Hi all, In a small update, I have also found that it is possible to use the Northbound Interface of the Ruckus SmartZone to disconnect users.
I have attempted this by adding the Northbound Interface credentials to the Web Services section of the Switches configuration, however no matter what I select as the Deauthentication Method on the Switch config (HTTP, HTTPS), packetfence.log just shows it's trying a RADIUS Disconnect-Message every time. How do I force PF to try to deauth via web services instead of via RADIUS? Thanks, Jonathan On Thu, Mar 5, 2020 at 7:24 PM Jonathan Nathanson <[email protected]> wrote: > > Hi all, > > Thanks for the help so far. I am now in a position where I am having > the same issue as this user who reported it in June 2019 - however > there isn't a solution on that thread: > > https://www.mail-archive.com/[email protected]/msg17165.html > > I am sending Disconnect-Request packets to a Ruckus Virtual SmartZone, > but it's responding with a Disconnect-NAK ("Error-Cause: > Missing-Attribute (402)"): > > 17:01:15.018790 IP (tos 0x0, ttl 64, id 28503, offset 0, flags [DF], > proto UDP (17), length 73) > A3.65122 > ec2-3-9-193-153.eu-west-2.compute.amazonaws.com.radius-dynauth: > [bad udp cksum 0xfb41 -> 0xeb34!] RADIUS, length: 45 > Disconnect-Request (40), id: 0x15, Authenticator: > 0e8903ad95ae41766f4614d83978b9b0 > Calling-Station-Id Attribute (31), length: 19, Value: > 60-70-C0-4C-6C-F6 > 0x0000: 3630 2d37 302d 4330 2d34 432d 3643 2d46 > 0x0010: 36 > NAS-IP-Address Attribute (4), length: 6, Value: 10.5.100.120 > 0x0000: 0a05 6478 > 17:01:15.021186 IP (tos 0x0, ttl 55, id 49424, offset 0, flags [none], > proto UDP (17), length 54) > ec2-3-9-193-153.eu-west-2.compute.amazonaws.com.radius-dynauth > > A3.65122: [udp sum ok] RADIUS, length: 26 > Disconnect-NAK (42), id: 0x15, Authenticator: > b72de2c780f2b5d240e0786f148e1a9e > Unknown Attribute (101), length: 6, Value: > 0x0000: 0000 0192 > > Does anyone know if it's possible to change what Attributes are > included in the Disconnect-Request packet, and also by any chance if > anyone knows what a Ruckus Virtual SmartZone would expect to receive? > I have a hunch that it might want to receive the Acct-Session-Id > attribute.. > > Thanks again in advance for any help! > > Jonathan > > On Wed, Mar 4, 2020 at 12:45 PM Ludovic Zammit <[email protected]> wrote: > > > > Hello Jonathan, > > > > Everything looks ok except that your radius disconnect does not seem to > > work. > > > > The radius disconnection happens right after the client authenticates on > > the captive portal, the client should be disconnected and reconnect.It > > should trigger a new radius request in order to apply the new production > > VLAN. > > > > Check in the logs/packetfence.log to see the disconnection error. > > > > Thanks, > > > > > > Ludovic Zammit > > [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > > (http://packetfence.org) > > > > > > > > > > > > On Mar 3, 2020, at 6:02 AM, Jonathan Nathanson via PacketFence-users > > <[email protected]> wrote: > > > > Hi there, > > > > I am using PacketFence configured to provide services over a routed > > network. The issue I am seeing is the client device connects to an > > SSID, they are presented with the captive portal, the client > > authenticates and is presented with the “Your network access is being > > set up” screen. > > > > However, at this point I would expect PacketFence to use DHCP to move > > the client from the registration VLAN in to whatever VLAN has been > > provided via radius-filter-id. However, this isn’t happening, instead > > the screen just says in red text “Your network access should be > > enabled within the next couple of minutes”… > > > > The only way to get the client device to pick up the new VLAN/IP > > address is to turn Wi-Fi off and on again, forcing the client to make > > a DHCP request. > > > > Has anyone seen this before, and can provide advice on how to enable > > the correct behaviour post-authentication? > > > > Many thanks > > Jonathan > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
