I have done some more testing and am still not understanding why packetfence thinks a device is from a secure network. All of the devices I am testing with have never been registered to a 802.1x network.
I shutdown all others wlans and left only the guest network running. If I take a brand new device that pf hasn't seen and attach it to the guest wireless, I still get the "Device is comming from a secure connection and has been auto registered, we unreg it and forward it to the portal" message. Thank you Sean On 2016-04-09 16:34, Tim DeNike wrote: > Wpa2-psk isn't "secure". Wpa2 802.1x is. What it means is if a > device was previously auto registered (like via dot1x), then > unregister it when connecting to a Mac based ssid. > > Probably better to do it with a null authentication source/portal > profile. Might be other ways to do it, though. > > > Sent from my iPhone > >> On Apr 9, 2016, at 5:04 PM, forums <for...@stepanek.net> wrote: >> >> >> I have setup a clean install of pf 5.7.0. The only thing I have added >> is my wlc to the switches and a auto-register config I have placed in >> vlan_filters.conf. It is below the logfile. >> >> It appears that it is working, however pf believes that the device is >> coming from a secured connection and then unregisters it. >> I am not sure what is triggering that. I do have a wpa-psk wlan on >> the >> controller, however I have not updated the wlan config to use pf. I >> only have a guest ssid that is doing mac auth to the packetfence box. >> The device I tested with was not on the secure ssid as I have not >> added >> the wireless key to it. >> >> pf.conf is pretty bare outside of the interfaces, database password, >> e-mail address and hostname. >> >> Am I just missing the "unreg it if..." option somewhere? >> >> Thank you >> Sean >> >> >> INFO: [mac:ac:5f:3e:a8:62:67] handling radius autz request: from >> switch_ip => (172.18.252.50), connection_type => >> Wireless-802.11-NoEAP,switch_mac => (00:1c:0e:24:09:80), mac => >> [ac:5f:3e:a8:62:67], port => 29, username => "ac5f3ea86267", ssid => >> Guest (pf::radius::authorize) >> INFO: [mac:ac:5f:3e:a8:62:67] does not yet exist in database. Adding >> it >> now (pf::radius::authorize) >> INFO: [mac:ac:5f:3e:a8:62:67] Match rule 1:guestwifi >> (pf::access_filter::test) >> INFO: [mac:ac:5f:3e:a8:62:67] Instantiate profile default >> (pf::Portal::ProfileFactory::_from_profile) >> INFO: [mac:ac:5f:3e:a8:62:67] Instantiate profile default >> (pf::Portal::ProfileFactory::_from_profile) >> INFO: [mac:ac:5f:3e:a8:62:67] autoregister a node that is already >> registered, do nothing. (pf::node::node_register) >> INFO: [mac:ac:5f:3e:a8:62:67] Instantiate profile default >> (pf::Portal::ProfileFactory::_from_profile) >> INFO: [mac:ac:5f:3e:a8:62:67] Connection type is WIRELESS_MAC_AUTH. >> Getting role from node_info (pf::role::getRegisteredRole) >> INFO: [mac:ac:5f:3e:a8:62:67] Device is comming from a secure >> connection >> and has been auto registered, we unreg it and forward it to the >> portal(pf::role::getRegisteredRole) >> INFO: [mac:ac:5f:3e:a8:62:67] Username was defined "ac5f3ea86267" - >> returning role 'registration' (pf::role::getRegisteredRole) >> INFO: [mac:ac:5f:3e:a8:62:67] PID: "default", Status: reg Returned >> VLAN: >> (undefined), Role: registration (pf::role::fetchRoleForNode) >> INFO: [mac:ac:5f:3e:a8:62:67] (172.18.252.50) Added VLAN 100 to the >> returned RADIUS reply (pf::Switch::returnRadiusAccessAccept) >> INFO: [mac:ac:5f:3e:a8:62:67] (172.18.252.50) Added role registration >> to >> the returned RADIUS Access-Accept >> (pf::Switch::returnRadiusAccessAccept) >> INFO: [mac:ac:5f:3e:a8:62:67] (172.18.252.50) Returning ACCEPT with >> VLAN >> 100 and role registration (pf::Switch::returnRadiusAccessAccept) >> >> >> vlan_filters.conf >> >> [guestwifi] >> filter = ssid >> operator = is >> value = Guest >> >> # Must autoreg every time >> [1:guestwifi] >> scope = AutoRegister >> role = guest >> action = register_node >> action_param = mac = $mac, category = guest, pid = admin, status = >> registered, unregdate = 2016-11-0123:59:59 >> >> [2:guestwifi] >> scope = NormalVlan >> role = guest >> >> >> >> >> ------------------------------------------------------------------------------ >> Find and fix application performance issues faster with Applications >> Manager >> Applications Manager provides deep performance insights into multiple >> tiers of >> your business applications. It resolves application problems quickly >> and >> reduces your MTTR. Get your free trial! >> http://pubads.g.doubleclick.net/ >> gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532 >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into multiple > tiers of > your business applications. It resolves application problems quickly > and > reduces your MTTR. Get your free trial! > http://pubads.g.doubleclick.net/ > gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532 > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532 _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
