Hi, I'm trying to get PacketFence (ZEN) to work with OpenWrt (Attitude Adjustment) and after few days I don't really know what to do. OpenWrt does radius request, but it has no effect on the client. Android shows, that it is still connecting or obtaining IP address. Each try spawns radius request, but nothing else. Connection times out. Can somebody help me or point me somewhere?
After I gave more thought about this, I think the problem is, that the response don't reach OpenWrt. The packet count in iptables don't rise with radius responses, but with manual pings or scanning with nmap from pf yes. The only potential problem is empty port in logs. Could this be a bug? May 27 00:40:54 localhost kernel: [123353.832061] wlp2s0: send auth to 64:70:02:f8:91:8a (try 3/3) May 27 00:40:54 localhost kernel: wlp2s0: send auth to 64:70:02:f8:91:8a (try 3/3) May 27 00:40:54 localhost dhclient[18388]: Listening on LPF/wlp2s0/00:22:43:21:f7:c3 May 27 00:40:54 localhost dhclient[18388]: Sending on LPF/wlp2s0/00:22:43:21:f7:c3 May 27 00:40:54 localhost dhclient[18388]: Sending on Socket/fallback May 27 00:40:54 localhost dhclient[18388]: DHCPDISCOVER on wlp2s0 to 255.255.255.255 port 67 interval 5 (xid=0xb93d4af) May 27 00:40:54 localhost kernel: [123353.933046] wlp2s0: authentication with 64:70:02:f8:91:8a timed out content of packetfence.log May 27 02:49:15 pf::WebAPI(1996) INFO: handling radius autz request: from switch_ip => 10.0.3.123, connection_type => Wireless-802.11-NoEAP,switch_mac => 64:70:02:f8:91:8a, mac => 00:23:76:d6:41:8d, port => , username => 002376d6418d (pf::radius::authorize) May 27 02:49:15 pf::WebAPI(1996) INFO: MAC: 00:23:76:d6:41:8d is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) May 27 02:49:15 pf::WebAPI(1996) WARN: Role-based Network Access Control is not supported on network device type pf::Switch::Hostapd. (pf::Switch::supportsRoleBasedEnforcement) May 27 02:49:15 pf::WebAPI(1996) INFO: Returning ACCEPT with VLAN: 2 (pf::Switch::returnRadiusAccessAccept) ^C content of radius.log Tue May 27 02:48:24 2014 : Auth: Login OK: [002376d6418d] (from client 10.0.3.123 port 0 cli 00-23-76-D6-41-8D) Tue May 27 02:48:24 2014 : Auth: rlm_perl: Returning vlan 2 to request from 00:23:76:d6:41:8d port Tue May 27 02:48:34 2014 : Auth: Login OK: [002376d6418d] (from client 10.0.3.123 port 0 cli 00-23-76-D6-41-8D) Tue May 27 02:48:34 2014 : Auth: rlm_perl: Returning vlan 2 to request from 00:23:76:d6:41:8d port Tue May 27 02:48:36 2014 : Auth: Login OK: [002376d6418d] (from client 10.0.3.123 port 0 cli 00-23-76-D6-41-8D) Tue May 27 02:48:36 2014 : Auth: rlm_perl: Returning vlan 2 to request from 00:23:76:d6:41:8d port remote log of OpenWrt May 27 01:10:21 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d IEEE 802.11: disassociated May 27 01:10:22 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d RADIUS: VLAN ID 2 May 27 01:10:22 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d IEEE 802.11: authenticated May 27 01:10:22 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d IEEE 802.11: associated (aid 1) May 27 01:10:22 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d RADIUS: starting accounting session 5383C911-00000000 May 27 01:11:25 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d IEEE 802.11: disassociated May 27 01:11:26 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d RADIUS: VLAN ID 2 May 27 01:11:26 10.0.3.123 hostapd: wlan0: STA 00:23:76:d6:41:8d IEEE 802.11: authenticated My gear - PacketFence ZEN in VirtualBox 4.2.0 (upgraded to 4.2.1 - won't work with 4.2.0 and 4.1.0 either) and updated. Wifi is TP-Link 741ND with OpenWrt. Setup: I have chosen VLAN enforcement and portal works fine. I have five vlans like in documentation and I don't really use vlan 1 for management, but untagged eth0. On OpenWrt I did this: 1. Flashed Attitude Adjustment 2. Installed wpad from http://inverse.ca/downloads/PacketFence/openwrt/ 3. Replaced /lib/wifi/hostapd.sh with /addons/hostapd/hostapd.sh from source tarball packetfence 4.2.1 4. Installed kmod-8021q 5. Configured vlans and ports. I'm using port 4 for this. I can ping every vlan (except 4, which has no address) Best Regards this.paradis ------------------------------------------------------------------------------ The best possible search technologies are now affordable for all companies. Download your FREE open source Enterprise Search Engine today! Our experts will assist you in its installation for $59/mo, no commitment. Test it for FREE on our Cloud platform anytime! http://pubads.g.doubleclick.net/gampad/clk?id=145328191&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
