Re: [PacketFence-users] Soap deauthentication with HP MSM760

Fri, 25 Sep 2015 09:48:07 -0700 

Hi,

This is great! I'll go ahead and try it right away.
I've got one client on the network right now, so isn't a load issue (most 
likely).

I'll get back to you in a 30min.

Best Regards,
Simon Gottschlag


From: Louis Munro [mailto:[email protected]]
Sent: den 25 september 2015 18:05
To: [email protected]
Subject: Re: [PacketFence-users] Soap deauthentication with HP MSM760

Hi Simon,
The HP controllers are known to have issues with disconnection when under load, 
regardless of the method used to disconnect.

We have been working with some clients for years on these issues.
When the load is sufficiently high the controller may simply stop to respond to 
disconnections whether they are called over RADIUS, ssh, SOAP or SNMP.

That said, I have implemented a _deauthenticateMacWithSOAP for the MSM710 a 
while ago (more than two years).
Since it did not really fix the problem (because the issue really is with the 
controller and not the deauth method) and it was a bit of a hack, this code 
never made it into the PF release.
You can still have a look and see if it could be useful to you:

https://github.com/louismunro/packetfence/blob/feature/MSM_Controller/lib/pf/SNMP/HP/Cluster_MSM710.pm

Best regards,
--
Louis Munro
[email protected]<mailto:[email protected]>  ::  
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and 
PacketFence (www.packetfence.org<http://www.packetfence.org>)

On Sep 25, 2015, at 11:36 , Simon Gottschlag 
<[email protected]<mailto:[email protected]>> wrote:


Hi!

I've been struggling with integrating HP MSM760 with PacketFence. I'm using the 
latest version of both and seems like the deauthentication doesn't work. I've 
seen a few other threads where they've been having the same problem.

I've figured out an easy way to deauthenticate the user using SOAP manually, 
but need some help to understand how I can get it to work automatically when a 
user gets a violation etc.

I've been able to write a perl script that does it for me.

Logoff / deauthentication:
--
#!/usr/bin/perl -w

use strict;

use LWP::UserAgent;
use HTTP::Request::Common;

my $userAgent = LWP::UserAgent->new(agent => 'perl post');

my $message = "<x:Envelope 
xmlns:x=\"http://schemas.xmlsoap.org/soap/envelope/\<http://schemas.xmlsoap.org/soap/envelope/>"
 
xmlns:ns=\"http://www.procurve_mobility_msm.com/SOAP/API/1.7/\<http://www.procurve_mobility_msm.com/SOAP/API/1.7/>">
                <x:Header/>
                <x:Body>
                        <ns:ExecuteNOCLogout>
                                <ns:sessionID>[Acct-Session-ID]</ns:sessionID>
                        </ns:ExecuteNOCLogout>
                </x:Body>
                </x:Envelope>";

my $response = $userAgent->request(POST 'http://[Controller IP]:448/SOAP',
Content_Type => 'text/xml; charset=utf-8',
SOAPAction => 
'http://www.procurve_mobility_msm.com/SOAP/API/1.7/ExecuteNOCLogout',
Content => $message);

print $response->error_as_HTML unless $response->is_success;

print $response->as_string;
--

Logon / authentication:
--
#!/usr/bin/perl -w

use strict;

use LWP::UserAgent;
use HTTP::Request::Common;

my $userAgent = LWP::UserAgent->new(agent => 'perl post');

my $message = "<x:Envelope 
xmlns:x=\"http://schemas.xmlsoap.org/soap/envelope/\<http://schemas.xmlsoap.org/soap/envelope/>"
 
xmlns:ns=\"http://www.procurve_mobility_msm.com/SOAP/API/1.7/\<http://www.procurve_mobility_msm.com/SOAP/API/1.7/>">
                <x:Header/>
                <x:Body>
                        <ns:ExecuteNOCLoginRequest>
                                <ns:userIPAddr>[Guest IP]</ns:userIPAddr>
                                <ns:username>[Guest Username]</ns:username>
                                <ns:password>[Guest Password / any will 
work]</ns:password>
                        </ns:ExecuteNOCLoginRequest>
                </x:Body>
                </x:Envelope>";

my $response = $userAgent->request(POST 'http://[Controller IP]:448/SOAP',
Content_Type => 'text/xml; charset=utf-8',
SOAPAction => 
'http://www.procurve_mobility_msm.com/SOAP/API/1.7/ExecuteNOCLoginRequest',
Content => $message);

print $response->error_as_HTML unless $response->is_success;

print $response->as_string;
--

My question to all of you! Any idea how I can get the deauthentication to work 
"automatically" instead of it trying SNMP / SSH?

Best regards,
Simon Gottschlag
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users


------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to