Re: [PacketFence-users] Auth: login OK but no vlan returned after upgrade from 4.05 to 4.2.2

Louis Munro Fri, 27 Jun 2014 07:07:54 -0700

Hi Will, 
Did you do a pfcmd configreload after you made that change?

You could be serving requests from the cache otherwise.


Regards,
--
Louis Munro
[email protected]  ::  www.inverse.ca 
+1.514.447.4918 *125  :: +1 (866) 353-6153 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

On 2014-06-26, at 16:18 , "Rossing, Will" <[email protected]> wrote:

> Ok, looks like this now.  
> 
> [default]
> vlans=184,220,221,223,224,225,226,227
> normalVlan=223
> registrationVlan=220
> isolationVlan=221
> macDetectionVlan=223
> voiceVlan=223
> inlineVlan=224
> inlineTrigger=
> VoIPEnabled=N
> mode=production
> macSearchesMaxNb=30
> macSearchesSleepInterval=2
> uplink=dynamic
> radiusSecret=#####
> 
>  Still shows no vlan for unregistered, in radius debug for  a non registered 
> device it looks like this: 
> 
> Thu Jun 26 15:12:49 2014 : Debug: Received Access-Request packet from host 
> 143.110.1.17 port 32856, id=50, length=226
> Thu Jun 26 15:12:49 2014 : Debug:     NAS-IP-Address = 221.223.223.223
> Thu Jun 26 15:12:49 2014 : Debug:     NAS-Port = 0
> Thu Jun 26 15:12:49 2014 : Debug:     NAS-Port-Type = Wireless-802.11
> Thu Jun 26 15:12:49 2014 : Debug:     User-Name = "b0-e8-92-05-d9-8a"
> Thu Jun 26 15:12:49 2014 : Debug:     User-Password = "b0-e8-92-05-d9-8a"
> Thu Jun 26 15:12:49 2014 : Debug:     Service-Type = Login-User
> Thu Jun 26 15:12:49 2014 : Debug:     Calling-Station-Id = "B0E89205D98A"
> Thu Jun 26 15:12:49 2014 : Debug:     Called-Station-Id = "000B866E182C"
> Thu Jun 26 15:12:49 2014 : Debug:     Aruba-Essid-Name = "stormswirelessnet"
> Thu Jun 26 15:12:49 2014 : Debug:     Aruba-Location-Id = "BWC256"
> Thu Jun 26 15:12:49 2014 : Debug:     Aruba-AP-Group = "Wellness_PF"
> Thu Jun 26 15:12:49 2014 : Debug:     NAS-Identifier = "221.223.223.223"
> Thu Jun 26 15:12:49 2014 : Debug:     Message-Authenticator = 
> 0xe6599e974fa2aa8c35c35c17c1c0e192
> Thu Jun 26 15:12:49 2014 : Debug: server packetfence {
> Thu Jun 26 15:12:49 2014 : Debug: # Executing section authorize from file 
> /usr/local/pf/raddb//sites-enabled/packetfence
> Thu Jun 26 15:12:49 2014 : Debug: +group authorize {
> Thu Jun 26 15:12:49 2014 : Debug: [suffix] No '@' in User-Name = 
> "b0-e8-92-05-d9-8a", looking up realm NULL
> Thu Jun 26 15:12:49 2014 : Debug: [suffix] No such realm "NULL"
> Thu Jun 26 15:12:49 2014 : Debug: ++[suffix] = noop
> Thu Jun 26 15:12:49 2014 : Debug: ++[preprocess] = ok
> Thu Jun 26 15:12:49 2014 : Debug: [eap] No EAP-Message, not doing EAP
> Thu Jun 26 15:12:49 2014 : Debug: ++[eap] = noop
> Thu Jun 26 15:12:49 2014 : Debug: [files] users: Matched entry DEFAULT at 
> line 1
> Thu Jun 26 15:12:49 2014 : Debug: ++[files] = ok
> Thu Jun 26 15:12:49 2014 : Debug: ++[expiration] = noop
> Thu Jun 26 15:12:49 2014 : Debug: ++[logintime] = noop
> Thu Jun 26 15:12:49 2014 : Debug: ++update request {
> Thu Jun 26 15:12:49 2014 : Debug:     expand: %{Packet-Src-IP-Address} -> 
> 143.110.1.17
> Thu Jun 26 15:12:49 2014 : Debug: ++} # update request = noop
> Thu Jun 26 15:12:49 2014 : Debug: ++update control {
> Thu Jun 26 15:12:49 2014 : Debug: ++} # update control = noop
> Thu Jun 26 15:12:49 2014 : Debug: ++[packetfence] = noop
> Thu Jun 26 15:12:49 2014 : Debug: +} # group authorize = ok
> Thu Jun 26 15:12:49 2014 : Debug: Found Auth-Type = Accept
> Thu Jun 26 15:12:49 2014 : Debug: Auth-Type = Accept, accepting the user
> Thu Jun 26 15:12:49 2014 : Debug: } # server packetfence
> Thu Jun 26 15:12:49 2014 : Debug: # Executing section post-auth from file 
> /usr/local/pf/raddb//sites-enabled/packetfence
> Thu Jun 26 15:12:49 2014 : Debug: +group post-auth {
> Thu Jun 26 15:12:49 2014 : Debug: ++[exec] = noop
> Thu Jun 26 15:12:49 2014 : Debug: ++? if (!EAP-Type || (EAP-Type != EAP-TTLS  
> && EAP-Type != PEAP))
> Thu Jun 26 15:12:49 2014 : Debug: ? Evaluating !(EAP-Type ) -> TRUE
> Thu Jun 26 15:12:49 2014 : Debug: ?? Skipping (EAP-Type != EAP-TTLS  )
> Thu Jun 26 15:12:49 2014 : Debug: ?? Skipping (EAP-Type != PEAP)
> Thu Jun 26 15:12:49 2014 : Debug: ++? if (!EAP-Type || (EAP-Type != EAP-TTLS  
> && EAP-Type != PEAP)) -> TRUE
> Thu Jun 26 15:12:49 2014 : Debug: ++if (!EAP-Type || (EAP-Type != EAP-TTLS  
> && EAP-Type != PEAP)) {
> Thu Jun 26 15:12:49 2014 : Debug: +++update control {
> Thu Jun 26 15:12:49 2014 : Debug: +++} # update control = noop
> Thu Jun 26 15:12:49 2014 : Debug: +++[packetfence] = ok
> Thu Jun 26 15:12:49 2014 : Debug: ++} # if (!EAP-Type || (EAP-Type != 
> EAP-TTLS  && EAP-Type != PEAP)) = ok
> Thu Jun 26 15:12:49 2014 : Debug: +} # group post-auth = ok
> Thu Jun 26 15:12:49 2014 : Debug: Sending Access-Accept packet to host 
> 143.110.1.17 port 32856, id=50, length=0
> Thu Jun 26 15:12:49 2014 : Debug:     Aruba-User-Role = "registration"
> Thu Jun 26 15:12:49 2014 : Debug: Finished request 659.
> 
> in packetfence.log for that device
> 
> Jun 26 15:12:49 httpd.webservices(4960) INFO: handling radius autz request: 
> from switch_ip => 221.223.223.223, connection_type => 
> Wireless-802.11-NoEAP,switch_mac => 00:0b:86:6e:18:2c, mac => 
> b0:e8:92:05:d9:8a, port => 0, username => b0-e8-92-05-d9-8a 
> (pf::radius::authorize)
> Jun 26 15:12:49 httpd.webservices(4960) INFO: MAC: b0:e8:92:05:d9:8a is of 
> status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
> Jun 26 15:12:49 httpd.webservices(4960) INFO: Returning ACCEPT with Role: 
> registration (pf::Switch::Aruba::__ANON__)
> 
> 
> 
> 
> On Thu, Jun 26, 2014 at 2:28 PM, Louis Munro <[email protected]> wrote:
> Hi Will,
> So I assume that the default section below is no longer current?
> You do have a registrationRole defined there.
> 
> Regards,
> --
> Louis Munro
> [email protected]  ::  www.inverse.ca 
> +1.514.447.4918 *125  :: +1 (866) 353-6153 
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
> (www.packetfence.org)
> 
> On 2014-06-26, at 15:24 , "Rossing, Will" <[email protected]> wrote:
> 
>> Thanks  - Sooooo CLOSE!    There was a defaultRole=default which is now 
>> removed and then all of the VLANS where tunneled  through, EXCEPT 
>> Registration, any clues?  Here is the switches.conf
>> 
>> #
>> # Copyright 2006-2008 Inverse inc.
>> #
>> # See the enclosed file COPYING for license information (GPL).
>> # If you did not receive this file, see
>> # http://www.fsf.org/licensing/licenses/gpl.html
>> [default]
>> vlans=184,220,221,223,224,225,226,227
>> normalVlan=223
>> registrationVlan=220
>> isolationVlan=221
>> macDetectionVlan=223
>> voiceVlan=223
>> inlineVlan=224
>> inlineTrigger=
>> normalRole=normal
>> registrationRole=registration
>> isolationRole=isolation
>> macDetectionRole=macDetection
>> voiceRole=voice
>> inlineRole=inline
>> VoIPEnabled=N
>> mode=production
>> macSearchesMaxNb=30
>> macSearchesSleepInterval=2
>> uplink=dynamic
>> radiusSecret=#####
> 
> 
> 
> 
> -- 
>       
> 
> Will Rossing
> Manager, Network Services  | 218.723.6729 | [email protected]

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Auth: login OK but no vlan returned after upgrade from 4.05 to 4.2.2

Reply via email to