM To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Cc: Madunich, Nicholas <[email protected]<mailto:[email protected]>> Subject: Re: [PacketFence-users] Eduroam not working in Packetfence 15.0 Here is the result from: tcpdump -i any port 11812 -vv Domain has been anonymized to acme.com tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 14:16:17.442483 IP (tos 0x0, ttl 62, id 44986, offset 0, flags [none], proto UDP (17), length 480) CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: [udp sum ok] UDP, length 452 14:16:22.442104 IP (tos 0x0, ttl 62, id 47041, offset 0, flags [none], proto UDP (17), length 480) CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: [udp sum ok] UDP, length 452 14:16:27.442772 IP (tos 0x0, ttl 62, id 51153, offset 0, flags [none], proto UDP (17), length 480) CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: [udp sum ok] UDP, length 452 14:16:32.443121 IP (tos 0x0, ttl 62, id 54172, offset 0, flags [none], proto UDP (17), length 480) CISCO-CAPWAP-CONTROLLER.acme.com.63570 > lipfence04v.acme.com.11812: [udp sum ok] UDP, length 452 Thanks, Nick Madunich IT System Administrator (509)359-4964 [email protected]<mailto:[email protected]> ________________________________ From: Fabrice Durand via PacketFence-users <[email protected]<mailto:[email protected]>> Sent: Friday, December 5, 2025 12:27 PM To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Cc: Fabrice Durand <[email protected]<mailto:[email protected]>> Subject: Re: [PacketFence-users] Eduroam not working in Packetfence 15.0 Hi Nick, Could you please run a packet capture on the server interface that is supposed to receive the RADIUS requests? Please filter the capture on port 11812. Thanks, Fabrice Le ven. 5 déc. 2025 à 15:15, Madunich, Nicholas via PacketFence-users <[email protected]<mailto:[email protected]>> a écrit : I am reaching out to see if anyone has tested eduroam in Packetfence 15.0 and if it's working for them? From my testing the authentication requests aren't being forwarded to the eduroam service. I have tried both an upgrade from 14.1 where eduroam is working and a fresh install of Packetfence 15.0. When attempting to authenticate, nothing shows in the audit logs of the web GUI or the radius and radius-eduroam log files on the server. Troubleshooting All my testing was done using the same IP and NAT where eduroam works in 14.1 so it's not an issue with my internal network. All the required services are running and I see no errors that indicate there's an issue in log files tcpdump does show the eduroam traffic from my WLC to the server over port 11812. Running raddebug on radiusd-eduroam.sock and radiusd.sock shows no authentication attempts. I have reproduced this behavior in both Debian 12 and Rocky 8.10 installing from packages, I haven't tried the ZEN or ISO install. I apologize that I don't have more information to share, unfortunately I can't find any authentication attempts or errors in the log files to help me troubleshoot further. Nick Madunich IT System Administrator (509)359-4964 [email protected]<mailto:[email protected]> _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
