In a previous life when working with PF and the MSM I was in charge of I found that the access worked better than trying to make radius work through the controller. Once the APs got the reply everything just worked. I know I had to have each AP as a device. Easily scripted the creation of devices on PF with all static ip's that I had provisioned to the APs through the controller. While I don't work there anymore by virtue of changing companies I still have contacts and VPN as I consult on a regular basis with that company if my memory can't pull out details of how I did it with the 760 controller.
> On Apr 1, 2014, at 9:46 AM, Craig Strydom <[email protected]> wrote: > > Hi All, > > I am currently trying to configure a HP MSM 760 Mobility Controller and PF to > provide an Open Guest and 802.1x User portal. > > I have configured the VSC's and can connect to the SSID's. > > My problem is that the controller does not seem to see the PF replys and do > not put the connected wireless device in the required vlan. > It also does not bring up the PF registration portal for unregistered devices. > > From what I can gather, PF is replying with the correct vlan - 2907 - but the > controller does not change the client's vlans or provide a dhcp ip address > from that vlan's subnet. > I seem to receive an ip address from the 192.168 range if it is configured on > the controller. > > Not to worried about the Open Guest SSID at the moment. > > Please point me in the right direction. > > I attach a part of the radius debug: > > rad_recv: Access-Request packet from host 146.64.x.x port 32779, id=96, > length=287 > Acct-Session-Id = "69d0c199" > NAS-Port = 1 > NAS-Port-Type = Wireless-802.11 > User-Name = "5ce8eb25354c" > Calling-Station-Id = "5C-E8-EB-25-35-4C" > Called-Station-Id = "38-EA-A7-7E-34-80" > MS-CHAP2-Response = > 0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a > MS-CHAP-Challenge = 0xb77c786e5c717b93183df669c5343a64 > NAS-Identifier = "SG4093N0JZ" > NAS-IP-Address = 146.64.x.x Framed-MTU = 1496 > Connect-Info = "HTTPS" > Framed-Protocol = PPP > Service-Type = Login-User > Colubris-AVPair = "ssid=CSiRWifi" > Colubris-AVPair = "group=CSIR" > Colubris-AVPair = "vsc-unique-id=2" > Message-Authenticator = 0x82a5a4c00c248894af52f635f99dc6e0 > Tue Apr 1 16:37:41 2014 : Info: server packetfence { > Tue Apr 1 16:37:41 2014 : Info: # Executing section authorize from file > /usr/local/pf/raddb//sites-enabled/packetfence > Tue Apr 1 16:37:41 2014 : Info: +- entering group authorize {...} > Tue Apr 1 16:37:41 2014 : Info: [suffix] No '@' in User-Name = > "5ce8eb25354c", looking up realm NULL > Tue Apr 1 16:37:41 2014 : Info: [suffix] No such realm "NULL" > Tue Apr 1 16:37:41 2014 : Info: ++[suffix] returns noop > Tue Apr 1 16:37:41 2014 : Info: ++[preprocess] returns ok > Tue Apr 1 16:37:41 2014 : Info: [eap] No EAP-Message, not doing EAP > Tue Apr 1 16:37:41 2014 : Info: ++[eap] returns noop > Tue Apr 1 16:37:41 2014 : Info: [files] users: Matched entry DEFAULT at line > 1 > Tue Apr 1 16:37:41 2014 : Info: ++[files] returns ok > Tue Apr 1 16:37:41 2014 : Info: ++[expiration] returns noop > Tue Apr 1 16:37:41 2014 : Info: ++[logintime] returns noop > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port-Type = > Wireless-802.11 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Acct-Session-Id = > 69d0c199 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Service-Type = > Login-User > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Called-Station-Id = > 38-EA-A7-7E-34-80 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Message-Authenticator > = 0x82a5a4c00c248894af52f635f99dc6e0 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Connect-Info = HTTPS > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-IP-Address = > 146.64.x.x > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Calling-Station-Id = > 5C-E8-EB-25-35-4C > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP-Challenge = > 0xb77c786e5c717b93183df669c5343a64 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-Protocol = PPP > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair User-Name = > 5ce8eb25354c > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Identifier = > SG4093N0JZ > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP2-Response = > 0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = > ssid=CSiRWifi > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = > group=CSIR > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = > vsc-unique-id=2 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port = 1 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-MTU = 1496 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept > Tue Apr 1 16:37:41 2014 : Info: ++[packetfence] returns noop > Tue Apr 1 16:37:41 2014 : Info: Found Auth-Type = Accept > Tue Apr 1 16:37:41 2014 : Info: Auth-Type = Accept, accepting the user > Tue Apr 1 16:37:41 2014 : Auth: Login OK: [5ce8eb25354c] (from client > x.x.x.x port 1 cli 5C-E8-EB-25-35-4C) > Tue Apr 1 16:37:41 2014 : Info: # Executing section post-auth from file > /usr/local/pf/raddb//sites-enabled/packetfence > Tue Apr 1 16:37:41 2014 : Info: +- entering group post-auth {...} > Tue Apr 1 16:37:41 2014 : Info: ++[exec] returns noop > Tue Apr 1 16:37:41 2014 : Info: ++? if (!EAP-Type || (EAP-Type != 21 && > EAP-Type != 25)) > Tue Apr 1 16:37:41 2014 : Info: ? Evaluating !(EAP-Type ) -> TRUE > Tue Apr 1 16:37:41 2014 : Info: ?? Skipping (EAP-Type != 21 ) > Tue Apr 1 16:37:41 2014 : Info: ?? Skipping (EAP-Type != 25) > Tue Apr 1 16:37:41 2014 : Info: ++? if (!EAP-Type || (EAP-Type != 21 && > EAP-Type != 25)) -> TRUE > Tue Apr 1 16:37:41 2014 : Info: ++- entering if (!EAP-Type || (EAP-Type != > 21 && EAP-Type != 25)) {...} > Tue Apr 1 16:37:41 2014 : Auth: rlm_perl: Returning vlan 2907 to request > from 5c:e8:eb:25:35:4c port 1 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: PacketFence RESULT RESPONSE CODE: > 2 (2 means OK) > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port-Type = > Wireless-802.11 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Acct-Session-Id = > 69d0c199 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Service-Type = > Login-User > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Calling-Station-Id = > 5C-E8-EB-25-35-4C > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Called-Station-Id = > 38-EA-A7-7E-34-80 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP-Challenge = > 0xb77c786e5c717b93183df669c5343a64 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Message-Authenticator > = 0x82a5a4c00c248894af52f635f99dc6e0 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-Protocol = PPP > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair User-Name = > 5ce8eb25354c > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Identifier = > SG4093N0JZ > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP2-Response = > 0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Connect-Info = HTTPS > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = > ssid=CSiRWifi > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = > group=CSIR > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = > vsc-unique-id=2 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port = 1 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-IP-Address = > 146.64.x.x > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-MTU = 1496 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair > Tunnel-Private-Group-ID = 2907 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Type = 13 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Medium-Type = 6 > Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept > Tue Apr 1 16:37:41 2014 : Info: +++[packetfence] returns ok > Tue Apr 1 16:37:41 2014 : Info: ++- if (!EAP-Type || (EAP-Type != 21 && > EAP-Type != 25)) returns ok > Tue Apr 1 16:37:41 2014 : Info: } # server packetfence > Sending Access-Accept of id 96 to 146.64.x.x port 32779 > Tunnel-Private-Group-Id:0 = "2907" > Tunnel-Type:0 = VLAN > Tunnel-Medium-Type:0 = IEEE-802 > Tue Apr 1 16:37:41 2014 : Info: Finished request 70. > Tue Apr 1 16:37:41 2014 : Debug: Going to the next request > Tue Apr 1 16:37:41 2014 : Debug: Waking up in 4.9 seconds. > Regards, > Craig. > > > > > -- > This message is subject to the CSIR's copyright terms and conditions, e-mail > legal notice, and implemented Open Document Format (ODF) standard. > The full disclaimer details can be found at > http://www.csir.co.za/disclaimer.html. > > This message has been scanned for viruses and dangerous content by > MailScanner, > and is believed to be clean. > > > Please consider the environment before printing this email. > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
