Stefan,
If you don't see the rule in packetfence.log it means that it is not being
trigger, either something is not matching, or there is a tpo i the rul.
In the last case you should see a message like: "error while building rule XXX"
in the packetfence.log. Just to be sure after deploying a rule in
vlan_filter.conf, you need to do "bin/pfcmd configreload hard" which will force
your configuration to be reloaded.
It seems to me that the filter is not applied.
Thanks
On Friday, October 07, 2016 02:55 EDT, "Marold, Stefan"
<[email protected]> wrote:
Hello Antoine,
after using 'bin/pfcmd checkup', I see the following line in packetfence.log:
Oct 07 02:34:19 pfcmd.pl(2179) INFO: Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
When the user authenticates, I don't see any messages related to
"1:EthernetEAP&EAPTLS" in packetfence.log:
Oct 07 02:39:57 httpd.aaa(1754) INFO: [mac:74:2b:62:6d:47:d4] handling radius
autz request: from switch_ip => (172.20.10.118), connection_type =>
Ethernet-EAP,switch_mac => (54:4a:00:88:a8:01), mac => [74:2b:62:6d:47:d4],
port => 10101, username => "D1527.dorsten.local" (pf::radius::authorize)
Oct 07 02:39:57 httpd.aaa(1754) INFO: [mac:74:2b:62:6d:47:d4] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Oct 07 02:39:58 httpd.aaa(1754) INFO: [mac:74:2b:62:6d:47:d4] is of status
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
Oct 07 02:39:58 httpd.aaa(1754) INFO: [mac:74:2b:62:6d:47:d4] (172.20.10.118)
Added VLAN 11 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Oct 07 02:40:00 httpd.aaa(1754) INFO: [mac:74:2b:62:6d:47:d4] Updating
locationlog from accounting request (pf::api::handle_accounting_metadata)
Oct 07 02:40:02 httpd.portal(2202) INFO: [mac:[undef]] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)
Oct 07 02:40:02 httpd.portal(2037) INFO: [mac:[undef]] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)
Oct 07 02:40:02 httpd.portal(2038) INFO: [mac:[undef]] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)
I also tried to add the following rule, but it seems to have no effect:
[2:EthernetEAP&EAPTLS]
scope = NodeInfoForAutoReg
role = default
action = modify_node
action_param = mac = $mac, status = reg, access_duration = 12H, role = default
BTW does the absence of "EAP-Type => EAP-TLS" in packetfence.log means the
EAP-Type is not "EAP-TLS"?
Regards
Stefan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
