Hello Umberto, You can't use url redirect with your current version. What you can only do is vlan enforcement.
Regards Fabrice Le 2015-12-11 04:32, Umberto Ciocca a écrit : > Hello Fabrice, hello Antoine, > unfortunately, I can't configure Nac state. My WLC (ver. 5.0.148.0) > don't support the "Nac state" option. > Searching in documentation pages, I found: > - from > http://www.packetfence.org/documentation/pod/pf/Switch/Cisco/WLC_http.html > : > ... > Status > Developed and tested on firmware version 7.6.100 (should work on > 7.4.100). > > - from > http://www.packetfence.org/documentation/pod/pf/Switch/Cisco/WLC.html : > ... > Status > Developed and tested on firmware version 4.2.130 altought the new > RADIUS RFC3576 support requires firmware v5 and later. > Supports > Deauthentication with RADIUS Disconnect (RFC3576) > Deauthentication with SNMP > > I get a correct Radius answer configuring switch type as "WLC HTTP" , > but probably my WLC 4402 firmware is not supported. Configuring it as > "WLC 4400", here is the answer: > ... > # raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3600 > Received Access-Request packet from host 10.1.0.10 port 32770, id=77, > length=176 > User-Name = "b0c5591cbc05" > Called-Station-Id = "00-1b-2b-68-be-70:OnlyForTest" > Calling-Station-Id = "b0-c5-59-1c-bc-05" > NAS-Port = 1 > NAS-IP-Address = 10.1.0.10 > NAS-Identifier = "WLC1-RETTORATO" > Airespace-Wlan-Id = 6 > User-Password = "b0c5591cbc05" > Service-Type = Call-Check > Framed-MTU = 1300 > NAS-Port-Type = Wireless-802.11 > Tunnel-Type:0 = VLAN > Tunnel-Medium-Type:0 = IEEE-802 > Tunnel-Private-Group-Id:0 = "33" > server packetfence { > # Executing section authorize from file > /usr/local/pf/raddb//sites-enabled/packetfence > +group authorize { > [suffix] No '@' in User-Name = "b0c5591cbc05", skipping NULL due to > config. > ++[suffix] = noop > [ntdomain] No '\' in User-Name = "b0c5591cbc05", looking up realm NULL > [ntdomain] No such realm "NULL" > ++[ntdomain] = noop > ++[preprocess] = ok > [eap] No EAP-Message, not doing EAP > ++[eap] = noop > [files] users: Matched entry DEFAULT at line 5 > ++[files] = ok > ++[expiration] = noop > ++[logintime] = noop > ++update request { > expand: %{Packet-Src-IP-Address} -> 10.1.0.10 > ++} # update request = noop > ++update control { > ++} # update control = noop > ++[packetfence] = noop > +} # group authorize = ok > Found Auth-Type = Accept > Auth-Type = Accept, accepting the user > } # server packetfence > # Executing section post-auth from file > /usr/local/pf/raddb//sites-enabled/packetfence > +group post-auth { > ++[exec] = noop > ++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) > ? Evaluating !(EAP-Type ) -> TRUE > ?? Skipping (EAP-Type != EAP-TTLS ) > ?? Skipping (EAP-Type != PEAP) > ++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE > ++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) { > +++update control { > +++} # update control = noop > +++[packetfence] = ok > ++} # if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = ok > +} # group post-auth = ok > Sending Access-Accept packet to host 10.1.0.10 port 32770, id=77, length=0 > Airespace-ACL-Name = "Pre-Auth-For-WebRedirect" > Finished request 66. > Cleaning up request 66 ID 77 with timestamp +342092 > Received Access-Request packet from host 10.1.0.10 port 32770, id=78, > length=176 > User-Name = "60af6df041e8" > Called-Station-Id = "00-1b-2b-68-be-70:OnlyForTest" > Calling-Station-Id = "60-af-6d-f0-41-e8" > NAS-Port = 1 > NAS-IP-Address = 10.1.0.10 > NAS-Identifier = "WLC1-RETTORATO" > Airespace-Wlan-Id = 6 > User-Password = "60af6df041e8" > Service-Type = Call-Check > Framed-MTU = 1300 > NAS-Port-Type = Wireless-802.11 > Tunnel-Type:0 = VLAN > Tunnel-Medium-Type:0 = IEEE-802 > Tunnel-Private-Group-Id:0 = "33" > server packetfence { > # Executing section authorize from file > /usr/local/pf/raddb//sites-enabled/packetfence > +group authorize { > [suffix] No '@' in User-Name = "60af6df041e8", skipping NULL due to > config. > ++[suffix] = noop > [ntdomain] No '\' in User-Name = "60af6df041e8", looking up realm NULL > [ntdomain] No such realm "NULL" > ++[ntdomain] = noop > ++[preprocess] = ok > [eap] No EAP-Message, not doing EAP > ++[eap] = noop > [files] users: Matched entry DEFAULT at line 5 > ++[files] = ok > ++[expiration] = noop > ++[logintime] = noop > ++update request { > expand: %{Packet-Src-IP-Address} -> 10.1.0.10 > ++} # update request = noop > ++update control { > ++} # update control = noop > ++[packetfence] = noop > +} # group authorize = ok > Found Auth-Type = Accept > Auth-Type = Accept, accepting the user > } # server packetfence > # Executing section post-auth from file > /usr/local/pf/raddb//sites-enabled/packetfence > +group post-auth { > ++[exec] = noop > ++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) > ? Evaluating !(EAP-Type ) -> TRUE > ?? Skipping (EAP-Type != EAP-TTLS ) > ?? Skipping (EAP-Type != PEAP) > ++? if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) -> TRUE > ++if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) { > +++update control { > +++} # update control = noop > +++[packetfence] = ok > ++} # if (!EAP-Type || (EAP-Type != EAP-TTLS && EAP-Type != PEAP)) = ok > +} # group post-auth = ok > Sending Access-Accept packet to host 10.1.0.10 port 32770, id=78, length=0 > Airespace-ACL-Name = "Pre-Auth-For-WebRedirect" > Finished request 67. > Cleaning up request 67 ID 78 with timestamp +342162 > ... > > I'm connected and free to access the internet, without http > redirection. I can ping the ip address of portal page, but I can't > reach the web page. Netstat says ports 80 and 443 are open... > Thanks, > Umberto > > Il 10/12/2015 16:16, Fabrice DURAND ha scritto: >> Hello Umberto, >> >> did you configure Nac State: Radius NAC ? >> >> >> Regards >> Fabrice >> > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
