Hi Louis,
After changing the type to Juniper::EX2200 I get the following in
packetfence.log
May 11 13:59:45 httpd.aaa(2637) INFO: [mac:00:21:cc:be:a1:3f] Found method
CODE(0x7f1f30c207d8) for REST path /radius/rest/authorize
(pf::WebAPI::REST::handler)
May 11 13:59:45 httpd.aaa(2637) INFO: [mac:00:21:cc:be:a1:3f] handling
radius autz request: from switch_ip => (172.22.0.201), connection_type =>
Ethernet-EAP,switch_mac => (54:e0:32:9c:1d:80), mac => [00:21:cc:be:a1:3f],
port => ge-0/0/2.0, username => "FCC\dberube" (pf::radius::authorize)
May 11 13:59:45 httpd.aaa(2637) INFO: [mac:00:21:cc:be:a1:3f] Could not
find any IP phones through discovery protocols for ifIndex ge-0/0/2.0
(pf::Switch::getPhonesDPAtIfIndex)
May 11 13:59:45 httpd.aaa(2637) INFO: [mac:00:21:cc:be:a1:3f] is of status
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
May 11 13:59:45 httpd.aaa(2637) INFO: [mac:00:21:cc:be:a1:3f]
(172.22.0.201) Added VLAN 98 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
May 11 13:59:45 httpd.aaa(2637) INFO: [mac:00:21:cc:be:a1:3f] Updating
locationlog from accounting request (pf::api::handle_accounting_metadata)
May 11 13:59:45 httpd.portal(2871) INFO: [mac:00:21:cc:be:a1:3f] Dealing
with a endpoint / browser with captive-portal detection capabilities while
having a self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
May 11 13:59:45 httpd.portal(2871) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)
May 11 13:59:46 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f] Dealing
with a endpoint / browser with captive-portal detection capabilities while
having a self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
May 11 13:59:46 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)
Here's the output from raddebug:
https://gist.github.com/dberube1/25f9959fa769171e49bae5cacfe68b6e
Just for the sake of being through I have tried authenticating through the
captive portal and the port never gets moved out of the registration vlan
until you physically unplug and replug the cable or disable/enable the port
on the cli.
Here's the contents of packetfence.log after trying the captive portal.
May 11 14:00:40 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Dealing
with a endpoint / browser with captive-portal detection capabilities while
having a self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
May 11 14:00:40 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)
May 11 14:00:44 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)
May 11 14:00:44 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)
May 11 14:00:47 httpd.portal(2871) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)
May 11 14:00:47 httpd.portal(2872) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:47 httpd.portal(2872) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:47 httpd.portal(2872) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:47 httpd.portal(2872) INFO: [mac:00:21:cc:be:a1:3f] Updating
node user_agent with useragent: 'Mozilla/5.0 (Windows NT 10.0; WOW64;
Trident/7.0; rv:11.0) like Gecko'
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)
May 11 14:00:49 httpd.portal(2874) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:49 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:49 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:49 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Updating
node user_agent with useragent: 'Mozilla/4.0 (compatible; MSIE 7.0; Windows
NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET
CLR 3.0.30729; .NET CLR 3.5.30729)'
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)
May 11 14:00:49 httpd.portal(2872) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:49 httpd.portal(2872) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:49 httpd.portal(2872) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f]
Authenticating user using sources : local,fcc-ad,file1
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] [fcc-ad]
Authentication successful for dberube
(pf::Authentication::Source::LDAPSource::authenticate)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f]
Authentication successful for 'dberube' in source fcc-ad (AD)
(pf::authentication::authenticate)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Found
source fcc-ad in session. (Class::MOP::Class:::around)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Found
source fcc-ad in session. (Class::MOP::Class:::around)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f]
Successfully authenticated dberube
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Found
source fcc-ad in session. (Class::MOP::Class:::around)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] User
dberube has authenticated on the portal. (Class::MOP::Class:::after)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Found
source fcc-ad in session. (Class::MOP::Class:::around)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] User
dberube has authenticated on the portal. (Class::MOP::Class:::after)
May 11 14:00:58 httpd.portal(3022) WARN: [mac:00:21:cc:be:a1:3f] Calling
match with empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Using
sources fcc-ad for matching (pf::authentication::match)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Matched
rule (technology) in source fcc-ad, returning actions.
(pf::Authentication::Source::match)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Found
source fcc-ad in session. (Class::MOP::Class:::around)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] User
dberube has authenticated on the portal. (Class::MOP::Class:::after)
May 11 14:00:58 httpd.portal(3022) WARN: [mac:00:21:cc:be:a1:3f] Calling
match with empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Using
sources fcc-ad for matching (pf::authentication::match)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Matched
rule (technology) in source fcc-ad, returning actions.
(pf::Authentication::Source::match)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Found
source fcc-ad in session. (Class::MOP::Class:::around)
May 11 14:00:58 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Found
source fcc-ad in session. (Class::MOP::Class:::around)
May 11 14:00:58 httpd.portal(2992) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f] User
dberube has authenticated on the portal. (Class::MOP::Class:::after)
May 11 14:00:58 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f] No
provisioner found for 00:21:cc:be:a1:3f. Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
May 11 14:00:58 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f] User
dberube has authenticated on the portal. (Class::MOP::Class:::after)
May 11 14:00:58 httpd.portal(2992) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Releasing
device (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] is
currentlog connected at (172.22.0.201) ifIndex ge-0/0/2 registration
(pf::enforcement::_should_we_reassign_vlan)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Using
sources local, file1, fcc-ad for matching (pf::authentication::match)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Matched
rule (technology) in source fcc-ad, returning actions.
(pf::Authentication::Source::match)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Using
sources local, file1, fcc-ad for matching (pf::authentication::match)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Matched
rule (technology) in source fcc-ad, returning actions.
(pf::Authentication::Source::match)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] Username
was defined "FCC\dberube" - returning role 'Technology Services'
(pf::role::getRegisteredRole)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] PID:
"dberube", Status: reg Returned VLAN: (undefined), Role: Technology
Services (pf::role::fetchRoleForNode)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] VLAN
reassignment required (current VLAN = 98 but should be in VLAN 51)
(pf::enforcement::_should_we_reassign_vlan)
May 11 14:00:58 httpd.portal(2874) INFO: [mac:00:21:cc:be:a1:3f] switch
port is (172.22.0.201) ifIndex ge-0/0/2 connection type: Wired 802.1x
(pf::enforcement::_vlan_reevaluation)
May 11 14:01:10 httpd.portal(3022) INFO: [mac:00:21:cc:be:a1:3f] Dealing
with a endpoint / browser with captive-portal detection capabilities while
having a self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
Thanks,
Dustin
On Wed, May 11, 2016 at 1:28 PM, Louis Munro <[email protected]> wrote:
> Hi Dustin,
> Try setting the type to “Juniper::EX2200”.
>
> The generic code for the EX module is very old.
> It may be time for us to revisit it.
>
> Regards,
> --
> Louis Munro
> [email protected] :: www.inverse.ca
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On May 11, 2016, at 13:14 , Dustin Berube <[email protected]> wrote:
>
> Hi Louis,
>
> I'm testing this against a Juniper EX4200-48PX running Junos 13.2X51-D35.3
> (latest branch of 13.2).
>
>
>
>
> Here's the config from switches.conf
>
> [172.22.0.201]
> mode=production
> Technology ServicesVlan=51
> VoIPCDPDetect=N
> VoIPDHCPDetect=N
> AccessListMap=N
> description=EX 4200
> SNMPVersionTrap=2c
> cliPwd=<redacted>
> cliTransport=SSH
> UrlMap=N
> registrationVlan=98
> Technology ServicesRole=techsvcs_51
> cliUser=packetfence
> deauthMethod=RADIUS
> type=Juniper::EX
> VoIPLLDPDetect=N
> isolationVlan=97
> radiusSecret=<redacted>
> SNMPVersion=2c
> cliEnablePwd=<redacted>
> voiceVlan=99
>
>
>
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data
> untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
