I’m pulling my hair now in despair …
I added few more WAP to switches.conf file and restarted RADIUS.
Trying to authenticate as a valid user and it is successful (as it says in
RADIUS audit log)
But the endpoint can’t communicate at all via IP and it can’t even request IP
address via DHCP.
It’s as if VLAN being assigned by RADIUS is not the one that should be and I
don’t know which one it is
Eugene
From: E.P. [mailto:ype...@gmail.com]
Sent: Monday, January 29, 2018 5:39 PM
To: packetfence-users@lists.sourceforge.net
Cc: 'Durand fabrice'
Subject: RE: [PacketFence-users] VLAN assigment by RADIUS
Well, that’s my problem, Fabrice,
I’ve already checked that log, nothing in there ;)
RADIUS Request
User-Name = "it.tech" NAS-IP-Address = 172.19.254.2 NAS-Port = 0 Framed-MTU =
1400 State = 0xe7795756e6bf4d151b0bfaeaef977462 Called-Station-Id =
"24:a4:3c:5e:c1:11:staff-secured" Calling-Station-Id = "3c:2e:ff:3b:c7:ca"
NAS-Identifier = "24a43c507608" NAS-Port-Type = Wireless-802.11 Event-Timestamp
= "Jan 30 2018 01:36:24 UTC" Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message
= 0x02c600061a03 FreeRADIUS-Proxied-To = 127.0.0.1 EAP-Type = MSCHAPv2
Stripped-User-Name = "it.tech" Realm = "default" Called-Station-SSID =
"staff-secured" PacketFence-Domain = "optionsad" User-Password = "******"
SQL-User-Name = "it.tech"
RADIUS Reply
EAP-Message = 0x03c60004 Message-Authenticator =
0x00000000000000000000000000000000 Stripped-User-Name = "it.tech"
From: Durand fabrice via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Monday, January 29, 2018 5:18 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice
Subject: Re: [PacketFence-users] VLAN assigment by RADIUS
Hello Eugene,
check in the radius audit log, you will see the radius answer.
Regards
Fabrice
Le 2018-01-29 à 19:41, E.P. via PacketFence-users a écrit :
Guys,
How can I see if a specific VLAN ID that I assigned to the switch (or rather
WAP) in “Role by VLAN ID” setting.
I have it as follows (extract from switches.conf file)
StaffRole=10
StaffVlan=10
Should I take into account not a very good marriage of Ubiquiti Unifi and
FreeRADIUS when it comes to VLAN ID assignment?
I see in the RADIUS debugs that VLAN is indeed assigned to the user session
(see below) but what is its ID ?
(88) attr_filter.packetfence_post_auth: EXPAND %{User-Name}
(88) attr_filter.packetfence_post_auth: --> it.tech
(88) attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10
(88) [attr_filter.packetfence_post_auth] = updated
(88) linelog: EXPAND messages.%{%{reply:Packet-Type}:-default}
(88) linelog: --> messages.Access-Accept
(88) linelog: EXPAND [mac:%{Calling-Station-Id}] Accepted user:
%{reply:User-Name} and returned VLAN %{reply:Tunnel-Private-Group-ID}
(88) linelog: --> [mac:3c:2e:ff:3b:c7:ca] Accepted user: and returned VLAN
(88) [linelog] = ok
(88) } # post-auth = updated
(88) Login OK: [it.tech] (from client 172.19.254.2 port 0 cli 3c:2e:ff:3b:c7:ca)
(88) Sent Access-Accept Id 46 from 172.16.0.222:1812 to 172.19.254.2:32784
length 0
Eugene
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users