Hi Olivier, Thanks for your quick response. Yes, from looking at the /var/log/messages file the /etc/raddb/rlm_perl_packetfence.pl module wasn't configured properly to connect to the database. This is the VMware ZEN image, so the module still had its default values inside of it. After updating the password to connect to the database as well as the vlan IDs, things started to work a little better.
However, we are getting the below messages now and aren't sure on how to proceed: Sep 23 14:40:07 localhost rlm_perl_packetfence[8085]: getVlan called with switch_ip 10.70.240.29, mac 00:23:6c:94:22:2d, is_eap_request 0 Sep 23 14:40:07 localhost rlm_perl_packetfence[8085]: node 00:23:6c:94:22:2d is a registered user trying to access non-secure SSID. Kicking out Sep 23 14:40:07 localhost rlm_perl_packetfence[8085]: returning VLAN -1 for 00:23:6c:94:22:2d Sep 23 14:40:09 localhost rlm_perl_packetfence[8085]: getVlan called with switch_ip 10.70.240.29, mac 00:18:de:29:8c:9b, is_eap_request 0 Sep 23 14:40:09 localhost rlm_perl_packetfence[8085]: node 00:18:de:29:8c:9b is a registered user trying to access non-secure SSID. Kicking out Sep 23 14:40:09 localhost rlm_perl_packetfence[8085]: returning VLAN -1 for 00:18:de:29:8c:9b Whenever I try to unregister and delete the nodes in question, I get an error that the node still might be connected. What might we be doing wrong? PS - We've also yet to update to 1.9.1 yet until we get this resolved...unless 1.9.1 might help in getting this resolved. Ubence Quevedo Technology Support Specialist Information Systems, Business Services Merced County Office of Education 632 West 13th Street Merced, CA 95341 Voice - [209] 381-5950 Fax - [209] 385-8465 e-Mail - [email protected] This communication contains information which may be confidential. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you should notify the sender named above and delete this communication from your computer. You are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of said information is strictly prohibited. -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: Thursday, September 23, 2010 10:26 AM To: [email protected] Subject: Re: [Packetfence-users] WARN: Can't change VLAN for mac for wireless clients? I forgot to say that we updated the FreeRADIUS configuration instructions in yesterday's release. See the Admin Guide for 1.9.1. No need to upgrade, the new FreeRADIUS portion covers 1.9.0 as well. Olivier Bilodeau wrote: > Hi, > >> Or specifically this line: >> Sep 23 09:55:03 pfcmd(0) WARN: Can't change VLAN for mac >> 00:23:6c:94:22:2d because no open locationlog entry was found >> (main::generate_switchport_vlan_assignment) >> > This means that the access requested and authorization for your user was > never recorded. I'm guessing that your FreeRADIUS configuration has > something broken in it or that your wireless access point has not asked > the FreeRADIUS server for AAA. > > Two useful tips for troubleshooting wireless / FreeRADIUS: > > - run radius with: radiusd -X > This puts radiusd in debug mode showing everything on stdout, you'll see > if you receive the requests, what actions are taken and output returned. > > - rlm_perl_packetfence.pl messages are logged by syslog, on CentOS/RHEL > they end up in /var/log/messages. Some useful information can be found > there if you have to troubleshoot problems in the past where you didn't > run in debug mode. > > If you see that rlm_perl_packetfence.pl is run on wireless client > requests, make sure that the database credentials are ok for it to > connect and add an entry in the locationlog. > > Have a good one! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
