From: Sallee, S. (Jake) <Jak...@um...> - 2011-06-29 18:52:28
|
OK! So I have RADIUS MAC working but I still get the location log error (the IP thing was a quirk with the AP). I do have some custom code in my vlan::custom module that I am looking at to see if it is causing any problems. My perl is weak and I am not the one who wrote this code so I may not be correct in my assessment, but it looks to me that all it is doing is assigning a category based on the authMethod. My question is could it also somehow be erasing all the RADIUS attributes from the request too... here is the code: my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type, $user_name, $ssid) = @_; my $logger = Log::Log4perl->get_logger(); if (defined($node_info->{'category'})) { if (lc($node_info->{'category'}) eq 'Admin') { return $switch->getVlanByName('customVlan1'); } elsif (lc($node_info->{'category'}) eq 'Students') { return $switch->getVlanByName('customVlan2'); } elsif (lc($node_info->{'category'}) eq 'Guest') { return $switch->getVlanByName('customVlan3'); } } $logger->warn("Something is misconfigured. You should not see this message. Return null VLAN."); return -1; Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Sallee, Stephen (Jake) [mailto:Jak...@um...] Sent: Wednesday, June 29, 2011 11:29 AM To: pac...@li... Subject: Re: [Packetfence-users] No location Log entry Gotcha, this is what I get when I configure the RADIUS MAC radiusd -X output: rlm_perl: PacketFence RESULT VLAN: 113 rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK) rlm_perl: Added pair NAS-Port-Type = Wireless-802.11 rlm_perl: Added pair User-Name = bc773744f2d2 rlm_perl: Added pair NAS-Identifier = Sanderford-3 rlm_perl: Added pair User-Password = bc773744f2d2 rlm_perl: Added pair Connect-Info = CONNECT 1Mbps/6Mbps 802.11g rlm_perl: Added pair Calling-Station-Id = BC-77-37-44-F2-D2 rlm_perl: Added pair Called-Station-Id = 00-0F-7D-05-0E-B0:Connection Assistance rlm_perl: Added pair NAS-IP-Address = 10.11.30.3 rlm_perl: Added pair Message-Authenticator = 0xb1d9c4066184ed76458fd556868917ec rlm_perl: Added pair Tunnel-Private-Group-ID = 113 rlm_perl: Added pair Tunnel-Medium-Type = 6 rlm_perl: Added pair Tunnel-Type = 13 rlm_perl: Added pair Auth-Type = Accept ++[perl] returns ok } # server packetfence Sending Access-Accept of id 1 to 10.11.30.3 port 32799 Tunnel-Private-Group-Id:0 = "113" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Finished request 39. Everything looks fine but my client does not get an IP? I am looking into it now but any assistance would be greatly appreciated. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Francois Gaudreault [mailto:fga...@in...] Sent: Wednesday, June 29, 2011 8:27 AM To: pac...@li... Subject: Re: [Packetfence-users] No location Log entry Jake, On an open SSID, you need to configure some kind of RADIUS mac-filtering otherwise it won't be "packetfenced" using VLAN mode. By default, we will accept everything that is not EAP and return the proper VLAN using the RADIUS attributes. ie. for a Cisco aironet : aaa authentication login mac_methods group rad_mac dot11 ssid MySSID ... authentication open mac-address mac_methods ... ! I think this is explained in the network configuration guide. On 11-06-29 9:11 AM, Sallee, Stephen (Jake) wrote: > The entry is triggered by the RADIUS request. So, how does it work with an open SSID and no encryption? Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: Francois Gaudreault [mailto:fga...@in...] Sent: Wednesday, June 29, 2011 7:08 AM To: pac...@li...<mailto:pac...@li...> Subject: Re: [Packetfence-users] No location Log entry HI Jake, The entry is triggered by the RADIUS request. The locationlog entry will contain, if we can grab it, the SSID where the user connected to, and the ip of the AP/controller from where the RADIUS request came from. On 11-06-28 7:41 PM, Sallee, Stephen (Jake) wrote: When a wireless user is redirected to the captive portal for authentication what triggers an entry to be made in the location log and when does it get triggered? If I have an open SSID what tells PF where the user is so it can make the entry in the log? Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Packetfence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr fga...@in...<mailto:fga...@in...> :: +1.514.447.4918 (x130) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>) ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Packetfence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr fga...@in...<mailto:fga...@in...> :: +1.514.447.4918 (x130) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>) |