Hi all, Thanks for the help so far. I am now in a position where I am having the same issue as this user who reported it in June 2019 - however there isn't a solution on that thread:
https://www.mail-archive.com/[email protected]/msg17165.html I am sending Disconnect-Request packets to a Ruckus Virtual SmartZone, but it's responding with a Disconnect-NAK ("Error-Cause: Missing-Attribute (402)"): 17:01:15.018790 IP (tos 0x0, ttl 64, id 28503, offset 0, flags [DF], proto UDP (17), length 73) A3.65122 > ec2-3-9-193-153.eu-west-2.compute.amazonaws.com.radius-dynauth: [bad udp cksum 0xfb41 -> 0xeb34!] RADIUS, length: 45 Disconnect-Request (40), id: 0x15, Authenticator: 0e8903ad95ae41766f4614d83978b9b0 Calling-Station-Id Attribute (31), length: 19, Value: 60-70-C0-4C-6C-F6 0x0000: 3630 2d37 302d 4330 2d34 432d 3643 2d46 0x0010: 36 NAS-IP-Address Attribute (4), length: 6, Value: 10.5.100.120 0x0000: 0a05 6478 17:01:15.021186 IP (tos 0x0, ttl 55, id 49424, offset 0, flags [none], proto UDP (17), length 54) ec2-3-9-193-153.eu-west-2.compute.amazonaws.com.radius-dynauth > A3.65122: [udp sum ok] RADIUS, length: 26 Disconnect-NAK (42), id: 0x15, Authenticator: b72de2c780f2b5d240e0786f148e1a9e Unknown Attribute (101), length: 6, Value: 0x0000: 0000 0192 Does anyone know if it's possible to change what Attributes are included in the Disconnect-Request packet, and also by any chance if anyone knows what a Ruckus Virtual SmartZone would expect to receive? I have a hunch that it might want to receive the Acct-Session-Id attribute.. Thanks again in advance for any help! Jonathan On Wed, Mar 4, 2020 at 12:45 PM Ludovic Zammit <[email protected]> wrote: > > Hello Jonathan, > > Everything looks ok except that your radius disconnect does not seem to work. > > The radius disconnection happens right after the client authenticates on the > captive portal, the client should be disconnected and reconnect.It should > trigger a new radius request in order to apply the new production VLAN. > > Check in the logs/packetfence.log to see the disconnection error. > > Thanks, > > > Ludovic Zammit > [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > On Mar 3, 2020, at 6:02 AM, Jonathan Nathanson via PacketFence-users > <[email protected]> wrote: > > Hi there, > > I am using PacketFence configured to provide services over a routed > network. The issue I am seeing is the client device connects to an > SSID, they are presented with the captive portal, the client > authenticates and is presented with the “Your network access is being > set up” screen. > > However, at this point I would expect PacketFence to use DHCP to move > the client from the registration VLAN in to whatever VLAN has been > provided via radius-filter-id. However, this isn’t happening, instead > the screen just says in red text “Your network access should be > enabled within the next couple of minutes”… > > The only way to get the client device to pick up the new VLAN/IP > address is to turn Wi-Fi off and on again, forcing the client to make > a DHCP request. > > Has anyone seen this before, and can provide advice on how to enable > the correct behaviour post-authentication? > > Many thanks > Jonathan > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
