Voila! A few changes here and there and it vorks! :) Now here is the question:
When a client associates to the AP, the controller uses PF as the RADIUS server. It checks for the MAC, when it is not registered, PF returns the Registration VLAN attribute, and the controller puts that client into the registration subnet. PF poisons the DNS, and all the http requests get redirected to the Registration page. So far so good? Now, let's say you need to have MAC auth and username/password authentication. A registered client logs on. When the controller sends the RADIUS request, PF sees that the node is registered and puts them in the Registered VLAN. What about if now you want to send these users to a captive portal to authenticate username/passwords after the MAC auth? How are they moved from that "Registered" VLAN after MAC auth, to a VLAN with access to the network and out to the internet after they authenticate with username/password? Antonio Mañueco Telecommunications University of Miami 305.213.4525 ________________________________________ From: Francois Gaudreault [[email protected]] Sent: Friday, February 04, 2011 1:45 PM To: [email protected] Subject: Re: [Packetfence-users] Meru and PacketFence Antonio, Looks like the PacketFence perl module is not called by Radius. The output should look like : Found Auth-Type = Accept Auth-Type = Accept, accepting the user +- entering group post-auth {...} rlm_perl: PacketFence RESULT VLAN: 5 rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK) rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair Service-Type = Login-User rlm_perl: Added pair Aruba-Essid-Name = InverseGuest rlm_perl: Added pair Called-Station-Id = 000B86600190 rlm_perl: Added pair Calling-Station-Id = 60334B29DE19 rlm_perl: Added pair Aruba-Location-Id = 00:0b:86:ce:e0:48 rlm_perl: Added pair User-Name = 60-33-4b-29-de-19 rlm_perl: Added pair User-Password = 60-33-4b-29-de-19 rlm_perl: Added pair NAS-IP-Address = 10.0.0.10 rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair Tunnel-Private-Group-ID = 5 rlm_perl: Added pair Tunnel-Medium-Type = 6 rlm_perl: Added pair Tunnel-Type = 13 rlm_perl: Added pair Auth-Type = Accept ++[perl] returns ok ++[exec] returns noop Sending Access-Accept of id 81 to 10.0.0.10 port 32838 Tunnel-Private-Group-Id:0 = "5" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN On 11-02-04 10:00 AM, Manueco, Antonio wrote: I am attaching both files. The PF log and the radius log as requested. I feel like there's a small change missing somewhere. As to where, no idea... From the PF log, I feel like it's just listening for the DHCP Discover from the client, it just doesn't offer an IP but the client still get's an IP in the same subnet of the Meru Controller. Antonio Mañueco Network Engineer UM Telecommunications Mobile: 305.213.4525 Office: 305.284.5177 -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]] Sent: Thursday, February 03, 2011 9:52 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Packetfence-users] Meru and PacketFence Antonio, Hehe ok that eliminate another potential problem in your case ;) Can you send me back your RADIUS output? (earlier message) What the packetfence logs tell you when you receive the requests from radius? Yes, that's how it's currently configured for us as well. I just thought I'd answer his question :) Antonio Mañueco Telecommunications University of Miami 305.213.4525 ________________________________________ From: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] Sent: Thursday, February 03, 2011 7:39 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Packetfence-users] Meru and PacketFence Antonio, I think his message was more of a "You need to have SSID profile->Tunnel Interface Type set to Radius Assigned Only" in order to have it working with PacketFence. Also, you need a "Radius profile with the Mac Address Delimiter set to Hyphen with Password Type set to Mac Address table". What is your controller configuration? Hi Thomas, The difference between tunneled and bridged is the following: When configuration is tunneled it means that the AP's operate at L3 and tunnel the clients' MAC addresses straight to the controller. This is why you will never see the MAC addresses of wireless clients on the switch. When you are configured for bridged mode, the switch is aware of all the MAC addresses of your wireless clients. Hope that helps! [cid:[email protected]] -----Original Message----- From: Thomas Woody [mailto:[email protected]] Sent: Thursday, February 03, 2011 5:04 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Packetfence-users] Meru and PacketFence Antonio, Thought I would but this out there for all the Meru/PacketFence installers... We are configured for MAC Auth not 802.11x. On our Meru controller we have the SSID profile->Tunnel Interface Type = Radius Assigned Only. What is Tunnel configuration? Also, my Meru - Radius profile has Mac Address Delimiter = Hyphen; Password Type = Mac Address table. Regards, Thomas Thomas Woody Computer Systems Support Analyst Loyola University New Orleans Office: 504.865.2792 Mobile: 504.258.9920 ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Packetfence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb_______________________________________________ Packetfence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Packetfence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Packetfence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Packetfence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Packetfence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x130) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>) ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
