Hi Christopher, Thanks for the reply. Regards, Craig.
>>> Christopher David Herbold <[email protected]> 03/04/2014 02:39 >>> In a previous life when working with PF and the MSM I was in charge of I found that the access worked better than trying to make radius work through the controller. Once the APs got the reply everything just worked. I know I had to have each AP as a device. Easily scripted the creation of devices on PF with all static ip's that I had provisioned to the APs through the controller. While I don't work there anymore by virtue of changing companies I still have contacts and VPN as I consult on a regular basis with that company if my memory can't pull out details of how I did it with the 760 controller. On Apr 1, 2014, at 9:46 AM, Craig Strydom <[email protected]> wrote: Hi All, I am currently trying to configure a HP MSM 760 Mobility Controller and PF to provide an Open Guest and 802.1x User portal. I have configured the VSC's and can connect to the SSID's. My problem is that the controller does not seem to see the PF replys and do not put the connected wireless device in the required vlan. It also does not bring up the PF registration portal for unregistered devices. >From what I can gather, PF is replying with the correct vlan - 2907 - but the >controller does not change the client's vlans or provide a dhcp ip address >from that vlan's subnet. I seem to receive an ip address from the 192.168 range if it is configured on the controller. Not to worried about the Open Guest SSID at the moment. Please point me in the right direction. I attach a part of the radius debug: rad_recv: Access-Request packet from host 146.64.x.x port 32779, id=96, length=287 Acct-Session-Id = "69d0c199" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 User-Name = "5ce8eb25354c" Calling-Station-Id = "5C-E8-EB-25-35-4C" Called-Station-Id = "38-EA-A7-7E-34-80" MS-CHAP2-Response = 0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a MS-CHAP-Challenge = 0xb77c786e5c717b93183df669c5343a64 NAS-Identifier = "SG4093N0JZ" NAS-IP-Address = 146.64.x.x Framed-MTU = 1496 Connect-Info = "HTTPS" Framed-Protocol = PPP Service-Type = Login-User Colubris-AVPair = "ssid=CSiRWifi" Colubris-AVPair = "group=CSIR" Colubris-AVPair = "vsc-unique-id=2" Message-Authenticator = 0x82a5a4c00c248894af52f635f99dc6e0 Tue Apr 1 16:37:41 2014 : Info: server packetfence { Tue Apr 1 16:37:41 2014 : Info: # Executing section authorize from file /usr/local/pf/raddb//sites-enabled/packetfence Tue Apr 1 16:37:41 2014 : Info: +- entering group authorize {...} Tue Apr 1 16:37:41 2014 : Info: [suffix] No '@' in User-Name = "5ce8eb25354c", looking up realm NULL Tue Apr 1 16:37:41 2014 : Info: [suffix] No such realm "NULL" Tue Apr 1 16:37:41 2014 : Info: ++[suffix] returns noop Tue Apr 1 16:37:41 2014 : Info: ++[preprocess] returns ok Tue Apr 1 16:37:41 2014 : Info: [eap] No EAP-Message, not doing EAP Tue Apr 1 16:37:41 2014 : Info: ++[eap] returns noop Tue Apr 1 16:37:41 2014 : Info: [files] users: Matched entry DEFAULT at line 1 Tue Apr 1 16:37:41 2014 : Info: ++[files] returns ok Tue Apr 1 16:37:41 2014 : Info: ++[expiration] returns noop Tue Apr 1 16:37:41 2014 : Info: ++[logintime] returns noop Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Acct-Session-Id = 69d0c199 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Service-Type = Login-User Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Called-Station-Id = 38-EA-A7-7E-34-80 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Message-Authenticator = 0x82a5a4c00c248894af52f635f99dc6e0 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Connect-Info = HTTPS Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-IP-Address = 146.64.x.x Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Calling-Station-Id = 5C-E8-EB-25-35-4C Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP-Challenge = 0xb77c786e5c717b93183df669c5343a64 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-Protocol = PPP Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair User-Name = 5ce8eb25354c Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Identifier = SG4093N0JZ Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP2-Response = 0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = ssid=CSiRWifi Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = group=CSIR Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = vsc-unique-id=2 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port = 1 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-MTU = 1496 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept Tue Apr 1 16:37:41 2014 : Info: ++[packetfence] returns noop Tue Apr 1 16:37:41 2014 : Info: Found Auth-Type = Accept Tue Apr 1 16:37:41 2014 : Info: Auth-Type = Accept, accepting the user Tue Apr 1 16:37:41 2014 : Auth: Login OK: [5ce8eb25354c] (from client x.x.x.x port 1 cli 5C-E8-EB-25-35-4C) Tue Apr 1 16:37:41 2014 : Info: # Executing section post-auth from file /usr/local/pf/raddb//sites-enabled/packetfence Tue Apr 1 16:37:41 2014 : Info: +- entering group post-auth {...} Tue Apr 1 16:37:41 2014 : Info: ++[exec] returns noop Tue Apr 1 16:37:41 2014 : Info: ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) Tue Apr 1 16:37:41 2014 : Info: ? Evaluating !(EAP-Type ) -> TRUE Tue Apr 1 16:37:41 2014 : Info: ?? Skipping (EAP-Type != 21 ) Tue Apr 1 16:37:41 2014 : Info: ?? Skipping (EAP-Type != 25) Tue Apr 1 16:37:41 2014 : Info: ++? if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) -> TRUE Tue Apr 1 16:37:41 2014 : Info: ++- entering if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) {...} Tue Apr 1 16:37:41 2014 : Auth: rlm_perl: Returning vlan 2907 to request from 5c:e8:eb:25:35:4c port 1 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK) Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Acct-Session-Id = 69d0c199 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Service-Type = Login-User Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Calling-Station-Id = 5C-E8-EB-25-35-4C Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Called-Station-Id = 38-EA-A7-7E-34-80 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP-Challenge = 0xb77c786e5c717b93183df669c5343a64 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Message-Authenticator = 0x82a5a4c00c248894af52f635f99dc6e0 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-Protocol = PPP Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair User-Name = 5ce8eb25354c Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Identifier = SG4093N0JZ Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair MS-CHAP2-Response = 0x6000f4a46addac62d53d3c4e5beba2f896d60000000000000000330ef0584e6595a292ab02da22b41f56682ee11c2b39f06a Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Connect-Info = HTTPS Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = ssid=CSiRWifi Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = group=CSIR Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Colubris-AVPair = vsc-unique-id=2 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-Port = 1 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair NAS-IP-Address = 146.64.x.x Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Framed-MTU = 1496 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Private-Group-ID = 2907 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Type = 13 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Tunnel-Medium-Type = 6 Tue Apr 1 16:37:41 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept Tue Apr 1 16:37:41 2014 : Info: +++[packetfence] returns ok Tue Apr 1 16:37:41 2014 : Info: ++- if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) returns ok Tue Apr 1 16:37:41 2014 : Info: } # server packetfence Sending Access-Accept of id 96 to 146.64.x.x port 32779 Tunnel-Private-Group-Id:0 = "2907" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tue Apr 1 16:37:41 2014 : Info: Finished request 70. Tue Apr 1 16:37:41 2014 : Debug: Going to the next request Tue Apr 1 16:37:41 2014 : Debug: Waking up in 4.9 seconds. Regards, Craig. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Please consider the environment before printing this email.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
