Hi Fabrice, This is all that goes in the log: Aug 27 11:27:40 httpd.portal(2110) WARN: Lost in Inline (pf::web::dispatcher::handler) Aug 27 11:27:40 httpd.portal(2110) INFO: Matched IP '10.29.20.145' to MAC address '78:40:e4:4f:d1:16' using OMAPI (pf::iplog::ip2mac) Aug 27 11:27:46 httpd.aaa(5078) INFO: [24:77:03:a6:fd:50] handling radius autz request: from switch_ip => (146.64.62.7), connection_type => Wireless-802.11-EAP,switch_mac => (a0:48:1c:36:f4:30) Aug 27 11:27:46 httpd.aaa(5078) INFO: [24:77:03:a6:fd:50] is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) Aug 27 11:27:46 httpd.aaa(5078) INFO: [24:77:03:a6:fd:50] (146.64.62.7) Returning ACCEPT with VLAN 2912 and role (pf::Switch::returnRadiusAccessAccept) Aug 27 11:27:46 httpd.aaa(5078) INFO: Update of the locationlog based on accounting data is not supported on network device type pf::Switch::HP::Controller_MSM710. (pf::Switch::supportsRoaming Also, no "Match Vlan Rule" lines. Is it possible that the vlan_filters are not being initialized when httpd.aaa restarts? Thanks, Craig.
>>> Durand fabrice <[email protected]> 8/27/2015 11:10 AM >>> > Hi Craig, can you try that: [10:csir_wireless] scope = AutoRegister role = Wireless [11:csir_wireless] scope = AutoRegister role = Wireless action = register_node action_param = mac = $mac, category = Wireless, pid = $radius_request->{'User-Name'} [12:csir_wireless] scope = NormalVlan role = Wireless And restart httpd.aaa. Also do you have in packetfence.log something like: Match Vlan rule: 10 ... Regards Fabrice Le 2015-08-27 04:49, Craig Strydom a écrit : Hi Fabrice, I did restart pfdhcplistener but still see this in the log: Match Vlan rule: 50:notiphone¬macintosh¬android (pf::vlan::filter::test) icc guest ssid works fine. android and ipad works fine. It also works if the notebook is already registered ie connecting to icc guest ssid and then to CSIR Wireless works. Looks like the auto register part is being ignored. regards, Craig. Here is vlan_filters.conf # Configure custom vlan info here - custom.pm replacement ################################ General Definitions ################################ # Secure SSID [csir_wireless] filter = ssid operator = is value = CSIR Wireless # Secure SSID [eduroam] filter = ssid operator = is value = eduroam # Open SSID with NO authentication [icc_guest] filter = ssid operator = is value = ICC Guest [wireless_eap] filter = connection_type operator = is value = Wireless-802.11-EAP [wireless_noeap] filter = connection_type operator = is value = Wireless-802.11-NoEAP #Check if csir email is used for eduroam login - proxy to CSIR server [csiruser] filter = username operator = match value = csir\.co\.za ############################################################################### ############################### Specific RULES ################################ #################### Each rule must have unique id number ##################### ################################ CSIR Wireless ################################ [10:csir_wireless&wireless_eap] scope = AutoRegister role = Wireless [11:csir_wireless&wireless_eap] scope = AutoRegister role = Wireless action = register_node action_param = mac = $mac, category = Wireless, pid = $radius_request->{'User-Name'} [12:csir_wireless&wireless_eap] scope = NormalVlan role = Wireless ################################ eduroam - CSIR ################################ [20:eduroam&wireless_eap&csiruser] scope = AutoRegister role = Wireless [21:eduroam&wireless_eap&csiruser] scope = AutoRegister role = Wireless action = register_node action_param = mac = $mac, category = Wireless, pid = $radius_request->{'User-Name'} [22:eduroam&wireless_eap&csiruser] scope = NormalVlan role = Wireless ################################ eduroam - External ################################ [30:eduroam&wireless_eap&!csiruser] scope = AutoRegister role = Wireless [31:eduroam&wireless_eap&!csiruser] scope = AutoRegister role = eduroam action = register_node action_param = mac = $mac, category = eduroam, pid = $radius_request->{'User-Name'} [32:eduroam&wireless_eap&!csiruser] scope = NormalVlan role = eduroam ################################ ICC Guest ################################ # Must autoreg every time [40:icc_guest] scope = AutoRegister role = guest action = register_node action_param = mac = $mac, category = guest, pid = admin, status = registered [41:icc_guest] scope = NormalVlan role = guest ################################ Apple devices Inline Guest ################################ # This will update the locationlog only if the device_type is iPhone on Inline network (By default pfdhcplistener update the locationlog for all devices) so if it's not a iPhone then it will not update # [notiphone] filter = node_info operator = match_not attribute = device_type value = iPhone [notmacintosh] filter = node_info operator = match_not attribute = device_class value = Macintosh [notandroid] filter = node_info operator = match_not attribute = device_class value = Smartphones [50:notiphone¬macintosh¬android] scope = InlineDhcpRequest role = 1 >>> Durand fabrice <[email protected]> ( mailto:[email protected]) 8/27/2015 10:13 AM >>> > Hi Craig, The 50's rule is trigger in the pfdhcplistener, so you have to restart pfdhcplistener service to update it. Also i think it's not the 50´s rule that cause the issue because the autoregister process is made in the autoregister scope. Can you send me the rules in the autoregister scope ? Regards Fabrice Le 2015-08-27 03:56, Craig Strydom a écrit : Hi Fabrice, I restarted httpd.aaa, httpd.portal and httpd.webservices but am still seeing a rule that I commented out. In pfdhcplistener.log -> Match Vlan rule: 50:notiphone¬macintosh¬android (pf::vlan::filter::test) I think it is causing Windows and Mac OS notebooks to not autoregister but go into unreg vlan after 802.1x authentication. Regards, Craig. >>> Durand fabrice <[email protected]> ( mailto:[email protected]) 8/26/2015 4:36 PM >>> > Hi Craig, let's restart httpd.aaa bin/pfcmd service httpd.aaa restart Regards Fabrice Le 2015-08-26 09:28, Craig Strydom a écrit : Hi All, I apologize if this was answered somewhere else but I can not find it. Which service needs to restart to activate the changes made to the vlan_filters.conf file? I can not restart the entire PF server as it has been put into production. Thanks in advance. Craig. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Please consider the environment before printing this email.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
