Jake,
What do you mean by the locationlog log error?? Can you paste it here?
On 11-06-29 2:52 PM, Sallee, Stephen (Jake) wrote:
OK! So I have RADIUS MAC working but I still get the location log
error (the IP thing was a quirk with the AP). I do have some custom
code in my vlan::custom module that I am looking at to see if it is
causing any problems. My perl is weak and I am not the one who wrote
this code so I may not be correct in my assessment, but it looks to me
that all it is doing is assigning a category based on the authMethod.
My question is could it also somehow be erasing all the RADIUS
attributes from the request too... here is the code:
my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type,
$user_name, $ssid) = @_;
my $logger = Log::Log4perl->get_logger();
if (defined($node_info->{'category'})) {
if (lc($node_info->{'category'}) eq 'Admin') {
return $switch->getVlanByName('customVlan1');
} elsif (lc($node_info->{'category'}) eq 'Students') {
return $switch->getVlanByName('customVlan2');
} elsif (lc($node_info->{'category'}) eq 'Guest') {
return $switch->getVlanByName('customVlan3');
}
}
$logger->warn("Something is misconfigured. You should not see this
message. Return null VLAN.");
return -1;
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
*From:*Sallee, Stephen (Jake) [mailto:[email protected]]
*Sent:* Wednesday, June 29, 2011 11:29 AM
*To:* [email protected]
*Subject:* Re: [Packetfence-users] No location Log entry
Gotcha, this is what I get when I configure the RADIUS MAC
radiusd --X output:
rlm_perl: PacketFence RESULT VLAN: 113
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair User-Name = bc773744f2d2
rlm_perl: Added pair NAS-Identifier = Sanderford-3
rlm_perl: Added pair User-Password = bc773744f2d2
rlm_perl: Added pair Connect-Info = CONNECT 1Mbps/6Mbps 802.11g
rlm_perl: Added pair Calling-Station-Id = BC-77-37-44-F2-D2
rlm_perl: Added pair Called-Station-Id = 00-0F-7D-05-0E-B0:Connection
Assistance
rlm_perl: Added pair NAS-IP-Address = 10.11.30.3
rlm_perl: Added pair Message-Authenticator =
0xb1d9c4066184ed76458fd556868917ec
rlm_perl: Added pair Tunnel-Private-Group-ID = 113
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Auth-Type = Accept
++[perl] returns ok
} # server packetfence
Sending Access-Accept of id 1 to 10.11.30.3 port 32799
Tunnel-Private-Group-Id:0 = "113"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Finished request 39.
Everything looks fine but my client does not get an IP? I am looking
into it now but any assistance would be greatly appreciated.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
*From:*Francois Gaudreault [mailto:[email protected]]
*Sent:* Wednesday, June 29, 2011 8:27 AM
*To:* [email protected]
*Subject:* Re: [Packetfence-users] No location Log entry
Jake,
On an open SSID, you need to configure some kind of RADIUS
mac-filtering otherwise it won't be "packetfenced" using VLAN mode.
By default, we will accept everything that is not EAP and return the
proper VLAN using the RADIUS attributes.
ie. for a Cisco aironet :
aaa authentication login mac_methods group rad_mac
dot11 ssid MySSID
...
authentication open mac-address mac_methods
...
!
I think this is explained in the network configuration guide.
On 11-06-29 9:11 AM, Sallee, Stephen (Jake) wrote:
> The entry is triggered by the RADIUS request.
So, how does it work with an open SSID and no encryption?
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
*From:*Francois Gaudreault [mailto:[email protected]]
*Sent:* Wednesday, June 29, 2011 7:08 AM
*To:* [email protected]
<mailto:[email protected]>
*Subject:* Re: [Packetfence-users] No location Log entry
HI Jake,
The entry is triggered by the RADIUS request. The locationlog entry
will contain, if we can grab it, the SSID where the user connected to,
and the ip of the AP/controller from where the RADIUS request came from.
On 11-06-28 7:41 PM, Sallee, Stephen (Jake) wrote:
When a wireless user is redirected to the captive portal for
authentication what triggers an entry to be made in the location log
and when does it get triggered? If I have an open SSID what tells PF
where the user is so it can make the entry in the log?
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x130)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) and
PacketFence (www.packetfence.org <http://www.packetfence.org>)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x130)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) and
PacketFence (www.packetfence.org <http://www.packetfence.org>)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
