Hi Fabrice, Thanks for the reply, here is what i have in the pre_auth ACL : [image: acls.png]
do you see something wrong ? On Mon, 22 Jul 2019 at 14:54, Fabrice Durand via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Pro fence, > > packetfence manage the port that needs to be open, so you don't have to do > anything. > > Btw it looks that the issue you have is related to the acl you made on the > WLC. (check is there is some hit) > > What you can do is to capture the traffic on the device your are testing > with and see if you see any kind of redirection. > > Regards > > Fabrice > > > Le 19-07-21 à 09 h 59, pro fence via PacketFence-users a écrit : > > Hi, > > For somebody who would encounter the same issue, > to solve the last error, you need to add a new radius client. > > Does anybody know exactly what ports need to be open for the VIP besides > radius, http for the portal to pop up ? I mean in the log i have the right > ACL and the http://VIP-IP/CISCO::WLC url but the portal is not showing. > > regards, > > On Thu, 18 Jul 2019 at 17:00, pro fence <pfenc...@gmail.com> wrote: > >> Hi Fabrice, >> >> to be more precise i am going to use the ip adresses of the installation >> guide to show you my configuration : >> >> to answer your question, yes, cluster.conf is replicated on the 3 servers >> with the command: >> # /usr/local/pf/bin/cluster/sync --from=192.168.1.5 --api-user=user >> --api-password=password >> >> here is the content of cluster.conf : >> [CLUSTER] >> management_ip=192.168.1.10 >> [CLUSTER interface eth0] >> ip=192.168.1.10 >> [CLUSTER interface eth1.2] >> ip=192.168.2.10 >> [CLUSTER interface eth1.3] >> ip=192.168.3.10 >> >> [pf1.example.com] >> management_ip=192.168.1.5 >> [pf1.example.com interface eth0] >> ip=192.168.1.5 >> [pf1.example.com interface eth1.2] >> ip=192.168.2.5 >> [pf1.example.com interface eth1.3] >> ip=192.168.3.5 >> >> [pf2.example.com] >> management_ip=192.168.1.6 >> [pf2.example.com interface eth0] >> ip=192.168.1.6 >> [pf2.example.com interface eth1.2] >> ip=192.168.2.6 >> [pf2.example.com interface eth1.3] >> ip=192.168.3.6 >> >> [pf3.example.com] >> management_ip=192.168.1.7 >> [pf3.example.com interface eth0] >> ip=192.168.1.7 >> [pf3.example.com interface eth1.2] >> ip=192.168.2.7 >> [pf3.example.com interface eth1.3] >> ip=192.168.3.7 >> >> the error message becomes : >> >> Ignoring request to auth address 192.168.1.5 port 1812 bound to server >> packetfence from unknown client loadBalancer_IP port 8905 proto udp >> >> listening ip and port for the first server for example: >> >> tcp 0 0 192.168.1.10:80 0.0.0.0:* >> LISTEN 24615/haproxy >> tcp 0 0 192.168.2.10:80 0.0.0.0:* >> LISTEN 24615/haproxy >> tcp 0 0 192.168.3.10:80 0.0.0.0:* >> LISTEN 24615/haproxy >> >> tcp 0 0 192.168.1.5:80 0.0.0.0:* LISTEN >> 1026/httpd >> tcp 0 0 192.168.2.5:80 0.0.0.0:* LISTEN >> 1026/httpd >> tcp 0 0 192.168.3.5:80 0.0.0.0:* LISTEN >> 1026/httpd >> >> thanks in advance, >> Regards >> >> On Thu, 18 Jul 2019 at 15:03, Fabrice Durand via PacketFence-users < >> packetfence-users@lists.sourceforge.net> wrote: >> >>> Hello Pro fence, >>> >>> >>> it looks that you miss-configured your cluster. >>> >>> Did you copy the file cluster.conf on each servers ? >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 19-07-18 à 06 h 49, pro fence via PacketFence-users a écrit : >>> >>> Hello, >>> >>> does anyone ever encountered the following error using a VIP, from >>> radius : >>> >>> " Ignoring request to auth address MANAGEMENT_IP port 1812 bound to >>> server packetfence from unknown client loadBalancer_IP port 8905 proto udp" >>> >>> the VIP sends the request using a different ip than the one configured >>> in cluster.conf, so maybe that's the reason ? >>> >>> Thanks, >>> Regards, >>> >>> >>> On Wed, 17 Jul 2019 at 14:32, pro fence <pfenc...@gmail.com> wrote: >>> >>>> Fabrice, >>>> >>>> may god bless you ! thank you very much for your time and help, >>>> Regards, >>>> >>>> On Wed, 17 Jul 2019 at 13:28, Durand fabrice via PacketFence-users < >>>> packetfence-users@lists.sourceforge.net> wrote: >>>> >>>>> Yes, only the VIP is need on the WLC. >>>>> >>>>> The WLC send a request to the VIP and the radius load-balancer will >>>>> forward to one of the radius server in the cluster. >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> Le 19-07-17 à 05 h 14, pro fence via PacketFence-users a écrit : >>>>> >>>>> Hi Fabrice, >>>>> >>>>> do you mean that the VIP needs to be configured as the radius server >>>>> in the WLC ? >>>>> >>>>> Thanks, >>>>> Regards, >>>>> >>>>> On Tue, 16 Jul 2019 at 23:16, Durand fabrice via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> only the VIP needs to be configured as the radius server. >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le 19-07-16 à 11 h 53, Domingos Varela via PacketFence-users a écrit : >>>>>> >>>>>> Hello, >>>>>> >>>>>> Does your wlc have hits in the statistics of communication with >>>>>> radius servers? >>>>>> Do you have the IPs of the servers in wlc's ACL? >>>>>> Thanks >>>>>> >>>>>> Cumprimentos, >>>>>> >>>>>> * Domingos Varela* >>>>>> Tel. +244 923 229 330 | Luanda - Angola >>>>>> >>>>>> >>>>>> pro fence via PacketFence-users < >>>>>> packetfence-users@lists.sourceforge.net> escreveu no dia terça, >>>>>> 16/07/2019 à(s) 16:41: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> thank you for your reply, >>>>>>> i have configured the 3 radius servers on the wlc, but i thought >>>>>>> that more needs to be done so that the WLC could link the vip with the >>>>>>> ssid >>>>>>> ? or maybe i am missing something ? problem is when i try to connect to >>>>>>> the >>>>>>> ssid,nothing happens know >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> On Tue, 16 Jul 2019 at 17:07, Domingos Varela via PacketFence-users < >>>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> wlc needs to know who the radius server will communicate with it, >>>>>>>> so I think you have to configure the three radius servers in wlc, the >>>>>>>> virtual IP will only redirect the requests to the servers. >>>>>>>> If you configure the virtual IP the request will be made, but you >>>>>>>> may have problems in the response because wlc will not recognize the >>>>>>>> server >>>>>>>> that will respond to the request. >>>>>>>> thanks >>>>>>>> Regards >>>>>>>> >>>>>>>> Cumprimentos, >>>>>>>> >>>>>>>> * Domingos Varela* >>>>>>>> Tel. +244 923 229 330 | Luanda - Angola >>>>>>>> >>>>>>>> >>>>>>>> pro fence via PacketFence-users < >>>>>>>> packetfence-users@lists.sourceforge.net> escreveu no dia terça, >>>>>>>> 16/07/2019 à(s) 14:42: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> i have a 3 servers' cluster configured with a Virtual IP, >>>>>>>>> do you guys know what needs to be changed or configured on the >>>>>>>>> cisco WLC for the VIP to make sure that when the user connects to the >>>>>>>>> ssid >>>>>>>>> it goes through the VIP ? >>>>>>>>> >>>>>>>>> Any help would be appreciated, >>>>>>>>> Thanks, >>>>>>>>> Regards, >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing >>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing >>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> -- >>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users