Hello Mickael,
first Marseille and Paris are not supposed to work together but we will try
to make it work.
It looks that there is a misconfiguration on the Paris server, it´s
not suppose to return any vlan/acl but just accept or reject.
So on the Eduroam server how did you define the Paris radius server ?
(IP/Port)
Also check in the file raddb/sites-enabled/packetfence-tunnel in the
post-auth section and check if you have that:
if !( ("%{client:shortname}" =~ /eduroam_tlrs/) ||
(&request:PacketFence-ShortName && &request:PacketFence-ShortName =~
/eduroam_tlrs/)) {
rest
}
Because if the request is coming from eduroam (it´s the case since there is
the attribute PacketFence-ShortName = "eduroam_tlrs1" in the request) then
we bypass the rest module.
And in your case the rest module is called. (because this is coming from
the rest module Reply-Message = "Switch is not managed by PacketFence")
Regards
Fabrice
Le lun. 31 janv. 2022 à 17:22, Mickael BOUBALA via PacketFence-users <
[email protected]> a écrit :
> Hello All,
>
>
> I have seen from the guide how to configure eduroam:
> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_eduroam
> .
> My server is running Packetfence 10.3.0.
> outbound eduroam authentication works successfully.
>
>
> *Inbound eduroam authentication : *
> But i'm facing issue with inbound eduroam authentication with the
> following message:
>
> Reply-Message = "Switch is not managed by PacketFence"
>
> *The reason :*
> My pf server is making a filter on NAS-IP-Address = 193.54.188.34 instead
> of FreeRADIUS-Client-IP-Address = 194.57.7.15.
> The server with IP 194.57.7.15 is the eduroam.fr proxy radius and it's a
> client radius of my pf server.
> The radius requests from NAS-IP-Address = 193.54.188.34 are fording by
> FreeRADIUS-Client-IP-Address = 194.57.7.15.
>
>
> *synoptic: *
> "Paris" RADIUS : is my radius server
> "Marseilles" RADIUS: is the radius server of another institution.
>
> Access-Point -- [radius] --> "Marseilles" RADIUS -- [radius] --> Country
> Proxys (rad1|2.eduroam.fr) -- [radius] --> "Paris" RADIUS
>
>
> *Log :*
>
> Radius Request:
>
> User-Name = "[email protected]"
> NAS-IP-Address = 193.54.188.34
> NAS-Port = 1
> Service-Type = Framed-User
> Framed-MTU = 1300
> Called-Station-Id = "11:22:33:44:55:66:eduroam"
> Calling-Station-Id = "AA:BB:CC:EE:DD:FF"
> NAS-Identifier = "WLC8510-1"
> Proxy-State = 0x313639
> Proxy-State = 0x3933
> NAS-Port-Type = Wireless-802.11
> Acct-Session-Id = "61f7db3a/AA:BB:CC:EE:DD:FF/15621780"
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "12"
> Event-Timestamp = "Jan 31 2022 13:51:17 CET"
> EAP-Message = 0x020100140160406365612e6672
> Message-Authenticator = 0x118d65d70758e05e470d9
> Chargeable-User-Identity = 0x22
> Location-Capable = Civic-Location
> Airespace-Wlan-Id = 51
> Cisco-AVPair = "audit-session-id=22bcdbf761"
> Cisco-AVPair = "mDNS=true"
> Stripped-User-Name = "user2"
> Realm = "cea.fr"
> FreeRADIUS-Client-IP-Address = 194.57.7.15
> Called-Station-SSID = "eduroam"
> PacketFence-ShortName = "eduroam_tlrs1"
> PacketFence-KeyBalanced = "183d134047864398846ac987aa0435a2"
> PacketFence-Radius-Ip = "213.186.33.5"
> User-Password = "******"
> SQL-User-Name = "[email protected]"
>
> RADIUS Reply:
>
> Reply-Message = "Switch is not managed by PacketFence"
>
> Proxy-State = 0x313639
>
> Proxy-State = 0x3933
>
>
>
> Helps:
> How to set pf to use FreeRADIUS-Client-IP-Address filter Inbound
> authentication ?
>
> Thank You.
>
> Regards
> Mickael BOUBALA
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
