Hi. I assumed you configure PF in the right way. Then for your IAP you need (your config files has many wlans so check the following in the one that you are using): 1) configure Virtual controller IP and enable Radius proxy (under system configuration). In PF configure a switch with the VC IP. 2) enable MAC authentication and captive portal profile in the WLAN security tab. 3) configure the derivation roles you need: the one PF will return to IAP after user authentication. 4) enable pre auth role with a role that allows http and https to your PF IP or FQDN. Regards
El mar., 22 oct. 2019 a las 19:11, Woo Seok Choi (<[email protected]>) escribió: > Hi Martin, > > > > Thanks for the email. I’ve attached the file as you requested. > > > > Cheers. > > > > *Woo Seok Choi* > > Network Engineer > > D: +61 292536532 > > <http://www.gbst.com/> <https://www.linkedin.com/company/gbst> > <https://twitter.com/gbstholdings> > > > > > > > > *From:* Martin Rodriguez <[email protected]> > *Sent:* Tuesday, 22 October 2019 6:48 PM > *To:* [email protected] > *Cc:* Woo Seok Choi <[email protected]> > *Subject:* Re: [PacketFence-users] Message says that "Your network should > be enabled within a minute or two. If it is not reboot your computer" > > > > Hi. Can you share the IAP config for the wlan network? I believe MAC auth > is meassing and derivation roles too. > > Regards > > > > El lun., 21 de oct. de 2019 08:14, Woo Seok Choi via PacketFence-users < > [email protected]> escribió: > > Hi, > > > > I try to set up a PacketFence with Aruba IAP for guest wireless, but I get > the Message says that "Your network should be enabled within a minute or > two. If it is not reboot your computer" even though I can see the MAC & IP > address on the page. > > > > Anyway, I use Null Source for test. Here is the log from packetfence.log: > > ------------ > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. > Defaulting to 'authentication' (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching > (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, > returning actions. (pf::Authentication::Source::match_rule) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, > returning actions. (pf::Authentication::Source::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. > Defaulting to 'authentication' (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching > (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, > returning actions. (pf::Authentication::Source::match_rule) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, > returning actions. (pf::Authentication::Source::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. > Defaulting to 'authentication' (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching > (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. > Defaulting to 'authentication' (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) > INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching > (pf::authentication::match) > > Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(53669) > INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] No provisioner found for ac:b5:7d:xx:xx:xx. > Continuing. > (captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] security_event 1300003 force-closed for > ac:b5:7d:xx:xx:xx (pf::security_event::security_event_force_close) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) > WARN: [mac:ac:b5:7d:xx:xx:xx] Use of uninitialized value in concatenation > (.) or string at > /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm > line 89. > > (captiveportal::PacketFence::DynamicRouting::Module::Root::release) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > WARN: [mac:unknown] locale from the URL is not supported > (pf::Portal::Session::getLanguages) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > WARN: [mac:ac:b5:7d:xx:xx:xx] locale from the URL is not supported > (pf::Portal::Session::getLanguages) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > WARN: [mac:ac:b5:7d:xx:xx:xx] locale from the URL is not supported > (captiveportal::PacketFence::Controller::Root::getLanguages) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > INFO: [mac:ac:b5:7d:xx:xx:xx] Releasing device > (captiveportal::PacketFence::DynamicRouting::Module::Root::release) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > WARN: [mac:ac:b5:7d:xx:xx:xx] locale from the URL is not supported > (pf::Portal::Session::getLanguages) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > INFO: [mac:ac:b5:7d:xx:xx:xx] re-evaluating access (manage_register called) > (pf::enforcement::reevaluate_access) > > Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) > WARN: [mac:ac:b5:7d:xx:xx:xx] Can't re-evaluate access because no open > locationlog entry was found (pf::enforcement::reevaluate_access) > > Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > > Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. > (Class::MOP::Class:::after) > > Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] Reevaluating access of device. > (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state) > > Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) > INFO: [mac:ac:b5:7d:xx:xx:xx] re-evaluating access (manage_register called) > (pf::enforcement::reevaluate_access) > > Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) > WARN: [mac:ac:b5:7d:xx:xx:xx] Can't re-evaluate access because no open > locationlog entry was found (pf::enforcement::reevaluate_access) > > Oct 14 12:50:09 packetfence pfipset[2046]: t=2019-10-14T12:50:09+1000 > lvl=info msg="No Inline Network bypass ipsets reload" pid=2046 > > Oct 14 12:55:09 packetfence pfipset[2046]: t=2019-10-14T12:55:09+1000 > lvl=info msg="No Inline Network bypass ipsets reload" pid=2046 > > Oct 14 13:00:09 packetfence pfipset[2046]: t=2019-10-14T13:00:09+1000 > lvl=info msg="No Inline Network bypass ipsets reload" pid=2046 > > ------------ > > > > Please let me know if you need more info. > > > > Thanks. > > > > Best Regards, > > *Woo Seok Choi* > > > > > > > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and / or privileged > material that may be governed by confidential information provisions > contained in the agreement between GBST and your company. Any disclosure, > copying, distribution, or other use without the express consent of the > sender is prohibited. If you received this in error, please contact the > sender and delete the material from any computer. All rights in the > information transmitted, including copyright, are reserved. Nothing in this > message should be interpreted as a digital signature that can be used to > authenticate a document. No warranty is given by the sender that any > attachments to this email are free from viruses or other defects. > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7CWooseok.Choi%40gbst.com%7Cb4c954e879e2476d46c508d756c43e15%7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%7C637073273187329426&sdata=P%2FCgARtEieJT6lOlpD3a5fkZaLFIDvvQQKQy16W5yyA%3D&reserved=0> > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and / or privileged > material that may be governed by confidential information provisions > contained in the agreement between GBST and your company. Any disclosure, > copying, distribution, or other use without the express consent of the > sender is prohibited. If you received this in error, please contact the > sender and delete the material from any computer. All rights in the > information transmitted, including copyright, are reserved. Nothing in this > message should be interpreted as a digital signature that can be used to > authenticate a document. No warranty is given by the sender that any > attachments to this email are free from viruses or other defects. >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
