Hello, I'm working through some testing of PacketFence with a FortiGate firewall and Unifi APs. All is good with the captive portal and making guest users and logging in and getting access. The problem is with informing the FortiGate with the user name and ip from the pf firewall sso to the FortiGate Radius SSO. Using radclient I can add/remove Radius SSO users to/from the FortiGate, so it seems like the FortiGate is setup. Below is from the packetfence.log. It appears it tries to send the radius message but then says " Request to /api/v1/firewall_sso/stop is unauthorized, will perform a login (pf::api::unifiedapiclient::call)". I've looked everywhere and have no idea why it is unauthorized and how to fix it. Any help would be greatly appreciated! Thanks, Jeremy
May 4 22:23:13 packetfence packetfence_httpd.webservices: httpd.webservices(1594) INFO: [mac:5c:80:b6:f5:49:43] Sending a firewall SSO 'Stop' request for MAC '5c:80:b6:f5:49:43' and IP '10.13.2.24' (pf::firewallsso::do_sso) May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: [mac:5c:80:b6:f5:49:43] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: [mac:5c:80:b6:f5:49:43] is currentlog connected at (10.13.2.21) ifIndex 0 (undefined) (pf::enforcement::_should_we_reassign_vlan) May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: [mac:5c:80:b6:f5:49:43] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: [mac:5c:80:b6:f5:49:43] VLAN reassignment required (current VLAN = 0 but should be in VLAN 2) (pf::enforcement::_should_we_reassign_vlan) May 4 22:23:13 packetfence packetfence_httpd.portal: httpd.portal(5105) INFO: [mac:5c:80:b6:f5:49:43] switch port is (68:d7:9a:3b:ea:9e) ifIndex 0connection type: Wifi Web Auth (pf::enforcement::_vlan_reevaluation) May 4 22:23:14 packetfence packetfence_httpd.webservices: httpd.webservices(1594) INFO: [mac:5c:80:b6:f5:49:43] Request to /api/v1/firewall_sso/stop is unauthorized, will perform a login (pf::api::unifiedapiclient::call) May 4 22:23:14 packetfence packetfence_httpd.webservices: httpd.webservices(1594) ERROR: [mac:5c:80:b6:f5:49:43] malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "An internal error ha...") at /usr/local/pf/lib/pf/api/unifiedapiclient.pm line 225. (pf::WebAPI::JSONRPC::__ANON__) May 4 22:23:15 packetfence pfqueue: pfqueue(13382) INFO: [mac:5c:80:b6:f5:49:43] [5c:80:b6:f5:49:43] DesAssociating mac on switch (68:d7:9a:3b:ea:9e) (pf::api::desAssociate) May 4 22:23:16 packetfence pfqueue: pfqueue(13382) INFO: [mac:5c:80:b6:f5:49:43] Found site: Z_Jeremy - Testing (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP) May 4 22:23:16 packetfence pfqueue: pfqueue(13382) INFO: [mac:5c:80:b6:f5:49:43] Deauth on site: Z_Jeremy - Testing (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP) May 4 22:23:16 packetfence pfqueue: pfqueue(13382) INFO: [mac:5c:80:b6:f5:49:43] Switched status on the Unifi controller using command unauthorize-guest (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP) May 4 22:23:18 packetfence pfqueue: pfqueue(5507) INFO: [mac:5c:80:b6:f5:49:43] Sending a firewall SSO 'Update' request for MAC '5c:80:b6:f5:49:43' and IP '10.13.2.24' (pf::firewallsso::do_sso) May 4 22:23:18 packetfence pfqueue: pfqueue(5507) INFO: [mac:5c:80:b6:f5:49:43] Request to /api/v1/firewall_sso/update is unauthorized, will perform a login (pf::api::unifiedapiclient::call) May 4 22:23:18 packetfence pfqueue: pfqueue(5507) ERROR: [mac:5c:80:b6:f5:49:43] Error handling firewallsso : malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "An internal error ha...") at /usr/local/pf/lib/pf/api/unifiedapiclient.pm line 225. (pf::api::can_fork::notify) ____________________________________ Jeremy Sinicki
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users