Hello Adrian,
if you can try with other mac format to see if one works.
like:
5c:e0:c5:c1:d6:fd
5C:E0:C5:C1:D6:FD
5c-e0-c5-c1-d6-fd
5C-E0-C5-C1-D6-FD
5ce0c5c1d6fd
5CE0C5C1D6FD
Regards
Fabrice
Le 20-12-15 à 13 h 06, Adrian D'Atri-Guiran a écrit :
Hi Fabrice,
I played around with it a bit further, and here's a working test:
echo "Framed-IP-Address=10.5.50.2" | radclient -x 10.2.2.1:3799
<http://10.2.2.1:3799> disconnect secret
Sent Disconnect-Request Id 44 from 0.0.0.0:37354
<http://0.0.0.0:37354> to 10.2.2.1:3799 <http://10.2.2.1:3799> length 26
Framed-IP-Address = 10.5.50.2
Received Disconnect-ACK Id 44 from 10.2.2.1:3799
<http://10.2.2.1:3799> to 10.2.2.254:37354 <http://10.2.2.254:37354>
length 30
NAS-Identifier = "MikroTik"
Where 10.5.50.2 is the client IP. and 10.2.2.1 is the ip of my main
mikrotik router that manages the hotspot. This command instantly
deauthenticated the client, but did not remove the client's Cookie.
For this reason I believe that we should have "cookie" disabled under
Hotspot -> Server Profiles -> Login -> Login By (uncheck Cookie).
My problem is I don't know how to fix Mikrotik.pm how do I access the
client IP? I want to do something like:
'Framed-IP-Address' => "$client_ip_address",
on:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Mikrotik.pm#L230
<https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Mikrotik.pm#L230>
Also I guess we must be careful here because in some scenarios if the
client has been assigned a new IP and packetfence is not yet aware of
it, this could break. MAC address would probably be better for
deauthenticating, but I haven't managed to get that working yet.
Thanks!
-Adrian
On Mon, Dec 14, 2020 at 6:02 PM Adrian D'Atri-Guiran
<[email protected] <mailto:[email protected]>>
wrote:
Thank you,
>btw you can try to add:
>'Calling-Station-Id' => $mac,
I have attempted this and the result was a new error (and client
remains authenticated on the mikrotik hotspot):
Dec 14 20:58:08 radius pfqueue: pfqueue(4868) WARN:
[mac:5c:e0:c5:c1:d6:fd] Unable to pull accounting history for
device 5c:e0:c5:c1:d6:fd. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Dec 14 20:58:08 radius pfqueue: pfqueue(4868) WARN:
[mac:5c:e0:c5:c1:d6:fd] Unable to pull accounting history for
device 5c:e0:c5:c1:d6:fd. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) INFO: [mac:5c:e0:c5:c1:d6:fd]
[5c:e0:c5:c1:d6:fd] DesAssociating mac on switch (10.2.2.1)
(pf::api::desAssociate)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) INFO: [mac:5c:e0:c5:c1:d6:fd]
deauthenticating 5c:e0:c5:c1:d6:fd
(pf::Switch::Mikrotik::radiusDisconnect)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) INFO: [mac:5c:e0:c5:c1:d6:fd] controllerIp
is set, we will use controller 10.2.2.1 to perform deauth
(pf::Switch::Mikrotik::radiusDisconnect)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) WARN: [mac:5c:e0:c5:c1:d6:fd] Unable to
perform RADIUS Disconnect-Request. Disconnect-NAK received with
Error-Cause: Unsupported-Extension.
(pf::Switch::Mikrotik::radiusDisconnect)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) INFO: [mac:5c:e0:c5:c1:d6:fd]
[5c:e0:c5:c1:d6:fd] DesAssociating mac on switch (10.2.2.1)
(pf::api::desAssociate)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) INFO: [mac:5c:e0:c5:c1:d6:fd]
deauthenticating 5c:e0:c5:c1:d6:fd
(pf::Switch::Mikrotik::radiusDisconnect)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) INFO: [mac:5c:e0:c5:c1:d6:fd] controllerIp
is set, we will use controller 10.2.2.1 to perform deauth
(pf::Switch::Mikrotik::radiusDisconnect)
Dec 14 20:58:18 radius packetfence_httpd.webservices:
httpd.webservices(4444) WARN: [mac:5c:e0:c5:c1:d6:fd] Unable to
perform RADIUS Disconnect-Request. Disconnect-NAK received with
Error-Cause: Unsupported-Extension.
(pf::Switch::Mikrotik::radiusDisconnect)
On Fri, Dec 11, 2020 at 5:43 PM Durand fabrice via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
btw you can try to add:
'Calling-Station-Id' => $mac,
here:
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Mikrotik.pm#L230
Le 20-12-11 à 20 h 31, Durand fabrice via PacketFence-users a
écrit :
> The code needs to be updated:
>
>
> https://forum.mikrotik.com/viewtopic.php?t=33063
>
>
> Le 20-12-11 à 14 h 28, Enrique Gross via PacketFence-users a
écrit :
>> Hi PF users! Hope you all doing well
>>
>> Hi Fabrice,
>>
>> I have read the mail Adrian sent you regarding COA and
Mikrotik. I
>> have been using SSH to disconnect CAPSMAN devices, but I was
>> interested in using Radius COA.
>>
>> This is the output of radsniff after successful
registration at the
>> captive-portal, role is assigned but no disconnection is made
>>
>> 2020-12-11 16:18:39.352569 (1) Disconnect-Request Id 219
>> any:192.168.67.86:56875 <http://192.168.67.86:56875> ->
192.168.67.254:3799 <http://192.168.67.254:3799> +0.000
>> User-Name = "C2:F7:64:FB:0E:69"
>> Authenticator-Field =
0x677a789c11f3586ec7e73859e5b3080a
>> 2020-12-11 16:18:39.375064 (2) Disconnect-NAK Id 219
>> any:192.168.67.86:56875 <http://192.168.67.86:56875> <-
192.168.67.254:3799 <http://192.168.67.254:3799> +0.022 +0.022
>> NAS-Identifier = "MK-IBERA2"
>> Error-Cause = Unsupported-Extension
>> Authenticator-Field =
0xb6261e8e06e5ecf78db2049bea689396
>> 2020-12-11 16:18:44.575064 (1) Cleaning up request packet
ID 219
>>
>> This is Mikrotik side of log:
>>
>> 16:18:39 radius,debug,packet received Disconnect-Request
with id 219
>> from 192.168.67.86:56875 <http://192.168.67.86:56875>
>> 16:18:39 radius,debug,packet Signature =
>> 0x677a789c11f3586ec7e73859e5b3080a
>> 16:18:39 radius,debug,packet User-Name =
"C2:F7:64:FB:0E:69"
>> 16:18:39 radius,debug received remote request 25
>> code=Disconnect-Request from 192.168.67.86:56875
<http://192.168.67.86:56875>
>> 16:18:39 radius,debug sending Disconnect-NAK to remote
request 25
>> 16:18:39 radius,debug,packet sending Disconnect-NAK with id
219 to
>> 192.168.67.86:56875 <http://192.168.67.86:56875>
>> 16:18:39 radius,debug,packet Signature =
>> 0xb6261e8e06e5ecf78db2049bea689396
>> 16:18:39 radius,debug,packet Error-Cause = 406
>> 16:18:39 radius,debug,packet NAS-Identifier = "MK-IBERA2"
>>
>> Thanks for your help,
>>
>> Enrique
>>
>>
>> --
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
<mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
<mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
