Hi All,
I am currently trying to configure a HP MSM 760 Mobility Controller and PF to
provide an Open Guest and 802.1x User portal.
I have configured the VSC's and can connect to the SSID's.
My problem is that the controller does not seem to see the PF replys and do not
put the connected wireless device in the required vlan.
It also does not bring up the PF registration portal for unregistered devices.
>From what I can gather, PF is replying with the correct vlan - 2907 - but the
>controller does not change the client's vlans or provide a dhcp ip address
>from that vlan's subnet.
I seem to receive an ip address from the 192.168 range if it is configured on
the controller.
Not to worried about the Open Guest SSID at the moment.
Please point me in the right direction.
I attach a part of the radius debug:
rad_recv: Access-Request packet from host 146.64.x.x port 32779, id=96,
length=287
Acct-Session-Id = "69d0c199"
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
User-Name = "5ce8eb25354c"
Calling-Station-Id = "5C-E8-EB-25-35-4C"
Called-Station-Id = "38-EA-A7-7E-34-80"
MS-CHAP2-Response =
0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a
MS-CHAP-Challenge = 0xb77c786e5c717b93183df669c5343a64
NAS-Identifier = "SG4093N0JZ"
NAS-IP-Address = 146.64.x.x Framed-MTU = 1496
Connect-Info = "HTTPS"
Framed-Protocol = PPP
Service-Type = Login-User
Colubris-AVPair = "ssid=CSiRWifi"
Colubris-AVPair = "group=CSIR"
Colubris-AVPair = "vsc-unique-id=2"
Message-Authenticator = 0x82a5a4c00c248894af52f635f99dc6e0
Tue Apr 1 16:37:41 2014 : Info: server packetfence {
Tue Apr 1 16:37:41 2014 : Info: # Executing section authorize from file
/usr/local/pf/raddb//sites-enabled/packetfence
Tue Apr 1 16:37:41 2014 : Info: +- entering group authorize {...}
Tue Apr 1 16:37:41 2014 : Info: [suffix] No '@' in User-Name = "5ce8eb25354c",
looking up realm NULL
Tue Apr 1 16:37:41 2014 : Info: [suffix] No such realm "NULL"
Tue Apr 1 16:37:41 2014 : Info: ++[suffix] returns noop
Tue Apr 1 16:37:41 2014 : Info: ++[preprocess] returns ok
Tue Apr 1 16:37:41 2014 : Info: [eap] No EAP-Message, not doing EAP
Tue Apr 1 16:37:41 2014 : Info: ++[eap] returns noop
Tue Apr 1 16:37:41 2014 : Info: [files] users: Matched entry DEFAULT at line 1
Tue Apr 1 16:37:41 2014 : Info: ++[files] returns ok
Tue Apr 1 16:37:41 2014 : Info: ++[expiration] returns noop
Tue Apr 1 16:37:41 2014 : Info: ++[logintime] returns noop
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port-Type =
Wireless-802.11
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Acct-Session-Id =
69d0c199
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Service-Type = Login-User
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Called-Station-Id =
38-EA-A7-7E-34-80
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Message-Authenticator =
0x82a5a4c00c248894af52f635f99dc6e0
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Connect-Info = HTTPS
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-IP-Address =
146.64.x.x
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Calling-Station-Id =
5C-E8-EB-25-35-4C
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP-Challenge =
0xb77c786e5c717b93183df669c5343a64
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-Protocol = PPP
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair User-Name = 5ce8eb25354c
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Identifier =
SG4093N0JZ
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP2-Response =
0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair =
ssid=CSiRWifi
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair =
group=CSIR
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair =
vsc-unique-id=2
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port = 1
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-MTU = 1496
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept
Tue Apr 1 16:37:41 2014 : Info: ++[packetfence] returns noop
Tue Apr 1 16:37:41 2014 : Info: Found Auth-Type = Accept
Tue Apr 1 16:37:41 2014 : Info: Auth-Type = Accept, accepting the user
Tue Apr 1 16:37:41 2014 : Auth: Login OK: [5ce8eb25354c] (from client x.x.x.x
port 1 cli 5C-E8-EB-25-35-4C)
Tue Apr 1 16:37:41 2014 : Info: # Executing section post-auth from file
/usr/local/pf/raddb//sites-enabled/packetfence
Tue Apr 1 16:37:41 2014 : Info: +- entering group post-auth {...}
Tue Apr 1 16:37:41 2014 : Info: ++[exec] returns noop
Tue Apr 1 16:37:41 2014 : Info: ++? if (!EAP-Type || (EAP-Type != 21 &&
EAP-Type != 25))
Tue Apr 1 16:37:41 2014 : Info: ? Evaluating !(EAP-Type ) -> TRUE
Tue Apr 1 16:37:41 2014 : Info: ?? Skipping (EAP-Type != 21 )
Tue Apr 1 16:37:41 2014 : Info: ?? Skipping (EAP-Type != 25)
Tue Apr 1 16:37:41 2014 : Info: ++? if (!EAP-Type || (EAP-Type != 21 &&
EAP-Type != 25)) -> TRUE
Tue Apr 1 16:37:41 2014 : Info: ++- entering if (!EAP-Type || (EAP-Type != 21
&& EAP-Type != 25)) {...}
Tue Apr 1 16:37:41 2014 : Auth: rlm_perl: Returning vlan 2907 to request from
5c:e8:eb:25:35:4c port 1
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: PacketFence RESULT RESPONSE CODE: 2
(2 means OK)
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port-Type =
Wireless-802.11
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Acct-Session-Id =
69d0c199
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Service-Type = Login-User
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Calling-Station-Id =
5C-E8-EB-25-35-4C
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Called-Station-Id =
38-EA-A7-7E-34-80
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP-Challenge =
0xb77c786e5c717b93183df669c5343a64
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Message-Authenticator =
0x82a5a4c00c248894af52f635f99dc6e0
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-Protocol = PPP
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair User-Name = 5ce8eb25354c
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Identifier =
SG4093N0JZ
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP2-Response =
0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Connect-Info = HTTPS
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair =
ssid=CSiRWifi
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair =
group=CSIR
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair =
vsc-unique-id=2
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port = 1
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-IP-Address =
146.64.x.x
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-MTU = 1496
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Private-Group-ID
= 2907
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Type = 13
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Medium-Type = 6
Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept
Tue Apr 1 16:37:41 2014 : Info: +++[packetfence] returns ok
Tue Apr 1 16:37:41 2014 : Info: ++- if (!EAP-Type || (EAP-Type != 21 &&
EAP-Type != 25)) returns ok
Tue Apr 1 16:37:41 2014 : Info: } # server packetfence
Sending Access-Accept of id 96 to 146.64.x.x port 32779
Tunnel-Private-Group-Id:0 = "2907"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tue Apr 1 16:37:41 2014 : Info: Finished request 70.
Tue Apr 1 16:37:41 2014 : Debug: Going to the next request
Tue Apr 1 16:37:41 2014 : Debug: Waking up in 4.9 seconds.
Regards,
Craig.
--
This message is subject to the CSIR's copyright terms and conditions, e-mail
legal notice, and implemented Open Document Format (ODF) standard.
The full disclaimer details can be found at
http://www.csir.co.za/disclaimer.html.
This message has been scanned for viruses and dangerous content by MailScanner,
and is believed to be clean.
Please consider the environment before printing this email.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
