Hi Olivier, Thanks for the response. From your advice below, I edited /etc/raddb/rlm_perl_packetfence.pl so that even requests from a non-secure access point would be put on the right VLAN.
However, when we were doing some test registering/unregistering of the clients that connected over Wi-Fi, they get a very quick DHCP response on the registration VLAN, but upon authentication, when they are switched to the "normal" VLAN, the DHCP request response does not automatically happen, but rather the client has to manually renew their DHCP release so that they can get on the "normal" VLAN. The logs are clearly showing that the client is registering and being unregistered to the correct VLANs. Any ideas why this is occurring or what we might be doing wrong? Ubence Quevedo Technology Support Specialist Information Systems, Business Services Merced County Office of Education -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: Monday, September 27, 2010 8:05 AM To: [email protected] Subject: Re: [Packetfence-users] WARN: Can't change VLAN for mac for wireless clients? Hi Ubence, > Thanks for your quick response. Yes, from looking at the /var/log/messages file the /etc/raddb/rlm_perl_packetfence.pl module wasn't configured properly to connect to the database. This is the VMware ZEN image, so the module still had its default values inside of it. After updating the password to connect to the database as well as the vlan IDs, things started to work a little better. Filed an issue in the BTS to fix this for next ZEN release. http://www.packetfence.org/bugs/view.php?id=1074 > > However, we are getting the below messages now and aren't sure on how to proceed: > > Sep 23 14:40:07 localhost rlm_perl_packetfence[8085]: getVlan called with switch_ip 10.70.240.29, mac 00:23:6c:94:22:2d, is_eap_request 0 > Sep 23 14:40:07 localhost rlm_perl_packetfence[8085]: node 00:23:6c:94:22:2d is a registered user trying to access non-secure SSID. Kicking out > Sep 23 14:40:07 localhost rlm_perl_packetfence[8085]: returning VLAN -1 for 00:23:6c:94:22:2d > Sep 23 14:40:09 localhost rlm_perl_packetfence[8085]: getVlan called with switch_ip 10.70.240.29, mac 00:18:de:29:8c:9b, is_eap_request 0 > Sep 23 14:40:09 localhost rlm_perl_packetfence[8085]: node 00:18:de:29:8c:9b is a registered user trying to access non-secure SSID. Kicking out > Sep 23 14:40:09 localhost rlm_perl_packetfence[8085]: returning VLAN -1 for 00:18:de:29:8c:9b > > Whenever I try to unregister and delete the nodes in question, I get an error that the node still might be connected. > > What might we be doing wrong? "registered user trying to access non-secure SSID. Kicking out" By default, our wireless module wants users to be using the Secure SSID (WPA encrypted wireless network). You only register using the insecure (open). You probably don't have a setup like that so you need to modify the script so it will suit your needs. The script is very easy to understand and documented, just follow the flow and put the appropriate variables so that registered users on the non-secure SSID are allowed. > > PS - We've also yet to update to 1.9.1 yet until we get this resolved...unless 1.9.1 might help in getting this resolved. It won't do anything for you as it's not an issue. Have a nice day! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------ ------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
