I get the same results if I remove all parts except CSIR Wireless and restart httpd.aaa
>>> Durand fabrice <[email protected]> 27/08/2015 11:10 >>> > Hi Craig, can you try that: [10:csir_wireless] scope = AutoRegister role = Wireless [11:csir_wireless] scope = AutoRegister role = Wireless action = register_node action_param = mac = $mac, category = Wireless, pid = $radius_request->{'User-Name'} [12:csir_wireless] scope = NormalVlan role = Wireless And restart httpd.aaa. Also do you have in packetfence.log something like: Match Vlan rule: 10 ... Regards Fabrice Le 2015-08-27 04:49, Craig Strydom a écrit : Hi Fabrice, I did restart pfdhcplistener but still see this in the log: Match Vlan rule: 50:notiphone¬macintosh¬android (pf::vlan::filter::test) icc guest ssid works fine. android and ipad works fine. It also works if the notebook is already registered ie connecting to icc guest ssid and then to CSIR Wireless works. Looks like the auto register part is being ignored. regards, Craig. Here is vlan_filters.conf # Configure custom vlan info here - custom.pm replacement ################################ General Definitions ################################ # Secure SSID [csir_wireless] filter = ssid operator = is value = CSIR Wireless # Secure SSID [eduroam] filter = ssid operator = is value = eduroam # Open SSID with NO authentication [icc_guest] filter = ssid operator = is value = ICC Guest [wireless_eap] filter = connection_type operator = is value = Wireless-802.11-EAP [wireless_noeap] filter = connection_type operator = is value = Wireless-802.11-NoEAP #Check if csir email is used for eduroam login - proxy to CSIR server [csiruser] filter = username operator = match value = csir\.co\.za ############################################################################### ############################### Specific RULES ################################ #################### Each rule must have unique id number ##################### ################################ CSIR Wireless ################################ [10:csir_wireless&wireless_eap] scope = AutoRegister role = Wireless [11:csir_wireless&wireless_eap] scope = AutoRegister role = Wireless action = register_node action_param = mac = $mac, category = Wireless, pid = $radius_request->{'User-Name'} [12:csir_wireless&wireless_eap] scope = NormalVlan role = Wireless ################################ eduroam - CSIR ################################ [20:eduroam&wireless_eap&csiruser] scope = AutoRegister role = Wireless [21:eduroam&wireless_eap&csiruser] scope = AutoRegister role = Wireless action = register_node action_param = mac = $mac, category = Wireless, pid = $radius_request->{'User-Name'} [22:eduroam&wireless_eap&csiruser] scope = NormalVlan role = Wireless ################################ eduroam - External ################################ [30:eduroam&wireless_eap&!csiruser] scope = AutoRegister role = Wireless [31:eduroam&wireless_eap&!csiruser] scope = AutoRegister role = eduroam action = register_node action_param = mac = $mac, category = eduroam, pid = $radius_request->{'User-Name'} [32:eduroam&wireless_eap&!csiruser] scope = NormalVlan role = eduroam ################################ ICC Guest ################################ # Must autoreg every time [40:icc_guest] scope = AutoRegister role = guest action = register_node action_param = mac = $mac, category = guest, pid = admin, status = registered [41:icc_guest] scope = NormalVlan role = guest ################################ Apple devices Inline Guest ################################ # This will update the locationlog only if the device_type is iPhone on Inline network (By default pfdhcplistener update the locationlog for all devices) so if it's not a iPhone then it will not update # [notiphone] filter = node_info operator = match_not attribute = device_type value = iPhone [notmacintosh] filter = node_info operator = match_not attribute = device_class value = Macintosh [notandroid] filter = node_info operator = match_not attribute = device_class value = Smartphones [50:notiphone¬macintosh¬android] scope = InlineDhcpRequest role = 1 >>> Durand fabrice <[email protected]> ( mailto:[email protected]) 8/27/2015 10:13 AM >>> > Hi Craig, The 50's rule is trigger in the pfdhcplistener, so you have to restart pfdhcplistener service to update it. Also i think it's not the 50´s rule that cause the issue because the autoregister process is made in the autoregister scope. Can you send me the rules in the autoregister scope ? Regards Fabrice Le 2015-08-27 03:56, Craig Strydom a écrit : Hi Fabrice, I restarted httpd.aaa, httpd.portal and httpd.webservices but am still seeing a rule that I commented out. In pfdhcplistener.log -> Match Vlan rule: 50:notiphone¬macintosh¬android (pf::vlan::filter::test) I think it is causing Windows and Mac OS notebooks to not autoregister but go into unreg vlan after 802.1x authentication. Regards, Craig. >>> Durand fabrice <[email protected]> ( mailto:[email protected]) 8/26/2015 4:36 PM >>> > Hi Craig, let's restart httpd.aaa bin/pfcmd service httpd.aaa restart Regards Fabrice Le 2015-08-26 09:28, Craig Strydom a écrit : Hi All, I apologize if this was answered somewhere else but I can not find it. Which service needs to restart to activate the changes made to the vlan_filters.conf file? I can not restart the entire PF server as it has been put into production. Thanks in advance. Craig. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner ( http://www.mailscanner.info/) , and is believed to be clean. Please consider the environment before printing this email. -- This message is subject to the CSIR's copyright terms and conditions, e-mail legal notice, and implemented Open Document Format (ODF) standard. The full disclaimer details can be found at http://www.csir.co.za/disclaimer.html. This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Please consider the environment before printing this email.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
