[PacketFence-users] Issues doing captive-portal auth with FortiGate and FortiAPs

Thu, 01 Dec 2022 09:04:06 -0800 

Greetings,

we are currently testing out packetfence captive-portal auth in connection with 
FortiGate and FortiAPs. I followed the instructions from the following mailing 
list post:
https://sourceforge.net/p/packetfence/mailman/packetfence-users/thread/0b65c462-4c0c-24fe-5e10-405102e8de36%40inverse.ca/#msg36349338

The redirection from the access-point to the captive portal works just fine and 
I successfully log in and get my role. Afterwards (as described in the post 
above), the FortiGate/FortiAP is trying to authenticate against PacketFence but 
fails with the following log message:
User-Name = "a0:51:0b:6a:47:b2"
User-Password = "******"
NAS-IP-Address = 10.255.20.19
Service-Type = Login-User
Framed-IP-Address = 10.23.87.5
Called-Station-Id = "d4:76:a0:d2:b9:50:ASAP-Gast (Testing)"
Calling-Station-Id = "a0:51:0b:6a:47:b2"
NAS-Identifier = "IN19FW-0015"
NAS-Port-Type = Virtual
Acct-Session-Id = "7676961b"
Event-Timestamp = "Dec  1 2022 17:29:05 CET"
Connect-Info = "web-auth"
Fortinet-Vdom-Name = "root"
Fortinet-SSID = "ASAP-Gast (Testing)"
Fortinet-AP-Name = "PU221ETF21002253"
Stripped-User-Name = "a0:51:0b:6a:47:b2"
Realm = "null"
FreeRADIUS-Client-IP-Address = 10.255.20.19
Called-Station-SSID = "ASAP-Gast (Testing)"
PacketFence-KeyBalanced = "82ca871f42fbfecb44407d06a8699cd7"
PacketFence-Radius-Ip = "10.20.10.55"
Module-Failure-Message = "rest: Server returned:"
Module-Failure-Message = "rest: 
{\"control:PacketFence-Request-Time\":1669912145,\"control:PacketFence-IfIndex\":\"external\",\"control:PacketFence-Connection-Type\":\"CLI-Access\",\"control:PacketFence-Switch-Id\":\"10.255.20.19\",\"control:PacketFence-Authorization-Status\":\"allow\",\"control:PacketFence-Switch-Mac\":\"d4:76:a0:d2:b9:50\",\"control:PacketFence-Switch-Ip-Address\":\"10.255.20.19\",\"Reply-Message\":\"Network
 device does not support this mode of 
operation\",\"control:PacketFence-Eap-Type\":0,\"control:PacketFence-UserName\":\"a0:51:0b:6a:47:b2\",\"control:PacketFence-Mac\":\"a0:51:0b:6a:47:b2\"}"
SQL-User-Name = "a0:51:0b:6a:47:b2"

I first thought that this has something to do with the CLI-Access not enabled 
on the corresponding switch but I double checked, both flags (for External 
Portal Enforcement and CLI/VPN Access) are enabled. Is there something I'm 
missing? The debug log from radiusd didn't yield any results either...

Thank you in advance!

Kind Regards,

Heiko Matthies


[cid:2018_Signatur_ASAP_Engineering_607ba42f-d9c6-4abe-af16-b2b0953d2657.png]

[cid:MK_FB_Bayerns_Best_50_Mailsignatur_20220808_5e0395c7-1b32-4dd9-96cf-94c702a6ef87.jpg]<https://www.asap.de/newsroom/presse-detail/asap-gruppe-zaehlt-erneut-zu-bayerns-best-50>

ASAP Engineering GmbH Sachsstra?e 1A | 85080 Gaimersheim
Tel. +49 8458 3389 252 | Fax. +49 (8458) 3389 399 |
heiko.matth...@asap.de<mailto:heiko.matth...@asap.de> | 
www.asap.de<http://www.asap.de>

Gesch?ftsf?hrer: Michael Neisen, Robert Werner, Christian Schweiger | Sitz der 
Gesellschaft: Gaimersheim | Amtsgericht: Ingolstadt HRB 5408

Datenschutz: Ausf?hrliche Informationen zum Umgang mit Ihren personenbezogenen 
Daten bei ASAP erhalten Sie auf unserer Website unter 
Datenschutz.<http://www.asap.de/datenschutz/>

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to