'Re: [PacketFence-users] RES: Ruckus SmartZone and PF 9'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    Re: [PacketFence-users] RES:  Ruckus SmartZone and PF 9
From:       Talan Westby via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date:       2020-09-04 17:03:22
Message-ID: 481E5007-E6A8-4D92-A3BA-2B2EF0667966 () derby-college ! ac ! uk
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

[Attachment #4 (text/plain)]

Hi Rafael,

Unfortunately after some back and forth with other people we concluded we couldn't \
actually get it working on the later versions of smartzone as the supported document \
was for version 3.X from memory.

We have since moved over to another manufacturer who is not currently on the inverse \
supported platforms and have got it working by modifying a Perl script using CoA with \
Mac Auth and portal access should Mac Auth fail. If this is something that might help \
you (of smartzone supports that, it's been over a year since I last touched \
smartzone) I can't send it across to you for you to try.

Kind regards,
Talan

On 4 Sep 2020, at 17:48, Rafael Rocha <rrocha@arpsist.com.br> wrote:


CAUTION: This email originated from outside of the organization. Do not click links \
or open attachments unless you recognize the sender and know the content is safe.

Hi Talan, sorry to interrupt.

I am having the same issue, there is no response coming back from the PF to my \
Smartzone after my guest user go through the guest registration process.

How did you fixed this issue ?

Regards,
Rafael Rocha.


De: Diego Garcia del Rio via PacketFence-users \
<packetfence-users@lists.sourceforge.net> Enviada em: quarta-feira, 4 de setembro de \
                2019 13:28
Para: Talan Westby <Talan.Westby@derby-college.ac.uk>
Cc: Diego Garcia del Rio <garci66@gmail.com>; packetfence-users@lists.sourceforge.net
Assunto: Re: [PacketFence-users] Ruckus SmartZone and PF 9

Thanks Talan,

can you show the DC-PF accounting and authentication server config?

And also how is the SZ "switch" configuration in PF?

Cheers,


On Wed, Sep 4, 2019 at 11:05 AM Talan Westby \
<Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>> wrote: Hi \
Diego,

Apologies for the delay please see attached screenshots of how we have the Ruckus SZ \
configured:

Hotspot confirmation
<image001.png>

WLAN Config:

<image002.png>

Thanks for your help once again.

Regards,
Talan

From: Talan Westby via PacketFence-users \
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
                
Sent: 02 September 2019 21:21
To: Diego Garcia del Rio <garci66@gmail.com<mailto:garci66@gmail.com>>; \
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
                
Cc: Talan Westby <Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>>
                
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

Hi Diego,

Yes, sure, we are using Web Auth rather than a Mac-auth. We are pushing everything \
through the smartzone controller and using it as a proxy for RADIUS requests as well \
as using external portal enforcement to force portal access to PF. I have followed \
the guide here: https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone


As stated in my previous emails we are able to enrol to PF fine. However, after \
enrolment we do not get a authorization message to the Ruckus SZ.

Also as previously stated we have PF running with our Cisco controllers using Web \
Auth and usually after an enrolment PF sends a CoA disconnect to the controller and \
when it re-connects it performs the RADIUS accept and allows our users on.

I will get you some print screens tomorrow when I am back in the office.

Thanks for taking a look and any advice you could provide would be fantastic.

Regards,
Talan
From: Diego Garcia del Rio <garci66@gmail.com<mailto:garci66@gmail.com>>
Sent: 02 September 2019 19:31
To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
                
Cc: Nicolas Quiniou-Briand <nqb@inverse.ca<mailto:nqb@inverse.ca>>; Talan Westby \
                <Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>>
                
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

Dear Talan,

Can you provide more details on how you're doing the authentication? Is this radius \
with mac-auth on the SSID or are you doing "captive portal" in the AP itself?

I have PF working fine with ruckus' smartzone (albeit 3.6.1 but I don't expect any \
differences with 5.1) but I did have to make a small change in PF to get it working \
properly.

I am doing radius in non-proxy mode from the AP directly to PF (so I can't use radius \
de-auth and need to use the northbound API for de-auth).

if you can provide some screenshots on how you configured smartzone I can help you \
most probably.



On Mon, Sep 2, 2019 at 1:09 PM Talan Westby via PacketFence-users \
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> \
wrote: Hi Nicolas,

Thanks for getting back in touch and sorry for the delay.

I have had Ruckus spend some time working with us on this to no avail. What they have \
managed to do is run some RADIUS test from their SmartZone controller back to PF \
which always seem to fail. I would have thought that the RADIUS request would have \
been a MAC request so we have tried putting in a MAC Address as the username and the \
password which always seems to fail. This does work when going via our Cisco WLCs, so \
I guess the Ruckus is doing something slightly different. One thing I have noticed is \
the SmartZone.pm file in PF creates a API call to the Ruckus controller and when I \
take that payload and try the request myself the Ruckus controller responds with "Bad \
Request".

At this point I am wondering if Ruckus have updated their API Northbound endpoints in \
their later versions of software, we are running 5.1 which is a relatively new piece \
of software. Could you confirm whether the PF integration has been tested with this \
newer version of controller?

Also could you confirm the process of on boarding a user to PF from a Ruckus \
controller so we can be sure we are investigating the right section? To clarify users \
are being forwarded to the portal and they are able to enrol but the Ruckus SmartZone \
never receives/recognises that PF has authorized that user for access. If we could \
understand what PF does to send that authorization then we can concentrate on what \
might be causing the issue.

Thanks,
Talan

-----Original Message-----
From: Nicolas Quiniou-Briand <nqb@inverse.ca<mailto:nqb@inverse.ca>>
Sent: 23 August 2019 16:16
To: Talan Westby <Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>>; \
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
                
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9

On 2019-08-23 5:08 p.m., Talan Westby wrote:
> If you could let me know which logs I should be looking at that would be great.

I really don't know which logs.

Did you check on Ruckus documentation ? I found this link [0]

Otherwise, you can try to capture traffic between PacketFence and Ruckus Smartzone \
when a device try to register. If traffic is not encrypted, you could have some hint.

[0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf /usr/local/pf/sbin/
--
Nicolas Quiniou-Briand
nqb@inverse.ca<mailto:nqb@inverse.ca>  ::  +1.514.447.4918 *140  ::  \
https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence \
(https://packetfence.org) and Fingerbank (http://fingerbank.org) \
_____________________________________

This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.

If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.

If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk<mailto:dpo@derby-college.ac.uk> immediately. \
_________________________________________

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
 https://lists.sourceforge.net/lists/listinfo/packetfence-users
_____________________________________

This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.

If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.

If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk<mailto:dpo@derby-college.ac.uk> immediately. \
_________________________________________ _____________________________________

This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.

If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.

If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk<mailto:dpo@derby-college.ac.uk> immediately. \
_________________________________________ _____________________________________

This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.

If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.

If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk immediately. _________________________________________


[Attachment #5 (text/html)]

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
Hi Rafael,
<div><br>
</div>
<div>Unfortunately after some back and forth with other people we concluded we \
couldn't actually get it working on the later versions of smartzone as the supported \
document was for version 3.X from memory.&nbsp;</div> <div><br>
</div>
<div>We have since moved over to another manufacturer who is not currently on the \
inverse supported platforms and have got it working by modifying a Perl script using \
CoA with Mac Auth and portal access should Mac Auth fail. If this is something that \
might  help you (of smartzone supports that, it's been over a year since I last \
touched smartzone) I can't send it across to you for you to try.&nbsp;</div> \
<div><br> </div>
<div>Kind regards,</div>
<div>Talan<br>
<div dir="ltr"><br>
<blockquote type="cite">On 4 Sep 2020, at 17:48, Rafael Rocha \
&lt;rrocha@arpsist.com.br&gt; wrote:<br> <br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
span.EstiloDeEmail18
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
	{page:WordSection1;}
--></style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div style="background-color:#FFEB9C; width:100%; border-style: solid; \
border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; \
line-height:12pt; font-family:'Calibri'; color:Black; text-align: left;"> <span \
style="color:#9C6500" ;="" font-weight:bold;="">CAUTION:</span> This email originated \
from outside of the organization. Do not click links or open attachments unless you \
recognize the sender and know the content is safe.</div> <br>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Hi Talan, \
sorry to interrupt.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">I am having \
the same issue, there is no response coming back from the PF to my Smartzone after my \
guest user go through the guest registration process.<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">How did you \
fixed this issue ? <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p> <p \
class="MsoNormal">Regards,<o:p></o:p></p> <p class="MsoNormal">Rafael \
Rocha.<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal"><span \
style="mso-fareast-language:EN-US"><o:p>&nbsp;</o:p></span></p> <p \
class="MsoNormal"><b>De:</b> Diego Garcia del Rio via PacketFence-users \
&lt;packetfence-users@lists.sourceforge.net&gt; <br>
<b>Enviada em:</b> quarta-feira, 4 de setembro de 2019 13:28<br>
<b>Para:</b> Talan Westby &lt;Talan.Westby@derby-college.ac.uk&gt;<br>
<b>Cc:</b> Diego Garcia del Rio &lt;garci66@gmail.com&gt;; \
packetfence-users@lists.sourceforge.net<br> <b>Assunto:</b> Re: [PacketFence-users] \
Ruckus SmartZone and PF 9<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<p class="MsoNormal">Thanks Talan,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class="MsoNormal">can you show the DC-PF accounting and authentication server \
config?<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class="MsoNormal">And also how is the SZ &quot;switch&quot; configuration in \
PF?<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<div>
<div>
<p class="MsoNormal">On Wed, Sep 4, 2019 at 11:05 AM Talan Westby &lt;<a \
href="mailto:Talan.Westby@derby-college.ac.uk">Talan.Westby@derby-college.ac.uk</a>&gt; \
wrote:<o:p></o:p></p> </div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm \
6.0pt;margin-left:4.8pt;margin-right:0cm"> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Hi Diego,</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">&nbsp;</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Apologies for the delay please see attached \
screenshots of how we have the Ruckus SZ configured:</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">&nbsp;</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Hotspot confirmation</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB"></p> \
<div>&lt;image001.png&gt;</div> <o:p></o:p></span>
<p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">&nbsp;</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">WLAN Config:</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">&nbsp;</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB"></p> \
<div>&lt;image002.png&gt;</div> <o:p></o:p></span>
<p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">&nbsp;</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Thanks for your help once again.</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"><br> Regards,<br>
Talan</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">&nbsp;</span><span \
lang="EN-GB"><o:p></o:p></span></p> <div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
lang="EN-US">From:</span></b><span lang="EN-US"> Talan Westby via PacketFence-users \
&lt;<a href="mailto:packetfence-users@lists.sourceforge.net" \
target="_blank">packetfence-users@lists.sourceforge.net</a>&gt; <br>
<b>Sent:</b> 02 September 2019 21:21<br>
<b>To:</b> Diego Garcia del Rio &lt;<a href="mailto:garci66@gmail.com" \
target="_blank">garci66@gmail.com</a>&gt;; <a \
href="mailto:packetfence-users@lists.sourceforge.net" \
target="_blank">packetfence-users@lists.sourceforge.net</a><br> <b>Cc:</b> Talan \
Westby &lt;<a href="mailto:Talan.Westby@derby-college.ac.uk" \
target="_blank">Talan.Westby@derby-college.ac.uk</a>&gt;<br> <b>Subject:</b> Re: \
[PacketFence-users] Ruckus SmartZone and PF 9</span><span \
lang="EN-GB"><o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Hi Diego,</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">&nbsp;</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Yes, sure, we are using Web Auth rather than a Mac-auth. We are \
pushing everything through the smartzone controller and using it as a proxy  for \
RADIUS requests as well as using external portal enforcement to force portal access \
to PF. I have followed the guide here: </span><span lang="EN-GB"><a \
href="https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone" \
target="_blank">https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone</a><o:p></o:p></span></p>
 <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">&nbsp;</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">As stated in my previous emails we are able to \
enrol to PF fine. However, after enrolment we do not get a authorization message to \
the Ruckus  SZ. </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">&nbsp;</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Also as previously stated we have PF running with our Cisco \
controllers using Web Auth and usually after an enrolment PF sends a CoA disconnect  \
to the controller and when it re-connects it performs the RADIUS accept and allows \
our users on.</span><span lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">&nbsp;</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">I will get you some print screens tomorrow when I \
am back in the office.</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">&nbsp;</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Thanks for taking a look and any advice you could provide would \
be fantastic.</span><span lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"><br> Regards,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Talan</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
lang="EN-US">From:</span></b><span lang="EN-US"> Diego Garcia del Rio &lt;<a \
href="mailto:garci66@gmail.com" target="_blank">garci66@gmail.com</a>&gt; <br>
<b>Sent:</b> 02 September 2019 19:31<br>
<b>To:</b> <a href="mailto:packetfence-users@lists.sourceforge.net" target="_blank">
packetfence-users@lists.sourceforge.net</a><br>
<b>Cc:</b> Nicolas Quiniou-Briand &lt;<a href="mailto:nqb@inverse.ca" \
target="_blank">nqb@inverse.ca</a>&gt;; Talan Westby &lt;<a \
href="mailto:Talan.Westby@derby-college.ac.uk" \
target="_blank">Talan.Westby@derby-college.ac.uk</a>&gt;<br> <b>Subject:</b> Re: \
[PacketFence-users] Ruckus SmartZone and PF 9</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> <div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">Dear Talan,<o:p></o:p></span></p> <div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">Can you provide more details on how you're doing the authentication? Is \
this radius with mac-auth on the SSID or are you doing &quot;captive portal&quot; in \
the AP itself?<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">I have PF working fine with ruckus' smartzone (albeit 3.6.1 but I don't \
expect any differences with 5.1) but I did have to make a small change in PF to get \
it  working properly.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">I am doing radius in non-proxy mode from the AP directly to PF (so I \
can't use radius de-auth and need to use the northbound API for \
de-auth).<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">if you can provide some screenshots on how you configured smartzone I \
can help you most probably.<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">&nbsp;<o:p></o:p></span></p> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">On Mon, Sep 2, 2019 at 1:09 PM Talan Westby via PacketFence-users &lt;<a \
href="mailto:packetfence-users@lists.sourceforge.net" \
target="_blank">packetfence-users@lists.sourceforge.net</a>&gt;  \
wrote:<o:p></o:p></span></p> </div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm \
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt"> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">Hi Nicolas,<br> <br>
Thanks for getting back in touch and sorry for the delay.<br>
<br>
I have had Ruckus spend some time working with us on this to no avail. What they have \
managed to do is run some RADIUS test from their SmartZone controller back to PF \
which always seem to fail. I would have thought that the RADIUS request would have \
been a  MAC request so we have tried putting in a MAC Address as the username and the \
password which always seems to fail. This does work when going via our Cisco WLCs, so \
I guess the Ruckus is doing something slightly different. One thing I have noticed is \
the SmartZone.pm  file in PF creates a API call to the Ruckus controller and when I \
take that payload and try the request myself the Ruckus controller responds with \
&quot;Bad Request&quot;.<br> <br>
At this point I am wondering if Ruckus have updated their API Northbound endpoints in \
their later versions of software, we are running 5.1 which is a relatively new piece \
of software. Could you confirm whether the PF integration has been tested with this \
newer  version of controller?<br>
<br>
Also could you confirm the process of on boarding a user to PF from a Ruckus \
controller so we can be sure we are investigating the right section? To clarify users \
are being forwarded to the portal and they are able to enrol but the Ruckus SmartZone \
never receives/recognises  that PF has authorized that user for access. If we could \
understand what PF does to send that authorization then we can concentrate on what \
might be causing the issue.<br> <br>
Thanks,<br>
Talan<br>
<br>
-----Original Message-----<br>
From: Nicolas Quiniou-Briand &lt;<a href="mailto:nqb@inverse.ca" \
                target="_blank">nqb@inverse.ca</a>&gt;<br>
Sent: 23 August 2019 16:16<br>
To: Talan Westby &lt;<a href="mailto:Talan.Westby@derby-college.ac.uk" \
target="_blank">Talan.Westby@derby-college.ac.uk</a>&gt;; <a \
href="mailto:packetfence-users@lists.sourceforge.net" \
                target="_blank">packetfence-users@lists.sourceforge.net</a><br>
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9<br>
<br>
On 2019-08-23 5:08 p.m., Talan Westby wrote:<br>
&gt; If you could let me know which logs I should be looking at that would be \
great.<br> <br>
I really don't know which logs.<br>
<br>
Did you check on Ruckus documentation ? I found this link [0]<br>
<br>
Otherwise, you can try to capture traffic between PacketFence and Ruckus Smartzone \
when a device try to register. If traffic is not encrypted, you could have some \
hint.<br> <br>
[0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf \
                /usr/local/pf/sbin/<br>
--<br>
Nicolas Quiniou-Briand<br>
<a href="mailto:nqb@inverse.ca" target="_blank">nqb@inverse.ca</a>&nbsp; ::&nbsp; \
+1.514.447.4918 *140&nbsp; ::&nbsp; <a href="https://inverse.ca" \
target="_blank">https://inverse.ca</a> Inverse inc. :: Leaders behind SOGo (<a \
href="https://sogo.nu" target="_blank">https://sogo.nu</a>), PacketFence<br> (<a \
href="https://packetfence.org" target="_blank">https://packetfence.org</a>) and \
Fingerbank (<a href="http://fingerbank.org" \
target="_blank">http://fingerbank.org</a>)<br> \
_____________________________________<br> <br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above.<br> <br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for  the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include
<a href="mailto:dpo@derby-college.ac.uk" target="_blank">dpo@derby-college.ac.uk</a> \
immediately.<br> _________________________________________<br>
<br>
_______________________________________________<br>
PacketFence-users mailing list<br>
<a href="mailto:PacketFence-users@lists.sourceforge.net" \
target="_blank">PacketFence-users@lists.sourceforge.net</a><br> <a \
href="https://lists.sourceforge.net/lists/listinfo/packetfence-users" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a><o:p></o:p></span></p>
 </blockquote>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">_____________________________________<br> <br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above. <br>
<br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for  the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include
<a href="mailto:dpo@derby-college.ac.uk" target="_blank">dpo@derby-college.ac.uk</a> \
immediately.<br> _________________________________________<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB">_____________________________________<br>
<br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above. <br>
<br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for  the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include
<a href="mailto:dpo@derby-college.ac.uk" target="_blank">dpo@derby-college.ac.uk</a> \
immediately.<br> _________________________________________<o:p></o:p></span></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
_____________________________________<br>
<br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above. <br>
<br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for  the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk immediately.<br> \
_________________________________________<br> </body>
</html>


["image001.png" (image/png)]
["image002.png" (image/png)]
[Attachment #8 (--===============3027902657489669499==)]


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic