10.93.0.1 is the Packetfence interface which is running the Radius
server... here is the netstat:
udp 0 0 10.93.0.1:1812 0.0.0.0:*
udp 0 0 10.93.0.1:1813 0.0.0.0:*
udp 0 0 10.93.0.1:1814 0.0.0.0:*
That is configured with RFC 3576 and useStrongerSecret on the WiSM.
On Fri, Dec 7, 2012 at 11:46 AM, Durand Fabrice <[email protected]> wrote:
> What is this address 10.93.0.1 <http://10.93.0.1:50253> ?
> Your controller must know 10.93.0.1 as a radius
> server.<http://10.93.0.1:50253>
>
> Regards
>
> Le 2012-12-07 14:36, David Schiller a écrit :
>
> Hi, thanks... I do have RFC 3576 enabled. I did as you suggested but it
> didn't seem to work:
>
> $ cat pod.txt | radclient -x 10.93.0.252:3799 disconnect useStrongerSecret
> Sending Disconnect-Request of id 61 to 10.93.0.252 port 3799
> Calling-Station-Id = "00:11:22:33:44:55"
> Service-Type = Login-User
> Sending Disconnect-Request of id 61 to 10.93.0.252 port 3799
> Calling-Station-Id = "00:11:22:33:44:55"
> Service-Type = Login-User
> Sending Disconnect-Request of id 61 to 10.93.0.252 port 3799
> Calling-Station-Id = "00:11:22:33:44:55"
> Service-Type = Login-User
> radclient: no response from server for ID 61 socket 3
>
> Interestingly, on the WiSM I am debugging AAA:
>
> (WiSM-slot6-1) >
> *Dec 07 19:35:43.962: Received a 'RFC-3576 Disconnect-Request' from
> unknown server 10.93.0.1:50253
> *Dec 07 19:35:48.966: Received a 'RFC-3576 Disconnect-Request' from
> unknown server 10.93.0.1:50253
> *Dec 07 19:35:53.971: Received a 'RFC-3576 Disconnect-Request' from
> unknown server 10.93.0.1:50253
>
> So it seems to be getting there...
>
>
> On Fri, Dec 7, 2012 at 7:47 AM, Durand Fabrice <[email protected]>wrote:
>
>> Hello David,
>> First you don´t have to set radius secret in raddb/clients.conf.
>> Radius is configured to get the clients configuration in packetfence
>> database.
>>
>> You also have to enable RFC 3576 in the controller and you can make a
>> test by using this command:
>>
>> Create a file pod.txt
>>
>> Calling-Station-Id = "00:11:22:33:44:55"Service-Type = "Login-User"
>>
>> And launch
>> cat pod.txt | radclient -x 10.93.0.252:3799 disconnect useStrongerSecret
>>
>> Regards
>> Fabrice
>>
>>
>>
>>
>> Le 2012-12-06 16:46, David Schiller a écrit :
>>
>> Hi, I am in the process of moving our standalone AP setup to a LWAPP
>> setup with a Cisco WiSM. I actually have managed to get everything pretty
>> much working, but one thing I have not been able to figure out is how to
>> get PF to properly Deauth users once they register, to place them in the
>> proper VLAN. If I manually, leave the SSID and come back, then it makes
>> the switch OK, but we obviously want this to be automated like with the
>> standalone setup. I am getting this in the packetfence.log:
>>
>> Dec 06 14:16:09 pfcmd(19120) INFO: trying to dissociate a wireless 802.1x
>> user, this might not work depending on hardware support. If its your case
>> please file a bug (pf::enforcement::_vlan_reevaluation)
>> Dec 06 14:16:11 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch
>> 10.93.0.252 (main::parseTrap)
>> Dec 06 14:16:11 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads
>> running: 0 (main::startTrapHandlers)
>> Dec 06 14:16:11 pfsetvlan(1) INFO: desAssociate trap received on
>> 10.93.0.252 for wireless client 00:1e:52:xx:xx:xx (main::handleTrap)
>> Dec 06 14:16:13 pfcmd_vlan(19129) INFO: wireless deauthentication of a
>> 802.1x MAC (main::)
>> Dec 06 14:16:23 pfcmd_vlan(19129) WARN: Unable to perform RADIUS
>> Disconnect-Request: Timeout waiting for a reply from 10.93.0.252 on port
>> 3799 at /usr/local/pf/lib/pf/util/radius.pm line 160.
>> (pf::SNMP::__ANON__)
>> Dec 06 14:16:23 pfcmd_vlan(19129) ERROR: Wrong RADIUS secret or
>> unreachable network device... (pf::SNMP::__ANON__)
>>
>> It is a little unclear to me whether or not the WiSM uses RADIUS or SNMP
>> for Deauth... it looks like it is trying RADIUS but I have seen other
>> threads that seemed to indicate that this is done with SNMP. I have double
>> checked that my shared secret in raddb/clients.conf and in the WiSM config
>> is correct. Also, IP connectivity between everything seems to be fine. I
>> have this in my switches.conf:
>>
>> [10.93.0.252]
>> mode=production
>> type=Cisco::WiSM
>> vlans=92,93,94,95,96
>> normalVlan=94
>> isolationVlan=92
>> radiusSecret=useStrongerSecret
>> SNMPVersion=1
>> SNMPCommunityRead=public
>> SNMPCommunityWrite=private
>> SNMPVersionTrap=1
>> SNMPCommunityTrap=public
>>
>> One other thing I have noticed, which may or may not be related, is that
>> in Packetfence under Nodes, before it would show me the IP address of the
>> last AP the user was on, but now with the WiSM it only shows the IP address
>> of the WiSM instead of the particular IP. Can this be fixed? It is useful
>> to know which AP a user is associated with, and I am wondering if this is
>> actually maybe a problem.
>>
>> Please let me know if you need more info... thanks,
>>
>> David
>>
>>
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> Remotely access PCs and mobile devices and provide instant support
>> Improve your efficiency, and focus on delivering more value-add services
>> Discover what IT Professionals Know. Rescue
>> delivershttp://p.sf.net/sfu/logmein_12329d2d
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> Remotely access PCs and mobile devices and provide instant support
>> Improve your efficiency, and focus on delivering more value-add services
>> Discover what IT Professionals Know. Rescue delivers
>> http://p.sf.net/sfu/logmein_12329d2d
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue
> delivershttp://p.sf.net/sfu/logmein_12329d2d
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
