gentlemen, I'm with this same problem, I already tried the help forum to try to correct and so far I could not. Will I be accompanying you if you can, could you please help me?
Regards, Caique Araujo Em sex, 4 de jan de 2019 às 11:42, Kalcho via PacketFence-users < [email protected]> escreveu: > Hello Fabrice, > > Yes it receives a radius request from the controller. > Here is the output of the packetfence.log: > > Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: > [mac:cc:fd:17:ef:b3:e5] handling radius autz request: from switch_ip => > (172.16.0.10), connection_type => Wireless-802.11-NoEAP,switch_mac => > (88:90:8d:a1:59:d0), mac => [cc:fd:17:ef:b3:e5], port => 1, username => > "cc:fd:17:ef:b3:e5", ssid => BYOD (pf::radius::authorize) > Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: > [mac:cc:fd:17:ef:b3:e5] Instantiate profile byod-profile > (pf::Connection::ProfileFactory::_from_profile) > Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: > [mac:cc:fd:17:ef:b3:e5] is of status unreg; belongs into registration VLAN > (pf::role::getRegistrationRole) > Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: > [mac:cc:fd:17:ef:b3:e5] (172.16.0.10) Added VLAN 501 to the returned RADIUS > Access-Accept (pf::Switch::returnRadiusAccessAccept) > Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: > [mac:cc:fd:17:ef:b3:e5] (172.16.0.10) Added role > Pre-Auth-For-WebRedirect-PF to the returned RADIUS Access-Accept > (pf::Switch::returnRadiusAccessAccept) > Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: > [mac:cc:fd:17:ef:b3:e5] Adding web authentication redirection to reply > using role: 'Pre-Auth-For-WebRedirect-PF' and URL: ' > http://172.16.0.10/Cisco::WLC/sid0cf3c4?' > (pf::Switch::Cisco::WLC::returnRadiusAccessAccept) > Jan 4 08:15:57 packetfence packetfence_httpd.portal: httpd.portal(27455) > INFO: [mac:[undef]] URI '/Cisco::WLC/sid0cf3c4' is detected as an external > captive portal URI (pf::web::externalportal::handle) > > By radius audit log, do you mean on radius.log? > Here is the output of radius.log: > > Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Closing connection > (1409): Hit idle_timeout, was idle for 121 seconds > Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Closing connection > (1410): Hit idle_timeout, was idle for 121 seconds > Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Closing connection > (1408): Hit idle_timeout, was idle for 121 seconds > Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Opening additional > connection (1411), 1 of 64 pending slots used > Jan 4 08:15:54 packetfence auth[2865]: Need 2 more connections to reach > min connections (3) > Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Opening additional > connection (1412), 1 of 63 pending slots used > Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Closing > connection (1309): Hit idle_timeout, was idle for 160 seconds > Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Closing > connection (1308): Hit idle_timeout, was idle for 121 seconds > Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Closing > connection (1310): Hit idle_timeout, was idle for 121 seconds > Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Opening > additional connection (1311), 1 of 64 pending slots used > Jan 4 08:15:54 packetfence auth[2865]: Need 2 more connections to reach > min connections (3) > Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Opening > additional connection (1312), 1 of 63 pending slots used > Jan 4 08:15:54 packetfence auth[2865]: [mac:cc:fd:17:ef:b3:e5] Accepted > user: and returned VLAN 501 > Jan 4 08:15:54 packetfence auth[2865]: (58671) Login OK: > [cc:fd:17:ef:b3:e5] (from client 172.16.0.20 port 1 cli cc:fd:17:ef:b3:e5) > > > Packetfence management IP is 172.16.0.10 and WLC IP is 172.16.0.20. > This is the ip dhcp pool configuration on the L3 switch: > ip dhcp pool BYOD > network 192.168.1.0 255.255.255.0 > default-router 192.168.1.1 > dns-server 172.30.0.250 172.30.0.251 > > This is SVI defined on the same L3 switch: > interface Vlan501 > description PF_BYOD > ip address 192.168.1.1 255.255.255.0 > ip helper-address 172.16.0.10 > > WLC is directly connected tp the L3 switch, and has virtual interface in > this 501 VLAN which is used by this BYOD SSID. > > It happens that I am successfully connected to this BYOD SSID and receive > IP, but when pseudo browser opens on Android, as a result of redirection it > shows blank page now. Even tried this with windows laptop. But just shows > blank page with waiting from response from msftconnecttest.com > > If you need more info feel free. > > ---- On Fri, 04 Jan 2019 01:38:08 +0100 Durand fabrice via > PacketFence-users <[email protected]> wrote ---- > > Hello Kalcho, > > > > does packetfence receive a radius request from the controller ? > > > > If yes can you paste a radius request/reply ? (check in radius audit > log > > for that) > > > > Regards > > > > Fabrice > > > > > > Le 19-01-03 à 10 h 09, Kalcho via PacketFence-users a écrit : > > > Hello all, > > > > > > I have configured Web Authentication for Cisco WLC as described in > Network Devices Guide. > > > I am using network 192.168.1.0/24 for this WiFi SSID, which is open > with Mac filtering. > > > I am using two access list Pre-Auth-For-WebRedirect-PF and > Authorize_any. > > > I have added WLC in the packetfence, and activated "Role by Switch > Role": registration->Pre-Auth-For-WebRedirect-PF, and > default->Authorize_any. > > > > > > These two access lists are defined on the WLC. > > > Authorize_any permits everything, while Pre-Auth-For-WebRedirect-PF > > > 1. permits DNS traffic > > > 2. permits DHCP traffic > > > 3. permit packets to Packetfence management interface as destination > and source. > > > > > > I have also added portal role on management interface. > > > Management interface is on 172.16.0.10. > > > VLAN which is assigned to WiFi SSID interface uses network > 192.168.1.0/24 which is routable and uses production DHCP hosted on L3 > switch. Also it uses production DNS servers. > > > > > > Clients when connected receive correct DHCP address. > > > I am having problem that not being redirected to the captive portal > automatically. I can open it in browser, but no redirection. I guess this > has something to do with the fact I am not using packetfence DHCP and DNS. > > > > > > > > > > > > > > > > > > _______________________________________________ > > > PacketFence-users mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Atenciosamente, Caique Araujo
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
