Or the other solution is just to uncheck "Role by Switch Role" or leave the role blank.
Also to help to configure the Aruba Controller with PacketFence, follow this instruction and just change Clearpass by PacketFence. http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-integrate-Aruba-Controller-with-CPPM-to-perform-Captive/ta-p/192291 Regards Fabrice Le 2015-04-28 08:21, Tim DeNike a écrit : > sub radiusDisconnect is the culprit if you have roles enabled on the > switch config. > > The Aruba module sends a COA to change the role instead of a > disconnect if you want it to change VLANs. > > # if ( defined($role) && (defined($node_info->{'status'}) && > isenabled($self->{_RoleMap}) ) ) { > > # $attributes_ref = { > # %$attributes_ref, > # 'Filter-Id' => $role, > # }; > # $logger->info("[$self->{'_ip'}] Returning ACCEPT with > role: $role"); > # $response = perform_coa($connection_info, $attributes_ref); > # > # } > # else { > $response = perform_disconnect($connection_info, > $attributes_ref); > # } > > Commenting out these fields and leaving only the one makes it work. > > On Wed, Jan 14, 2015 at 10:54 AM, Fabrice DURAND <[email protected] > <mailto:[email protected]>> wrote: > > Hi Lee, > > first it look that mac authentication is missing on the Aruba side. > When a device try to connect to the SSID a radius request must be sent > to packetfence. > Then packetfence will be able to know on which controller the > device is > connected. > > Fix that and paste the log after. > Regards > Fabrice > > Le 2015-01-13 08:25, Lee Wilson a écrit : > > Lee Wilson <leefm40@...> writes: > >> Been messing around with this over the XMas break and think > I've made > >> some good progress but still not able to get access once > registered on > >> PacketFence. > >> > >> This is what happens so far. > >> 1) User connects to open SSID and is redirected by the Aruba > > controller > >> to the portal URL running on packetfence > >> 2) PacketFence prompts for registration which I complete > >> 3) PacketFence then try to access the detection.gif using the 10 > > minute > >> temporary access but is unable to as the user is still in the > >> registration role on the Aruba. > >> > >> >From what I've read about RFC 3576 the RADIUS server on > PacketFence > >> should send a request back to the controller in order to the change > > the > >> role rather than the aruba asking RADIUS for the information. > Is this > >> correct? > >> > >> I've ran a tcpdump on the PacketFence server and can see it neither > >> receiving or sending any RADIUS packets to the Aruba > controller, debug > >> logs aren't much use either. If I run an AAA test on the Aruba the > > test > >> comes back as successful. > >> > >> On a side note, should the switch mode on PacketFence be > Registration > > or > >> Production for the Aruba controller? I've tried but with no > > difference. > >> Bit stumped where to go from here, any suggestions? > >> > >> Thanks for your help so far > >> > >> Lee > >> > > I have a more detailed look at the logs and it seems as though > > Packetfence doesn't think I've added the Aruba as a switch. This > is what > > is logged as I register via the portal: > > > > ==> ../logs/pfdhcplistener.log <== > > Jan 13 11:52:03 pfdhcplistener(6961) INFO: Unseen before node added: > > 00:xx:xx:xx:xx:xx (main::listen_dhcp) > > Jan 13 11:52:04 pfdhcplistener(6961) INFO: DHCPREQUEST from > > 00:xx:xx:xx:xx:xx (192.168.x.x) (main::parse_dhcp_request) > > Jan 13 11:52:04 pfdhcplistener(6961) WARN: unable to resolve > > 00:xx:xx:xx:xx:xx to ip (pf::iplog::mac2ip) > > > > ==> ../logs/pfdhcplistener.log <== > > Jan 13 11:52:12 pfdhcplistener(6961) INFO: 00:xx:xx:xx:xx:xx > requested > > an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or > Server > > 2008 (Version 6.0)). Modified node with last_dhcp = 2015-01-13 > > 11:52:10,computername = TESTLAPTOP,dhcp_fingerprint = > x,x,x,x,x,x,x,x > > (main::listen_dhcp) > > > > > > ==> ../logs/packetfence.log <== > > Jan 13 11:52:18 httpd.portal(6922) ERROR: WARNING ! Unknown > switch(es) > > (pf::SwitchFactory::instantiate) > > Jan 13 11:52:19 httpd.portal(6920) ERROR: WARNING ! Unknown > switch(es) > > (pf::SwitchFactory::instantiate) > > > > > > ==> ../logs/pfdhcplistener.log <== > > Jan 13 11:52:21 pfdhcplistener(6961) INFO: DHCPACK from 192.168.x.x > > (00:xx:xx:xx:xx:xx to host 00:xx:xx:xx:xx:xx (192.168.x.x) for 1600 > > seconds (main::parse_dhcp_ack) > > Jan 13 11:52:21 pfdhcplistener(6961) INFO: DHCPACK CIADDR from > > 192.168.x.x (00:xx:xx:xx:xx:xx) to host 00:xx:xx:xx:xx:xx > (192.168.x.x) > > (main::parse_dhcp_ack) > > > > > > ==> ../logs/packetfence.log <== > > Jan 13 11:52:27 httpd.portal(6921) ERROR: WARNING ! Unknown > switch(es) > > (pf::SwitchFactory::instantiate) > > Jan 13 11:53:48 httpd.portal(6926) INFO: [00:xx:xx:xx:xx:xx] > Updating > > node user_agent with useragent: 'Mozilla/4.0 (compatible; MSIE 8.0; > > Windows NT 6.1; WOW64; Trident/4.0)' > > > (captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAg > > ent) > > Jan 13 11:53:48 httpd.portal(6926) INFO: [00:xx:xx:xx:xx:xx] > redirected > > to default > > > (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRe > > gister) > > Jan 13 11:53:49 httpd.portal(6926) INFO: [00:xx:xx:xx:xx:xx] > redirected > > to authentication page > > > (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRe > > gister) > > Jan 13 11:54:14 httpd.portal(6923) ERROR: WARNING ! Unknown > switch(es) > > (pf::SwitchFactory::instantiate) > > Jan 13 11:56:46 httpd.portal(7246) INFO: registering > 00:xx:xx:xx:xx:xx > > guest by email > > > (captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration > > ) > > Jan 13 11:56:46 httpd.portal(7246) INFO: Matched rule (catchall) in > > source email, returning actions. (pf::Authentication::Source::match) > > Jan 13 11:56:46 httpd.portal(7246) INFO: person [email protected] > <mailto:[email protected]> added > > (pf::person::person_add) > > Jan 13 11:56:46 httpd.portal(7246) WARN: modify of non-existent > person > > [email protected] <mailto:[email protected]> attempted - person > added (pf::person::person_modify) > > Jan 13 11:56:46 httpd.portal(7246) INFO: person [email protected] > <mailto:[email protected]> > > modified to [email protected] <mailto:[email protected]> > (pf::person::person_modify) > > Jan 13 11:56:46 httpd.portal(7246) INFO: [00:xx:xx:xx:xx:xx] re- > > evaluating access (manage_register called) > > (pf::enforcement::reevaluate_access) > > Jan 13 11:56:46 httpd.portal(7246) WARN: [00:xx:xx:xx:xx:xx] > Can't re- > > evaluate access because no open locationlog entry was found > > (pf::enforcement::reevaluate_access) > > Jan 13 11:56:46 httpd.portal(7246) INFO: new activation code > > successfully generated (pf::activation::create) > > Jan 13 11:56:48 httpd.portal(7246) INFO: Email sent to > [email protected] <mailto:[email protected]> > > (example.com <http://example.com>: Email activation required) > (pf::activation::__ANON__) > > Jan 13 11:56:57 httpd.portal(7247) ERROR: WARNING ! Unknown > switch(es) > > (pf::SwitchFactory::instantiate) > > Jan 13 11:56:57 httpd.portal(7242) INFO: [00:xx:xx:xx:xx:xx] > shouldn't > > reach here. Calling access re-evaluation. Make sure your network > device > > configuration is correct. > > > (captiveportal::PacketFence::Controller::CaptivePortal::unknownState) > > Jan 13 11:56:57 httpd.portal(7242) INFO: [00:xx:xx:xx:xx:xx] re- > > evaluating access (redir.cgi called) > > (pf::enforcement::reevaluate_access) > > Jan 13 11:56:57 httpd.portal(7242) WARN: [00:xx:xx:xx:xx:xx] > Can't re- > > evaluate access because no open locationlog entry was found > > (pf::enforcement::reevaluate_access) > > > > I've deleted and readded the switch (Aruba Controller) as well as > > confirming it exists in switches.conf and radius_nas in MySQL. > > > > How does PacketFence know which switch to inform about the change of > > role based on the capture portal profile? I can't see any > communicate > > between them to indicate they are aware of each other (RADIUS or > CoA). > > > > Help would be really be appreciated as I'm completely stumped as to > > where to go from here. > > > > Lee > > > > > > > > ------------------------------------------------------------------------------ > > New Year. New Location. New Benefits. New Data Center in > Ashburn, VA. > > GigeNET is offering a free month of service with a new server in > Ashburn. > > Choose from 2 high performing configs, both with 100TB of bandwidth. > > Higher redundancy.Lower latency.Increased capacity.Completely > compliant. > > http://p.sf.net/sfu/gigenet > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice Durand > [email protected] <mailto:[email protected]> :: +1.514.447.4918 > <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca > <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and > PacketFence (http://packetfence.org) > > > > ------------------------------------------------------------------------------ > New Year. New Location. New Benefits. New Data Center in Ashburn, VA. > GigeNET is offering a free month of service with a new server in > Ashburn. > Choose from 2 high performing configs, both with 100TB of bandwidth. > Higher redundancy.Lower latency.Increased capacity.Completely > compliant. > http://p.sf.net/sfu/gigenet > _______________________________________________ > PacketFence-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
