Hi Craig,
can you try that:
[10:csir_wireless]
scope = AutoRegister
role = Wireless
[11:csir_wireless]
scope = AutoRegister
role = Wireless
action = register_node
action_param = mac = $mac, category = Wireless, pid =
$radius_request->{'User-Name'}
[12:csir_wireless]
scope = NormalVlan
role = Wireless
And restart httpd.aaa.
Also do you have in packetfence.log something like:
Match Vlan rule: 10 ...
Regards
Fabrice
Le 2015-08-27 04:49, Craig Strydom a écrit :
Hi Fabrice,
I did restart pfdhcplistener but still see this in the log: Match Vlan
rule: 50:notiphone¬macintosh¬android (pf::vlan::filter::test)
icc guest ssid works fine.
android and ipad works fine.
It also works if the notebook is already registered ie connecting to
icc guest ssid and then to CSIR Wireless works.
Looks like the auto register part is being ignored.
regards,
Craig.
Here is vlan_filters.conf
# Configure custom vlan info here - custom.pm replacement
################################ General Definitions
################################
# Secure SSID
[csir_wireless]
filter = ssid
operator = is
value = CSIR Wireless
# Secure SSID
[eduroam]
filter = ssid
operator = is
value = eduroam
# Open SSID with NO authentication
[icc_guest]
filter = ssid
operator = is
value = ICC Guest
[wireless_eap]
filter = connection_type
operator = is
value = Wireless-802.11-EAP
[wireless_noeap]
filter = connection_type
operator = is
value = Wireless-802.11-NoEAP
#Check if csir email is used for eduroam login - proxy to CSIR server
[csiruser]
filter = username
operator = match
value = csir\.co\.za
###############################################################################
############################### Specific RULES
################################
#################### Each rule must have unique id number
#####################
################################ CSIR Wireless
################################
[10:csir_wireless&wireless_eap]
scope = AutoRegister
role = Wireless
[11:csir_wireless&wireless_eap]
scope = AutoRegister
role = Wireless
action = register_node
action_param = mac = $mac, category = Wireless, pid =
$radius_request->{'User-Name'}
[12:csir_wireless&wireless_eap]
scope = NormalVlan
role = Wireless
################################ eduroam - CSIR
################################
[20:eduroam&wireless_eap&csiruser]
scope = AutoRegister
role = Wireless
[21:eduroam&wireless_eap&csiruser]
scope = AutoRegister
role = Wireless
action = register_node
action_param = mac = $mac, category = Wireless, pid =
$radius_request->{'User-Name'}
[22:eduroam&wireless_eap&csiruser]
scope = NormalVlan
role = Wireless
################################ eduroam - External
################################
[30:eduroam&wireless_eap&!csiruser]
scope = AutoRegister
role = Wireless
[31:eduroam&wireless_eap&!csiruser]
scope = AutoRegister
role = eduroam
action = register_node
action_param = mac = $mac, category = eduroam, pid =
$radius_request->{'User-Name'}
[32:eduroam&wireless_eap&!csiruser]
scope = NormalVlan
role = eduroam
################################ ICC Guest
################################
# Must autoreg every time
[40:icc_guest]
scope = AutoRegister
role = guest
action = register_node
action_param = mac = $mac, category = guest, pid = admin, status =
registered
[41:icc_guest]
scope = NormalVlan
role = guest
################################ Apple devices Inline Guest
################################
# This will update the locationlog only if the device_type is iPhone
on Inline network (By default pfdhcplistener update the locationlog
for all devices) so if it's not a iPhone then it will not update
#
[notiphone]
filter = node_info
operator = match_not
attribute = device_type
value = iPhone
[notmacintosh]
filter = node_info
operator = match_not
attribute = device_class
value = Macintosh
[notandroid]
filter = node_info
operator = match_not
attribute = device_class
value = Smartphones
[50:notiphone¬macintosh¬android]
scope = InlineDhcpRequest
role = 1
>>> Durand fabrice <[email protected]> 8/27/2015 10:13 AM >>>
> Hi Craig,
The 50's rule is trigger in the pfdhcplistener, so you have to restart
pfdhcplistener service to update it.
Also i think it's not the 50´s rule that cause the issue because the
autoregister process is made in the autoregister scope.
Can you send me the rules in the autoregister scope ?
Regards
Fabrice
Le 2015-08-27 03:56, Craig Strydom a écrit :
Hi Fabrice,
I restarted httpd.aaa, httpd.portal and httpd.webservices but am
still seeing a rule that I commented out.
In pfdhcplistener.log -> Match Vlan rule:
50:notiphone¬macintosh¬android (pf::vlan::filter::test)
I think it is causing Windows and Mac OS notebooks to not
autoregister but go into unreg vlan after 802.1x authentication.
Regards,
Craig.
>>> Durand fabrice <[email protected]> 8/26/2015 4:36 PM >>>
> Hi Craig,
let's restart httpd.aaa
bin/pfcmd service httpd.aaa restart
Regards
Fabrice
Le 2015-08-26 09:28, Craig Strydom a écrit :
Hi All,
I apologize if this was answered somewhere else but I can not find it.
Which service needs to restart to activate the changes made to the
vlan_filters.conf file?
I can not restart the entire PF server as it has been put into
production.
Thanks in advance.
Craig.
--
This message is subject to the CSIR's copyright terms and
conditions, e-mail legal notice, and implemented Open Document
Format (ODF) standard.
The full disclaimer details can be found at
http://www.csir.co.za/disclaimer.html.
This message has been scanned for viruses and dangerous content by
*MailScanner* <http://www.mailscanner.info/>,
and is believed to be clean.
Please consider the environment before printing this email.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
This message is subject to the CSIR's copyright terms and conditions,
e-mail legal notice, and implemented Open Document Format (ODF)
standard.
The full disclaimer details can be found at
http://www.csir.co.za/disclaimer.html.
This message has been scanned for viruses and dangerous content by
*MailScanner* <http://www.mailscanner.info/>,
and is believed to be clean.
Please consider the environment before printing this email.
--
This message is subject to the CSIR's copyright terms and conditions,
e-mail legal notice, and implemented Open Document Format (ODF)
standard.
The full disclaimer details can be found at
http://www.csir.co.za/disclaimer.html.
This message has been scanned for viruses and dangerous content by
*MailScanner* <http://www.mailscanner.info/>,
and is believed to be clean.
Please consider the environment before printing this email.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
This message is subject to the CSIR's copyright terms and conditions,
e-mail legal notice, and implemented Open Document Format (ODF) standard.
The full disclaimer details can be found at
http://www.csir.co.za/disclaimer.html.
This message has been scanned for viruses and dangerous content by
*MailScanner* <http://www.mailscanner.info/>,
and is believed to be clean.
Please consider the environment before printing this email.
--
This message is subject to the CSIR's copyright terms and conditions,
e-mail legal notice, and implemented Open Document Format (ODF) standard.
The full disclaimer details can be found at
http://www.csir.co.za/disclaimer.html.
This message has been scanned for viruses and dangerous content by
*MailScanner* <http://www.mailscanner.info/>,
and is believed to be clean.
Please consider the environment before printing this email.
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
