Thanks for the reply Fabrice. I think this is a limitation of these APs but
only in the config and if you are using radius to dynamically assign the
appropriate VLAN it is not that important. Since I am only looking at the open
SSID I think this should be ok.
Just keen to know if I have configured this correctly on the basis of the
config posted etc. I did find something that suggested RADIUS may also have to
return a list of 'approved' SSIDs for that users device but assume the AP will
not restrict this if no list is returned (which is what the debugs suggest)
Would interesting to know if anyone has successfully used these APs
autonomously. Realise they are a little old so I may need to check with
something newer using v15 of IOS or even a controller.
Thanks
Jon
On: 25 November 2014 19:57, "Fabrice DURAND" <[email protected]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Jon,
all the logs are ok, so it look like a limitation of the cisco access
point.
I remember that standalone access point can´t share the same vlan id
on 2 ssid.
https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc#aironet-1121-1130-1242-1250
Is it the case in your config ?
Regards
Fabrice
Le 2014-11-25<tel:2014-11-25> 11:09, Gair, Jon a écrit :
> I have been looking at Packetfence in a small lab environment for a
> couple of weeks now and believe I have the packetfence side of
> things setup as I want with the following VLANs in operation to
> provide network isolation
>
> VLAN 10 - Management (192.168.200.x range) VLAN 20 - Registration
> (DHCP served by packetfence) VLAN 30 - Isolation VLAN 40 - Guest
> (DHCP served by Windows server) VLAN 50 - Approved (DHCP served by
> Windows server)
>
> I have a physical 3560 switch with a 1242 AP for wireless
> connectivity.
>
> I have a registration portal shown on VLAN20 where either an AD
> username and password can be entered to assign them a trusted role
> or a sponsored route to the guest role via AD sponsorship. This
> all works as expected and the web GUI shows the necessary devices
> being assigned the relevant roles.
>
> The issue I have is where I am trying to connect to the Guest VLAN
> from an autonomous Cisco 1242 AP configured as below. Aware I have
> encryption assigned to VLAN50 (trusted) where my plan is to make
> use of Packetfence-secure SSID only for trusted users but just
> trying to get a basic assignment of the guest VLAN which I gather
> should work causes problems. Mac authentication takes place but it
> will not assign it to the correct VLAN.
>
> The AP is on the list of approved devices and I am on the latest
> IOS. After registration is complete any attempt to connect to the
> SSID from an iPhone just disconnects and it never reconnects. The
> RADIUS debug traffic below suggests that the necessary attributes
> are being passed back to the AP and it is being instructed to
> connect to VLAN40 but this does not appear to happen and no further
> connectivity occurs. It is as if it is being instructed to perform
> the disassociation and that is the conversation finished.
>
> Am I missing something here in relation to the setup of this
> concept ? Aware that a controller rather than autonomous AP is the
> preferred solution but the 1242 is capable and I am running
> 12.4(25d) which would also support the Packet of Disconnect (RDC
> 3576) if necessary. Difficult to obtain a controller for a proof
> of concept lab environment.
>
> Let me know if there is anything else I can debug to get to the
> bottom of this issue or if there is some design changes that I need
> to consider. Also going to try a 1262 to see if they work since
> they are bit more recent.
>
> Thanks
>
> Jon
>
>
> Cisco AP Config
>
> version 12.4 no service pad service timestamps debug datetime msec
> service timestamps log datetime msec service password-encryption !
> hostname PACKETFENCE-AP1 ! logging buffered notifications logging
> rate-limit console 25 enable secret 5 ********** ! aaa new-model !
> ! aaa group server radius rad_eap server 192.168.200.62 auth-port
> 1812 acct-port 1813 ! aaa group server radius rad_mac server
> 192.168.200.62 auth-port 1812 acct-port 1813 ! aaa group server
> radius rad_acct server 192.168.200.62 auth-port 1812 acct-port
> 1813 ! aaa group server radius rad_admin server 192.168.200.62
> auth-port 1812 acct-port 1813 ! aaa authentication login
> eap_methods group rad_eap aaa authentication login mac_methods
> group rad_mac aaa authentication login AdminUsers local aaa
> authorization exec default local group rad_mac group rad_admin
> group rad_eap aaa authorization network default group rad_mac ! aaa
> session-id common ! ! dot11 mbssid dot11 syslog dot11
> activity-timeout unknown default 62 dot11 activity-timeout client
> default 62 maximum 120 dot11 activity-timeout repeater default 90
> maximum 120 dot11 activity-timeout workgroup-bridge default 90
> maximum 120 dot11 activity-timeout bridge default 90 maximum 120
> dot11 vlan-name GUEST vlan 40 dot11 vlan-name ISOLATION vlan 30
> dot11 vlan-name MANAGEMENT vlan 10 dot11 vlan-name REGISTRATION
> vlan 20 dot11 vlan-name TRUSTED vlan 50 ! dot11 ssid
> Packetfence-OPEN vlan 20 backup ISOLATION authentication open
> mac-address mac_methods mbssid guest-mode ! dot11 ssid
> Packetfence-SECURE vlan 50 authentication open eap eap_methods
> authentication key-management wpa mbssid guest-mode ! dot11
> network-map ! ! username support privilege 15 password 7
> *************** ! ! bridge irb ! ! interface Dot11Radio0 no ip
> address no ip route-cache timeout absolute 60 0 ! encryption vlan
> 30 mode ciphers aes-ccm ! encryption vlan 50 mode ciphers aes-ccm
> ! ssid Packetfence-OPEN ! ssid Packetfence-SECURE ! station-role
> root bridge-group 1 bridge-group 1 subscriber-loop-control
> bridge-group 1 block-unknown-source no bridge-group 1
> source-learning no bridge-group 1 unicast-flooding bridge-group 1
> spanning-disabled ! interface Dot11Radio0.20 encapsulation dot1Q
> 20 no ip route-cache bridge-group 252 bridge-group 252
> subscriber-loop-control bridge-group 252 block-unknown-source no
> bridge-group 252 source-learning no bridge-group 252
> unicast-flooding bridge-group 252 spanning-disabled ! interface
> Dot11Radio0.30 encapsulation dot1Q 30 no ip route-cache
> bridge-group 253 bridge-group 253 subscriber-loop-control
> bridge-group 253 block-unknown-source no bridge-group 253
> source-learning no bridge-group 253 unicast-flooding bridge-group
> 253 spanning-disabled ! interface Dot11Radio0.40 encapsulation
> dot1Q 40 no ip route-cache bridge-group 254 bridge-group 254
> subscriber-loop-control bridge-group 254 block-unknown-source no
> bridge-group 254 source-learning no bridge-group 254
> unicast-flooding bridge-group 254 spanning-disabled ! interface
> Dot11Radio0.50 encapsulation dot1Q 50 no ip route-cache
> bridge-group 255 bridge-group 255 subscriber-loop-control
> bridge-group 255 block-unknown-source no bridge-group 255
> source-learning no bridge-group 255 unicast-flooding bridge-group
> 255 spanning-disabled ! interface Dot11Radio1 no ip address no ip
> route-cache shutdown no dfs band block channel dfs station-role
> root bridge-group 1 bridge-group 1 subscriber-loop-control
> bridge-group 1 block-unknown-source no bridge-group 1
> source-learning no bridge-group 1 unicast-flooding bridge-group 1
> spanning-disabled ! interface FastEthernet0 no ip address no ip
> route-cache duplex auto speed auto bridge-group 1 no bridge-group 1
> source-learning bridge-group 1 spanning-disabled ! interface
> FastEthernet0.10 encapsulation dot1Q 10 ip address 192.168.200.4
> 255.255.255.192 no ip route-cache bridge-group 251 no bridge-group
> 251 source-learning bridge-group 251 spanning-disabled ! interface
> FastEthernet0.20 encapsulation dot1Q 20 ip address 172.16.3.254
> 255.255.252.0 no ip route-cache bridge-group 252 no bridge-group
> 252 source-learning bridge-group 252 spanning-disabled ! interface
> FastEthernet0.30 encapsulation dot1Q 30 no ip route-cache
> bridge-group 253 no bridge-group 253 source-learning bridge-group
> 253 spanning-disabled ! interface FastEthernet0.40 encapsulation
> dot1Q 40 no ip route-cache bridge-group 254 no bridge-group 254
> source-learning bridge-group 254 spanning-disabled ! interface
> FastEthernet0.50 encapsulation dot1Q 50 no ip route-cache
> bridge-group 255 no bridge-group 255 source-learning bridge-group
> 255 spanning-disabled ! interface BVI1 no ip address no ip
> route-cache ! ip http server no ip http secure-server ip http
> help-path
> http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
> logging history informational logging trap debugging snmp-server
> view iso iso included snmp-server view dot11view ieee802dot11
> included snmp-server community public RO snmp-server community
> private RW snmp-server location Demo Location snmp-server
> chassis-id JonsAP snmp-server enable traps snmp authentication
> linkdown linkup coldstart warmstart snmp-server enable traps tty
> snmp-server enable traps entity snmp-server enable traps
> disassociate snmp-server enable traps deauthenticate snmp-server
> enable traps authenticate-fail snmp-server enable traps dot11-qos
> snmp-server enable traps switch-over snmp-server enable traps
> rogue-ap snmp-server enable traps wlan-wep snmp-server enable traps
> config snmp-server enable traps syslog snmp-server enable traps
> aaa_server snmp-server host 192.168.200.62 public deauthenticate
> radius-server attribute 32 include-in-access-req format %h
> radius-server host 192.168.200.62 auth-port 1812 acct-port 1813 key
> 7 ************ radius-server vsa send accounting radius-server vsa
> send authentication bridge 1 route ip ! ! ! line con 0 line vty 0
> 4 login authentication AdminUsers ! end version 12.4 no service
> pad service timestamps debug datetime msec service timestamps log
> datetime msec service password-encryption ! hostname
> PACKETFENCE-AP1 ! logging buffered notifications logging rate-limit
> console 25 enable secret 5 ********** ! aaa new-model ! ! aaa group
> server radius rad_eap server 192.168.200.62 auth-port 1812
> acct-port 1813 ! aaa group server radius rad_mac server
> 192.168.200.62 auth-port 1812 acct-port 1813 ! aaa group server
> radius rad_acct server 192.168.200.62 auth-port 1812 acct-port
> 1813 ! aaa group server radius rad_admin server 192.168.200.62
> auth-port 1812 acct-port 1813 ! aaa authentication login
> eap_methods group rad_eap aaa authentication login mac_methods
> group rad_mac aaa authentication login AdminUsers local aaa
> authorization exec default local group rad_mac group rad_admin
> group rad_eap aaa authorization network default group rad_mac ! aaa
> session-id common ! ! dot11 mbssid dot11 syslog dot11
> activity-timeout unknown default 62 dot11 activity-timeout client
> default 62 maximum 120 dot11 activity-timeout repeater default 90
> maximum 120 dot11 activity-timeout workgroup-bridge default 90
> maximum 120 dot11 activity-timeout bridge default 90 maximum 120
> dot11 vlan-name GUEST vlan 40 dot11 vlan-name ISOLATION vlan 30
> dot11 vlan-name MANAGEMENT vlan 10 dot11 vlan-name REGISTRATION
> vlan 20 dot11 vlan-name TRUSTED vlan 50 ! dot11 ssid
> Packetfence-OPEN vlan 20 backup ISOLATION authentication open
> mac-address mac_methods mbssid guest-mode ! dot11 ssid
> Packetfence-SECURE vlan 50 authentication open eap eap_methods
> authentication key-management wpa mbssid guest-mode ! dot11
> network-map ! ! username support privilege 15 password 7
> *************** ! ! bridge irb ! ! interface Dot11Radio0 no ip
> address no ip route-cache timeout absolute 60 0 ! encryption vlan
> 30 mode ciphers aes-ccm ! encryption vlan 50 mode ciphers aes-ccm
> ! ssid Packetfence-OPEN ! ssid Packetfence-SECURE ! station-role
> root bridge-group 1 bridge-group 1 subscriber-loop-control
> bridge-group 1 block-unknown-source no bridge-group 1
> source-learning no bridge-group 1 unicast-flooding bridge-group 1
> spanning-disabled ! interface Dot11Radio0.20 encapsulation dot1Q
> 20 no ip route-cache bridge-group 252 bridge-group 252
> subscriber-loop-control bridge-group 252 block-unknown-source no
> bridge-group 252 source-learning no bridge-group 252
> unicast-flooding bridge-group 252 spanning-disabled ! interface
> Dot11Radio0.30 encapsulation dot1Q 30 no ip route-cache
> bridge-group 253 bridge-group 253 subscriber-loop-control
> bridge-group 253 block-unknown-source no bridge-group 253
> source-learning no bridge-group 253 unicast-flooding bridge-group
> 253 spanning-disabled ! interface Dot11Radio0.40 encapsulation
> dot1Q 40 no ip route-cache bridge-group 254 bridge-group 254
> subscriber-loop-control bridge-group 254 block-unknown-source no
> bridge-group 254 source-learning no bridge-group 254
> unicast-flooding bridge-group 254 spanning-disabled ! interface
> Dot11Radio0.50 encapsulation dot1Q 50 no ip route-cache
> bridge-group 255 bridge-group 255 subscriber-loop-control
> bridge-group 255 block-unknown-source no bridge-group 255
> source-learning no bridge-group 255 unicast-flooding bridge-group
> 255 spanning-disabled ! interface Dot11Radio1 no ip address no ip
> route-cache shutdown no dfs band block channel dfs station-role
> root bridge-group 1 bridge-group 1 subscriber-loop-control
> bridge-group 1 block-unknown-source no bridge-group 1
> source-learning no bridge-group 1 unicast-flooding bridge-group 1
> spanning-disabled ! interface FastEthernet0 no ip address no ip
> route-cache duplex auto speed auto bridge-group 1 no bridge-group 1
> source-learning bridge-group 1 spanning-disabled ! interface
> FastEthernet0.10 encapsulation dot1Q 10 ip address 192.168.200.4
> 255.255.255.192 no ip route-cache bridge-group 251 no bridge-group
> 251 source-learning bridge-group 251 spanning-disabled ! interface
> FastEthernet0.20 encapsulation dot1Q 20 ip address 172.16.3.254
> 255.255.252.0 no ip route-cache bridge-group 252 no bridge-group
> 252 source-learning bridge-group 252 spanning-disabled ! interface
> FastEthernet0.30 encapsulation dot1Q 30 no ip route-cache
> bridge-group 253 no bridge-group 253 source-learning bridge-group
> 253 spanning-disabled ! interface FastEthernet0.40 encapsulation
> dot1Q 40 no ip route-cache bridge-group 254 no bridge-group 254
> source-learning bridge-group 254 spanning-disabled ! interface
> FastEthernet0.50 encapsulation dot1Q 50 no ip route-cache
> bridge-group 255 no bridge-group 255 source-learning bridge-group
> 255 spanning-disabled ! interface BVI1 no ip address no ip
> route-cache ! ip http server no ip http secure-server ip http
> help-path
> http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
> logging history informational logging trap debugging snmp-server
> view iso iso included snmp-server view dot11view ieee802dot11
> included snmp-server community public RO snmp-server community
> private RW snmp-server location Demo Location snmp-server
> chassis-id JonsAP snmp-server enable traps snmp authentication
> linkdown linkup coldstart warmstart snmp-server enable traps tty
> snmp-server enable traps entity snmp-server enable traps
> disassociate snmp-server enable traps deauthenticate snmp-server
> enable traps authenticate-fail snmp-server enable traps dot11-qos
> snmp-server enable traps switch-over snmp-server enable traps
> rogue-ap snmp-server enable traps wlan-wep snmp-server enable traps
> config snmp-server enable traps syslog snmp-server enable traps
> aaa_server snmp-server host 192.168.200.62 public deauthenticate
> radius-server attribute 32 include-in-access-req format %h
> radius-server host 192.168.200.62 auth-port 1812 acct-port 1813 key
> 7 ************ radius-server vsa send accounting radius-server vsa
> send authentication bridge 1 route ip ! ! ! line con 0 line vty 0
> 4 login authentication AdminUsers ! end
>
>
>
> PACKETFENCE.LOG OUTPUT
>
> Nov 21 15:53:25 httpd.webservices(2117) INFO: Unable to extract MAC
> from Called-Station-Id: 003a.9a55.5370
> (pf::radius::extractApMacFromRadiusRequest) Nov 21 15:53:25
> httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] handling radius
> autz request: from switch_ip => (192.168.200.4), connection_type =>
> Wireless-802.11-NoEAP,switch_mac => (), mac => [40:b3:95:1c:20:aa],
> port => 325, username => "40b3951c20aa" (pf::radius::authorize) Nov
> 21 15:53:25 httpd.webservices(2117) INFO: Can't find provisioner
> for 40:b3:95:1c:20:aa (pf::vlan::getNormalVlan) Nov 21 15:53:25
> httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] Connection type
> is WIRELESS_MAC_AUTH. Getting role from node_info
> (pf::vlan::getNormalVlan) Nov 21 15:53:25 httpd.webservices(2117)
> INFO: [40:b3:95:1c:20:aa] Username was defined "40b3951c20aa" -
> returning user based role 'guest' (pf::vlan::getNormalVlan) Nov 21
> 15:53:25 httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] PID:
> "Jon.guestad", Status: reg. Returned VLAN: 40
> (pf::vlan::fetchVlanForNode) Nov 21 15:53:25
> httpd.webservices(2117) WARN: Role-based Network Access Control is
> not supported on network device type
> pf::Switch::Cisco::Aironet_1242.
> (pf::Switch::supportsRoleBasedEnforcement) Nov 21 15:53:25
> httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] (192.168.200.4)
> Returning ACCEPT with VLAN 40 and role
> (pf::Switch::returnRadiusAccessAccept) Nov 21 15:53:26
> httpd.webservices(2117) INFO: Unable to extract MAC from
> Called-Station-Id: 003a.9a55.5370
> (pf::radius::extractApMacFromRadiusRequest) Nov 21 15:53:26
> httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] handling radius
> autz request: from switch_ip => (192.168.200.4), connection_type =>
> Wireless-802.11-NoEAP,switch_mac => (), mac => [40:b3:95:1c:20:aa],
> port => 326, username => "40b3951c20aa" (pf::radius::authorize) Nov
> 21 15:53:26 httpd.webservices(2117) INFO: Can't find provisioner
> for 40:b3:95:1c:20:aa (pf::vlan::getNormalVlan) Nov 21 15:53:26
> httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] Connection type
> is WIRELESS_MAC_AUTH. Getting role from node_info
> (pf::vlan::getNormalVlan) Nov 21 15:53:26 httpd.webservices(2117)
> INFO: [40:b3:95:1c:20:aa] Username was defined "40b3951c20aa" -
> returning user based role 'guest' (pf::vlan::getNormalVlan) Nov 21
> 15:53:26 httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] PID:
> "Jon.guestad", Status: reg. Returned VLAN: 40
> (pf::vlan::fetchVlanForNode) Nov 21 15:53:26
> httpd.webservices(2117) WARN: Role-based Network Access Control is
> not supported on network device type
> pf::Switch::Cisco::Aironet_1242.
> (pf::Switch::supportsRoleBasedEnforcement) Nov 21 15:53:26
> httpd.webservices(2117) INFO: [40:b3:95:1c:20:aa] (192.168.200.4)
> Returning ACCEPT with VLAN 40 and role
> (pf::Switch::returnRadiusAccessAccept) Nov 21 15:53:28 pfsetvlan(3)
> INFO: nb of items in queue: 1; nb of threads running: 0
> (main::startTrapHandlers) Nov 21 15:53:28 pfsetvlan(3) INFO:
> doWeActOnThisTrap returns false. Stop dot11Deauthentication
> handling (main::handleTrap) Nov 21 15:53:28 pfsetvlan(3) INFO:
> finished (main::cleanupAfterThread) Nov 21 15:53:30 pfsetvlan(5)
> INFO: nb of items in queue: 1; nb of threads running: 0
> (main::startTrapHandlers) Nov 21 15:53:30 pfsetvlan(5) INFO:
> doWeActOnThisTrap returns false. Stop dot11Deauthentication
> handling (main::handleTrap) Nov 21 15:53:30 pfsetvlan(5) INFO:
> finished (main::cleanupAfterThread)
>
> CISCO 1242 AG DEBUG OUTPUT
>
> PACKETFENCE-AP1# *Jun 16 01:05:24.942: AAA/BIND(00000051<tel:00000051>): Bind
> i/f *Jun 16 01:05:24.943: dot11_auth_add_client_entry: Create new
> client 40b3.951c.20aa for application 0x1 *Jun 16 01:05:24.943:
> dot11_auth_initialize_client: 40b3.951c.20aa is added to the client
> list for application 0x1 *Jun 16 01:05:24.943:
> dot11_auth_add_client_entry: req->auth_type 1 *Jun 16 01:05:24.943:
> dot11_auth_add_client_entry: auth_methods_inprocess: 1 *Jun 16
> 01:05:24.943: dot11_auth_add_client_entry: mac list name:
> mac_methods *Jun 16 01:05:24.943: dot11_run_auth_methods: Start
> auth method MAC *Jun 16 01:05:24.943: dot11_auth_mac_start:
> method_list: mac_methods *Jun 16 01:05:24.943:
> dot11_auth_mac_start: method_index: 0xC7000002, req: 0x12BAB74 *Jun
> 16 01:05:24.944: dot11_auth_mac_start: client->unique_id: 0x51 *Jun
> 16 01:05:24.944: AAA/AUTHEN/PPP (00000051<tel:00000051>): Pick method list
> 'mac_methods' *Jun 16 01:05:24.944:
> RADIUS/ENCODE(00000051<tel:00000051>):Orig.
> component type = DOT11 *Jun 16 01:05:24.945: RADIUS(00000051<tel:00000051>):
> Config NAS IP: 0.0.0.0 *Jun 16 01:05:24.945:
> RADIUS/ENCODE(00000051<tel:00000051>): acct_session_id: 81 *Jun 16
> 01:05:24.945:
> RADIUS(00000051<tel:00000051>): Config NAS IP: 0.0.0.0 *Jun 16 01:05:24.945:
> RADIUS(00000051<tel:00000051>): sending *Jun 16 01:05:24.945: RADIUS/ENCODE:
> Best
> Local IP-Address 192.168.200.4 for Radius-Server 192.168.200.62
> *Jun 16 01:05:24.946: RADIUS(00000051<tel:00000051>): Send Access-Request to
> 192.168.200.62:1812 id 1645/88, len 174 *Jun 16 01:05:24.946:
> RADIUS: authenticator 79 D1 BF 70 46 64 BC 2B - 3D 86 C0 5A 72 B9
> 85 5C *Jun 16 01:05:24.946: RADIUS: User-Name [1] 14
> "40b3951c20aa" *Jun 16 01:05:24.946: RADIUS: User-Password
> [2] 18 * *Jun 16 01:05:24.946: RADIUS: Called-Station-Id [30]
> 16 "003a.9a55.5370" *Jun 16 01:05:24.946: RADIUS:
> Calling-Station-Id [31] 16 "40b3.951c.20aa" *Jun 16
> 01:05:24.947: RADIUS: Vendor, Cisco [26] 23 *Jun 16
> 01:05:24.947: RADIUS: Cisco AVpair [1] 17
> "ssid=Packetfence-OPEN" *Jun 16 01:05:24.947: RADIUS: Vendor,
> WISPr [26] 21 *Jun 16 01:05:24.947: RADIUS: WISPr VSA
> [2] 15 "Demo Location" *Jun 16 01:05:24.947: RADIUS:
> Service-Type [6] 6 Login [1] *Jun 16
> 01:05:24.947: RADIUS: NAS-Port-Type [61] 6 802.11
> wireless [19] *Jun 16 01:05:24.947: RADIUS: NAS-Port
> [5] 6 325 *Jun 16 01:05:24.947: RADIUS: NAS-Port-Id
> [87] 5 "325" *Jun 16 01:05:24.947: RADIUS: NAS-IP-Address
> [4] 6 192.168.200.4 *Jun 16 01:05:24.948: RADIUS:
> Nas-Identifier [32] 17 "PACKETFENCE-AP1" *Jun 16
> 01:05:25.122: RADIUS: Received from id 1645/88 192.168.200.62:1812,
> Access-Accept, len 36 *Jun 16 01:05:25.123: RADIUS: authenticator
> 30 03 51 64<tel:30%2003%2051%2064> B0 B7 D2 C7 - 0C B8 68 92 32 62
> 13<tel:68%2092%2032%2062%2013> 1C *Jun 16
> 01:05:25.123: RADIUS: Tunnel-Private-Group[81] 4 "40" *Jun 16
> 01:05:25.123: RADIUS: Tunnel-Type [64] 6 00:VLAN
> [13] *Jun 16 01:05:25.123: RADIUS: Tunnel-Medium-Type [65] 6
> 00:ALL_802 [6] *Jun 16 01:05:25.123:
> RADIUS(00000051<tel:00000051>): Received from id 1645/88 *Jun 16 01:05:25.124:
> dot11_mac_process_reply: AAA reply for 40b3.951c.20aa PASSED *Jun
> 16 01:05:25.124: dot11_auth_server_chk_ssid: Checking for SSID in
> server attributes *Jun 16 01:05:25.124:
> dot11_auth_server_vlan_number: Checking for VLAN ID in server
> attributes *Jun 16 01:05:25.124: dot11_auth_server_vlan_number:
> Found AAA_AT_TUNNEL_TYPE attribute *Jun 16 01:05:25.124:
> dot11_auth_server_vlan_number: Found AAA_AT_TUNNEL_TYPE VLAN *Jun
> 16 01:05:25.124: dot11_auth_server_vlan_number: Tag found is 0 *Jun
> 16 01:05:25.125: dot11_auth_server_vlan_number: Found
> AAA_AT_TUNNEL_MEDIUM_TYPE attribute *Jun 16 01:05:25.125:
> dot11_auth_server_vlan_number: Found AAA_AT_TUNNEL_MEDIUM_TYPE with
> value 802 *Jun 16 01:05:25.125: dot11_auth_server_vlan_number:
> Found our group tag 0 *Jun 16 01:05:25.125:
> dot11_auth_server_vlan_number: Found
> AAA_AT_TUNNEL_PRIVATE_GROUP_IDattribute 81 *Jun 16 01:05:25.125:
> dot11_auth_server_vlan_number: Found our group tag 0 *Jun 16
> 01:05:25.125: dot11_auth_server_vlan_number:
> TUNNEL_PRIVATE_GROUP_ID attribute number string 40 for vlan 40 *Jun
> 16 01:05:25.125: dot11_auth_server_get_timeout: Checking for
> session time out value - attribute #27 *Jun 16 01:05:25.125:
> dot11_auth_send_msg: sending data to requestor status 2 *Jun 16
> 01:05:25.126: dot11_auth_send_msg: resp->nsk_len 0
> resp->auth_key_len 0 *Jun 16 01:05:25.126: dot11_auth_send_msg:
> client authenticated 40b3.951c.20aa, node_type 64 for application
> 0x1 *Jun 16 01:05:25.126: dot11_auth_delete_client_entry:
> 40b3.951c.20aa is deleted for application 0x1 *Jun 16 01:05:25.126:
> dot11_auth_client_abort: Received abort request for client
> 40b3.951c.20aa *Jun 16 01:05:25.126: dot11_auth_client_abort: No
> client entry to abort: 40b3.951c.20aa for application 0x1 *Jun 16
> 01:05:25.127: Outgoing SNMP packet *Jun 16 01:05:25.128: v1 packet
> *Jun 16 01:05:25.128: community string: public *Jun 16
> 01:05:25.909: AAA/BIND(00000052<tel:00000052>): Bind i/f *Jun 16 01:05:25.909:
> dot11_auth_add_client_entry: Create new client 40b3.951c.20aa for
> application 0x1 *Jun 16 01:05:25.909: dot11_auth_initialize_client:
> 40b3.951c.20aa is added to the client list for application 0x1 *Jun
> 16 01:05:25.909: dot11_auth_add_client_entry: req->auth_type 1 *Jun
> 16 01:05:25.910: dot11_auth_add_client_entry:
> auth_methods_inprocess: 1 *Jun 16 01:05:25.910:
> dot11_auth_add_client_entry: mac list name: mac_methods *Jun 16
> 01:05:25.910: dot11_run_auth_methods: Start auth method MAC *Jun 16
> 01:05:25.910: dot11_auth_mac_start: method_list: mac_methods *Jun
> 16 01:05:25.910: dot11_auth_mac_start: method_index: 0xC7000002,
> req: 0x12BAB74 *Jun 16 01:05:25.910: dot11_auth_mac_start:
> client->unique_id: 0x52 *Jun 16 01:05:25.910: AAA/AUTHEN/PPP
> (00000052<tel:00000052>): Pick method list 'mac_methods' *Jun 16 01:05:25.911:
> RADIUS/ENCODE(00000052<tel:00000052>):Orig. component type = DOT11 *Jun 16
> 01:05:25.911: RADIUS(00000052<tel:00000052>): Config NAS IP: 0.0.0.0 *Jun 16
> 01:05:25.911: RADIUS/ENCODE(00000052<tel:00000052>): acct_session_id: 82 *Jun
> 16
> 01:05:25.911: RADIUS(00000052<tel:00000052>): Config NAS IP: 0.0.0.0 *Jun 16
> 01:05:25.912: RADIUS(00000052<tel:00000052>): sending *Jun 16 01:05:25.912:
> RADIUS/ENCODE: Best Local IP-Address 192.168.200.4 for
> Radius-Server 192.168.200.62 *Jun 16 01:05:25.912:
> RADIUS(00000052<tel:00000052>): Send Access-Request to 192.168.200.62:1812 id
> 1645/89, len 174 *Jun 16 01:05:25.912: RADIUS: authenticator A9 C9
> 4E 4E 43 F2 F3 93 - 1C 74 AE 7C 41 AE C9 9D *Jun 16 01:05:25.913:
> RADIUS: User-Name [1] 14 "40b3951c20aa" *Jun 16
> 01:05:25.913: RADIUS: User-Password [2] 18 * *Jun 16
> 01:05:25.913: RADIUS: Called-Station-Id [30] 16
> "003a.9a55.5370" *Jun 16 01:05:25.913: RADIUS: Calling-Station-Id
> [31] 16 "40b3.951c.20aa" *Jun 16 01:05:25.913: RADIUS: Vendor,
> Cisco [26] 23 *Jun 16 01:05:25.913: RADIUS: Cisco AVpair
> [1] 17 "ssid=Packetfence-OPEN" *Jun 16 01:05:25.913: RADIUS:
> Vendor, WISPr [26] 21 *Jun 16 01:05:25.913: RADIUS: WISPr
> VSA [2] 15 "Demo Location" *Jun 16 01:05:25.914:
> RADIUS: Service-Type [6] 6 Login
> [1] *Jun 16 01:05:25.914: RADIUS: NAS-Port-Type [61] 6
> 802.11 wireless [19] *Jun 16 01:05:25.914: RADIUS:
> NAS-Port [5] 6 326 *Jun 16 01:05:25.914: RADIUS:
> NAS-Port-Id [87] 5 "326" *Jun 16 01:05:25.914: RADIUS:
> NAS-IP-Address [4] 6 192.168.200.4 *Jun 16 01:05:25.914:
> RADIUS: Nas-Identifier [32] 17 "PACKETFENCE-AP1" *Jun 16
> 01:05:25.987: RADIUS: Received from id 1645/89 192.168.200.62:1812,
> Access-Accept, len 36 *Jun 16 01:05:25.988: RADIUS: authenticator
> 79 CC 4B AF A3 B0 A3 91 - 2F AB FE 1D 7F F9 A0 E2 *Jun 16
> 01:05:25.988: RADIUS: Tunnel-Private-Group[81] 4 "40" *Jun 16
> 01:05:25.988: RADIUS: Tunnel-Type [64] 6 00:VLAN
> [13] *Jun 16 01:05:25.988: RADIUS: Tunnel-Medium-Type [65] 6
> 00:ALL_802 [6] *Jun 16 01:05:25.989:
> RADIUS(00000052<tel:00000052>): Received from id 1645/89 *Jun 16 01:05:25.989:
> dot11_mac_process_reply: AAA reply for 40b3.951c.20aa PASSED *Jun
> 16 01:05:25.989: dot11_auth_server_chk_ssid: Checking for SSID in
> server attributes *Jun 16 01:05:25.989:
> dot11_auth_server_vlan_number: Checking for VLAN ID in server
> attributes *Jun 16 01:05:25.989: dot11_auth_server_vlan_number:
> Found AAA_AT_TUNNEL_TYPE attribute *Jun 16 01:05:25.989:
> dot11_auth_server_vlan_number: Found AAA_AT_TUNNEL_TYPE VLAN *Jun
> 16 01:05:25.990: dot11_auth_server_vlan_number: Tag found is 0 *Jun
> 16 01:05:25.990: dot11_auth_server_vlan_number: Found
> AAA_AT_TUNNEL_MEDIUM_TYPE attribute *Jun 16 01:05:25.990:
> dot11_auth_server_vlan_number: Found AAA_AT_TUNNEL_MEDIUM_TYPE with
> value 802 *Jun 16 01:05:25.990: dot11_auth_server_vlan_number:
> Found our group tag 0 *Jun 16 01:05:25.990:
> dot11_auth_server_vlan_number: Found
> AAA_AT_TUNNEL_PRIVATE_GROUP_IDattribute 81 *Jun 16 01:05:25.990:
> dot11_auth_server_vlan_number: Found our group tag 0 *Jun 16
> 01:05:25.990: dot11_auth_server_vlan_number:
> TUNNEL_PRIVATE_GROUP_ID attribute number string 40 for vlan 40 *Jun
> 16 01:05:25.990: dot11_auth_server_get_timeout: Checking for
> session time out value - attribute #27 *Jun 16 01:05:25.991:
> dot11_auth_send_msg: sending data to requestor status 2 *Jun 16
> 01:05:25.991: dot11_auth_send_msg: resp->nsk_len 0
> resp->auth_key_len 0 *Jun 16 01:05:25.991: dot11_auth_send_msg:
> client authenticated 40b3.951c.20aa, node_type 64 for application
> 0x1 *Jun 16 01:05:25.991: dot11_auth_delete_client_entry:
> 40b3.951c.20aa is deleted for application 0x1 *Jun 16 01:05:25.991:
> dot11_auth_client_abort: Received abort request for client
> 40b3.951c.20aa *Jun 16 01:05:25.991: dot11_auth_client_abort: No
> client entry to abort: 40b3.951c.20aa for application 0x1 *Jun 16
> 01:05:25.993: Outgoing SNMP packet *Jun 16 01:05:25.993: v1 packet
> *Jun 16 01:05:25.993: community string: public
>
>
> PACKETFENCE RADIUS DEBUG OUTPUT
>
> rad_recv: Access-Request packet from host 192.168.200.4 port 1645,
> id=88, length=174 User-Name = "40b3951c20aa" User-Password =
> "40b3951c20aa" Called-Station-Id = "003a.9a55.5370"
> Calling-Station-Id = "40b3.951c.20aa" Cisco-AVPair =
> "ssid=Packetfence-OPEN" WISPr-Location-Name = "Demo Location"
> Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port
> = 325 NAS-Port-Id = "325" NAS-IP-Address = 192.168.200.4
> NAS-Identifier = "PACKETFENCE-AP1" server packetfence { # Executing
> section authorize from file
> /usr/local/pf/raddb/sites-enabled/packetfence +group authorize {
> [suffix] No '@' in User-Name = "40b3951c20aa", looking up realm
> NULL [suffix] No such realm "NULL" ++[suffix] = noop ++[preprocess]
> = ok [eap] No EAP-Message, not doing EAP ++[eap] = noop [files]
> users: Matched entry DEFAULT at line 1 ++[files] = ok
> ++[expiration] = noop ++[logintime] = noop ++update request {
> expand: %{Packet-Src-IP-Address} -> 192.168.200.4 ++} # update
> request = noop ++update control { ++} # update control = noop
> rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl:
> Added pair Service-Type = Login-User rlm_perl: Added pair
> Calling-Station-Id = 40b3.951c.20aa rlm_perl: Added pair
> Called-Station-Id = 003a.9a55.5370 rlm_perl: Added pair
> FreeRADIUS-Client-IP-Address = 192.168.200.4 rlm_perl: Added pair
> Cisco-AVPair = ssid=Packetfence-OPEN rlm_perl: Added pair User-Name
> = 40b3951c20aa rlm_perl: Added pair NAS-Identifier =
> PACKETFENCE-AP1 rlm_perl: Added pair User-Password = 40b3951c20aa
> rlm_perl: Added pair NAS-IP-Address = 192.168.200.4 rlm_perl: Added
> pair NAS-Port = 325 rlm_perl: Added pair NAS-Port-Id = 325
> rlm_perl: Added pair WISPr-Location-Name = Demo Location rlm_perl:
> Added pair PacketFence-RPC-Pass = rlm_perl: Added pair
> PacketFence-RPC-Server = 127.0.0.1 rlm_perl: Added pair
> PacketFence-RPC-Proto = http rlm_perl: Added pair
> PacketFence-RPC-User = rlm_perl: Added pair Auth-Type = Accept
> rlm_perl: Added pair PacketFence-RPC-Port = 9090 ++[packetfence] =
> noop +} # group authorize = ok Found Auth-Type = Accept Auth-Type =
> Accept, accepting the user Login OK: [40b3951c20aa] (from client
> 192.168.200.4 port 325 cli 40b3.951c.20aa) } # server packetfence #
> Executing section post-auth from file
> /usr/local/pf/raddb/sites-enabled/packetfence +group post-auth {
> ++[exec] = noop ++? if (!EAP-Type || (EAP-Type != EAP-TTLS &&
> EAP-Type != PEAP)) ? Evaluating !(EAP-Type ) -> TRUE ?? Skipping
> (EAP-Type != EAP-TTLS ) ?? Skipping (EAP-Type != PEAP) ++? if
> (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE
> ++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
> +++update control { +++} # update control = noop rlm_perl:
> Returning vlan 40 to request from 40:b3:95:1c:20:aa port 325
> rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
> rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl:
> Added pair Service-Type = Login-User rlm_perl: Added pair
> Called-Station-Id = 003a.9a55.5370 rlm_perl: Added pair
> Calling-Station-Id = 40b3.951c.20aa rlm_perl: Added pair
> FreeRADIUS-Client-IP-Address = 192.168.200.4 rlm_perl: Added pair
> Cisco-AVPair = ssid=Packetfence-OPEN rlm_perl: Added pair User-Name
> = 40b3951c20aa rlm_perl: Added pair NAS-Identifier =
> PACKETFENCE-AP1 rlm_perl: Added pair User-Password = 40b3951c20aa
> rlm_perl: Added pair NAS-Port = 325 rlm_perl: Added pair
> NAS-IP-Address = 192.168.200.4 rlm_perl: Added pair
> WISPr-Location-Name = Demo Location rlm_perl: Added pair
> NAS-Port-Id = 325 rlm_perl: Added pair Tunnel-Private-Group-ID =
> 40 rlm_perl: Added pair Tunnel-Type = 13 rlm_perl: Added pair
> Tunnel-Medium-Type = 6 rlm_perl: Added pair PacketFence-RPC-Pass =
> rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1 rlm_perl:
> Added pair PacketFence-RPC-User = rlm_perl: Added pair
> PacketFence-RPC-Proto = http rlm_perl: Added pair Auth-Type =
> Accept rlm_perl: Added pair PacketFence-RPC-Port = 9090
> +++[packetfence] = ok ++} # if (!EAP-Type || (EAP-Type != EAP-TTLS
> && EAP-Type != PEAP)) = ok +} # group post-auth = ok Sending
> Access-Accept of id 88 to 192.168.200.4 port 1645
> Tunnel-Private-Group-Id:0 = "40" Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802 Finished request 0. Going to the
> next request Waking up in 4.9 seconds. rad_recv: Access-Request
> packet from host 192.168.200.4 port 1645, id=89, length=174
> User-Name = "40b3951c20aa" User-Password = "40b3951c20aa"
> Called-Station-Id = "003a.9a55.5370" Calling-Station-Id =
> "40b3.951c.20aa" Cisco-AVPair = "ssid=Packetfence-OPEN"
> WISPr-Location-Name = "Demo Location" Service-Type = Login-User
> NAS-Port-Type = Wireless-802.11 NAS-Port = 326 NAS-Port-Id = "326"
> NAS-IP-Address = 192.168.200.4 NAS-Identifier = "PACKETFENCE-AP1"
> server packetfence { # Executing section authorize from file
> /usr/local/pf/raddb/sites-enabled/packetfence +group authorize {
> [suffix] No '@' in User-Name = "40b3951c20aa", looking up realm
> NULL [suffix] No such realm "NULL" ++[suffix] = noop ++[preprocess]
> = ok [eap] No EAP-Message, not doing EAP ++[eap] = noop [files]
> users: Matched entry DEFAULT at line 1 ++[files] = ok
> ++[expiration] = noop ++[logintime] = noop ++update request {
> expand: %{Packet-Src-IP-Address} -> 192.168.200.4 ++} # update
> request = noop ++update control { ++} # update control = noop
> rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl:
> Added pair Service-Type = Login-User rlm_perl: Added pair
> Calling-Station-Id = 40b3.951c.20aa rlm_perl: Added pair
> Called-Station-Id = 003a.9a55.5370 rlm_perl: Added pair
> FreeRADIUS-Client-IP-Address = 192.168.200.4 rlm_perl: Added pair
> Cisco-AVPair = ssid=Packetfence-OPEN rlm_perl: Added pair User-Name
> = 40b3951c20aa rlm_perl: Added pair NAS-Identifier =
> PACKETFENCE-AP1 rlm_perl: Added pair User-Password = 40b3951c20aa
> rlm_perl: Added pair NAS-IP-Address = 192.168.200.4 rlm_perl: Added
> pair NAS-Port = 326 rlm_perl: Added pair NAS-Port-Id = 326
> rlm_perl: Added pair WISPr-Location-Name = Demo Location rlm_perl:
> Added pair PacketFence-RPC-Pass = rlm_perl: Added pair
> PacketFence-RPC-Server = 127.0.0.1 rlm_perl: Added pair
> PacketFence-RPC-Proto = http rlm_perl: Added pair
> PacketFence-RPC-User = rlm_perl: Added pair Auth-Type = Accept
> rlm_perl: Added pair PacketFence-RPC-Port = 9090 ++[packetfence] =
> noop +} # group authorize = ok Found Auth-Type = Accept Auth-Type =
> Accept, accepting the user Login OK: [40b3951c20aa] (from client
> 192.168.200.4 port 326 cli 40b3.951c.20aa) } # server packetfence #
> Executing section post-auth from file
> /usr/local/pf/raddb/sites-enabled/packetfence +group post-auth {
> ++[exec] = noop ++? if (!EAP-Type || (EAP-Type != EAP-TTLS &&
> EAP-Type != PEAP)) ? Evaluating !(EAP-Type ) -> TRUE ?? Skipping
> (EAP-Type != EAP-TTLS ) ?? Skipping (EAP-Type != PEAP) ++? if
> (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE
> ++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) {
> +++update control { +++} # update control = noop rlm_perl:
> Returning vlan 40 to request from 40:b3:95:1c:20:aa port 326
> rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
> rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl:
> Added pair Service-Type = Login-User rlm_perl: Added pair
> Called-Station-Id = 003a.9a55.5370 rlm_perl: Added pair
> Calling-Station-Id = 40b3.951c.20aa rlm_perl: Added pair
> FreeRADIUS-Client-IP-Address = 192.168.200.4 rlm_perl: Added pair
> Cisco-AVPair = ssid=Packetfence-OPEN rlm_perl: Added pair User-Name
> = 40b3951c20aa rlm_perl: Added pair NAS-Identifier =
> PACKETFENCE-AP1 rlm_perl: Added pair User-Password = 40b3951c20aa
> rlm_perl: Added pair NAS-Port = 326 rlm_perl: Added pair
> NAS-IP-Address = 192.168.200.4 rlm_perl: Added pair
> WISPr-Location-Name = Demo Location rlm_perl: Added pair
> NAS-Port-Id = 326 rlm_perl: Added pair Tunnel-Private-Group-ID =
> 40 rlm_perl: Added pair Tunnel-Type = 13 rlm_perl: Added pair
> Tunnel-Medium-Type = 6 rlm_perl: Added pair PacketFence-RPC-Pass =
> rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1 rlm_perl:
> Added pair PacketFence-RPC-User = rlm_perl: Added pair
> PacketFence-RPC-Proto = http rlm_perl: Added pair Auth-Type =
> Accept rlm_perl: Added pair PacketFence-RPC-Port = 9090
> +++[packetfence] = ok ++} # if (!EAP-Type || (EAP-Type != EAP-TTLS
> && EAP-Type != PEAP)) = ok +} # group post-auth = ok Sending
> Access-Accept of id 89 to 192.168.200.4 port 1645
> Tunnel-Private-Group-Id:0 = "40" Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802 Finished request 1.
>
>
>
>
> The information contained in this e-mail may be subject to public
> disclosure under the NHS Code of Openness or the Freedom of
> Information Act 2000. Unless the information is legally exempt, the
> confidentiality of this e-mail and your reply cannot be
> guaranteed. Unless expressly stated otherwise, the information
> contained in this e-mail is intended for the named recipient(s)
> only. If you are not the intended recipient you must not copy,
> distribute, or take any action or reliance upon it. If you have
> received this e-mail in error, please notify the sender. Any
> unauthorised disclosure of the information contained in this e-mail
> is strictly prohibited.
>
> ------------------------------------------------------------------------------
>
>
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and
> Dashboards with Interactivity, Sharing, Native Excel Exports, App
> Integration & more Get technology previously reserved for
> billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
>
>
_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
- --
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135)<tel:+1.514.447.4918;135> ::
www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUdN6EAAoJEG3J17z3j5V+PkcP/jKCiNP6re/zk2fqZ/i1wZDq
9H5CDTPkRha2JPvhfQA0pNCTaJlyMq42QsWzTuXaQSZGERMH8QVYvOpSwPrJrO0l
0Nv8EBKkycy9HvvE2Omjr5nve8kXhO4TwmisDZp9or5R2ezTyXIpL7+Bi4phzdVY
lR5gSj0UZ50P5qTJKURPTU7xooOyVRcYbbnaD1sWcZ0kLyPBFfO/2cpp7P74/ckK
1rn80b6RJv7MSfa4fVUr2CTtkrba7saoGDwC7+Y+Y8zk3gExREh2XKwqbpKv603C
G9mqcSQOXWYH631QaTQJ3koI91jA+iVbCDtUtqWzEACQDUOWVM4FV9uqw+lnbEJ5
1j2SeDEtlYeqHyiN2s8qGcmxtKZUOrio7Q8nVAn2nVWlr2LFBA2zR4l0DTMRe0EJ
S27+ChgMctmZxuVwMSioAdPPPtw1vzsMYwLT+D7fpdEz9yVWajVaSVp3iZQumlae
8JyaZwWsZVAcIe6WW/cY40RzYnEW06FiPimFVBl4gAwi+U1uZPdonSHafMubOj4T
rDgwgpdV6INBiTkBxqR8XyHzDQxyiAYO6GsRNrqfIhQqh8UeTZpbzAQCWAe2gsuo
Dmrux2pziYSt4LmM9EJlBklpshO1/sgWSM9estXfvNAtqmD1oPgKHkm/jJzgPKsp
npuv1A2U4WWXACCwuC9e
=rCQj
-----END PGP SIGNATURE-----
The information contained in this e-mail may be subject to public disclosure
under the NHS Code of Openness or the Freedom of Information Act 2000.
Unless the information is legally exempt, the confidentiality of this e-mail
and your reply cannot be guaranteed.
Unless expressly stated otherwise, the information contained in this e-mail
is intended for the named recipient(s) only. If you are not the intended
recipient you must not copy, distribute, or take any action or reliance upon
it. If you have received this e-mail in error, please notify the sender. Any
unauthorised disclosure of the information contained in this e-mail is
strictly prohibited.
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
