Hi All, Following up / adding to my previous post. I believe that the following log entries in /var/log/syslog are relevant to the previous post :
packetfence radiusd_pf[4793]: returning vlan 102 to request from aa:bb:cc:dd:ee:ff port 25n This is entirely correct ; the mac has been identified and vlan 102 is our registration vlan. packetfence nslcd[600]: [be5be9] ldap_result() failed: Can't contact LDAP server and packetfence nslcd[600]: [be5be9] ldap_abandon() failed to abandon search: Other (e.g., inplementation specific) error Neither of these make sense (to me, at least) ; the *sole* authentication / validation method defined in pf.conf is 'radius' (which is returning 'ok'). It's true that radius validates against our LDAP server, but packetfence knows nothing about this. I don't see that with this config packetfence should be doing *anything* with LDAP. Can anyone illuminate / explain ? Thanks in advance for the attention. Best wishes, Chris On Thu 30.Dec'10 at 21:38:03 +0100, cg wrote: > Hello List, > > Hope everyone here will have a great and auspicious new year. > > Closing in on our Debian adaptation of version 2.0.0 ; the wifi side > of things is showing validation by radius and an *almost* working > captive portal. Can anyone comment on the following log results ? > > > Dec 30 21:18:51 pf::WebAPI(5578) INFO: handling radius autz request: > from switch_ip => nnn.nnn.nnn.nnn, connection_type => > Wireless-802.11-NoEAP mac => aa:bb:cc:dd:ee:ff, port => 604, username > => aabbccddeeff (pf::radius::authorize) > Dec 30 21:18:51 pf::WebAPI(5578) WARN: Unable to extract SSID for > module pf::SNMP::Cisco::Aironet_1250. SSID-based VLAN assignments > won't work. Please let us know so we can add support for > it. (pf::SNMP::extractSsid) > Dec 30 21:18:51 pf::WebAPI(5578) INFO: MAC: aa:bb:cc:dd:ee:ff is of > status unreg; belongs into registration VLAN > (pf::vlan::getRegistrationVlan) > Dec 30 21:18:51 pf::WebAPI(5578) INFO: Returning ACCEPT with VLAN: 102 > (pf::radius::authorize) > Dec 30 21:18:54 pfsetvlan(17) WARN: unable to parse trapLine.. here's > the line: nnn.nnn.nnn.nnn||dot11Deauthentication|||aa:bb:cc:dd:ee:ff > (main::startTrapHandlers) > Dec 30 21:18:54 pfsetvlan(17) INFO: nb of items in queue: 1; nb of > threads running: 0 (main::startTrapHandlers) > Dec 30 21:18:54 pfsetvlan(17) INFO: doWeActOnThisTrap returns > false. Stop dot11Deauthentication handling (main::handleTrap) > Dec 30 21:18:54 pfsetvlan(17) INFO: finished > (main::cleanupAfterThread) > > > The wifi widget always reports 'searching for an ip address' and the > captive portal never appears and the ap doesn't show an association. > > vlan 102 is our registration vlan ; the ap configuration is as close > to the example as we could get it (but with snmp config, etc. for the > deauthenticate trap) > > > A good weekend and best wishes ... > > Chris > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
