Hello David,
First you don´t have to set radius secret in raddb/clients.conf.
Radius is configured to get the clients configuration in packetfence
database.
You also have to enable RFC 3576 in the controller and you can make a
test by using this command:
Create a file pod.txt
Calling-Station-Id = "00:11:22:33:44:55"
Service-Type = "Login-User"
And launch
cat pod.txt | radclient -x 10.93.0.252:3799 disconnect useStrongerSecret
Regards
Fabrice
Le 2012-12-06 16:46, David Schiller a écrit :
Hi, I am in the process of moving our standalone AP setup to a LWAPP
setup with a Cisco WiSM. I actually have managed to get everything
pretty much working, but one thing I have not been able to figure out
is how to get PF to properly Deauth users once they register, to place
them in the proper VLAN. If I manually, leave the SSID and come back,
then it makes the switch OK, but we obviously want this to be
automated like with the standalone setup. I am getting this in the
packetfence.log:
Dec 06 14:16:09 pfcmd(19120) INFO: trying to dissociate a wireless
802.1x user, this might not work depending on hardware support. If its
your case please file a bug (pf::enforcement::_vlan_reevaluation)
Dec 06 14:16:11 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch
10.93.0.252 (main::parseTrap)
Dec 06 14:16:11 pfsetvlan(1) INFO: nb of items in queue: 1; nb of
threads running: 0 (main::startTrapHandlers)
Dec 06 14:16:11 pfsetvlan(1) INFO: desAssociate trap received on
10.93.0.252 for wireless client 00:1e:52:xx:xx:xx (main::handleTrap)
Dec 06 14:16:13 pfcmd_vlan(19129) INFO: wireless deauthentication of a
802.1x MAC (main::)
Dec 06 14:16:23 pfcmd_vlan(19129) WARN: Unable to perform RADIUS
Disconnect-Request: Timeout waiting for a reply from 10.93.0.252 on
port 3799 at /usr/local/pf/lib/pf/util/radius.pm <http://radius.pm>
line 160. (pf::SNMP::__ANON__)
Dec 06 14:16:23 pfcmd_vlan(19129) ERROR: Wrong RADIUS secret or
unreachable network device... (pf::SNMP::__ANON__)
It is a little unclear to me whether or not the WiSM uses RADIUS or
SNMP for Deauth... it looks like it is trying RADIUS but I have seen
other threads that seemed to indicate that this is done with SNMP. I
have double checked that my shared secret in raddb/clients.conf and in
the WiSM config is correct. Also, IP connectivity between everything
seems to be fine. I have this in my switches.conf:
[10.93.0.252]
mode=production
type=Cisco::WiSM
vlans=92,93,94,95,96
normalVlan=94
isolationVlan=92
radiusSecret=useStrongerSecret
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
SNMPVersionTrap=1
SNMPCommunityTrap=public
One other thing I have noticed, which may or may not be related, is
that in Packetfence under Nodes, before it would show me the IP
address of the last AP the user was on, but now with the WiSM it only
shows the IP address of the WiSM instead of the particular IP. Can
this be fixed? It is useful to know which AP a user is associated
with, and I am wondering if this is actually maybe a problem.
Please let me know if you need more info... thanks,
David
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
