Menu
▾
▴
Re: [Packetfence-users] No location Log entry
|
From: Sallee, S. (Jake) <Jak...@um...> - 2011-06-29 18:52:28
|
OK! So I have RADIUS MAC working but I still get the location log error (the IP thing was a quirk with the AP). I do have some custom code in my vlan::custom module that I am looking at to see if it is causing any problems. My perl is weak and I am not the one who wrote this code so I may not be correct in my assessment, but it looks to me that all it is doing is assigning a category based on the authMethod. My question is could it also somehow be erasing all the RADIUS attributes from the request too... here is the code:
my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type, $user_name, $ssid) = @_;
my $logger = Log::Log4perl->get_logger();
if (defined($node_info->{'category'})) {
if (lc($node_info->{'category'}) eq 'Admin') {
return $switch->getVlanByName('customVlan1');
} elsif (lc($node_info->{'category'}) eq 'Students') {
return $switch->getVlanByName('customVlan2');
} elsif (lc($node_info->{'category'}) eq 'Guest') {
return $switch->getVlanByName('customVlan3');
}
}
$logger->warn("Something is misconfigured. You should not see this message. Return null VLAN.");
return -1;
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Sallee, Stephen (Jake) [mailto:Jak...@um...]
Sent: Wednesday, June 29, 2011 11:29 AM
To: pac...@li...
Subject: Re: [Packetfence-users] No location Log entry
Gotcha, this is what I get when I configure the RADIUS MAC
radiusd -X output:
rlm_perl: PacketFence RESULT VLAN: 113
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair User-Name = bc773744f2d2
rlm_perl: Added pair NAS-Identifier = Sanderford-3
rlm_perl: Added pair User-Password = bc773744f2d2
rlm_perl: Added pair Connect-Info = CONNECT 1Mbps/6Mbps 802.11g
rlm_perl: Added pair Calling-Station-Id = BC-77-37-44-F2-D2
rlm_perl: Added pair Called-Station-Id = 00-0F-7D-05-0E-B0:Connection Assistance
rlm_perl: Added pair NAS-IP-Address = 10.11.30.3
rlm_perl: Added pair Message-Authenticator = 0xb1d9c4066184ed76458fd556868917ec
rlm_perl: Added pair Tunnel-Private-Group-ID = 113
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair Auth-Type = Accept
++[perl] returns ok
} # server packetfence
Sending Access-Accept of id 1 to 10.11.30.3 port 32799
Tunnel-Private-Group-Id:0 = "113"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Finished request 39.
Everything looks fine but my client does not get an IP? I am looking into it now but any assistance would be greatly appreciated.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Francois Gaudreault [mailto:fga...@in...]
Sent: Wednesday, June 29, 2011 8:27 AM
To: pac...@li...
Subject: Re: [Packetfence-users] No location Log entry
Jake,
On an open SSID, you need to configure some kind of RADIUS mac-filtering otherwise it won't be "packetfenced" using VLAN mode. By default, we will accept everything that is not EAP and return the proper VLAN using the RADIUS attributes.
ie. for a Cisco aironet :
aaa authentication login mac_methods group rad_mac
dot11 ssid MySSID
...
authentication open mac-address mac_methods
...
!
I think this is explained in the network configuration guide.
On 11-06-29 9:11 AM, Sallee, Stephen (Jake) wrote:
> The entry is triggered by the RADIUS request.
So, how does it work with an open SSID and no encryption?
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
From: Francois Gaudreault [mailto:fga...@in...]
Sent: Wednesday, June 29, 2011 7:08 AM
To: pac...@li...<mailto:pac...@li...>
Subject: Re: [Packetfence-users] No location Log entry
HI Jake,
The entry is triggered by the RADIUS request. The locationlog entry will contain, if we can grab it, the SSID where the user connected to, and the ip of the AP/controller from where the RADIUS request came from.
On 11-06-28 7:41 PM, Sallee, Stephen (Jake) wrote:
When a wireless user is redirected to the captive portal for authentication what triggers an entry to be made in the location log and when does it get triggered? If I have an open SSID what tells PF where the user is so it can make the entry in the log?
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
Pac...@li...<mailto:Pac...@li...>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
fga...@in...<mailto:fga...@in...> :: +1.514.447.4918 (x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Packetfence-users mailing list
Pac...@li...<mailto:Pac...@li...>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
fga...@in...<mailto:fga...@in...> :: +1.514.447.4918 (x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>)
|