Hi Morgan,
your logs look perfect, the deauth happen and the new radius request
return the vlan 214.
So it's probably on the ap side, did you defined the vlan 214 on the AP,
is the vlan 214 is allowed on the switch port where the AP is plugged ?
Also do you run pf 5.6 and if yes can you check in the radius audit log
the answer of packetfence.
Regards
Fabrice
Le 2016-01-15 04:21, Morgan, Darren a écrit :
Hi Fabrice – Another update. I’ve amended the switch config but I
still cannot get the device to move to VLAN 214. Any ideas?
Jan 15 09:17:16 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling
radius autz request: from switch_ip => (192.168.214.9),
connection_type => Wireless-802.11-NoEAP,switch_mac =>
(40:18:b1:83:1d:a8), mac => [60:57:18:94:4d:a0], port => 0, username
=> "605718944da0" (pf::radius::authorize)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0]
(192.168.214.9) Returning ACCEPT with Role: registration
(pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning
ACCEPT with VLAN: 120 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:18:04 httpd.webservices(2022) INFO: Instantiate profile
default (pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:04 httpd.webservices(2022) INFO: Instantiate profile
default (pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Updating node user_agent with
useragent: 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36'
(captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAgent)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] redirected to authentication
page on default portal
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Jan 15 09:18:06 httpd.webservices(2022) INFO: Memory configuration is
not valid anymore for key config::Pf in local cached_hash
(pfconfig::cached::is_valid)
Jan 15 09:18:10 httpd.portal(23189) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] URI
'/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab' (URL:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab)
match proxy passthrough configuration. (pf::web::dispatcher::handler)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:17 httpd.portal(23187) WARN: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [OS_Staff] No entries found (0) with filter
(sAMAccountName=smith.f) from OU=Oundle,DC=oundleschool,DC=local on
192.168.100.42:389 (pf::Authentication::Source::LDAPSource::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [OS_Pupils] Authentication successful for smith.f
(pf::Authentication::Source::LDAPSource::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Authentication successful for smith.f in source
OS_Pupils (AD) (pf::authentication::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Successfully authenticated
smith.f/192.168.120.227/60:57:18:94:4d:a0
(captiveportal::PacketFence::Controller::Authenticate::authenticationLogin)
Jan 15 09:18:17 httpd.portal(23187) WARN: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [OS_Pupils Pupils_Default] Found a match (CN=Fred
Smith,OU=2020OU,OU=Pupils,OU=OS,DC=oundleschool,DC=local)
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Matched rule (Pupils_Default) in source
OS_Pupils, returning actions. (pf::Authentication::Source::match)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Memory configuration is not valid anymore for key
config::Switch in local cached_hash (pfconfig::cached::is_valid)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] re-evaluating access
(manage_register called) (pf::enforcement::reevaluate_access)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] is currentlog connected at
(192.168.214.9) ifIndex 0 in VLAN 120
(pf::enforcement::_should_we_reassign_vlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Connection type is
WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Username was defined
"605718944da0" - returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] PID: "smith.f", Status: reg
Returned VLAN: 214, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] VLAN reassignment required
(current VLAN = 120 but should be in VLAN 214)
(pf::enforcement::_should_we_reassign_vlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] switch port is
(192.168.214.9) ifIndex unknown connection type: WiFi MAC Auth
(pf::enforcement::_vlan_reevaluation)
Jan 15 09:18:18 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:19 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0]
DesAssociating mac on switch (192.168.214.9) (pf::api::desAssociate)
Jan 15 09:18:19 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0]
deauthenticating (pf::Switch::radiusDisconnect)
Jan 15 09:18:19 httpd.webservices(2022) INFO: Memory configuration is
not valid anymore for key interfaces::management_network in local
cached_hash (pfconfig::cached::is_valid)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling
radius autz request: from switch_ip => (192.168.214.9),
connection_type => Wireless-802.11-NoEAP,switch_mac =>
(40:18:b1:83:1d:94), mac => [60:57:18:94:4d:a0], port => 0, username
=> "605718944da0" (pf::radius::authorize)
Jan 15 09:18:19 httpd.aaa(1986) INFO: Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Connection
type is WIRELESS_MAC_AUTH. Getting role from node_info
(pf::vlan::getNormalVlan)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Username was
defined "605718944da0" - returning role 'OS_Pupils'
(pf::vlan::getNormalVlan)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] PID:
"smith.f", Status: reg Returned VLAN: 214, Role: OS_Pupils
(pf::vlan::fetchVlanForNode)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0]
(192.168.214.9) Returning ACCEPT with Role: OS_Pupils
(pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning
ACCEPT with VLAN: 214 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
[root@localhost ~]#
Darren
*From:*Durand fabrice [mailto:[email protected]]
*Sent:* 15 January 2016 01:08
*To:* [email protected]
*Subject:* Re: [PacketFence-users] PacketFence setup with Aerohive
Hello Morgan,
what is missing is probably the deauth, can you paste the
packetfence.log when you login ?
Regards
Fabrice
Le 2016-01-14 12:06, Morgan, Darren a écrit :
Hi,
I’m trying to set up our PacketFence system with our Wi-Fi. I
have managed to find some information online
(https://community.aerohive.com/aerohive/topics/aerohive-integration-with-packetfence
)
I can get Wi-Fi laptops to connect to the open SSID and they can
reach the PacketFence Authentication portal on the registration
VLAN, but once authenticated it does not seem to move the device
to the Authenticated VLAN. Does anyone have any experience with
connecting PF to Aerohive through the online hivemanager? Has
anyone got any tips for fault-finding this sort of issue?
Kind regards
Darren Morgan
Systems Manager
Oundle School
This email is sent from either Oundle School or Laxton Junior
School for The Corporation of Oundle School and is intended only
for the addressee named above. The Corporation of Oundle School
is a Charity incorporated under Royal Charter RC000396 and charity
number 309921. www.oundleschool.org.uk
<http://www.oundleschool.org.uk>
------------------------------------------------------------------------
Scanned by iCritical.
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
This email is sent from either Oundle School or Laxton Junior School
for The Corporation of Oundle School and is intended only for the
addressee named above. The Corporation of Oundle School is a Charity
incorporated under Royal Charter RC000396 and charity number 309921.
www.oundleschool.org.uk <http://www.oundleschool.org.uk>
------------------------------------------------------------------------
Scanned by iCritical.
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
