Good morning, I am having trouble setting up WPA Enterprise WiFi security. We are using Aruba 535 Access points on AOS 10. The AP are using Central for control in the cloud, and tunneled to an on-prem aruba gateway cluster, with Packetfence 13.2 (latest at this time). This is a brand new greenfield installation.
I have run the raddebug -f /usr/local/pf/var/run/radiusd.sock -t 3000 and amidst a ton of PII I can see this: (4816) Tue Jul 2 12:05:54 2024: Debug: Sent Access-Accept Id 146 from 10.11.1.28:1822 to 10.11.1.26:59257 length 205 (4816) Tue Jul 2 12:05:54 2024: Debug: User-Name = "******" (4816) Tue Jul 2 12:05:54 2024: Debug: Tunnel-Type = VLAN (4816) Tue Jul 2 12:05:54 2024: Debug: Tunnel-Medium-Type = IEEE-802 (4816) Tue Jul 2 12:05:54 2024: Debug: Tunnel-Private-Group-Id = "32" (4816) Tue Jul 2 12:05:54 2024: Debug: MS-MPPE-Recv-Key = ****** (4816) Tue Jul 2 12:05:54 2024: Debug: MS-MPPE-Send-Key = ****** (4816) Tue Jul 2 12:05:54 2024: Debug: EAP-Message = 0x03060004 (4816) Tue Jul 2 12:05:54 2024: Debug: Message-Authenticator = 0x00000000000000000000000000000000 (4816) Tue Jul 2 12:05:54 2024: Debug: Proxy-State = 0x38 (4816) Tue Jul 2 12:05:54 2024: Debug: Finished request I can post more logs if anyone can point me to the right section but I have to scrub for PII and there is a ton of it every few lines (username, password, email, our site name, domain name, etc) However, the Aruba just kicks the user out. 10.11.1.26 is the VIP of the packetfence cluster, 10.11.1.28 is the IP of the packetfence server that handled the authentication. So I assume that the message was returned to the gateway/access point. I am using the "Aruba Wireless Controller" switch template. I was also having trouble with getting the captive portal to work, getting a 'too many redirects' which based on some digging on these lists seems to be related to the VLAN accept message not making it to the 'switch' (which is the gateway cluster, I suppose?) Does anyone have a way to get these newer aruba units working that we know of? Does anyone know how to see a log of the radius messages returned back to the NAS (not the one proxied back to the load balancer address, which I am seeing in these logs, but when that actually gets sent back) Does anyone know how to debug this Aruba gateway? Aruba seems to have changed all their commands lately - I want to see what is coming back. Waiting on some time to open a case with Aruba regarding this too but I feel like this is 75% something that needs to change on the packetfence side and not the aruba side. All these requests are showing up in the radius debug logs and the audit page of the packetfence gui as 'accepted' (and they properly fail when the password is incorrect) but the supplicants never seem to finally join the network, leading me to believe this is a case of the wrong Accept command being sent back to the gateway or not being sent at all. Thanks in advance for any advice! - Mark Amber
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
