Hi Derek,
Thanks for your reply but I still do not get it.
As you recommended it, I removed the controllerIp from the
configuration. So now my PacketFence.log are:
Aug 03 15:30:48 httpd.portal(3973) INFO: [b8:4f:d5:e3:51:d8] Username
was defined "b84fd5e351d8" - returning user based role 'full'
(pf::vlan::getNormalVlan)
Aug 03 15:30:48 httpd.portal(3973) INFO: [b8:4f:d5:e3:51:d8] PID:
"ellyn", Status: reg Returned VLAN: 10, Role: full
(pf::vlan::fetchVlanForNode)
Aug 03 15:30:48 httpd.portal(3973) INFO: [b8:4f:d5:e3:51:d8] VLAN
reassignment required (current VLAN = 4 but should be in VLAN 10)
(pf::enforcement::_should_we_reassign_vlan)
Aug 03 15:30:48 httpd.portal(3973) INFO: [b8:4f:d5:e3:51:d8] switch port
is (192.168.10.2) ifIndex unknown connection type: WiFi MAC Auth
(pf::enforcement::_vlan_reevaluation)
Aug 03 15:30:48 httpd.portal(3973) WARN: Can't find provisioner for
b8:4f:d5:e3:51:d8 since we don't have it's OS
(pf::Portal::Profile::findProvisioner)
Aug 03 15:30:49 httpd.webservices(3978) INFO: [b8:4f:d5:e3:51:d8]
DesAssociating mac on switch (192.168.10.2) (pf::api::desAssociate)
Aug 03 15:30:49 httpd.webservices(3978) INFO: deauthenticating
b8:4f:d5:e3:51:d8 (pf::Switch::Hostapd::radiusDisconnect)
Aug 03 15:30:49 httpd.webservices(3978) WARN: Unable to perform RADIUS
Disconnect-Request: No answer from 192.168.10.2 on port 3799 at
/usr/local/pf/lib/pf/util/radius.pm line 145.
(pf::Switch::Hostapd::catch {...} )
Aug 03 15:30:51 httpd.webservices(3978) WARN: Unable to perform a
Fingerbank lookup for device with MAC address 'b8:4f:d5:e3:51:d8'
(pf::fingerbank::process)
We can see that the RADIUS Disconnect-Request is done on the
192.168.10.2 which is my switch. I still do not understand why the
request does not get any answer from the switch...
Ellyn
> Hi Ellyn,
>
>> Jul 28 16:57:43 httpd.webservices(4765) INFO: controllerIp is set, we
>> will use controller 192.168.10.1 to perform deauth
>> (pf::Switch::Hostapd::radiusDisconnect)
>> By the way 192.168.10.1 is the management interface, in my
>> comprehension, after the authentication process the device should be
>> redirected to the management vlan, is that right ?
>
> I think you are mixing things up.
>
>> From what I can understand in the log, you configured 192.168.10.1 as
>> the controllerIp that actually controls the access point you are using
>> (ie. a WLC controls Cisco APs).
> Then, you?re saying that 192.168.10.1 is the management interface. Is
> that the management interface of PacketFence ? If your access point is
> ?standalone? please remove the controllerIp from the configuration.
>
> Cheers!
> dw.
>
> ?
> Derek Wuelfrath
> [email protected] :: www.inverse.ca
> +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>> On Jul 29, 2015, at 03:35, [email protected] wrote:
>>
>> Hello,
>>
>>
>> I installed and configured PacketFence 5.3.1 on Ubuntu 12.04 but some
>> errors appeared in packetfence.log when I tried to connect a device to
>> the network. And it is not proprely redirected on the normal VLAN
>> after
>> authenthication.
>>
>> packetfence.log :
>>
>> Jul 28 16:57:42 httpd.portal(4752) INFO: [b8:4f:d5:e3:51:d8] Username
>> was defined "b84fd5e351d8" - returning user based role 'full'
>> (pf::vlan::getNormalVlan)
>> Jul 28 16:57:42 httpd.portal(4752) INFO: [b8:4f:d5:e3:51:d8] PID:
>> "ellyn", Status: reg Returned VLAN: 10, Role: full
>> (pf::vlan::fetchVlanForNode)
>> Jul 28 16:57:42 httpd.portal(4752) INFO: [b8:4f:d5:e3:51:d8] VLAN
>> reassignment required (current VLAN = 4 but should be in VLAN 10)
>> (pf::enforcement::_should_we_reassign_vlan)
>> Jul 28 16:57:42 httpd.portal(4752) INFO: [b8:4f:d5:e3:51:d8] switch
>> port
>> is (192.168.10.2) ifIndex unknown connection type: WiFi MAC Auth
>> (pf::enforcement::_vlan_reevaluation)
>> Jul 28 16:57:42 httpd.portal(4752) WARN: Can't find provisioner for
>> b8:4f:d5:e3:51:d8 since we don't have it's OS
>> (pf::Portal::Profile::findProvisioner)
>> Jul 28 16:57:43 httpd.webservices(4765) INFO: [b8:4f:d5:e3:51:d8]
>> DesAssociating mac on switch (192.168.10.2) (pf::api::desAssociate)
>> Jul 28 16:57:43 httpd.webservices(4765) INFO: deauthenticating
>> b8:4f:d5:e3:51:d8 (pf::Switch::Hostapd::radiusDisconnect)
>> Jul 28 16:57:43 httpd.webservices(4765) INFO: controllerIp is set, we
>> will use controller 192.168.10.1 to perform deauth
>> (pf::Switch::Hostapd::radiusDisconnect)
>> Jul 28 16:57:43 httpd.webservices(4765) WARN: Unable to perform RADIUS
>> Disconnect-Request: No answer from 192.168.10.1 on port 3799 at
>> /usr/local/pf/lib/pf/util/radius.pm line 145.
>> (pf::Switch::Hostapd::catch {...} )
>> Jul 28 16:57:57 httpd.webservices(4765) WARN: Unable to perform a
>> Fingerbank lookup for device with MAC address 'b8:4f:d5:e3:51:d8'
>> (pf::fingerbank::process)
>>
>> My access point is defined as an hostapd (openwrt) switch type. Here
>> is
>> its wireless configuration:
>>
>> option device 'radio1'
>> option mode 'ap'
>> option ssid 'OpenWrt-OPEN'
>> option network 'lan'
>> option encryption 'none'
>> option auth_server '192.168.10.1'
>> option auth_port '1812'
>> option auth_secret 'secret'
>> option dynamic_vlan '2'
>> option vlan_tagged_interface 'eth0'
>> option radius_das_port '3799'
>> option radius_das_client '192.168.10.1 secret'
>> option macfilter '2'
>> option acct_server '192.168.10.1'
>> option acct_port '1813'
>> option acct_secret 'secret'
>> option vlan_bridge 'br-vlan'
>> option vlan_naming '1'
>>
>> Radius tries to perform a Disconnect-Request as wanted but I do not
>> understand why its request has no effect, did I miss something ?
>> By the way 192.168.10.1 is the management interface, in my
>> comprehension, after the authentication process the device should be
>> redirected to the management vlan, is that right ?
>>
>>
>> Thanks for answering,
>> Ellyn.
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
