Thanks everyone for your help.
I have it sort of working now. But can see another issue.
The problem is.. if a host that has already connected and registered on one
ssid it's assigned a vlan based on the role. But then if the device
connects to a different ssid which has a different vlan assigned this is
never re-evaluated as once a device is registered PF remembers and never
changes the vlan.
So I guess this is down to auto registration that you've mentioned. My
question is if I switch the auto registration off will this have any
performance impact and also where do I switch it off?
On 16 April 2014 20:41, Derek Wuelfrath <[email protected]> wrote:
> Adrian,
>
> did you enable autoregister, because it look like it´s the case, so you
> will never hit the portal.
> What is the role that correspond to the vlan id 99 ?
>
>
> Apr 16 07:31:41 pf::WebAPI(2106) INFO: node 7c:7a:91:69:33:a9 does not yet
> exist in database. Adding it now (pf::radius::authorize)
> Apr 16 07:31:41 pf::WebAPI(2106) INFO: MAC: 7c:7a:91:69:33:a9, PID:
> amulgrew, Status: reg. Returned VLAN: 99 (pf::vlan::fetchVlanForNode)
>
>
> As Fabrice said, and based on some parts of the log you sent, it looks
> like you have auto-registration for EAP connection enabled (have a look at
> your vlan/custom.pm)
>
> Also, as a complement of information, you need to make sure that the SSID
> is sent in the RADIUS request to do SSID filtering in PacketFence (which is
> kind of obvious ;)) but according to your original post, you seems to have
> it working with one single VLAN.
>
> Cheers!
> dw.
>
> --
> Derek Wuelfrath
> [email protected] :: www.inverse.ca
> +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On Apr 16, 2014, at 7:52 AM, Fabrice DURAND <[email protected]> wrote:
>
> Hi Adrian,
>
> did you enable autoregister, because it look like it´s the case, so you
> will never hit the portal.
> What is the role that correspond to the vlan id 99 ?
>
> Regards
> Fabrice
>
>
> Le 2014-04-16 03:40, Adrian Mulgrew a écrit :
>
> Hi Louis,
> Yes I have added the source to the profile.
> There's no mention of the srsec profile in the packetfence.log. Thought
> perhaps it was becasue the device I was using to test had been previously
> connected so I tried with a completely new device. If I grep the
> packetfence.log for the mac address of this new device this is call I see:
>
> Apr 16 07:31:41 pf::WebAPI(2106) INFO: handling radius autz request:
> from switch_ip => 192.168.0.3, connection_type => Wireless-802.11-EAP mac
> => 7c:7a:91:69:33:a9, port => 1, username => amulgrew
> (pf::radius::authorize)
> Apr 16 07:31:41 pf::WebAPI(2106) INFO: node 7c:7a:91:69:33:a9 does not yet
> exist in database. Adding it now (pf::radius::authorize)
> Apr 16 07:31:41 pf::WebAPI(2106) INFO: MAC: 7c:7a:91:69:33:a9, PID:
> amulgrew, Status: reg. Returned VLAN: 99 (pf::vlan::fetchVlanForNode)
>
> So no mention of a profile?
>
>
> On 14 April 2014 22:06, Louis Munro <[email protected]> wrote:
>
>> Hi Adrian,
>> Check to see if it matches the srsec profile.
>>
>> Grep the logs for it.
>> e.g.
>> # grep 'srsec profile' logs/packetfence.log
>>
>> The profile has to match for the authentication rules to apply.
>>
>> I also notice that you mention creating the AD source after the profile.
>> Did you add the source to the profile?
>>
>> Regards,
>> Louis
>>
>>
>> On 2014-04-14 11:38 , Adrian Mulgrew wrote:
>> > Thanks guys,
>> > Have added it to the switches.conf, restarted all services but it
>> > still puts the client in the default vlan (99)
>> >
>> > These are the steps I took and have attached switches.conf.
>> >
>> > 1.Created Portal Profile srsec
>> > 2. Created Role: VLAN112
>> > 3.Created Source: AD
>> > a. Created rule: VLAN 112 -> if SSID equal srsec set role VLAN_112
>> > 4. Added Vlan to switches.conf
>> > 5. Restart all services.
>> >
>> >
>>
>> --
>> Louis Munro
>> [email protected] :: www.inverse.ca
>> +1.514.447.4918 *125 :: +1 (866) 353-6153
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
>> www.packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book
> today!http://p.sf.net/sfu/NeoTech
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
