The only thing that we can see from the snip you sent us is that RADIUS is returning vlan 700.. Without info on your VLANs or some logs, we're blind… again!..
Cheers! dw. -- Derek Wuelfrath [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2013-08-20, at 4:36 AM, Manfred Kruse <[email protected]> wrote: > Hi everbody! > > I almost configured packetfence completly. There is only one issue left: > > I want to use 802.1x through a radius server, but if there is an unknown > device, it should first register through the captive portal, so that they > must accept the use policy. Both works for themselves, but not together. > My log files show me, that packetfence wants to put the device in my > registration VLAN, but my radius server want to put it in an other VLAN. > Because it's the first time that the node is seen it should be pushed into > registration VLAN. > > Here is a snip of my radius debug output: > <snip> > [eap] Freeing handler > ++[eap] returns ok > Login OK: [fhms250288] (from client 10.11.251.199 port 50201 cli > 00-23-AE-85-CC-E8) > # Executing section post-auth from file > /usr/local/pf/raddb//sites-enabled/packetfence > +- entering group post-auth {...} > ++[exec] returns noop > ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) > ? Evaluating !(EAP-Type ) -> FALSE > ?? Evaluating (EAP-Type != 21 ) -> TRUE > ?? Evaluating (EAP-Type != 25) -> FALSE > ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) -> FALSE > } # server packetfence > Sending Access-Accept of id 22 to 10.11.251.199 port 1645 > Tunnel-Type:0 = VLAN > Tunnel-Medium-Type:0 = IEEE-802 > Tunnel-Private-Group-Id:0 = "700" > User-Name = "fhms250288" > Tunnel-Private-Group-Id:0 = "dvz-user-11" > MS-MPPE-Recv-Key = > 0x6bdfec0d7fe6d6b00a393b6180d2def803ee03d7db3384cb33a6d0a8feccaa5a > MS-MPPE-Send-Key = > 0x4a022cf68ea3222c3e6b36820cdabf40b0a14f99271f5856a46e9b044ad77e33 > EAP-Message = 0x03090004 > Message-Authenticator = 0x00000000000000000000000000000000 > Finished request 8. > Going to the next request > </snip> > > > Can someone of you help me? > > -- > Herr Manfred Kruse > Netzwerkadministrator > Datenverarbeitungszentrale > Netzwerk-Infrastruktur, Netzwerkdienste > Fachhochschule Münster > – University of Applied Sciences – > Corrensstr. 25 > D-48149 Münster > Fon: (49)0251 / 83 - 64942 > Fax: (49)0251 / 83 - 64910 > mail: [email protected] > www.fh-muenster.de/dvz/index.php > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk_______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
