Hello,
I'm working through some testing of PacketFence with a FortiGate firewall and 
Unifi APs. All is good with the captive portal and making guest users and 
logging in and getting access. The problem is with informing the FortiGate with 
the user name and ip from the pf firewall sso to the FortiGate Radius SSO. 
Using radclient I can add/remove Radius SSO users to/from the FortiGate, so it 
seems like the FortiGate is setup. Below is from the packetfence.log. It 
appears it tries to send the radius message  but then says " Request to 
/api/v1/firewall_sso/stop is unauthorized, will perform a login 
(pf::api::unifiedapiclient::call)". I've looked everywhere and have no idea why 
it is unauthorized and how to fix it. Any help would be greatly appreciated! 
Thanks,
Jeremy

May 4 22:23:13 packetfence packetfence_httpd.webservices: 
httpd.webservices(1594) INFO: [mac:5c:80:b6:f5:49:43] Sending a firewall SSO 
'Stop' request for MAC '5c:80:b6:f5:49:43' and IP '10.13.2.24' 
(pf::firewallsso::do_sso)
May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: 
[mac:5c:80:b6:f5:49:43] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: 
[mac:5c:80:b6:f5:49:43] is currentlog connected at (10.13.2.21) ifIndex 0 
(undefined) (pf::enforcement::_should_we_reassign_vlan)
May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: 
[mac:5c:80:b6:f5:49:43] is of status unreg; belongs into registration VLAN 
(pf::role::getRegistrationRole)
May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: 
[mac:5c:80:b6:f5:49:43] VLAN reassignment required (current VLAN = 0 but should 
be in VLAN 2) (pf::enforcement::_should_we_reassign_vlan)
May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: 
[mac:5c:80:b6:f5:49:43] switch port is (68:d7:9a:3b:ea:9e) ifIndex 0connection 
type: Wifi Web Auth (pf::enforcement::_vlan_reevaluation)
May 4 22:23:14 packetfence packetfence_httpd.webservices: 
httpd.webservices(1594) INFO: [mac:5c:80:b6:f5:49:43] Request to 
/api/v1/firewall_sso/stop is unauthorized, will perform a login 
(pf::api::unifiedapiclient::call)
May 4 22:23:14 packetfence packetfence_httpd.webservices: 
httpd.webservices(1594) ERROR: [mac:5c:80:b6:f5:49:43] malformed JSON string, 
neither tag, array, object, number, string or atom, at character offset 0 
(before "An internal error ha...") at 
/usr/local/pf/lib/pf/api/unifiedapiclient.pm line 225.
(pf::WebAPI::JSONRPC::__ANON__)
May 4 22:23:15 packetfence pfqueue: pfqueue(13382) INFO: 
[mac:5c:80:b6:f5:49:43] [5c:80:b6:f5:49:43] DesAssociating mac on switch 
(68:d7:9a:3b:ea:9e) (pf::api::desAssociate)
May 4 22:23:16 packetfence pfqueue: pfqueue(13382) INFO: 
[mac:5c:80:b6:f5:49:43] Found site: Z_Jeremy - Testing 
(pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
May 4 22:23:16 packetfence pfqueue: pfqueue(13382) INFO: 
[mac:5c:80:b6:f5:49:43] Deauth on site: Z_Jeremy - Testing 
(pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
May 4 22:23:16 packetfence pfqueue: pfqueue(13382) INFO: 
[mac:5c:80:b6:f5:49:43] Switched status on the Unifi controller using command 
unauthorize-guest (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)
May 4 22:23:18 packetfence pfqueue: pfqueue(5507) INFO: [mac:5c:80:b6:f5:49:43] 
Sending a firewall SSO 'Update' request for MAC '5c:80:b6:f5:49:43' and IP 
'10.13.2.24' (pf::firewallsso::do_sso)
May 4 22:23:18 packetfence pfqueue: pfqueue(5507) INFO: [mac:5c:80:b6:f5:49:43] 
Request to /api/v1/firewall_sso/update is unauthorized, will perform a login 
(pf::api::unifiedapiclient::call)
May 4 22:23:18 packetfence pfqueue: pfqueue(5507) ERROR: 
[mac:5c:80:b6:f5:49:43] Error handling firewallsso : malformed JSON string, 
neither tag, array, object, number, string or atom, at character offset 0 
(before "An internal error ha...") at 
/usr/local/pf/lib/pf/api/unifiedapiclient.pm line 225.
(pf::api::can_fork::notify)

____________________________________
Jeremy Sinicki
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to