Have you removed what you did in clients.conf ?
Regards

Le 2012-12-07 14:56, David Schiller a écrit :
10.93.0.1 is the Packetfence interface which is running the Radius server... here is the netstat:

udp        0      0 10.93.0.1:1812 <http://10.93.0.1:1812> 0.0.0.0:*
udp        0      0 10.93.0.1:1813 <http://10.93.0.1:1813> 0.0.0.0:*
udp        0      0 10.93.0.1:1814 <http://10.93.0.1:1814> 0.0.0.0:*

That is configured with RFC 3576 and useStrongerSecret on the WiSM.

On Fri, Dec 7, 2012 at 11:46 AM, Durand Fabrice <[email protected] <mailto:[email protected]>> wrote:

    What is this address 10.93.0.1 <http://10.93.0.1:50253> ?
    Your controller must know 10.93.0.1 as a radius server.
    <http://10.93.0.1:50253>

    Regards

    Le 2012-12-07 14:36, David Schiller a écrit :
    Hi, thanks... I do have RFC 3576 enabled.  I did as you suggested
    but it didn't seem to work:

    $ cat pod.txt | radclient -x 10.93.0.252:3799
    <http://10.93.0.252:3799> disconnect useStrongerSecret
    Sending Disconnect-Request of id 61 to 10.93.0.252 port 3799
        Calling-Station-Id = "00:11:22:33:44:55"
        Service-Type = Login-User
    Sending Disconnect-Request of id 61 to 10.93.0.252 port 3799
        Calling-Station-Id = "00:11:22:33:44:55"
        Service-Type = Login-User
    Sending Disconnect-Request of id 61 to 10.93.0.252 port 3799
        Calling-Station-Id = "00:11:22:33:44:55"
        Service-Type = Login-User
    radclient: no response from server for ID 61 socket 3

    Interestingly, on the WiSM I am debugging AAA:

    (WiSM-slot6-1) >
    *Dec 07 19:35:43.962: Received a 'RFC-3576 Disconnect-Request'
    from unknown server 10.93.0.1:50253 <http://10.93.0.1:50253>
    *Dec 07 19:35:48.966: Received a 'RFC-3576 Disconnect-Request'
    from unknown server 10.93.0.1:50253 <http://10.93.0.1:50253>
    *Dec 07 19:35:53.971: Received a 'RFC-3576 Disconnect-Request'
    from unknown server 10.93.0.1:50253 <http://10.93.0.1:50253>

    So it seems to be getting there...


    On Fri, Dec 7, 2012 at 7:47 AM, Durand Fabrice
    <[email protected] <mailto:[email protected]>> wrote:

        Hello David,
        First you don´t have to set radius secret in raddb/clients.conf.
        Radius is configured to get the clients configuration in
        packetfence database.

        You also have to enable RFC 3576 in the controller and you
        can make a test by using this command:

        Create a file pod.txt

        Calling-Station-Id = "00:11:22:33:44:55"
        Service-Type = "Login-User"

        And launch

        cat pod.txt | radclient -x 10.93.0.252:3799
        <http://10.93.0.252:3799> disconnect useStrongerSecret

        Regards
        Fabrice




        Le 2012-12-06 16:46, David Schiller a écrit :
        Hi, I am in the process of moving our standalone AP setup to
        a LWAPP setup with a Cisco WiSM.  I actually have managed to
        get everything pretty much working, but one thing I have not
        been able to figure out is how to get PF to properly Deauth
users once they register, to place them in the proper VLAN. If I manually, leave the SSID and come back, then it makes
        the switch OK, but we obviously want this to be automated
        like with the standalone setup.  I am getting this in the
        packetfence.log:

        Dec 06 14:16:09 pfcmd(19120) INFO: trying to dissociate a
        wireless 802.1x user, this might not work depending on
        hardware support. If its your case please file a bug
        (pf::enforcement::_vlan_reevaluation)
        Dec 06 14:16:11 pfsetvlan(21) INFO: local (127.0.0.1) trap
        for switch 10.93.0.252 (main::parseTrap)
        Dec 06 14:16:11 pfsetvlan(1) INFO: nb of items in queue: 1;
        nb of threads running: 0 (main::startTrapHandlers)
        Dec 06 14:16:11 pfsetvlan(1) INFO: desAssociate trap
        received on 10.93.0.252 for wireless client
        00:1e:52:xx:xx:xx (main::handleTrap)
        Dec 06 14:16:13 pfcmd_vlan(19129) INFO: wireless
        deauthentication of a 802.1x MAC (main::)
        Dec 06 14:16:23 pfcmd_vlan(19129) WARN: Unable to perform
        RADIUS Disconnect-Request: Timeout waiting for a reply from
        10.93.0.252 on port 3799 at
        /usr/local/pf/lib/pf/util/radius.pm <http://radius.pm> line
        160. (pf::SNMP::__ANON__)
        Dec 06 14:16:23 pfcmd_vlan(19129) ERROR: Wrong RADIUS secret
        or unreachable network device... (pf::SNMP::__ANON__)

        It is a little unclear to me whether or not the WiSM uses
        RADIUS or SNMP for Deauth... it looks like it is trying
        RADIUS but I have seen other threads that seemed to indicate
        that this is done with SNMP.  I have double checked that my
        shared secret in raddb/clients.conf and in the WiSM config
        is correct.  Also, IP connectivity between everything seems
        to be fine.  I have this in my switches.conf:

        [10.93.0.252]
        mode=production
        type=Cisco::WiSM
        vlans=92,93,94,95,96
        normalVlan=94
        isolationVlan=92
        radiusSecret=useStrongerSecret
        SNMPVersion=1
        SNMPCommunityRead=public
        SNMPCommunityWrite=private
        SNMPVersionTrap=1
        SNMPCommunityTrap=public

        One other thing I have noticed, which may or may not be
        related, is that in Packetfence under Nodes, before it would
        show me the IP address of the last AP the user was on, but
        now with the WiSM it only shows the IP address of the WiSM
        instead of the particular IP.  Can this be fixed? It is
        useful to know which AP a user is associated with, and I am
        wondering if this is actually maybe a problem.

        Please let me know if you need more info... thanks,

        David


        
------------------------------------------------------------------------------
        LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
        Remotely access PCs and mobile devices and provide instant support
        Improve your efficiency, and focus on delivering more value-add services
        Discover what IT Professionals Know. Rescue delivers
        http://p.sf.net/sfu/logmein_12329d2d


        _______________________________________________
        PacketFence-users mailing list
        [email protected]  
<mailto:[email protected]>
        https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- Fabrice Durand
        [email protected]  <mailto:[email protected]>  ::+1.514.447.4918  
<tel:%2B1.514.447.4918>  (x135) ::www.inverse.ca  <http://www.inverse.ca>
        Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
PacketFence (http://packetfence.org)


        
------------------------------------------------------------------------------
        LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free
        Trial
        Remotely access PCs and mobile devices and provide instant
        support
        Improve your efficiency, and focus on delivering more
        value-add services
        Discover what IT Professionals Know. Rescue delivers
        http://p.sf.net/sfu/logmein_12329d2d
        _______________________________________________
        PacketFence-users mailing list
        [email protected]
        <mailto:[email protected]>
        https://lists.sourceforge.net/lists/listinfo/packetfence-users




    
------------------------------------------------------------------------------
    LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
    Remotely access PCs and mobile devices and provide instant support
    Improve your efficiency, and focus on delivering more value-add services
    Discover what IT Professionals Know. Rescue delivers
    http://p.sf.net/sfu/logmein_12329d2d


    _______________________________________________
    PacketFence-users mailing list
    [email protected]  
<mailto:[email protected]>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- Fabrice Durand
    [email protected]  <mailto:[email protected]>  ::+1.514.447.4918  
<tel:%2B1.514.447.4918>  (x135) ::www.inverse.ca  <http://www.inverse.ca>
    Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


    
------------------------------------------------------------------------------
    LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
    Remotely access PCs and mobile devices and provide instant support
    Improve your efficiency, and focus on delivering more value-add
    services
    Discover what IT Professionals Know. Rescue delivers
    http://p.sf.net/sfu/logmein_12329d2d
    _______________________________________________
    PacketFence-users mailing list
    [email protected]
    <mailto:[email protected]>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users




------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Fabrice Durand
[email protected] ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to