so the mac detection thing is solved, i have activated it for the radius accountin g on wlc. But i still have a blank captive portal and here is my packetfence.log :
packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] handling radius autz request: from switch_ip => (ip), connection_type => Wireless-802.11-NoEAP,switch_mac => (:::::), mac => [], port => 13, username => "xxxxxx", ssid => pfen (pf::radius::authorize) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] (ip) Added VLAN 7 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] (ip) Added role Pre-Auth-For-WebRedirect to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] Adding web authentication redirection to reply using role: 'Pre-Auth-For-WebRedirect' and URL: 'http://ip/Cisco::WLC/sidd45a7a?' (pf::Switch::Cisco::WLC::returnRadiusAccessAccept) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] handling radius autz request: from switch_ip => (ip), connection_type => Wireless-802.11-NoEAP,switch_mac => (xxxxxx), mac => [], port => 13, username => "xxxxxx", ssid => pfen (pf::radius::authorize) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] (ip) Added VLAN 7 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] (ip) Added role Pre-Auth-For-WebRedirect to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) packetfence_httpd.aaa: httpd.aaa(7066) INFO: [mac:] Adding web authentication redirection to reply using role: 'Pre-Auth-For-WebRedirect' and URL: 'http://ip/Cisco::WLC/sidc04fe6?' (pf::Switch::Cisco::WLC::returnRadiusAccessAccept) pfipset[6459]: t=2019-04-17T11:44:19+0200 lvl=info msg="No Inline Network bypass ipsets reload" pid=6459 pfhttpd: 71046 Timeout obtaining or releasing lock that came from: pfhttpd: github.com/inverse-inc/packetfence/go/timedlock.(*RWLock).handleTimeout pfhttpd: /tmp/tmp.s3SWVoF8Lc/src/ github.com/inverse-inc/packetfence/go/timedlock/rw_lock.go:147 pfhttpd: github.com/inverse-inc/packetfence/go/timedlock.(*RWLock).Lock pfhttpd: /tmp/tmp.s3SWVoF8Lc/src/ github.com/inverse-inc/packetfence/go/timedlock/rw_lock.go:109 pfhttpd: github.com/inverse-inc/packetfence/go/pfconfigdriver.(*Pool).acquireWriteLock pfhttpd: /tmp/tmp.s3SWVoF8Lc/src/ github.com/inverse-inc/packetfence/go/pfconfigdriver/pool.go:135 pfhttpd: github.com/inverse-inc/packetfence/go/pfconfigdriver.(*Pool).Refresh pfhttpd: /tmp/tmp.s3SWVoF8Lc/src/ github.com/inverse-inc/packetfence/go/pfconfigdriver/pool.go:151 pfhttpd: github.com/inverse-inc/packetfence/go/caddy/pfconfig.PoolHandler.ServeHTTP.func1.1 pfhttpd: /tmp/tmp.s3SWVoF8Lc/src/ github.com/inverse-inc/packetfence/go/caddy/pfconfig/pool.go:47 pfhttpd: runtime.goexit pfhttpd: /usr/local/go/src/runtime/asm_amd64.s:2337 what i don't get is that its talking about an msg="No Inline Network bypass ipsets reload" but i currently don't have an inline interface. Regards, On Wed, 17 Apr 2019 at 11:09, pro fence <[email protected]> wrote: > Hi, > > i am sorry but i don't understand what you meant. I have configured the " Auth > Called Station ID Typ" on the cisco WLC gui. > so i don't know exactly what i am supposed to do in the > $PF/lib/pf/Switch.pm file ? > > Regards, > > On Wed, 17 Apr 2019 at 09:16, Nicolas Quiniou-Briand via PacketFence-users > <[email protected]> wrote: > >> Hello, >> >> On 2019-04-16 4:27 p.m., pro fence via PacketFence-users wrote: >> > Also on the wlc i have configured " Auth Called Station ID Type = AP >> MAC >> > address:SSID" >> >> Change this setting to: >> * "xx:xx:xx:xx:xx:xx:SSID" >> or >> * "xxxxxxxxxxxx:SSID" >> >> with xx:xx:xx:xx:xx:xx MAC address of node. >> >> You can found this in $PF/lib/pf/Switch.pm: >> >> > =item extractSsid >> > >> > Find RADIUS SSID parameter out of RADIUS REQUEST parameters >> > >> > SSID are not provided by a standardized parameter name so we >> encapsulate that complexity here. >> > If your AP is not supported look in /usr/share/freeradius/dictionary* >> for vendor specific attributes (VSA). >> > >> > Most standard way we encountered is in Called-Station-Id in the >> format: "xx-xx-xx-xx-xx-xx:SSID". >> > >> > We support also: >> > >> > "xx:xx:xx:xx:xx:xx:SSID" >> > "xxxxxxxxxxxx:SSID" >> > >> > =cut >> >> -- >> Nicolas Quiniou-Briand >> [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca >> Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence >> (https://packetfence.org) and Fingerbank (http://fingerbank.org) >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
