Luca,
I may found something that should lead us to the solution (or so i hope :)),
question: are you using RFC-3576 ?
my problem seems to be related to desauthentication of the client computer.
i've found that packetfence tries to send a desauthenticate "order" to the
access point (in my case using connect on UDP/3799 which is wrong).
generally our problem relies on how packetfence send a desauthenticate
"order" to the Access Point.
Hope this would help,
Regards,
Xinity
On Tue, Oct 2, 2012 at 4:15 PM, Luca Benassi <[email protected]> wrote:
> On 02/10/2012 15:05, Rachid Zarouali wrote:
> > hy Luca
> >
> > i have the same "issue",
> > in my case, it seems to be related to unhandled (or handled incorrectly)
> > radius disconnect request.
> >
> > is it the same in your test lab ?
> >
> > Regards,
> >
> > Xinity
>
> I don't know if it's the same behavior, in our log we have:
> ---
> Oct 02 15:26:26 register.cgi(0) INFO: re-evaluating access for node
> xx:xx:xx:xx:xx:xx (manage_register called)
> (pf::enforcement::reevaluate_access)
> Oct 02 15:26:26 register.cgi(0) WARN: Can't re-evaluate access for mac
> xx:xx:xx:xx:xx:xx because no open locationlog entry was found
> (pf::enforcement::reevaluate_access)
> ---
>
> Some more infos about our env:
> - routed networks
> - cisco device
> - client with W7
>
> If we enable 802.1x on the client, it's correctly authorized and it will
> land on his proper vlan (gets a valid ip, can surf, etc).
> If we don't enable 802.1x on the client, we land on the correct captive
> portal page, but when we put the proper credentials, we received first
> the "Unable to detect network connectivity. Try opening a web page to
> see if your access has been succesfully enabled." and then "Sorry!
> Your network should be enabled within a minute or two. If it is not
> reboot your computer."
>
> The problem seems to be that the client doesn't change vlan from
> registration to normal vlan (vlan enforcement).
>
> Any hints? :)
>
> Luca
>
>
> >
> > On Tue, Oct 2, 2012 at 2:46 PM, Luca Benassi <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> > Hy all,
> > is it correct to assume that if I correctly insert a valid user/pass
> on
> > the web page, packetfence should change my network from "registration
> > vlan" to "normal vlan"?
> >
> > We're trying to troubleshoot an issue in our test lab for a routed
> > network env and we're a bit stuck :|
> >
> > thx!
> >
> > Luca
> >
> > --
> > Dr. Luca Benassi
> > Laboratori Guglielmo Marconi
> > Via Porrettana 123, 40037 Pontecchio BO - ITALY
> > Phone:+39-0516781934 <tel:%2B39-0516781934> Fax:+39-051846479
> > <tel:%2B39-051846479> e-mail: [email protected] <mailto:
> [email protected]>
> > Systems & Networks Division
> >
> >
> ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic
> APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> > _______________________________________________
> > PacketFence-users mailing list
> > [email protected]
> > <mailto:[email protected]>
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Don't let slow site performance ruin your business. Deploy New Relic APM
> > Deploy New Relic app performance management and know exactly
> > what is happening inside your Ruby, Python, PHP, Java, and .NET app
> > Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> > http://p.sf.net/sfu/newrelic-dev2dev
> >
> >
> >
> > _______________________________________________
> > PacketFence-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
> >
>
>
> --
> Dr. Luca Benassi
> Laboratori Guglielmo Marconi
> Via Porrettana 123, 40037 Pontecchio BO - ITALY
> Phone:+39-0516781934 Fax:+39-051846479 e-mail: [email protected]
> Systems & Networks Division
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
