Re: [PacketFence-users] SSID message Error on PF from Cisco ap1242 and iphone mobile phone
Perfect! It's working well!! Thank you! Matteo 2014-07-03 15:30 GMT+02:00 Matteo Pidalà matteo.pid...@gmail.com: ah ok! I will try next week, I will be far away from my server until Monday... Thanks once again Fabrice, regards Matteo 2014-07-03 1:10 GMT+02:00 Durand fabrice fdur...@inverse.ca: My fault, it´s just a little syntax error, try this: sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } else { if ($radius_request-{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$radius_request-{'Cisco-AVPair'}); } } } $logger-warn( Unable to extract SSID for module . ref($this) . . SSID-based VLAN assignments won't work. . Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. ); return; } Fabrice Le 2014-07-02 16:21, Matteo Pidalà a écrit : Hi Fabrice, I'm sorry to disturb you once again, but after the function change, I receive a new error from packetfence.log after trying to connect my laptop in wifi: *Jul 03 00:19:33 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:33 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:33 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:36 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:36 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:36 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:39 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:39 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:39 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:43 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:43 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:43 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* The configuration is still like my first mail. Any suggestion are welcome!! Regards Mattteo 2014-07-01 23:49 GMT+02:00 Durand fabrice fdur...@inverse.ca: Hello Matteo, can you edit Aironet.pm and replace the function extractSsid with that code and retry : sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if
Re: [PacketFence-users] SSID message Error on PF from Cisco ap1242 and iphone mobile phone
ah ok! I will try next week, I will be far away from my server until Monday... Thanks once again Fabrice, regards Matteo 2014-07-03 1:10 GMT+02:00 Durand fabrice fdur...@inverse.ca: My fault, it´s just a little syntax error, try this: sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } else { if ($radius_request-{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$radius_request-{'Cisco-AVPair'}); } } } $logger-warn( Unable to extract SSID for module . ref($this) . . SSID-based VLAN assignments won't work. . Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. ); return; } Fabrice Le 2014-07-02 16:21, Matteo Pidalà a écrit : Hi Fabrice, I'm sorry to disturb you once again, but after the function change, I receive a new error from packetfence.log after trying to connect my laptop in wifi: *Jul 03 00:19:33 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:33 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:33 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:36 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:36 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:36 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:39 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:39 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:39 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:43 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:43 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:43 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* The configuration is still like my first mail. Any suggestion are welcome!! Regards Mattteo 2014-07-01 23:49 GMT+02:00 Durand fabrice fdur...@inverse.ca: Hello Matteo, can you edit Aironet.pm and replace the function extractSsid with that code and retry : sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1;
Re: [PacketFence-users] SSID message Error on PF from Cisco ap1242 and iphone mobile phone
Hi Fabrice, thank you very much for your prompt answer. Today evening I will try to perform this change. I try to modify the script following the error in the logs, but it was not like yours and the system was not working ;-) In case, seems a general issue / workaround. Is it possible add it on the official documentation? Regards Matteo 2014-07-01 23:49 GMT+02:00 Durand fabrice fdur...@inverse.ca: Hello Matteo, can you edit Aironet.pm and replace the function extractSsid with that code and retry : sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } else { if ($radius_request-{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } $logger-warn( Unable to extract SSID for module . ref($this) . . SSID-based VLAN assignments won't work. . Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. ); return; } Of course restart httpd.webservices service. Regards Fabrice Le 2014-07-01 17:36, Matteo Pidalà a écrit : Hi everybody! I reached one satisfied environment of Packetfence, with some switches and users working with 802.1x authentication with captive portal self registration. That's great... thanks once again for this fantastic product. Anyway right now I have one issue for the Wireless part. I have (for now), one cisco Aironet 1242 that should be perfectly compatible with pf. *I receive this strange message from the troubleshooting that I did:* *Jul 02 01:19:29 httpd.webservices(4128) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 02 01:19:29 httpd.webservices(4128) INFO: handling radius autz request: from switch_ip = 10.0.1.10, connection_type = Wireless-802.11-NoEAP,switch_mac = , mac = 04:f7:e4:f3:d6:99, port = 270, username = 04f7e4f3d699 (pf::radius::authorize)* *Jul 02 01:19:29 httpd.webservices(4128) ERROR: radius authorize failed with error: Can't use string (ssid=Public) as an ARRAY ref while strict refs in use at /usr/local/pf/lib/pf/Switch/Cisco/Aironet.pm line 206.* * (pf::api::radius_authorize)* *Jul 02 01:19:32 httpd.webservices(4128) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 02 01:19:32 httpd.webservices(4128) INFO: handling radius autz request: from switch_ip = 10.0.1.10, connection_type = Wireless-802.11-NoEAP,switch_mac = , mac = 04:f7:e4:f3:d6:99, port = 271, username = 04f7e4f3d699 (pf::radius::authorize)* *Jul 02 01:19:32 httpd.webservices(4128) ERROR: radius authorize failed with error: Can't use string (ssid=Public) as an ARRAY ref while strict refs in use at /usr/local/pf/lib/pf/Switch/Cisco/Aironet.pm line 206.* * (pf::api::radius_authorize)* *From the switch:* **Mar 1 06:04:41.138: %DOT11-7-AUTH_FAILED: Station 04f7.e4f3.d699 Authentication failed* **Mar 1 06:04:49.713: %DOT11-7-AUTH_FAILED: Station 04f7.e4f3.d699 Authentication failed* *The extract focused configuration is this:* # # Copyright 2006-2008 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] description=Switches Default Values vlans=1,2,3,4,5,10,20,30,35,40,50,60,100,110,120 normalVlan=100 registrationVlan=110 isolationVlan=120 macDetectionVlan=4 voiceVlan=5 inlineVlan=6 inlineTrigger= normalRole=normal registrationRole=registration isolationRole=isolation macDetectionRole=macDetection voiceRole=voice inlineRole=inline VoIPEnabled=no VlanMap=Y RoleMap=Y mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport=Telnet cliUser= cliPwd= cliEnablePwd= # # SNMP section # # PacketFence - Switch SNMPVersion=3 SNMPUserNameRead=readUser SNMPAuthProtocolRead=MD5 SNMPAuthPasswordRead=authpwdread SNMPPrivProtocolRead=AES SNMPPrivPasswordRead=privpwdread SNMPUserNameWrite=writeUser SNMPAuthProtocolWrite=MD5 SNMPAuthPasswordWrite=authpwdwrite
Re: [PacketFence-users] SSID message Error on PF from Cisco ap1242 and iphone mobile phone
Hi Fabrice, I'm sorry to disturb you once again, but after the function change, I receive a new error from packetfence.log after trying to connect my laptop in wifi: *Jul 03 00:19:33 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:33 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:33 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:36 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:36 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:36 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:39 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:39 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:39 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* *Jul 03 00:19:43 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 03 00:19:43 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)* *Jul 03 00:19:43 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)* The configuration is still like my first mail. Any suggestion are welcome!! Regards Mattteo 2014-07-01 23:49 GMT+02:00 Durand fabrice fdur...@inverse.ca: Hello Matteo, can you edit Aironet.pm and replace the function extractSsid with that code and retry : sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } else { if ($radius_request-{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } $logger-warn( Unable to extract SSID for module . ref($this) . . SSID-based VLAN assignments won't work. . Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. ); return; } Of course restart httpd.webservices service. Regards Fabrice Le 2014-07-01 17:36, Matteo Pidalà a écrit : Hi everybody! I reached one satisfied environment of Packetfence, with some switches and users working with 802.1x authentication with captive portal self registration. That's great... thanks once again for this fantastic product. Anyway right now I have one issue for the Wireless part. I have (for now), one cisco Aironet 1242 that should be perfectly compatible with pf. *I receive this strange message from the troubleshooting that I did:* *Jul 02 01:19:29 httpd.webservices(4128) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 02 01:19:29 httpd.webservices(4128) INFO: handling radius autz request: from switch_ip = 10.0.1.10, connection_type = Wireless-802.11-NoEAP,switch_mac = , mac =
Re: [PacketFence-users] SSID message Error on PF from Cisco ap1242 and iphone mobile phone
My fault, it´s just a little syntax error, try this: sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } else { if ($radius_request-{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$radius_request-{'Cisco-AVPair'}); } } } $logger-warn( Unable to extract SSID for module . ref($this) . . SSID-based VLAN assignments won't work. . Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. ); return; } Fabrice Le 2014-07-02 16:21, Matteo Pidalà a écrit : Hi Fabrice, I'm sorry to disturb you once again, but after the function change, I receive a new error from packetfence.log after trying to connect my laptop in wifi: */Jul 03 00:19:33 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)/* */Jul 03 00:19:33 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)/* */Jul 03 00:19:33 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)/* */Jul 03 00:19:36 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)/* */Jul 03 00:19:36 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)/* */Jul 03 00:19:36 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)/* */Jul 03 00:19:39 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)/* */Jul 03 00:19:39 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)/* */Jul 03 00:19:39 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)/* */Jul 03 00:19:43 httpd.webservices(3047) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)/* */Jul 03 00:19:43 httpd.webservices(3047) ERROR: Can not load perl module for switch 10.0.1.10, type: pf::Switch::Cisco::Aironet_1242. Either the type is unknown or the perl module has compilation errors. Read the following message for details: (pf::SwitchFactory::instantiate)/* */Jul 03 00:19:43 httpd.webservices(3047) WARN: Can't instantiate switch 10.0.1.10. This request will be failed. Are you sure your switches.conf is correct? (pf::radius::authorize)/* The configuration is still like my first mail. Any suggestion are welcome!! Regards Mattteo 2014-07-01 23:49 GMT+02:00 Durand fabrice fdur...@inverse.ca mailto:fdur...@inverse.ca: Hello Matteo, can you edit Aironet.pm and replace the function extractSsid with that code and retry : sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); }
[PacketFence-users] SSID message Error on PF from Cisco ap1242 and iphone mobile phone
Hi everybody! I reached one satisfied environment of Packetfence, with some switches and users working with 802.1x authentication with captive portal self registration. That's great... thanks once again for this fantastic product. Anyway right now I have one issue for the Wireless part. I have (for now), one cisco Aironet 1242 that should be perfectly compatible with pf. *I receive this strange message from the troubleshooting that I did:* *Jul 02 01:19:29 httpd.webservices(4128) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 02 01:19:29 httpd.webservices(4128) INFO: handling radius autz request: from switch_ip = 10.0.1.10, connection_type = Wireless-802.11-NoEAP,switch_mac = , mac = 04:f7:e4:f3:d6:99, port = 270, username = 04f7e4f3d699 (pf::radius::authorize)* *Jul 02 01:19:29 httpd.webservices(4128) ERROR: radius authorize failed with error: Can't use string (ssid=Public) as an ARRAY ref while strict refs in use at /usr/local/pf/lib/pf/Switch/Cisco/Aironet.pm line 206.* * (pf::api::radius_authorize)* *Jul 02 01:19:32 httpd.webservices(4128) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)* *Jul 02 01:19:32 httpd.webservices(4128) INFO: handling radius autz request: from switch_ip = 10.0.1.10, connection_type = Wireless-802.11-NoEAP,switch_mac = , mac = 04:f7:e4:f3:d6:99, port = 271, username = 04f7e4f3d699 (pf::radius::authorize)* *Jul 02 01:19:32 httpd.webservices(4128) ERROR: radius authorize failed with error: Can't use string (ssid=Public) as an ARRAY ref while strict refs in use at /usr/local/pf/lib/pf/Switch/Cisco/Aironet.pm line 206.* * (pf::api::radius_authorize)* *From the switch:* **Mar 1 06:04:41.138: %DOT11-7-AUTH_FAILED: Station 04f7.e4f3.d699 Authentication failed* **Mar 1 06:04:49.713: %DOT11-7-AUTH_FAILED: Station 04f7.e4f3.d699 Authentication failed* *The extract focused configuration is this:* # # Copyright 2006-2008 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] description=Switches Default Values vlans=1,2,3,4,5,10,20,30,35,40,50,60,100,110,120 normalVlan=100 registrationVlan=110 isolationVlan=120 macDetectionVlan=4 voiceVlan=5 inlineVlan=6 inlineTrigger= normalRole=normal registrationRole=registration isolationRole=isolation macDetectionRole=macDetection voiceRole=voice inlineRole=inline VoIPEnabled=no VlanMap=Y RoleMap=Y mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport=Telnet cliUser= cliPwd= cliEnablePwd= # # SNMP section # # PacketFence - Switch SNMPVersion=3 SNMPUserNameRead=readUser SNMPAuthProtocolRead=MD5 SNMPAuthPasswordRead=authpwdread SNMPPrivProtocolRead=AES SNMPPrivPasswordRead=privpwdread SNMPUserNameWrite=writeUser SNMPAuthProtocolWrite=MD5 SNMPAuthPasswordWrite=authpwdwrite SNMPPrivProtocolWrite=AES SNMPPrivPasswordWrite=privpwdwrite # Switch - PacketFence SNMPVersionTrap=3 SNMPUserNameTrap=readUser SNMPAuthProtocolTrap=MD5 SNMPAuthPasswordTrap=authpwdread SNMPPrivProtocolTrap=AES SNMPPrivPasswordTrap=privpwdread # # Web Services Interface # # wsTransport could be: http or https wsTransport=http wsUser= wsPwd= # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret=udifiusdbfdbsuisdbfidbs [10.0.1.4] mode=production defaultVlan=100 deauthMethod=SNMP description=core type=Cisco::Catalyst_3560 VoIPEnabled=N uplink=1,2,3,4,5,6,7,8,9,10 defaultRole=default guestVlan=100 gamingRole=guest guestRole=guest gamingVlan=100 wsPwd=cisco wsUser=cisco SNMPEngineID=AA5ED139B81D4A328D18ACD1 [10.0.1.10] SNMPVersion=2c SNMPCommunityRead=public SNMPCommunityWrite=private SNMPVersionTrap=2c SNMPCommunityTrap=public mode=production description=AP type=Cisco::Aironet_1242 *AP Configuration:* aaa group server radius rad_eap server 10.0.1.3 auth-port 1812 acct-port 1813 aaa group server radius rad_mac server 10.0.1.3 auth-port 1812 acct-port 1813 aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods group rad_mac snmp-server community public RO snmp-server community private RW snmp-server enable traps disassociate snmp-server enable traps deauthenticate snmp-server enable traps aaa_server radius-server host 10.0.1.3 auth-port 1812 acct-port 1813 key 7 ljljlkjlkjlkjjklkjljkljkljlj74F08090127 radius-server vsa send accounting radius-server vsa send authentication If you need something else... in the meantime... thanks in advance for your further support!!! Regards Matteo -- Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into
Re: [PacketFence-users] SSID message Error on PF from Cisco ap1242 and iphone mobile phone
Hello Matteo, can you edit Aironet.pm and replace the function extractSsid with that code and retry : sub extractSsid { my ($this, $radius_request) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); if (defined($radius_request-{'Cisco-AVPair'})) { if (ref($radius_request-{'Cisco-AVPair'}) eq 'ARRAY') { foreach my $ciscoAVPair (@{$radius_request-{'Cisco-AVPair'}}) { $logger-trace(Cisco-AVPair: .$ciscoAVPair); if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } else { if ($radius_request-{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = ssid=PacketFence-Secure return $1; } else { $logger-info(Unable to extract SSID of Cisco-AVPair: .$ciscoAVPair); } } } $logger-warn( Unable to extract SSID for module . ref($this) . . SSID-based VLAN assignments won't work. . Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. ); return; } Of course restart httpd.webservices service. Regards Fabrice Le 2014-07-01 17:36, Matteo Pidalà a écrit : Hi everybody! I reached one satisfied environment of Packetfence, with some switches and users working with 802.1x authentication with captive portal self registration. That's great... thanks once again for this fantastic product. Anyway right now I have one issue for the Wireless part. I have (for now), one cisco Aironet 1242 that should be perfectly compatible with pf. _I receive this strange message from the troubleshooting that I did:_ /*Jul 02 01:19:29 httpd.webservices(4128) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)*/ /*Jul 02 01:19:29 httpd.webservices(4128) INFO: handling radius autz request: from switch_ip = 10.0.1.10, connection_type = Wireless-802.11-NoEAP,switch_mac = , mac = 04:f7:e4:f3:d6:99, port = 270, username = 04f7e4f3d699 (pf::radius::authorize)*/ /*Jul 02 01:19:29 httpd.webservices(4128) ERROR: radius authorize failed with error: Can't use string (ssid=Public) as an ARRAY ref while strict refs in use at /usr/local/pf/lib/pf/Switch/Cisco/Aironet.pm line 206.*/ /* (pf::api::radius_authorize)*/ /*Jul 02 01:19:32 httpd.webservices(4128) INFO: Unable to extract MAC from Called-Station-Id: 0021.1be9.8770 (pf::radius::extractApMacFromRadiusRequest)*/ /*Jul 02 01:19:32 httpd.webservices(4128) INFO: handling radius autz request: from switch_ip = 10.0.1.10, connection_type = Wireless-802.11-NoEAP,switch_mac = , mac = 04:f7:e4:f3:d6:99, port = 271, username = 04f7e4f3d699 (pf::radius::authorize)*/ /*Jul 02 01:19:32 httpd.webservices(4128) ERROR: radius authorize failed with error: Can't use string (ssid=Public) as an ARRAY ref while strict refs in use at /usr/local/pf/lib/pf/Switch/Cisco/Aironet.pm line 206.*/ /* (pf::api::radius_authorize)*/ _From the switch:_ */*Mar 1 06:04:41.138: %DOT11-7-AUTH_FAILED: Station 04f7.e4f3.d699 Authentication failed/* */*Mar 1 06:04:49.713: %DOT11-7-AUTH_FAILED: Station 04f7.e4f3.d699 Authentication failed/* _The extract focused configuration is this:_ # # Copyright 2006-2008 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] description=Switches Default Values vlans=1,2,3,4,5,10,20,30,35,40,50,60,100,110,120 normalVlan=100 registrationVlan=110 isolationVlan=120 macDetectionVlan=4 voiceVlan=5 inlineVlan=6 inlineTrigger= normalRole=normal registrationRole=registration isolationRole=isolation macDetectionRole=macDetection voiceRole=voice inlineRole=inline VoIPEnabled=no VlanMap=Y RoleMap=Y mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport=Telnet cliUser= cliPwd= cliEnablePwd= # # SNMP section # # PacketFence - Switch SNMPVersion=3 SNMPUserNameRead=readUser SNMPAuthProtocolRead=MD5 SNMPAuthPasswordRead=authpwdread SNMPPrivProtocolRead=AES SNMPPrivPasswordRead=privpwdread SNMPUserNameWrite=writeUser SNMPAuthProtocolWrite=MD5 SNMPAuthPasswordWrite=authpwdwrite SNMPPrivProtocolWrite=AES SNMPPrivPasswordWrite=privpwdwrite # Switch - PacketFence SNMPVersionTrap=3 SNMPUserNameTrap=readUser SNMPAuthProtocolTrap=MD5 SNMPAuthPasswordTrap=authpwdread SNMPPrivProtocolTrap=AES SNMPPrivPasswordTrap=privpwdread # # Web Services Interface # # wsTransport could be: http or https wsTransport=http wsUser= wsPwd= # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret=udifiusdbfdbsuisdbfidbs [10.0.1.4] mode=production defaultVlan=100