Lee Wilson <leefm40@...> writes: > Been messing around with this over the XMas break and think I've made > some good progress but still not able to get access once registered on > PacketFence. > > This is what happens so far. > 1) User connects to open SSID and is redirected by the Aruba controller > to the portal URL running on packetfence > 2) PacketFence prompts for registration which I complete > 3) PacketFence then try to access the detection.gif using the 10 minute > temporary access but is unable to as the user is still in the > registration role on the Aruba. > > >From what I've read about RFC 3576 the RADIUS server on PacketFence > should send a request back to the controller in order to the change the > role rather than the aruba asking RADIUS for the information. Is this > correct? > > I've ran a tcpdump on the PacketFence server and can see it neither > receiving or sending any RADIUS packets to the Aruba controller, debug > logs aren't much use either. If I run an AAA test on the Aruba the test > comes back as successful. > > On a side note, should the switch mode on PacketFence be Registration or > Production for the Aruba controller? I've tried but with no difference. > > Bit stumped where to go from here, any suggestions? > > Thanks for your help so far > > Lee >
I have a more detailed look at the logs and it seems as though Packetfence doesn't think I've added the Aruba as a switch. This is what is logged as I register via the portal: ==> ../logs/pfdhcplistener.log <== Jan 13 11:52:03 pfdhcplistener(6961) INFO: Unseen before node added: 00:xx:xx:xx:xx:xx (main::listen_dhcp) Jan 13 11:52:04 pfdhcplistener(6961) INFO: DHCPREQUEST from 00:xx:xx:xx:xx:xx (192.168.x.x) (main::parse_dhcp_request) Jan 13 11:52:04 pfdhcplistener(6961) WARN: unable to resolve 00:xx:xx:xx:xx:xx to ip (pf::iplog::mac2ip) ==> ../logs/pfdhcplistener.log <== Jan 13 11:52:12 pfdhcplistener(6961) INFO: 00:xx:xx:xx:xx:xx requested an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008 (Version 6.0)). Modified node with last_dhcp = 2015-01-13 11:52:10,computername = TESTLAPTOP,dhcp_fingerprint = x,x,x,x,x,x,x,x (main::listen_dhcp) ==> ../logs/packetfence.log <== Jan 13 11:52:18 httpd.portal(6922) ERROR: WARNING ! Unknown switch(es) (pf::SwitchFactory::instantiate) Jan 13 11:52:19 httpd.portal(6920) ERROR: WARNING ! Unknown switch(es) (pf::SwitchFactory::instantiate) ==> ../logs/pfdhcplistener.log <== Jan 13 11:52:21 pfdhcplistener(6961) INFO: DHCPACK from 192.168.x.x (00:xx:xx:xx:xx:xx to host 00:xx:xx:xx:xx:xx (192.168.x.x) for 1600 seconds (main::parse_dhcp_ack) Jan 13 11:52:21 pfdhcplistener(6961) INFO: DHCPACK CIADDR from 192.168.x.x (00:xx:xx:xx:xx:xx) to host 00:xx:xx:xx:xx:xx (192.168.x.x) (main::parse_dhcp_ack) ==> ../logs/packetfence.log <== Jan 13 11:52:27 httpd.portal(6921) ERROR: WARNING ! Unknown switch(es) (pf::SwitchFactory::instantiate) Jan 13 11:53:48 httpd.portal(6926) INFO: [00:xx:xx:xx:xx:xx] Updating node user_agent with useragent: 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)' (captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAg ent) Jan 13 11:53:48 httpd.portal(6926) INFO: [00:xx:xx:xx:xx:xx] redirected to default (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRe gister) Jan 13 11:53:49 httpd.portal(6926) INFO: [00:xx:xx:xx:xx:xx] redirected to authentication page (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRe gister) Jan 13 11:54:14 httpd.portal(6923) ERROR: WARNING ! Unknown switch(es) (pf::SwitchFactory::instantiate) Jan 13 11:56:46 httpd.portal(7246) INFO: registering 00:xx:xx:xx:xx:xx guest by email (captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration ) Jan 13 11:56:46 httpd.portal(7246) INFO: Matched rule (catchall) in source email, returning actions. (pf::Authentication::Source::match) Jan 13 11:56:46 httpd.portal(7246) INFO: person [email protected] added (pf::person::person_add) Jan 13 11:56:46 httpd.portal(7246) WARN: modify of non-existent person [email protected] attempted - person added (pf::person::person_modify) Jan 13 11:56:46 httpd.portal(7246) INFO: person [email protected] modified to [email protected] (pf::person::person_modify) Jan 13 11:56:46 httpd.portal(7246) INFO: [00:xx:xx:xx:xx:xx] re- evaluating access (manage_register called) (pf::enforcement::reevaluate_access) Jan 13 11:56:46 httpd.portal(7246) WARN: [00:xx:xx:xx:xx:xx] Can't re- evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) Jan 13 11:56:46 httpd.portal(7246) INFO: new activation code successfully generated (pf::activation::create) Jan 13 11:56:48 httpd.portal(7246) INFO: Email sent to [email protected] (example.com: Email activation required) (pf::activation::__ANON__) Jan 13 11:56:57 httpd.portal(7247) ERROR: WARNING ! Unknown switch(es) (pf::SwitchFactory::instantiate) Jan 13 11:56:57 httpd.portal(7242) INFO: [00:xx:xx:xx:xx:xx] shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (captiveportal::PacketFence::Controller::CaptivePortal::unknownState) Jan 13 11:56:57 httpd.portal(7242) INFO: [00:xx:xx:xx:xx:xx] re- evaluating access (redir.cgi called) (pf::enforcement::reevaluate_access) Jan 13 11:56:57 httpd.portal(7242) WARN: [00:xx:xx:xx:xx:xx] Can't re- evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) I've deleted and readded the switch (Aruba Controller) as well as confirming it exists in switches.conf and radius_nas in MySQL. How does PacketFence know which switch to inform about the change of role based on the capture portal profile? I can't see any communicate between them to indicate they are aware of each other (RADIUS or CoA). Help would be really be appreciated as I'm completely stumped as to where to go from here. Lee ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
