subject:"Re\: \[PacketFence\-users\] Ruckus Smartzone"

Re: [PacketFence-users] Ruckus Smartzone

2021-03-04 Thread Lamont, Pieter-Jan via PacketFence-users

Hello Diego

That could also work in our environment . I'll take a look at this scenario 
next week when I'm back at the office.
Thanks !!

Kind regards
[cid:EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png]

Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>



From: Diego Garcia del Rio 
Sent: donderdag 4 maart 2021 2:06
To: Lamont, Pieter-Jan 
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Ruckus Smartzone

Hi pieter-Jan

I am using the same scenario as you describe. Only that the unrecognized 
devices get directed to the captive portal directly. (packetfence assigns a 
registration vlan to unknown devices, then acts as a dhcp / dns server for that 
vlan and clients get presented the portal). Then the users just login using the 
ldap credentials and the Mac I associated to their account automatically

The only requirement is to have a registration and isolation vlans on 
packetfence and that the same vlan can be reached directly by the aps (when you 
assign the proper vlan to th wifi clients)

Especially on packetfence 10.2 you get the newest support for captive portal 
detection via dhcp which is not yet offered natively by ruckus when doing web 
auth.



On Wed, Mar 3, 2021, 17:17 Lamont, Pieter-Jan 
mailto:pieterjan.lam...@sgsintpaulus.eu>> 
wrote:
Hello Diego

Yes the mac encryption is disabled on the smartzone via SSH.
Mac authentication would be great for our know devices , but not for the byod 
segment :(

We would like to use the portal to authenticate students/teachers to our campus 
wifi. The link to Office365 via LDAPS (Azure Domain Services) is already 
working :)
When transferring to the captive portal our ruckus adds a bunch of information 
to the link. I'll capture this tomorrow from my device. Then I'm sure the mac 
address of my device is added in this information.

Version Smartzone is 5.2.1.0.515
Version PF 10.2

Kind regards

[cid:image001.png@01D71103.12A75810]


Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>


From: Diego Garcia del Rio mailto:garc...@gmail.com>>
Sent: woensdag 3 maart 2021 17:34
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Lamont, Pieter-Jan 
mailto:pieterjan.lam...@sgsintpaulus.eu>>
Subject: Re: [PacketFence-users] Ruckus Smartzone

Hi Pieter,

did you disable mac encryption on smartzone?

Its weird that the mac is not being found. To be honest, I have not used the 
portal option myself yet so Im not of great help there. Any reason why you 
wouldnt do the mac authentication option with the portal served directly by 
packetfence? (Im guessing if you have a large campus or multiple campuses with 
a single smart zone and single packetfence.)

I was hoping to test the web-auth soon, but I havent had much time.

which version of smartzone are you using?

cheers!


On Tue, Mar 2, 2021 at 4:05 PM Lamont, Pieter-Jan via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:
Hello Packetfence Community

I'm trying to deploy a Ruckus SmartZone WebAuth configuration .
I have followed the guide several times(Fresh Debian9 with apt-get installation 
and Packetfence ZEN) but didn't succeed the deployment.(6.24.1 - Network 
Devices Configuration Guide)
When configuring the captive portal I can't go to 
http://ip-of-packetfence/RuckusSmartZone (Not implemented) but after changing 
this to http://ip-of-packetfence/Captive-portal , I'm seeing the portal.

The user is guided to the captive portal but gets the "Your computer was not 
found in the PF Database" with his IP correctly but no MAC address (MAC 0).
When enabling "Activate Preregistration" in the default connection Profile , 
the users gets the Username/password fields to login.
But when entering the correct credentials, the users get a 502 bad gateway ...
I have also tried to capture all data from the PF to the Ruckus Smartzone, but 
I see no traffic to or from the Smartzone.


Already tried the new updated guide 
(https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgarci66%2Fpacketfence%2Fblob%2F9da2608f131780eb7d9cd64246c9a767868d119f%2Fdocs%2Fnetwork%2Fnetworkdevice%2Fruckus_smartzone.asciidoc=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C58fb4be947194cd2eaca08d8dea9a9c1%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504167608800845%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=jfWRnTNDDT7szlBJqjAhTj6SgrMmg%2BrtTHPLm2cy0I4%3D=0>)
 but with the same outcome .
Mac Authentication with the

Re: [PacketFence-users] Ruckus Smartzone

2021-03-04 Thread Diego Garcia del Rio via PacketFence-users

let me know if you need any help... but I have it deployed just like that
at several schools and it works well.


On Thu, Mar 4, 2021 at 10:34 AM Lamont, Pieter-Jan <
pieterjan.lam...@sgsintpaulus.eu> wrote:

> Hello Diego
>
>
>
> That could also work in our environment . I’ll take a look at this
> scenario next week when I’m back at the office.
> Thanks !!
>
> Kind regards
>
> *Pieter-Jan Lamont*
> IT-Coördinator
>
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu
>
>
> *From:* Diego Garcia del Rio 
> *Sent:* donderdag 4 maart 2021 2:06
> *To:* Lamont, Pieter-Jan 
> *Cc:* packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] Ruckus Smartzone
>
>
>
> Hi pieter-Jan
>
>
>
> I am using the same scenario as you describe. Only that the unrecognized
> devices get directed to the captive portal directly. (packetfence assigns a
> registration vlan to unknown devices, then acts as a dhcp / dns server for
> that vlan and clients get presented the portal). Then the users just login
> using the ldap credentials and the Mac I associated to their account
> automatically
>
>
>
> The only requirement is to have a registration and isolation vlans on
> packetfence and that the same vlan can be reached directly by the aps (when
> you assign the proper vlan to th wifi clients)
>
>
>
> Especially on packetfence 10.2 you get the newest support for captive
> portal detection via dhcp which is not yet offered natively by ruckus when
> doing web auth.
>
>
>
>
>
>
>
> On Wed, Mar 3, 2021, 17:17 Lamont, Pieter-Jan <
> pieterjan.lam...@sgsintpaulus.eu> wrote:
>
> Hello Diego
>
>
>
> Yes the mac encryption is disabled on the smartzone via SSH.
> Mac authentication would be great for our know devices , but not for the
> byod segment L
>
> We would like to use the portal to authenticate students/teachers to our
> campus wifi. The link to Office365 via LDAPS (Azure Domain Services) is
> already working J
> When transferring to the captive portal our ruckus adds a bunch of
> information to the link. I’ll capture this tomorrow from my device. Then
> I’m sure the mac address of my device is added in this information.
>
> Version Smartzone is 5.2.1.0.515
> Version PF 10.2
>
>
>
> Kind regards
>
>
>
> *Pieter-Jan Lamont*
> IT-Coördinator
>
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu
>
>
>
> *From:* Diego Garcia del Rio 
> *Sent:* woensdag 3 maart 2021 17:34
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* Lamont, Pieter-Jan 
> *Subject:* Re: [PacketFence-users] Ruckus Smartzone
>
>
>
> Hi Pieter,
>
>
>
> did you disable mac encryption on smartzone?
>
>
>
> Its weird that the mac is not being found. To be honest, I have not used
> the portal option myself yet so Im not of great help there. Any reason why
> you wouldnt do the mac authentication option with the portal served
> directly by packetfence? (Im guessing if you have a large campus or
> multiple campuses with a single smart zone and single packetfence.)
>
>
>
> I was hoping to test the web-auth soon, but I havent had much time.
>
>
>
> which version of smartzone are you using?
>
>
>
> cheers!
>
>
>
>
>
> On Tue, Mar 2, 2021 at 4:05 PM Lamont, Pieter-Jan via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hello Packetfence Community
>
>
>
> I’m trying to deploy a Ruckus SmartZone WebAuth configuration .
> I have followed the guide several times(Fresh Debian9 with apt-get
> installation and Packetfence ZEN) but didn’t succeed the deployment.(6.24.1
> – Network Devices Configuration Guide)
> When configuring the captive portal I can’t go to
> http://ip-of-packetfence/RuckusSmartZone (Not implemented) but after
> changing this to http://ip-of-packetfence/Captive-portal , I’m seeing the
> portal.
>
> The user is guided to the captive portal but gets the “Your computer was
> not found in the PF Database” with his IP correctly but no MAC address (MAC
> 0).
>
> When enabling “Activate Preregistration” in the default connection Profile
> , the users gets the Username/password fields to login.
>
> But when entering the correct credentials, the users get a 502 bad gateway
> …
>
> I have also tried to capture all data from the PF to the Ruckus Smartzone,
> but I see no traffic to or from the Smartzone.
>
>
>
>
> Already tried the new updated guide (
> https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/net

Re: [PacketFence-users] Ruckus Smartzone

2021-03-04 Thread Ludovic Zammit via PacketFence-users

Hello,

Use the "Ruckus SmartZone Wireless Controllers” switch module. The "Ruckus 
SmartZone v2” does not support the Web authentication yet.

Thanks,

Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) 
and PacketFence (http://packetfence.org <http://packetfence.org/>)







> On Mar 3, 2021, at 4:32 PM, Lamont, Pieter-Jan 
>  wrote:
> 
> Hello Ludovic
>  
> This is the config:
> 
> [192.168.10.65]
> radiusSecret=***
> description=test ruckus
> controllerIp=192.168.10.65
> type=Ruckus::SmartZone_v2
> group=default
> ExternalPortalEnforcement=Y
> registrationVlan=-1
> wsPwd=***
> wsUser=***
> SNMPVersion=2c
> SNMPVersionTrap=2c
>  
> [192.168.149.0/24]
> description=test
> radiusSecret=***
> wsPwd=
> registrationVlan=-1
> ExternalPortalEnforcement=Y
> group=default
> type=Ruckus::SmartZone_v2
> defaultVlan=149
> controllerIp=192.168.10.65
> wsUser=
>  
> [192.168.150.0/24]
> type=Ruckus::SmartZone_v2
> ExternalPortalEnforcement=Y
> group=default
> description=ap range
> controllerIp=192.168.10.65
> registrationVlan=-1
> radiusSecret=***
> wsPwd=***
> wsUser=***
>  
> The added switches 192.168.149.0/24 and 192.168.150.0/24 was for testing 
> purpose.
>  
> Kind regards
> 
>  
>  
> Pieter-Jan Lamont
> IT-Coördinator 
> 
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu 
> <mailto:pieterjan.lam...@sgsintpaulus.eu>  
> 
> 
> From: Ludovic Zammit  
> Sent: woensdag 3 maart 2021 22:19
> To: Lamont, Pieter-Jan 
> Cc: packetfence-users@lists.sourceforge.net
> Subject: Re: [PacketFence-users] Ruckus Smartzone
>  
> Show me the content of your conf/switches.conf
>  
> Removed the shared secret and password.
>  
> Thanks,
> 
> Ludovic Zammit
> lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
> www.inverse.ca 
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.inverse.ca%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549077745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=%2BFucEc5FpX2XSoH3BmfjofS2Htsp2FOl4XCSlmNUVEI%3D=0>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=xWXRyt7Nr08ZQf74uqW5%2FpBUC9TrYl8VxZTRgYXYuDU%3D=0>)
>  and PacketFence (http://packetfence.org 
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=7gKpoCtNREOG51QvskTg9D4jiGPd6ZYVlRHPZqH4iTI%3D=0>)
>  
>  
>  
>  
>  
> 
> 
> 
> On Mar 3, 2021, at 4:06 PM, Lamont, Pieter-Jan 
> mailto:pieterjan.lam...@sgsintpaulus.eu>> 
> wrote:
>  
> Hello Ludovic
>  
> I have found the reason why there was a public ip in the info Ruckus was 
> sending. This was our Control NAT IP, which we don’t use…
> After removing this config I’m getting our correct private IP in the nbiIP 
> field.
> 
> GET 
> /captive-portal?nbiIP=192.168.10.65_mac=90-97-f3-6b-2d-4e_name=Administration+Domain=Un-Auth-Captive=VTI-Test=scg.ruckuswireless.com
>  
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=BpOsiulETyzh6cTz60RapJCCM7NdRAcNxOTvrWOXoFs%3D=0>=VTI-Test=d8:38:fc:17:14:f0=http%3A%2F%2Fportal.fb.com
>  
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2fportal.fb.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=Wk%2Flv6HsmIxVjXNbE5eO%2B8lN1EzCtI938XqWPAff6NA%3D=0>%2F

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Diego Garcia del Rio via PacketFence-users

Hi pieter-Jan

I am using the same scenario as you describe. Only that the unrecognized
devices get directed to the captive portal directly. (packetfence assigns a
registration vlan to unknown devices, then acts as a dhcp / dns server for
that vlan and clients get presented the portal). Then the users just login
using the ldap credentials and the Mac I associated to their account
automatically

The only requirement is to have a registration and isolation vlans on
packetfence and that the same vlan can be reached directly by the aps (when
you assign the proper vlan to th wifi clients)

Especially on packetfence 10.2 you get the newest support for captive
portal detection via dhcp which is not yet offered natively by ruckus when
doing web auth.




On Wed, Mar 3, 2021, 17:17 Lamont, Pieter-Jan <
pieterjan.lam...@sgsintpaulus.eu> wrote:

> Hello Diego
>
>
>
> Yes the mac encryption is disabled on the smartzone via SSH.
> Mac authentication would be great for our know devices , but not for the
> byod segment L
>
> We would like to use the portal to authenticate students/teachers to our
> campus wifi. The link to Office365 via LDAPS (Azure Domain Services) is
> already working J
> When transferring to the captive portal our ruckus adds a bunch of
> information to the link. I’ll capture this tomorrow from my device. Then
> I’m sure the mac address of my device is added in this information.
>
> Version Smartzone is 5.2.1.0.515
> Version PF 10.2
>
>
>
> Kind regards
>
>
>
> *Pieter-Jan Lamont*
> IT-Coördinator
>
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu
>
>
> *From:* Diego Garcia del Rio 
> *Sent:* woensdag 3 maart 2021 17:34
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* Lamont, Pieter-Jan 
> *Subject:* Re: [PacketFence-users] Ruckus Smartzone
>
>
>
> Hi Pieter,
>
>
>
> did you disable mac encryption on smartzone?
>
>
>
> Its weird that the mac is not being found. To be honest, I have not used
> the portal option myself yet so Im not of great help there. Any reason why
> you wouldnt do the mac authentication option with the portal served
> directly by packetfence? (Im guessing if you have a large campus or
> multiple campuses with a single smart zone and single packetfence.)
>
>
>
> I was hoping to test the web-auth soon, but I havent had much time.
>
>
>
> which version of smartzone are you using?
>
>
>
> cheers!
>
>
>
>
>
> On Tue, Mar 2, 2021 at 4:05 PM Lamont, Pieter-Jan via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hello Packetfence Community
>
>
>
> I’m trying to deploy a Ruckus SmartZone WebAuth configuration .
> I have followed the guide several times(Fresh Debian9 with apt-get
> installation and Packetfence ZEN) but didn’t succeed the deployment.(6.24.1
> – Network Devices Configuration Guide)
> When configuring the captive portal I can’t go to
> http://ip-of-packetfence/RuckusSmartZone (Not implemented) but after
> changing this to http://ip-of-packetfence/Captive-portal , I’m seeing the
> portal.
>
> The user is guided to the captive portal but gets the “Your computer was
> not found in the PF Database” with his IP correctly but no MAC address (MAC
> 0).
>
> When enabling “Activate Preregistration” in the default connection Profile
> , the users gets the Username/password fields to login.
>
> But when entering the correct credentials, the users get a 502 bad gateway
> …
>
> I have also tried to capture all data from the PF to the Ruckus Smartzone,
> but I see no traffic to or from the Smartzone.
>
>
>
>
> Already tried the new updated guide (
> https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgarci66%2Fpacketfence%2Fblob%2F9da2608f131780eb7d9cd64246c9a767868d119f%2Fdocs%2Fnetwork%2Fnetworkdevice%2Fruckus_smartzone.asciidoc=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cdc91f5bc89334270b0fa08d8de6225f2%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503860422388006%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=6f1cydbNk0x%2BNUQ7bLrImXRjV2Lem07ZhXCCoZlTWxk%3D=0>)
> but with the same outcome .
> Mac Authentication with the update guide works perfectly, but we are
> searching for the Captive portal solution (webauth)
>
> Is there someone with a working Web Auth on a Ruckus Smartzone that can
> help me this is issue , or anyone with the same problems?
>
>
>
> Kind regards
> Pieter-jan Lamont
>
> *Pieter-Jan Lamont*
>

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Lamont, Pieter-Jan via PacketFence-users

Hello Ludovic

This is the config:

[192.168.10.65]
radiusSecret=***
description=test ruckus
controllerIp=192.168.10.65
type=Ruckus::SmartZone_v2
group=default
ExternalPortalEnforcement=Y
registrationVlan=-1
wsPwd=***
wsUser=***
SNMPVersion=2c
SNMPVersionTrap=2c

[192.168.149.0/24]
description=test
radiusSecret=***
wsPwd=
registrationVlan=-1
ExternalPortalEnforcement=Y
group=default
type=Ruckus::SmartZone_v2
defaultVlan=149
controllerIp=192.168.10.65
wsUser=

[192.168.150.0/24]
type=Ruckus::SmartZone_v2
ExternalPortalEnforcement=Y
group=default
description=ap range
controllerIp=192.168.10.65
registrationVlan=-1
radiusSecret=***
wsPwd=***
wsUser=***

The added switches 192.168.149.0/24 and 192.168.150.0/24 was for testing 
purpose.

Kind regards


[cid:EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png]

Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>



From: Ludovic Zammit 
Sent: woensdag 3 maart 2021 22:19
To: Lamont, Pieter-Jan 
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Ruckus Smartzone

Show me the content of your conf/switches.conf

Removed the shared secret and password.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.inverse.ca%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549077745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=%2BFucEc5FpX2XSoH3BmfjofS2Htsp2FOl4XCSlmNUVEI%3D=0>

Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=xWXRyt7Nr08ZQf74uqW5%2FpBUC9TrYl8VxZTRgYXYuDU%3D=0>)
 and PacketFence 
(http://packetfence.org<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549087745%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=7gKpoCtNREOG51QvskTg9D4jiGPd6ZYVlRHPZqH4iTI%3D=0>)







On Mar 3, 2021, at 4:06 PM, Lamont, Pieter-Jan 
mailto:pieterjan.lam...@sgsintpaulus.eu>> 
wrote:

Hello Ludovic

I have found the reason why there was a public ip in the info Ruckus was 
sending. This was our Control NAT IP, which we don't use...
After removing this config I'm getting our correct private IP in the nbiIP 
field.

GET 
/captive-portal?nbiIP=192.168.10.65_mac=90-97-f3-6b-2d-4e_name=Administration+Domain=Un-Auth-Captive=VTI-Test=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=BpOsiulETyzh6cTz60RapJCCM7NdRAcNxOTvrWOXoFs%3D=0>=VTI-Test=d8:38:fc:17:14:f0=http%3A%2F%2Fportal.fb.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2fportal.fb.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549097735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=Wk%2Flv6HsmIxVjXNbE5eO%2B8lN1EzCtI938XqWPAff6NA%3D=0>%2Fmobile%2Fstatus.php=0=149=46=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7C24be9990f70341071df808d8de89fe5b%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637504031549107729%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=OQciOd3i5rF0jreLZJvJjw6KjN26WmQdfk0m3wcG1mI%3D=0>=WYSlX0KJHIctnpAfJwtWt4paEFCQ8Rjz2NKJGU5YB2o_161480456=192.168.150.34=1=192.168.149.170
 HTTP/1.1"

When the users goes to the captive portal they get the message "Your computer 
was not found in the PacketFence database. Please reboot to solve this issue.".
The correct client ip is given (192.168.149.170) but the MAC is 0 (which should 
be 90-97-f3-6b-2d-4e). This client mac is also in the client_mac field given 
from the Ruckus Smartzone.
After enabling "Activate Preregistration" in the Default Connection Profile, 
the user can login (demouser) but after

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Lamont, Pieter-Jan via PacketFence-users

Hello Ludovic

When adding http://ip-of-packetfence/RuckusSmartZone to the Smartzone the users 
is only getting "Not implemented" on the screen .
If we change this to http://ip-of-packetfence/captive-portal , I see that 
ruckus adds a bunch of information to that link as you described .

"GET 
/captive-portal?nbiIP=84.199.*.*_mac=a8-9c-ed-91-80-d4_name=Administration+Domain=Un-Auth-Captive=VTI-Test=scg.ruckuswireless.com=VTI-Test=0c:f4:d5:2f:9e:a0=http%3A%2F%2Fconnect.rom.miui.com%2Fgenerate_204=0=149=46=scg.ruckuswireless.com=4D-QLLuerkFXa3hgUdKB8v3hhjf1Q378oPRjYUdz2ew_1614610736148=192.168.150.10=1=192.168.149.157
 HTTP/1.1" 200 4418 1082 101226 "-" "Mozilla/5.0 (Linux; Android 10; MI 9 
Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 
Chrome/88.0.4324.181 Mobile Safari/537.36"

The only weird thing about the url is the nbiIP info... it's a public ip of 
ours, but we don't use this anywhere in our setup. The other info is correct.
Tomorrow i will test again with my device, so I'm sure the client_mac address 
is correct.

Kind regards

[cid:EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png]

Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>



From: Ludovic Zammit 
Sent: woensdag 3 maart 2021 19:54
To: packetfence-users@lists.sourceforge.net
Cc: Lamont, Pieter-Jan 
Subject: Re: [PacketFence-users] Ruckus Smartzone

Hello Pieter-Jan,

You are not suppose to have access to http://ip-of-packetfence/RuckusSmartZone. 
You should be redirected to that URL via the SmartZone and also send out a http 
request to PF with a bunch of other attribute like the client Mac and IP.

Something along the line:

?nbiIP=192.168.x.y_mac=xxx=Un-Auth-Captive=MY_WIFI=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350751109%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=bfQpQEXxjPTwbAyTxgiYxzp%2FLzT9jbnZVkBxF6I3tDk%3D=0>=MY_SSID=44:1e:98:1e:31:a0=http%3A%2F%2Finit-p01st.push.apple.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2finit-p01st.push.apple.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350761103%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=g5KgzJpel4e3tUVBzz6DiWSNtJYS3NXEHkwEjx864eg%3D=0>=0=30=3=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350761103%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=ASuZe2Ed%2BLU3CZYoesouUAP9j%2BwIXhtMqd1RzchXaVc%3D=0>=WEDtGa9sj1EOy6-qqLWQBw_1570617665657==ENCx

You could see that in the logs/httpd.access.log. If you don't see that, don't 
go further because PF will its critical information as you described.

Thanks,

Ludovic Zammit

lzam...@inverse.ca<mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.inverse.ca%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350771101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=Dm40%2BmJmPaAqjjvFcYsasvgZXHVnZ%2BLQ%2BBg0RhXqIQQ%3D=0>

Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.sogo.nu%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350771101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=CwROG%2BqEgRtnK1PPvcrOL109KVpE7GXATZCUZxYw4W0%3D=0>)
 and PacketFence 
(http://packetfence.org<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpacketfence.org%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350781092%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=DEBRCB%2BUsiTzItvORM5AARDRh1zx0ExXj2LX4jyFPFo%3D=0>)







On Mar 2, 2021, at 11:22 AM, Lamont, Pieter-Jan via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:

Hello Packetfence Community

I'm trying to deploy a Ruckus SmartZone WebAuth c

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Diego Garcia del Rio via PacketFence-users

Dear ludovic,

Any chance you guys can take a look at the PR I raised with quite a bit of
documentation for smartzone and ruckus in general? It's PR 6141

(I have one commit as root just pulling the repo forward which I'm not sure
how to get rid of so that the cla bot passes)

Cheers!


On Wed, Mar 3, 2021, 18:22 Ludovic Zammit via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Show me the content of your conf/switches.conf
>
> Removed the shared secret and password.
>
> Thanks,
>
>
> Ludovic Zammit
> lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
>
>
>
>
>
>
> On Mar 3, 2021, at 4:06 PM, Lamont, Pieter-Jan <
> pieterjan.lam...@sgsintpaulus.eu> wrote:
>
> Hello Ludovic
>
> I have found the reason why there was a public ip in the info Ruckus was
> sending. This was our Control NAT IP, which we don’t use…
> After removing this config I’m getting our correct private IP in the nbiIP
> field.
>
> GET
> /captive-portal?nbiIP=192.168.10.65_mac=90-97-f3-6b-2d-4e_name=Administration+Domain=Un-Auth-Captive=VTI-Test=
> scg.ruckuswireless.com=VTI-Test=d8:38:fc:17:14:f0=http%3A%2F%
> 2Fportal.fb.com <http://2fportal.fb.com/>
> %2Fmobile%2Fstatus.php=0=149=46=scg.ruckuswireless.com=WYSlX0KJHIctnpAfJwtWt4paEFCQ8Rjz2NKJGU5YB2o_161480456=192.168.150.34=1=192.168.149.170
> HTTP/1.1"
>
> When the users goes to the captive portal they get the message “Your
> computer was not found in the PacketFence database. Please reboot to solve
> this issue.”.
> The correct client ip is given (192.168.149.170) but the MAC is 0 (which
> should be 90-97-f3-6b-2d-4e). This client mac is also in the client_mac
> field given from the Ruckus Smartzone.
> After enabling “Activate Preregistration” in the Default Connection
> Profile, the user can login (demouser) but after the correct authentication
> he gets a 502 bad gateway.
>
> Kind regards
>
> 
>
> *Pieter-Jan Lamont*
> IT-Coördinator
>
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu
>
>
>
> *From:* Lamont, Pieter-Jan 
> *Sent:* woensdag 3 maart 2021 21:24
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* Ludovic Zammit 
> *Subject:* RE: [PacketFence-users] Ruckus Smartzone
>
> Hello Ludovic
>
> When adding http://ip-of-packetfence/RuckusSmartZone to the Smartzone the
> users is only getting “Not implemented” on the screen .
> If we change this to http://ip-of-packetfence/captive-portal , I see that
> ruckus adds a bunch of information to that link as you described .
>
> "GET
> /captive-portal?nbiIP=84.199.*.*_mac=a8-9c-ed-91-80-d4_name=Administration+Domain=Un-Auth-Captive=VTI-Test=
> scg.ruckuswireless.com=VTI-Test=0c:f4:d5:2f:9e:a0=http%3A%2F%
> 2Fconnect.rom.miui.com <http://2fconnect.rom.miui.com/>
> %2Fgenerate_204=0=149=46=scg.ruckuswireless.com=4D-QLLuerkFXa3hgUdKB8v3hhjf1Q378oPRjYUdz2ew_1614610736148=192.168.150.10=1=192.168.149.157
> HTTP/1.1" 200 4418 1082 101226 "-" "Mozilla/5.0 (Linux; Android 10; MI 9
> Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko)
> Version/4.0 Chrome/88.0.4324.181 Mobile Safari/537.36"
>
> The only weird thing about the url is the nbiIP info… it’s a public ip of
> ours, but we don’t use this anywhere in our setup. The other info is
> correct.
> Tomorrow i will test again with my device, so I’m sure the client_mac
> address is correct.
>
> Kind regards
>
> 
>
> *Pieter-Jan Lamont*
> IT-Coördinator
>
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu
>
> *From:* Ludovic Zammit 
> *Sent:* woensdag 3 maart 2021 19:54
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* Lamont, Pieter-Jan 
> *Subject:* Re: [PacketFence-users] Ruckus Smartzone
>
> Hello Pieter-Jan,
>
> You are not suppose to have access to
> http://ip-of-packetfence/RuckusSmartZone. You should be redirected to
> that URL via the SmartZone and also send out a http request to PF with a
> bunch of other attribute like the client Mac and IP.
>
> Something along the line:
>
>
> ?nbiIP=192.168.x.y_mac=xxx=Un-Auth-Captive=MY_WIFI=
> scg.ruckuswireless.com
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350751109%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=bfQpQEXxjPTwbAyTxgiYxzp%2FLzT9jbnZVkBxF6I3tDk%3D=

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Lamont, Pieter-Jan via PacketFence-users

Hello Diego

Yes the mac encryption is disabled on the smartzone via SSH.
Mac authentication would be great for our know devices , but not for the byod 
segment :(

We would like to use the portal to authenticate students/teachers to our campus 
wifi. The link to Office365 via LDAPS (Azure Domain Services) is already 
working :)
When transferring to the captive portal our ruckus adds a bunch of information 
to the link. I'll capture this tomorrow from my device. Then I'm sure the mac 
address of my device is added in this information.

Version Smartzone is 5.2.1.0.515
Version PF 10.2

Kind regards

[cid:EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png]

Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>



From: Diego Garcia del Rio 
Sent: woensdag 3 maart 2021 17:34
To: packetfence-users@lists.sourceforge.net
Cc: Lamont, Pieter-Jan 
Subject: Re: [PacketFence-users] Ruckus Smartzone

Hi Pieter,

did you disable mac encryption on smartzone?

Its weird that the mac is not being found. To be honest, I have not used the 
portal option myself yet so Im not of great help there. Any reason why you 
wouldnt do the mac authentication option with the portal served directly by 
packetfence? (Im guessing if you have a large campus or multiple campuses with 
a single smart zone and single packetfence.)

I was hoping to test the web-auth soon, but I havent had much time.

which version of smartzone are you using?

cheers!


On Tue, Mar 2, 2021 at 4:05 PM Lamont, Pieter-Jan via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:
Hello Packetfence Community

I'm trying to deploy a Ruckus SmartZone WebAuth configuration .
I have followed the guide several times(Fresh Debian9 with apt-get installation 
and Packetfence ZEN) but didn't succeed the deployment.(6.24.1 - Network 
Devices Configuration Guide)
When configuring the captive portal I can't go to 
http://ip-of-packetfence/RuckusSmartZone (Not implemented) but after changing 
this to http://ip-of-packetfence/Captive-portal , I'm seeing the portal.

The user is guided to the captive portal but gets the "Your computer was not 
found in the PF Database" with his IP correctly but no MAC address (MAC 0).
When enabling "Activate Preregistration" in the default connection Profile , 
the users gets the Username/password fields to login.
But when entering the correct credentials, the users get a 502 bad gateway ...
I have also tried to capture all data from the PF to the Ruckus Smartzone, but 
I see no traffic to or from the Smartzone.


Already tried the new updated guide 
(https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fgarci66%2Fpacketfence%2Fblob%2F9da2608f131780eb7d9cd64246c9a767868d119f%2Fdocs%2Fnetwork%2Fnetworkdevice%2Fruckus_smartzone.asciidoc=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cdc91f5bc89334270b0fa08d8de6225f2%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503860422388006%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=6f1cydbNk0x%2BNUQ7bLrImXRjV2Lem07ZhXCCoZlTWxk%3D=0>)
 but with the same outcome .
Mac Authentication with the update guide works perfectly, but we are searching 
for the Captive portal solution (webauth)

Is there someone with a working Web Auth on a Ruckus Smartzone that can help me 
this is issue , or anyone with the same problems?

Kind regards
Pieter-jan Lamont
[cid:image001.png@01D71071.E84B5940]


Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cdc91f5bc89334270b0fa08d8de6225f2%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503860422397998%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=aVvF7RXDiubIADTIE5jBk3VCEVcZ%2FJ4IG1ukmBEtWjI%3D=0>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Lamont, Pieter-Jan via PacketFence-users

Hello Ludovic

I have found the reason why there was a public ip in the info Ruckus was 
sending. This was our Control NAT IP, which we don't use...
After removing this config I'm getting our correct private IP in the nbiIP 
field.

GET 
/captive-portal?nbiIP=192.168.10.65_mac=90-97-f3-6b-2d-4e_name=Administration+Domain=Un-Auth-Captive=VTI-Test=scg.ruckuswireless.com=VTI-Test=d8:38:fc:17:14:f0=http%3A%2F%2Fportal.fb.com%2Fmobile%2Fstatus.php=0=149=46=scg.ruckuswireless.com=WYSlX0KJHIctnpAfJwtWt4paEFCQ8Rjz2NKJGU5YB2o_161480456=192.168.150.34=1=192.168.149.170
 HTTP/1.1"

When the users goes to the captive portal they get the message "Your computer 
was not found in the PacketFence database. Please reboot to solve this issue.".
The correct client ip is given (192.168.149.170) but the MAC is 0 (which should 
be 90-97-f3-6b-2d-4e). This client mac is also in the client_mac field given 
from the Ruckus Smartzone.
After enabling "Activate Preregistration" in the Default Connection Profile, 
the user can login (demouser) but after the correct authentication he gets a 
502 bad gateway.

Kind regards

[cid:EmailHandtekeningCorporate_239e37bc-d675-44cf-b4ca-49a10eec9dcb.png]

Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>



From: Lamont, Pieter-Jan 
Sent: woensdag 3 maart 2021 21:24
To: packetfence-users@lists.sourceforge.net
Cc: Ludovic Zammit 
Subject: RE: [PacketFence-users] Ruckus Smartzone

Hello Ludovic

When adding http://ip-of-packetfence/RuckusSmartZone to the Smartzone the users 
is only getting "Not implemented" on the screen .
If we change this to http://ip-of-packetfence/captive-portal , I see that 
ruckus adds a bunch of information to that link as you described .

"GET 
/captive-portal?nbiIP=84.199.*.*_mac=a8-9c-ed-91-80-d4_name=Administration+Domain=Un-Auth-Captive=VTI-Test=scg.ruckuswireless.com=VTI-Test=0c:f4:d5:2f:9e:a0=http%3A%2F%2Fconnect.rom.miui.com%2Fgenerate_204=0=149=46=scg.ruckuswireless.com=4D-QLLuerkFXa3hgUdKB8v3hhjf1Q378oPRjYUdz2ew_1614610736148=192.168.150.10=1=192.168.149.157
 HTTP/1.1" 200 4418 1082 101226 "-" "Mozilla/5.0 (Linux; Android 10; MI 9 
Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 
Chrome/88.0.4324.181 Mobile Safari/537.36"

The only weird thing about the url is the nbiIP info... it's a public ip of 
ours, but we don't use this anywhere in our setup. The other info is correct.
Tomorrow i will test again with my device, so I'm sure the client_mac address 
is correct.

Kind regards

[cid:image001.png@01D71079.70EE1F60]


Pieter-Jan Lamont
IT-Coördinator

Toekomststraat 75 - 8790 Waregem
Tel. +32 56 62 69 94 - 
pieterjan.lam...@sgsintpaulus.eu<mailto:pieterjan.lam...@sgsintpaulus.eu>


From: Ludovic Zammit mailto:lzam...@inverse.ca>>
Sent: woensdag 3 maart 2021 19:54
To: 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Lamont, Pieter-Jan 
mailto:pieterjan.lam...@sgsintpaulus.eu>>
Subject: Re: [PacketFence-users] Ruckus Smartzone

Hello Pieter-Jan,

You are not suppose to have access to http://ip-of-packetfence/RuckusSmartZone. 
You should be redirected to that URL via the SmartZone and also send out a http 
request to PF with a bunch of other attribute like the client Mac and IP.

Something along the line:

?nbiIP=192.168.x.y_mac=xxx=Un-Auth-Captive=MY_WIFI=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350751109%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=bfQpQEXxjPTwbAyTxgiYxzp%2FLzT9jbnZVkBxF6I3tDk%3D=0>=MY_SSID=44:1e:98:1e:31:a0=http%3A%2F%2Finit-p01st.push.apple.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2F2finit-p01st.push.apple.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350761103%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=g5KgzJpel4e3tUVBzz6DiWSNtJYS3NXEHkwEjx864eg%3D=0>=0=30=3=scg.ruckuswireless.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fscg.ruckuswireless.com%2F=04%7C01%7Cpieterjan.lamont%40sgsintpaulus.eu%7Cc7c0729c871b4949e07a08d8de75b077%7Caf15916d7d7743f9b366ae98d0fe36be%7C0%7C0%7C637503944350761103%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000=ASuZe2Ed%2BLU3CZYoesouUAP9j%2BwIXhtMqd1RzchXaVc%3D=0>=WEDtGa9sj1EOy6-qqLWQBw_1570617665657==ENCx

You could see that in the logs/httpd.access.log. If you don't see that, don't 
go further be

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Diego Garcia del Rio via PacketFence-users

Hi Pieter,

did you disable mac encryption on smartzone?

Its weird that the mac is not being found. To be honest, I have not used
the portal option myself yet so Im not of great help there. Any reason why
you wouldnt do the mac authentication option with the portal served
directly by packetfence? (Im guessing if you have a large campus or
multiple campuses with a single smart zone and single packetfence.)

I was hoping to test the web-auth soon, but I havent had much time.

which version of smartzone are you using?

cheers!


On Tue, Mar 2, 2021 at 4:05 PM Lamont, Pieter-Jan via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Packetfence Community
>
>
>
> I’m trying to deploy a Ruckus SmartZone WebAuth configuration .
> I have followed the guide several times(Fresh Debian9 with apt-get
> installation and Packetfence ZEN) but didn’t succeed the deployment.(6.24.1
> – Network Devices Configuration Guide)
> When configuring the captive portal I can’t go to
> http://ip-of-packetfence/RuckusSmartZone (Not implemented) but after
> changing this to http://ip-of-packetfence/Captive-portal , I’m seeing the
> portal.
>
> The user is guided to the captive portal but gets the “Your computer was
> not found in the PF Database” with his IP correctly but no MAC address (MAC
> 0).
>
> When enabling “Activate Preregistration” in the default connection Profile
> , the users gets the Username/password fields to login.
>
> But when entering the correct credentials, the users get a 502 bad gateway
> …
>
> I have also tried to capture all data from the PF to the Ruckus Smartzone,
> but I see no traffic to or from the Smartzone.
>
>
>
>
> Already tried the new updated guide (
> https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc)
> but with the same outcome .
> Mac Authentication with the update guide works perfectly, but we are
> searching for the Captive portal solution (webauth)
>
> Is there someone with a working Web Auth on a Ruckus Smartzone that can
> help me this is issue , or anyone with the same problems?
>
>
>
> Kind regards
> Pieter-jan Lamont
>
> *Pieter-Jan Lamont*
> IT-Coördinator
>
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Ludovic Zammit via PacketFence-users

Show me the content of your conf/switches.conf

Removed the shared secret and password.

Thanks,

Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::  +1.514.447.4918 (x145) ::  
www.inverse.ca <https://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) 
and PacketFence (http://packetfence.org <http://packetfence.org/>)







> On Mar 3, 2021, at 4:06 PM, Lamont, Pieter-Jan 
>  wrote:
> 
> Hello Ludovic
>  
> I have found the reason why there was a public ip in the info Ruckus was 
> sending. This was our Control NAT IP, which we don’t use…
> After removing this config I’m getting our correct private IP in the nbiIP 
> field.
> 
> GET 
> /captive-portal?nbiIP=192.168.10.65_mac=90-97-f3-6b-2d-4e_name=Administration+Domain=Un-Auth-Captive=VTI-Test=scg.ruckuswireless.com
>  
> <http://scg.ruckuswireless.com/>=VTI-Test=d8:38:fc:17:14:f0=http%3A%2F%2Fportal.fb.com
>  
> <http://2fportal.fb.com/>%2Fmobile%2Fstatus.php=0=149=46=scg.ruckuswireless.com
>  
> <http://scg.ruckuswireless.com/>=WYSlX0KJHIctnpAfJwtWt4paEFCQ8Rjz2NKJGU5YB2o_161480456=192.168.150.34=1=192.168.149.170
>  HTTP/1.1"
> 
> When the users goes to the captive portal they get the message “Your computer 
> was not found in the PacketFence database. Please reboot to solve this 
> issue.”.
> The correct client ip is given (192.168.149.170) but the MAC is 0 (which 
> should be 90-97-f3-6b-2d-4e). This client mac is also in the client_mac field 
> given from the Ruckus Smartzone.
> After enabling “Activate Preregistration” in the Default Connection Profile, 
> the user can login (demouser) but after the correct authentication he gets a 
> 502 bad gateway.
>  
> Kind regards
>  
>  
> Pieter-Jan Lamont
> IT-Coördinator 
> 
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu 
> <mailto:pieterjan.lam...@sgsintpaulus.eu>  
> 
> 
> From: Lamont, Pieter-Jan  <mailto:pieterjan.lam...@sgsintpaulus.eu>> 
> Sent: woensdag 3 maart 2021 21:24
> To: packetfence-users@lists.sourceforge.net 
> <mailto:packetfence-users@lists.sourceforge.net>
> Cc: Ludovic Zammit mailto:lzam...@inverse.ca>>
> Subject: RE: [PacketFence-users] Ruckus Smartzone
>  
> Hello Ludovic
>  
> When adding http://ip-of-packetfence/RuckusSmartZone 
> <http://ip-of-packetfence/RuckusSmartZone> to the Smartzone the users is only 
> getting “Not implemented” on the screen .
> If we change this to http://ip-of-packetfence/captive-portal 
> <http://ip-of-packetfence/captive-portal> , I see that ruckus adds a bunch of 
> information to that link as you described .
> 
> "GET 
> /captive-portal?nbiIP=84.199.*.*_mac=a8-9c-ed-91-80-d4_name=Administration+Domain=Un-Auth-Captive=VTI-Test=scg.ruckuswireless.com
>  
> <http://scg.ruckuswireless.com/>=VTI-Test=0c:f4:d5:2f:9e:a0=http%3A%2F%2Fconnect.rom.miui.com
>  
> <http://2fconnect.rom.miui.com/>%2Fgenerate_204=0=149=46=scg.ruckuswireless.com
>  
> <http://scg.ruckuswireless.com/>=4D-QLLuerkFXa3hgUdKB8v3hhjf1Q378oPRjYUdz2ew_1614610736148=192.168.150.10=1=192.168.149.157
>  HTTP/1.1" 200 4418 1082 101226 "-" "Mozilla/5.0 (Linux; Android 10; MI 9 
> Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 
> Chrome/88.0.4324.181 Mobile Safari/537.36"
>  
> The only weird thing about the url is the nbiIP info… it’s a public ip of 
> ours, but we don’t use this anywhere in our setup. The other info is correct.
> Tomorrow i will test again with my device, so I’m sure the client_mac address 
> is correct.
>  
> Kind regards
>  
> 
> Pieter-Jan Lamont
> IT-Coördinator 
> 
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu 
> <mailto:pieterjan.lam...@sgsintpaulus.eu>
>   
> From: Ludovic Zammit mailto:lzam...@inverse.ca>> 
> Sent: woensdag 3 maart 2021 19:54
> To: packetfence-users@lists.sourceforge.net 
> <mailto:packetfence-users@lists.sourceforge.net>
> Cc: Lamont, Pieter-Jan  <mailto:pieterjan.lam...@sgsintpaulus.eu>>
> Subject: Re: [PacketFence-users] Ruckus Smartzone
>  
> Hello Pieter-Jan,
>  
> You are not suppose to have access to 
> http://ip-of-packetfence/RuckusSmartZone 
> <http://ip-of-packetfence/RuckusSmartZone>. You should be redirected to that 
> URL via the SmartZone and also send out a http request to PF with a bunch of 
> other attribute like the client Mac and IP.
>  
> Something along the line:
>  
> ?nbiIP=192.168.x.y_mac=xxx=Un-Auth-Captive=MY_WIFI=scg.ruckuswireless.com
>

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Ludovic Zammit via PacketFence-users

PS: That log logs/httpd.portal.access not logs/httpd.access.log

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org )







> On Mar 3, 2021, at 1:53 PM, Ludovic Zammit via PacketFence-users 
>  wrote:
> 
> Hello Pieter-Jan,
> 
> You are not suppose to have access to 
> http://ip-of-packetfence/RuckusSmartZone 
> . You should be redirected to that 
> URL via the SmartZone and also send out a http request to PF with a bunch of 
> other attribute like the client Mac and IP.
> 
> Something along the line:
> 
> ?nbiIP=192.168.x.y_mac=xxx=Un-Auth-Captive=MY_WIFI=scg.ruckuswireless.com
>  
> =MY_SSID=44:1e:98:1e:31:a0=http%3A%2F%2Finit-p01st.push.apple.com
>  
> =0=30=3=scg.ruckuswireless.com
>  
> =WEDtGa9sj1EOy6-qqLWQBw_1570617665657==ENCx
> 
> You could see that in the logs/httpd.access.log. If you don’t see that, don’t 
> go further because PF will its critical information as you described.
> 
> Thanks,
> 
> Ludovic Zammit
> lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
> www.inverse.ca 
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> ) and PacketFence (http://packetfence.org 
> )
> 
> 
> 
> 
> 
> 
> 
>> On Mar 2, 2021, at 11:22 AM, Lamont, Pieter-Jan via PacketFence-users 
>> > > wrote:
>> 
>> Hello Packetfence Community
>>  
>> I’m trying to deploy a Ruckus SmartZone WebAuth configuration .
>> I have followed the guide several times(Fresh Debian9 with apt-get 
>> installation and Packetfence ZEN) but didn’t succeed the deployment.(6.24.1 
>> – Network Devices Configuration Guide)
>> When configuring the captive portal I can’t go to 
>> http://ip-of-packetfence/RuckusSmartZone 
>>  (Not implemented) but after 
>> changing this to http://ip-of-packetfence/Captive-portal 
>>  , I’m seeing the portal.
>> 
>> The user is guided to the captive portal but gets the “Your computer was not 
>> found in the PF Database” with his IP correctly but no MAC address (MAC 0).
>> When enabling “Activate Preregistration” in the default connection Profile , 
>> the users gets the Username/password fields to login.
>> But when entering the correct credentials, the users get a 502 bad gateway …
>> I have also tried to capture all data from the PF to the Ruckus Smartzone, 
>> but I see no traffic to or from the Smartzone.
>>  
>> 
>> Already tried the new updated guide 
>> (https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc
>>  
>> )
>>  but with the same outcome .
>> Mac Authentication with the update guide works perfectly, but we are 
>> searching for the Captive portal solution (webauth)
>> 
>> Is there someone with a working Web Auth on a Ruckus Smartzone that can help 
>> me this is issue , or anyone with the same problems?
>>  
>> Kind regards
>> Pieter-jan Lamont
>> 
>> Pieter-Jan Lamont
>> IT-Coördinator 
>> 
>> Toekomststraat 75 - 8790 Waregem
>> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu 
>>   
>> 
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus Smartzone

2021-03-03 Thread Ludovic Zammit via PacketFence-users

Hello Pieter-Jan,

You are not suppose to have access to http://ip-of-packetfence/RuckusSmartZone 
. You should be redirected to that 
URL via the SmartZone and also send out a http request to PF with a bunch of 
other attribute like the client Mac and IP.

Something along the line:

?nbiIP=192.168.x.y_mac=xxx=Un-Auth-Captive=MY_WIFI=scg.ruckuswireless.com=MY_SSID=44:1e:98:1e:31:a0=http%3A%2F%2Finit-p01st.push.apple.com=0=30=3=scg.ruckuswireless.com=WEDtGa9sj1EOy6-qqLWQBw_1570617665657==ENCx

You could see that in the logs/httpd.access.log. If you don’t see that, don’t 
go further because PF will its critical information as you described.

Thanks,

Ludovic Zammit
lzam...@inverse.ca  ::  +1.514.447.4918 (x145) ::  
www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) 
and PacketFence (http://packetfence.org )







> On Mar 2, 2021, at 11:22 AM, Lamont, Pieter-Jan via PacketFence-users 
>  wrote:
> 
> Hello Packetfence Community
>  
> I’m trying to deploy a Ruckus SmartZone WebAuth configuration .
> I have followed the guide several times(Fresh Debian9 with apt-get 
> installation and Packetfence ZEN) but didn’t succeed the deployment.(6.24.1 – 
> Network Devices Configuration Guide)
> When configuring the captive portal I can’t go to 
> http://ip-of-packetfence/RuckusSmartZone 
>  (Not implemented) but after 
> changing this to http://ip-of-packetfence/Captive-portal 
>  , I’m seeing the portal.
> 
> The user is guided to the captive portal but gets the “Your computer was not 
> found in the PF Database” with his IP correctly but no MAC address (MAC 0).
> When enabling “Activate Preregistration” in the default connection Profile , 
> the users gets the Username/password fields to login.
> But when entering the correct credentials, the users get a 502 bad gateway …
> I have also tried to capture all data from the PF to the Ruckus Smartzone, 
> but I see no traffic to or from the Smartzone.
>  
> 
> Already tried the new updated guide 
> (https://github.com/garci66/packetfence/blob/9da2608f131780eb7d9cd64246c9a767868d119f/docs/network/networkdevice/ruckus_smartzone.asciidoc
>  
> )
>  but with the same outcome .
> Mac Authentication with the update guide works perfectly, but we are 
> searching for the Captive portal solution (webauth)
> 
> Is there someone with a working Web Auth on a Ruckus Smartzone that can help 
> me this is issue , or anyone with the same problems?
>  
> Kind regards
> Pieter-jan Lamont
>  
> Pieter-Jan Lamont
> IT-Coördinator 
> 
> Toekomststraat 75 - 8790 Waregem
> Tel. +32 56 62 69 94 - pieterjan.lam...@sgsintpaulus.eu 
>   
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus SmartZone and PF 9

2019-09-02 Thread Diego Garcia del Rio via PacketFence-users

Dear Talan,

Can you provide more details on how you're doing the authentication? Is
this radius with mac-auth on the SSID or are you doing "captive portal" in
the AP itself?

I have PF working fine with ruckus' smartzone (albeit 3.6.1 but I don't
expect any differences with 5.1) but I did have to make a small change in
PF to get it working properly.

I am doing radius in non-proxy mode from the AP directly to PF (so I can't
use radius de-auth and need to use the northbound API for de-auth).

if you can provide some screenshots on how you configured smartzone I can
help you most probably.



On Mon, Sep 2, 2019 at 1:09 PM Talan Westby via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hi Nicolas,
>
> Thanks for getting back in touch and sorry for the delay.
>
> I have had Ruckus spend some time working with us on this to no avail.
> What they have managed to do is run some RADIUS test from their SmartZone
> controller back to PF which always seem to fail. I would have thought that
> the RADIUS request would have been a MAC request so we have tried putting
> in a MAC Address as the username and the password which always seems to
> fail. This does work when going via our Cisco WLCs, so I guess the Ruckus
> is doing something slightly different. One thing I have noticed is the
> SmartZone.pm file in PF creates a API call to the Ruckus controller and
> when I take that payload and try the request myself the Ruckus controller
> responds with "Bad Request".
>
> At this point I am wondering if Ruckus have updated their API Northbound
> endpoints in their later versions of software, we are running 5.1 which is
> a relatively new piece of software. Could you confirm whether the PF
> integration has been tested with this newer version of controller?
>
> Also could you confirm the process of on boarding a user to PF from a
> Ruckus controller so we can be sure we are investigating the right section?
> To clarify users are being forwarded to the portal and they are able to
> enrol but the Ruckus SmartZone never receives/recognises that PF has
> authorized that user for access. If we could understand what PF does to
> send that authorization then we can concentrate on what might be causing
> the issue.
>
> Thanks,
> Talan
>
> -Original Message-
> From: Nicolas Quiniou-Briand 
> Sent: 23 August 2019 16:16
> To: Talan Westby ;
> packetfence-users@lists.sourceforge.net
> Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9
>
> On 2019-08-23 5:08 p.m., Talan Westby wrote:
> > If you could let me know which logs I should be looking at that would be
> great.
>
> I really don't know which logs.
>
> Did you check on Ruckus documentation ? I found this link [0]
>
> Otherwise, you can try to capture traffic between PacketFence and Ruckus
> Smartzone when a device try to register. If traffic is not encrypted, you
> could have some hint.
>
> [0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf
> /usr/local/pf/sbin/
> --
> Nicolas Quiniou-Briand
> n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse
> inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
> (https://packetfence.org) and Fingerbank (http://fingerbank.org)
> _
>
> This electronic message contains information from Derby College which may
> be privileged and confidential.
> The information is intended to be for the use of the individual(s) or
> entity named above.
>
> If you are not the intended recipient, be aware that any disclosure,
> copying, distribution or use of the contents of this information is
> prohibited. Internet communications are not secure and therefore Derby
> College does not accept legal responsibility for the contents of this
> message. Any views or opinions presented are only those of the author and
> not those of Derby College.
>
> If you have received this message in error, please reply to this message
> and include d...@derby-college.ac.uk immediately.
> _
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus SmartZone and PF 9

2019-09-02 Thread Talan Westby via PacketFence-users

Hi Diego,

Yes, sure, we are using Web Auth rather than a Mac-auth. We are pushing 
everything through the smartzone controller and using it as a proxy for RADIUS 
requests as well as using external portal enforcement to force portal access to 
PF. I have followed the guide here: 
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone

As stated in my previous emails we are able to enrol to PF fine. However, after 
enrolment we do not get a authorization message to the Ruckus SZ.

Also as previously stated we have PF running with our Cisco controllers using 
Web Auth and usually after an enrolment PF sends a CoA disconnect to the 
controller and when it re-connects it performs the RADIUS accept and allows our 
users on.

I will get you some print screens tomorrow when I am back in the office.

Thanks for taking a look and any advice you could provide would be fantastic.

Regards,
Talan
From: Diego Garcia del Rio 
Sent: 02 September 2019 19:31
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand ; Talan Westby 

Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

Dear Talan,

Can you provide more details on how you're doing the authentication? Is this 
radius with mac-auth on the SSID or are you doing "captive portal" in the AP 
itself?

I have PF working fine with ruckus' smartzone (albeit 3.6.1 but I don't expect 
any differences with 5.1) but I did have to make a small change in PF to get it 
working properly.

I am doing radius in non-proxy mode from the AP directly to PF (so I can't use 
radius de-auth and need to use the northbound API for de-auth).

if you can provide some screenshots on how you configured smartzone I can help 
you most probably.

On Mon, Sep 2, 2019 at 1:09 PM Talan Westby via PacketFence-users 
mailto:packetfence-users@lists.sourceforge.net>>
 wrote:
Hi Nicolas,

Thanks for getting back in touch and sorry for the delay.

I have had Ruckus spend some time working with us on this to no avail. What 
they have managed to do is run some RADIUS test from their SmartZone controller 
back to PF which always seem to fail. I would have thought that the RADIUS 
request would have been a MAC request so we have tried putting in a MAC Address 
as the username and the password which always seems to fail. This does work 
when going via our Cisco WLCs, so I guess the Ruckus is doing something 
slightly different. One thing I have noticed is the SmartZone.pm file in PF 
creates a API call to the Ruckus controller and when I take that payload and 
try the request myself the Ruckus controller responds with "Bad Request".

At this point I am wondering if Ruckus have updated their API Northbound 
endpoints in their later versions of software, we are running 5.1 which is a 
relatively new piece of software. Could you confirm whether the PF integration 
has been tested with this newer version of controller?

Also could you confirm the process of on boarding a user to PF from a Ruckus 
controller so we can be sure we are investigating the right section? To clarify 
users are being forwarded to the portal and they are able to enrol but the 
Ruckus SmartZone never receives/recognises that PF has authorized that user for 
access. If we could understand what PF does to send that authorization then we 
can concentrate on what might be causing the issue.

Thanks,
Talan

-Original Message-
From: Nicolas Quiniou-Briand mailto:n...@inverse.ca>>
Sent: 23 August 2019 16:16
To: Talan Westby 
mailto:talan.wes...@derby-college.ac.uk>>; 
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

On 2019-08-23 5:08 p.m., Talan Westby wrote:
> If you could let me know which logs I should be looking at that would be 
> great.

I really don't know which logs.

Did you check on Ruckus documentation ? I found this link [0]

Otherwise, you can try to capture traffic between PacketFence and Ruckus 
Smartzone when a device try to register. If traffic is not encrypted, you could 
have some hint.

[0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf 
/usr/local/pf/sbin/
--
Nicolas Quiniou-Briand
n...@inverse.ca<mailto:n...@inverse.ca>  ::  +1.514.447.4918 *140  ::  
https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), 
PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)
_

This electronic message contains information from Derby College which may be 
privileged and confidential.
The information is intended to be for the use of the individual(s) or entity 
named above.

If you are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Internet 
communications are not secure and therefore Derby College does not accept legal 
re

Re: [PacketFence-users] Ruckus SmartZone and PF 9

2019-09-02 Thread Talan Westby via PacketFence-users

Hi Nicolas,

Thanks for getting back in touch and sorry for the delay.

I have had Ruckus spend some time working with us on this to no avail. What 
they have managed to do is run some RADIUS test from their SmartZone controller 
back to PF which always seem to fail. I would have thought that the RADIUS 
request would have been a MAC request so we have tried putting in a MAC Address 
as the username and the password which always seems to fail. This does work 
when going via our Cisco WLCs, so I guess the Ruckus is doing something 
slightly different. One thing I have noticed is the SmartZone.pm file in PF 
creates a API call to the Ruckus controller and when I take that payload and 
try the request myself the Ruckus controller responds with "Bad Request".

At this point I am wondering if Ruckus have updated their API Northbound 
endpoints in their later versions of software, we are running 5.1 which is a 
relatively new piece of software. Could you confirm whether the PF integration 
has been tested with this newer version of controller?

Also could you confirm the process of on boarding a user to PF from a Ruckus 
controller so we can be sure we are investigating the right section? To clarify 
users are being forwarded to the portal and they are able to enrol but the 
Ruckus SmartZone never receives/recognises that PF has authorized that user for 
access. If we could understand what PF does to send that authorization then we 
can concentrate on what might be causing the issue.

Thanks,
Talan

-Original Message-
From: Nicolas Quiniou-Briand 
Sent: 23 August 2019 16:16
To: Talan Westby ; 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

On 2019-08-23 5:08 p.m., Talan Westby wrote:
> If you could let me know which logs I should be looking at that would be 
> great.

I really don't know which logs.

Did you check on Ruckus documentation ? I found this link [0]

Otherwise, you can try to capture traffic between PacketFence and Ruckus 
Smartzone when a device try to register. If traffic is not encrypted, you could 
have some hint.

[0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf 
/usr/local/pf/sbin/
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse inc. 
:: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)
_

This electronic message contains information from Derby College which may be 
privileged and confidential.
The information is intended to be for the use of the individual(s) or entity 
named above.

If you are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Internet 
communications are not secure and therefore Derby College does not accept legal 
responsibility for the contents of this message. Any views or opinions 
presented are only those of the author and not those of Derby College.

If you have received this message in error, please reply to this message and 
include d...@derby-college.ac.uk immediately.
_

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus SmartZone and PF 9

2019-08-23 Thread Nicolas Quiniou-Briand via PacketFence-users


On 2019-08-23 5:08 p.m., Talan Westby wrote:

If you could let me know which logs I should be looking at that would be great.


I really don't know which logs.

Did you check on Ruckus documentation ? I found this link [0]

Otherwise, you can try to capture traffic between PacketFence and Ruckus 
Smartzone when a device try to register. If traffic is not encrypted, 
you could have some hint.


[0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf 
/usr/local/pf/sbin/

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus SmartZone and PF 9

2019-08-23 Thread Talan Westby via PacketFence-users

Hi Nicolas,

I've taken a look at the logs and there are quite a few of them. Could you 
advise which logs I need to look in? I've found some data in the event log but 
it's just connected logs of my device nothing relating to the authentication 
process.

If you could let me know which logs I should be looking at that would be great.

Regards,
Talan

-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users 

Sent: 23 August 2019 15:42
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

Hello Talan,

On 2019-08-23 11:46 a.m., Talan Westby via PacketFence-users wrote:
> We have setup the system based on the guides provided by Inverse and
> users are able to enrol via the portal however, once they have
> enrolled they are not forwarded onto the network and they are not put
> into an authorized state, they are still set to Unauthoized. If they
> reconnect after the enrolment, they are immediately forwarded to PF as
> the Ruckus Controller believes they are not authorized.

1. Did you check logs on Ruckus side ?
2. What is the state (reg or unreg) of your nodes on PacketFence side after 
they try to register ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse inc. 
:: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_

This electronic message contains information from Derby College which may be 
privileged and confidential.
The information is intended to be for the use of the individual(s) or entity 
named above.

If you are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Internet 
communications are not secure and therefore Derby College does not accept legal 
responsibility for the contents of this message. Any views or opinions 
presented are only those of the author and not those of Derby College.

If you have received this message in error, please reply to this message and 
include d...@derby-college.ac.uk immediately.
_

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus SmartZone and PF 9

2019-08-23 Thread Talan Westby via PacketFence-users

Hi Nicolas,

1. I am looking into the logs on the Ruckus side now. Will let you know once I 
have figure out which logs we need.
2. The state is Reg for that device logs that I have sent you.

Regards,
Talan

-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users 

Sent: 23 August 2019 15:42
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

Hello Talan,

On 2019-08-23 11:46 a.m., Talan Westby via PacketFence-users wrote:
> We have setup the system based on the guides provided by Inverse and
> users are able to enrol via the portal however, once they have
> enrolled they are not forwarded onto the network and they are not put
> into an authorized state, they are still set to Unauthoized. If they
> reconnect after the enrolment, they are immediately forwarded to PF as
> the Ruckus Controller believes they are not authorized.

1. Did you check logs on Ruckus side ?
2. What is the state (reg or unreg) of your nodes on PacketFence side after 
they try to register ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca Inverse inc. 
:: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_

This electronic message contains information from Derby College which may be 
privileged and confidential.
The information is intended to be for the use of the individual(s) or entity 
named above.

If you are not the intended recipient, be aware that any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Internet 
communications are not secure and therefore Derby College does not accept legal 
responsibility for the contents of this message. Any views or opinions 
presented are only those of the author and not those of Derby College.

If you have received this message in error, please reply to this message and 
include d...@derby-college.ac.uk immediately.
_

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus SmartZone and PF 9

2019-08-23 Thread Nicolas Quiniou-Briand via PacketFence-users


Hello Talan,

On 2019-08-23 11:46 a.m., Talan Westby via PacketFence-users wrote:
We have setup the system based on the guides provided by Inverse and 
users are able to enrol via the portal however, once they have enrolled 
they are not forwarded onto the network and they are not put into an 
authorized state, they are still set to Unauthoized. If they reconnect 
after the enrolment, they are immediately forwarded to PF as the Ruckus 
Controller believes they are not authorized. 


1. Did you check logs on Ruckus side ?
2. What is the state (reg or unreg) of your nodes on PacketFence side 
after they try to register ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus Smartzone

Re: [PacketFence-users] Ruckus SmartZone and PF 9

Re: [PacketFence-users] Ruckus SmartZone and PF 9

Re: [PacketFence-users] Ruckus SmartZone and PF 9

Re: [PacketFence-users] Ruckus SmartZone and PF 9

Re: [PacketFence-users] Ruckus SmartZone and PF 9

Re: [PacketFence-users] Ruckus SmartZone and PF 9

Re: [PacketFence-users] Ruckus SmartZone and PF 9

20 matches

Site Navigation

Mail list logo

Footer information