Hi Guys,
Has anyone been ableto get DPSK working with Meraki access points? The provisionerportion is working where the user joins a network, signs in to the portal andthen once they are signed in they are presented with the name of the networkthat uses DPSK and their DPSK password. The problem is when I try to join the DPSK network with the providedDPSK I receive can't connect to this network (Windows 10 device). We have onePacketFence server set up out of band. Here are myprofiles: PROVIDES DPSK [Auth-Wireless] locale= sources=BYOD-Wireless-User-Authentication advanced_filter= provisioners=DPSK filter=ssid:Auth DPSK NETWORK PROFILE [BYOD-Wireless] locale= advanced_filter= filter=ssid:WIFI-BYOD dpsk=enabled autoregister=enabled default_psk_key=testing12345678! unreg_on_acct_stop=disabled filter_match_style=all HERE IS THE AUTHSOURCE FOR Auth-Wireless PROFILE: [BYOD-Wireless-User-Authentication] cache_match=0 read_timeout=10 realms=null,domain.com basedn=DC=domain,DC=local monitor=1 password=password shuffle=0 searchattributes= set_access_durations_action= scope=sub email_attribute=mail usernameattribute=sAMAccountName connection_timeout=1 binddn=CN=Admin\,PacketFence,OU=IT,Accounts,OU=Domain_Users,DC=domain,DC=local encryption=none description=BYODWireless User Authentication port=389 host=dc.domain.com write_timeout=5 type=AD [BYOD-Wireless-User-Authenticationrule Network-Administrators] action0=set_role=WIFI-IT-STAFF-DISTRICT condition0=memberOf,equals,CN=NetworkAdministrators,OU=Domain Groups,DC=domain,DC=local status=enabled match=all class=authentication action1=set_access_duration=1h description=ActiveDirectory - Network Administrators Group [BYOD-Wireless-User-Authenticationrule Faculty-All] action0=set_role=WIFI-STAFF-GUESTS condition0=memberOf,equals,CN=Faculty- All,OU=Domain Groups,DC=domain,DC=local status=enabled match=all class=authentication action1=set_access_duration=1h description=ActiveDirectory - Faculty All HERE IS THE MERAKISSID CONFIG FOR THE DPSK NETWORK: Associationrequirements: Identity PSK with RADIUS WPA encryption mode:WPA2 Splash page: None Readius server setto PacketFence management Radius testing:disabled Radius CoA: disabled Client IPassignment: Bridge mode VLAN tagging: Don'tuse Radius override:Radius response can override VLAN tag HERE IS WHAT THE PFLOG SAYS WHEN I TRY TO JOIN: Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) WARN: [mac:a8:1e:84:a6:ca:7d]Unable to extract audit-session-id for module pf::Switch::Meraki::MR_v2.SSID-based VLAN assignments won't work. Make sure you enable Vendor SpecificAttributes (VSA) on the AP if you want them to work.(pf::Switch::getCiscoAvPairAttribute) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]handling radius autz request: from switch_ip => (172.20.110.19),connection_type => Wireless-802.11-NoEAP,switch_mac =>(e2:cb:ac:91:85:df), mac => [00:e0:4c:19:dd:56], port => 0, username=> "00e04c19dd56", ssid => WIFI-BYOD (pf::radius::authorize) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]Instantiate profile BYOD-Wireless(pf::Connection::ProfileFactory::_from_profile) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]Found authentication source(s) :'local,file1,Faculty-All,Wifi-Sponsors,District-Wireless-User-Authentication,Guest-Wireless-User-Authentication,BYOD-Wireless-User-Authentication'for realm 'null' (pf::config::util::filter_authentication_sources) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) WARN: [mac:00:e0:4c:19:dd:56]No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]Found authentication source(s) :'local,file1,Faculty-All,Wifi-Sponsors,District-Wireless-User-Authentication,Guest-Wireless-User-Authentication,BYOD-Wireless-User-Authentication'for realm 'null' (pf::config::util::filter_authentication_sources) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]Connection type is MAC-AUTH. Getting role from node_info(pf::role::getRegisteredRole) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]Username was defined "00e04c19dd56" - returning role'WIFI-IT-STAFF-DISTRICT' (pf::role::getRegisteredRole) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]PID: "user", Status: reg Returned VLAN: (undefined), Role:WIFI-IT-STAFF-DISTRICT (pf::role::fetchRoleForNode) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56](172.20.110.19) Added VLAN 118 to the returned RADIUS Access-Accept(pf::Switch::returnRadiusAccessAccept) Oct 17 22:18:07srv-pf-02 packetfence_httpd.aaa: httpd.aaa(2131) INFO: [mac:00:e0:4c:19:dd:56]security_event 1300003 force-closed for 00:e0:4c:19:dd:56(pf::security_event::security_event_force_close) HERE IS WHAT THERADIUS LOG SAYS: Oct 17 22:18:07srv-pf-02 auth[2992]: [mac:00:e0:4c:19:dd:56] Accepted user: and returned VLAN 118 Oct 17 22:18:07srv-pf-02 auth[2992]: (12467) Login OK: [00e04c19dd56] (from client172.20.110.19/32 port 0 cli 00:e0:4c:19:dd:56) Thanks for your help. Mike
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
