Re: [PacketFence-users] Connection Profile and SSID Filter

Good morning, I wanted to follow up to see if anyone else has experienced this before? The SSID filter just doesn’t appear to match for the portal connection profile. Thank you, Louis Scaringella Security Systems Engineer Yellow Dog Networks 785-342-7903 > On Oct 9, 2020, at 1:15 PM, Louis

Re: [PacketFence-users] Connection Profile and SSID Filter

Here are results again from the logs with and without the filter. Any ideas as to why httpd.portal doesn’t match the same profile it should be when the SSID filter is in place? With SSID filter: Oct 8 13:01:27 localhost packetfence_httpd.aaa: httpd.aaa(2087) INFO: [mac:00:24:d6:5b:30:bc]

Re: [PacketFence-users] Connection Profile and SSID Filter

Any other filter used such as switch filter on the connection profile works and matches fine but not the SSID filter. I just don’t understand why the portal profile would be different from the Httpd aaa profile that it matches fine. Thank you, Louis Scaringella Security Systems Engineer

Re: [PacketFence-users] Connection Profile and SSID Filter

What would cause the httpd.aaa process to match the correct profile but then the httpd.portal to match the default? Does it not use the same criteria and filters as the connection profile does? The only change here between scenarios is the SSID filter added to the connection profile so

Re: [PacketFence-users] Connection Profile and SSID Filter

Although it seems to now find the SSID, when I add the SSID filter back to my connection profile, it once again doesn’t instantiate the correct profile for the httpd.portal: Oct 8 14:30:22 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of

Re: [PacketFence-users] Connection Profile and SSID Filter

Ok, thanks. I followed your instructions and rebooted. Here is the new log: Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of Called-Station-Id: 20:4c:03:58:99:8a (pf::Switch::extractSSIDFromCalledStationId) Oct 8 14:06:19

Re: [PacketFence-users] Connection Profile and SSID Filter

What should I do with that file you sent? Add that to switch.pm or replace it? Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 8, 2020, at 1:41 PM, Fabrice Durand wrote: > > Hello Louis, > > let's take a look at >

Re: [PacketFence-users] Connection Profile and SSID Filter

I don’t have any inline interfaces or config in this environment. PacketFence has a single IP address on one interface and is used for Radius, management, and the portal in this case. Choosing the “Aruba” switch template vs the “Aruba Wireless Controller’ template in my switch config seems to

Re: [PacketFence-users] Connection Profile and SSID Filter

Revert the change in Switch.pm then do: cd /usr/local/pf/ curl https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/5903.diff | patch -p1 Le 20-10-08 à 14 h 43, Louis Scaringella a écrit : What should I do with that file you sent? Add that to switch.pm or replace it?

Re: [PacketFence-users] Connection Profile and SSID Filter

Hello Louis, let's take a look at https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/5903.diff Also it can happen when per example the registration network is an inline network. Regards Fabrice Le 20-10-08 à 14 h 37, Louis Scaringella a écrit : What would cause

Re: [PacketFence-users] Connection Profile and SSID Filter

I updated this and didn’t work. Here is the log again: Oct 8 11:16:15 localhost packetfence_httpd.aaa: httpd.aaa(2088) INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of Called-Station-Id: 20:4c:03:58:99:8a (pf::Switch::extractSsid) Oct 8 11:16:15 localhost packetfence_httpd.aaa:

Re: [PacketFence-users] Connection Profile and SSID Filter

I tried that and rebooted and it still shows me hitting the default profile and same error in the PacketFence.log file. Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 7, 2020, at 1:58 PM, Fabrice Durand wrote: > > It looks to be a bug in the switch

Re: [PacketFence-users] Connection Profile and SSID Filter

From the Aruba.pm switch file I see this: sub extractSsid { my ($self, $radius_request) = @_; my $logger = $self->logger; # Aruba-Essid-Name VSA if (defined($radius_request->{'Aruba-Essid-Name'})) { return $radius_request->{'Aruba-Essid-Name'}; } $logger->warn(

Re: [PacketFence-users] Connection Profile and SSID Filter

Sorry for the flood, but I think I made some progress with this although I still think we need to address the Aruba Wireless Controller switch template. I changed my switch template from Aruba Wireless Controller to just Aruba and it sounds like now it does at least see the SSID. However, in my

Re: [PacketFence-users] Connection Profile and SSID Filter

To think of it, why does this show Switch template used when I have configured the “Aruba Wireless Controller” template to be used for this switch in the “Switch” section of PacketFence. Shouldn’t it be using the Aruba template? Louis Scaringella Security Systems Engineer Yellow Dog Networks,

Re: [PacketFence-users] Connection Profile and SSID Filter

Try that, it should work. edit lib/pf/Switch.pm and replace extractSsid function with: sub extractSsid {     my ($self, $radius_request) = @_;     my $logger = $self->logger;     # it's put in Called-Station-Id     # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or

Re: [PacketFence-users] Connection Profile and SSID Filter

It looks to be a bug in the switch template. Right now there is no method to extract the ssid in other attributes than colling-station-id. We will make a patch to update the default method to extract the ssid from Called-Station-SSID. Le 20-10-07 à 14 h 19, Louis Scaringella a écrit :

Re: [PacketFence-users] Connection Profile and SSID Filter

Is the information in the request sufficient for this to be fixed? I can provide anything else you may need on the Aruba side to help. Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 7, 2020, at 1:12 PM, Louis Scaringella via PacketFence-users >

Re: [PacketFence-users] Connection Profile and SSID Filter

Here it is. It appears it isn’t able to extract the SSID from the Aruba Controller. This is ArubaOS 8.6 running on the controller. Any ideas to workaround this? It even says to let you all know so you can add support for it. I appreciate all you do to keep this product awesome! Oct 7 13:08:35

Re: [PacketFence-users] Connection Profile and SSID Filter

Here is the request: RADIUS Request User-Name = "00-24-d6-5b-30-bc" User-Password = "**" NAS-IP-Address = 198.18.255.64 NAS-Port = 0 Service-Type = Call-Check Called-Station-Id = "20:4c:03:58:99:8a" Calling-Station-Id = "00:24:d6:5b:30:bc" NAS-Port-Type = Wireless-802.11 Event-Timestamp =

Re: [PacketFence-users] Connection Profile and SSID Filter

Check in the radius audit log for the radius request and check if one of the attribute contain the SSID. If the SSID is defined in one of the attribute then we will be able to fix it , if no then check on the aruba side if there a way to push it. (it's by default) Le 20-10-07 à 14 h 12,

Re: [PacketFence-users] Connection Profile and SSID Filter

What i am looking for is the line in packetfence.log that start with "handling radius autz request" Le 20-10-07 à 12 h 02, Louis Scaringella a écrit : Hello, When I add the SSID filter to the connection profile, this is the log I see: Oct 7 10:59:54 localhost packetfence_httpd.portal:

Re: [PacketFence-users] Connection Profile and SSID Filter

Hello, When I add the SSID filter to the connection profile, this is the log I see: Oct 7 10:59:54 localhost packetfence_httpd.portal: httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) If the SSID filter is removed, it

Re: [PacketFence-users] Connection Profile and SSID Filter

Hello Louis, can you provide the packetfence.log when you authenticate and hit the portal ? Regards Fabrice Le 20-10-06 à 17 h 30, Louis Scaringella via PacketFence-users a écrit : Still no luck with this. Can someone verify that my profile config looks alright? It seems very

Re: [PacketFence-users] Connection Profile and SSID Filter

Still no luck with this. Can someone verify that my profile config looks alright? It seems very straightforward with the SSID filter in place. I really appreciate any help that you can provide. Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 6, 2020,

Re: [PacketFence-users] Connection Profile and SSID Filter

To add to this, I tried add an advanced filter with what showed up for the SSID name in the Radius request in the audit logs but still didn’t match this. Things like called-station-ID and ArubaESSID but none of those worked either. The wireless vendor is Aruba and there is a controller used.

Re: [PacketFence-users] Connection Profile and SSID Filter

Any ideas on this? Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 5, 2020, at 8:50 AM, Louis Scaringella > wrote: > > When I remove the SSID filter, the NoEap connection type matches perfectly > and it uses that profile and presents that customized

Re: [PacketFence-users] Connection Profile and SSID Filter

When I remove the SSID filter, the NoEap connection type matches perfectly and it uses that profile and presents that customized page for the captive portal. Whenever I use the SSID filter in addition to the connection type, it seems to match the default and presents the default captive portal

Re: [PacketFence-users] Connection Profile and SSID Filter

Here it is. The only one i’m trying to use currently to rule out anything else is "[Lab-Aruba-OpenGuest-copy]”. The others are disabled besides the default. Any help would be greatly appreciated. [Lab-Aruba-OpenGuest] locale= advanced_filter= filter=connection_type:Wireless-802.11-NoEAP

Re: [PacketFence-users] Connection Profile and SSID Filter

Hello Louis, Could you show me your conf/profile.conf please. Thanks, Ludovic Zammit lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu ) and

Re: [PacketFence-users] Connection Profile and SSID Filter

I am running 10.1, I forgot to mention. Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 3, 2020, at 1:40 AM, Louis Scaringella > wrote: > > Hello, > > When I configure a custom connection profile for my open guest captive portal > connection with

Re: [PacketFence-users] Connection Profile and SSID Filter

Ultimately what I am trying to accomplish is to have multiple connection profiles chosen by SSID so that I can present different captive portal pages and authentication types. The only way I see to do that is through the connection profile. Am I missing something with the SSID filter not