Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-12 Thread Christian Sudec via PacketFence-users
t [lzam...@inverse.ca <mailto:lzam...@inverse.ca> <mailto:lzam...@inverse.ca>] Gesendet: Dienstag, 10. März 2020 19:43 An: C. Sudec (Admin) Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> <mailto:packetfence-users@lists.sourcef

Re: [PacketFence-users] Aruba AP and VLAN Mapping

2020-03-12 Thread Christian Sudec via PacketFence-users
Betreff: Re: [PacketFence-users] Aruba AP and VLAN Mapping Are you using the correct distinguished name of the group? On Tue, Mar 10, 2020 at 2:04 PM Christian Sudec via PacketFence-users mailto:packetfence-users@lists.sourceforge.net><mailto:

Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-12 Thread Christian Sudec via PacketFence-users
Ludovic Zammit [lzam...@inverse.ca <mailto:lzam...@inverse.ca>] Gesendet: Dienstag, 10. März 2020 19:43 An: C. Sudec (Admin) Cc: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Betreff: Re: [PacketFence-users] Aruba AP and VLAN Mapping

Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-12 Thread Ludovic Zammit via PacketFence-users
ed >>> eduroam_radius_auth_compute_in_pf=enabled >>> eduroam_radius_acct= >>> eduroam_radius_auth_proxy_type=keyed-balance >>> radius_acct= >>> eduroam_radius_acct_proxy_type=load-balance >>> eduroam_radius_auth= >>> radius_auth_proxy_type=keyed-bal

Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-11 Thread Ludovic Zammit via PacketFence-users
y_type=load-balance > radius_auth_compute_in_pf=enabled > permit_custom_attributes=disabled > radius_auth= > > Thanks for lokong into it! > > greets > Chris > > Von: Ludovic Zammit [lzam...@inverse.ca] > Gesendet: Dienstag, 10. März

Re: [PacketFence-users] Aruba AP and VLAN Mapping

2020-03-11 Thread Zacharry Williams via PacketFence-users
Are you using the correct distinguished name of the group? On Tue, Mar 10, 2020 at 2:04 PM Christian Sudec via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hi, here the logs: > > Mar 10 12:10:21 ippf packetfence_httpd.aaa: httpd.aaa(848) INFO: > [mac:02:de:ad:04:be:ef]

Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-10 Thread Gregor Fajdiga via PacketFence-users
Hello, Try assigning the vlan to the node and see if it works. Try installing 9.2 version. I have been stuck on similar one for 3 weeks. My nodes couldn't get the vlan I set in authenication source. With or without filter. With PF 9.2, it works flawlessly. Regards, Gregor Fajdiga

Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-10 Thread Fetakungen Virtual Adventurer via PacketFence-users
0 5:19:26 PM To: Ludovic Zammit Cc: Christian Sudec ; packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition Hi again! I ran 'pftest authentication Testy Testpwd' and these are the results: Authenticating against 'HTL_AD' in context

Re: [PacketFence-users] Aruba AP and VLAN Mapping

2020-03-10 Thread Christian Sudec via PacketFence-users
Hi, here the logs: Mar 10 12:10:21 ippf packetfence_httpd.aaa: httpd.aaa(848) INFO: [mac:02:de:ad:04:be:ef] handling radius autz request: from switch_ip => (10.71.100.63), connection_type => Wireless-802.11-EAP,switch_mac => (b8:3a:5a:c1:8d:aa), mac => [02:de:ad:04:be:ef], port => 0, username

Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-10 Thread Ludovic Zammit via PacketFence-users
Post the result of that command: cat /usr/local/pf/conf/realm.conf Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) and

Re: [PacketFence-users] Aruba AP and VLAN Mapping - Addition

2020-03-10 Thread Christian Sudec via PacketFence-users
Hi again! I ran 'pftest authentication Testy Testpwd' and these are the results: Authenticating against 'HTL_AD' in context 'admin'   Authentication SUCCEEDED against HTL_AD (Authentication successful.)   Matched against HTL_AD for 'authentication' rule Teachers     set_role : Teacher    

Re: [PacketFence-users] Aruba AP and VLAN Mapping

2020-03-10 Thread Christian Sudec via PacketFence-users
Hello Ludovic! On 10.03.2020 14:42, Ludovic Zammit wrote: Hello Christian, Are you doing VLAN enforcement or Role enforcement ? We're doing only 'RADIUS Enforcement' as this is the requirement for 802.1x (both wireless and wired). On Aruba you have to do one of them, not both at the same

Re: [PacketFence-users] Aruba AP and VLAN Mapping

2020-03-10 Thread Ludovic Zammit via PacketFence-users
Ok, so if you are doing 802.1x then most of the time you do auto-registration where you don’t display the captive portal. In that case, your access would be computed on the fly. Do that and remove device info: grep MAC_ADDRESS /usr/local/pf/logs/packetfence.log My guess is that you don’t

Re: [PacketFence-users] Aruba AP and VLAN Mapping

2020-03-10 Thread Ludovic Zammit via PacketFence-users
Hello Christian, Are you doing VLAN enforcement or Role enforcement ? On Aruba you have to do one of them, not both at the same time. How are you redirected on the captive portal ? By a radius request ? Once you get authenticated PF sends a radius disconnect message to the AP to kick your Mac

[PacketFence-users] Aruba AP and VLAN Mapping

2020-03-10 Thread Christian Sudec via PacketFence-users
Hi everybody! First the current situation so far: We installed a test-network, where the packetfence-server is reachable with an ip 10.5.1.4 (type management) and set 'RADIUS enforcement' as chosen method. Next we installed a Mikrotik-Switch (POE) with 4 VLANS (771-774) and attached an