> What do you mean by the locationlog log error?? Can you paste it here?
Jun 29 13:39:17 register.cgi(0) INFO: 10.11.30.15 - bc:77:37:44:f2:d2
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_cgi_2dbin_register_2ecgi::handler)
Jun 29 13:39:17 register.cgi(0) INFO: calling /usr/local/pf/bin/pfcmd 'manage
register bc:77:37:44:f2:d2 "Jake.Sallee" pid="1",user_agent="Mozilla 5.0
Windows NT 6.1; rv:2.0.1 Gecko 20100101 Firefox 4.0.1",category="Admin"'
(pf::web::_sanitize_and_register)
Jun 29 13:39:18 pfcmd(0) INFO: VLAN isolation is enabled and manage_register is
part of adjustswitchportvlanreasons (main::vlan_reevaluation)
Jun 29 13:39:18 pfcmd(0) WARN: Can't change VLAN for mac bc:77:37:44:f2:d2
because no open locationlog entry was found (main::vlan_reevaluation)
Jun 29 13:39:18 register.cgi(0) INFO: 10.11.30.15 - bc:77:37:44:f2:d2
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_cgi_2dbin_register_2ecgi::handler)
Jun 29 13:39:28 redir.cgi(0) INFO: bc:77:37:44:f2:d2 being redirected
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_cgi_2dbin_redir_2ecgi::handler)
Jun 29 13:39:28 redir.cgi(0) INFO: bc:77:37:44:f2:d2 already registered or
registration disabled, freeing mac
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_cgi_2dbin_redir_2ecgi::handler)
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Francois Gaudreault [mailto:[email protected]]
Sent: Wednesday, June 29, 2011 2:41 PM
To: [email protected]
Subject: Re: [Packetfence-users] No location Log entry
Jake,
What do you mean by the locationlog log error?? Can you paste it here?
On 11-06-29 2:52 PM, Sallee, Stephen (Jake) wrote:
OK! So I have RADIUS MAC working but I still get the location log error (the IP
thing was a quirk with the AP). I do have some custom code in my vlan::custom
module that I am looking at to see if it is causing any problems. My perl is
weak and I am not the one who wrote this code so I may not be correct in my
assessment, but it looks to me that all it is doing is assigning a category
based on the authMethod. My question is could it also somehow be erasing all
the RADIUS attributes from the request too... here is the code:
my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type, $user_name,
$ssid) = @_;
my $logger = Log::Log4perl->get_logger();
if (defined($node_info->{'category'})) {
if (lc($node_info->{'category'}) eq 'Admin') {
return $switch->getVlanByName('customVlan1');
} elsif (lc($node_info->{'category'}) eq 'Students') {
return $switch->getVlanByName('customVlan2');
} elsif (lc($node_info->{'category'}) eq 'Guest') {
return $switch->getVlanByName('customVlan3');
}
}
$logger->warn("Something is misconfigured. You should not see this message.
Return null VLAN.");
return -1;
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Sallee, Stephen (Jake) [mailto:[email protected]]
Sent: Wednesday, June 29, 2011 11:29 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Packetfence-users] No location Log entry
Gotcha, this is what I get when I configure the RADIUS MAC
radiusd -X output:
rlm_perl: PacketFence RESULT VLAN: 113
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair User-Name = bc773744f2d2
rlm_perl: Added pair NAS-Identifier = Sanderford-3
rlm_perl: Added pair User-Password = bc773744f2d2
rlm_perl: Added pair Connect-Info = CONNECT 1Mbps/6Mbps 802.11g
rlm_perl: Added pair Calling-Station-Id = BC-77-37-44-F2-D2
rlm_perl: Added pair Called-Station-Id = 00-0F-7D-05-0E-B0:Connection Assistance
rlm_perl: Added pair NAS-IP-Address = 10.11.30.3
rlm_perl: Added pair Message-Authenticator = 0xb1d9c4066184ed76458fd556868917ec
rlm_perl: Added pair Tunnel-Private-Group-ID = 113
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Auth-Type = Accept
++[perl] returns ok
} # server packetfence
Sending Access-Accept of id 1 to 10.11.30.3 port 32799
Tunnel-Private-Group-Id:0 = "113"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Finished request 39.
Everything looks fine but my client does not get an IP? I am looking into it
now but any assistance would be greatly appreciated.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Francois Gaudreault [mailto:[email protected]]
Sent: Wednesday, June 29, 2011 8:27 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Packetfence-users] No location Log entry
Jake,
On an open SSID, you need to configure some kind of RADIUS mac-filtering
otherwise it won't be "packetfenced" using VLAN mode. By default, we will
accept everything that is not EAP and return the proper VLAN using the RADIUS
attributes.
ie. for a Cisco aironet :
aaa authentication login mac_methods group rad_mac
dot11 ssid MySSID
...
authentication open mac-address mac_methods
...
!
I think this is explained in the network configuration guide.
On 11-06-29 9:11 AM, Sallee, Stephen (Jake) wrote:
> The entry is triggered by the RADIUS request.
So, how does it work with an open SSID and no encryption?
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Francois Gaudreault [mailto:[email protected]]
Sent: Wednesday, June 29, 2011 7:08 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Packetfence-users] No location Log entry
HI Jake,
The entry is triggered by the RADIUS request. The locationlog entry will
contain, if we can grab it, the SSID where the user connected to, and the ip of
the AP/controller from where the RADIUS request came from.
On 11-06-28 7:41 PM, Sallee, Stephen (Jake) wrote:
When a wireless user is redirected to the captive portal for authentication
what triggers an entry to be made in the location log and when does it get
triggered? If I have an open SSID what tells PF where the user is so it can
make the entry in the log?
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
