[prev in list] [next in list] [prev in thread] [next in thread]
List: packetfence-users
Subject: Re: [PacketFence-users] RES: Ruckus SmartZone and PF 9
From: Talan Westby via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date: 2020-09-04 17:03:22
Message-ID: 481E5007-E6A8-4D92-A3BA-2B2EF0667966 () derby-college ! ac ! uk
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
[Attachment #4 (text/plain)]
Hi Rafael,
Unfortunately after some back and forth with other people we concluded we couldn't \
actually get it working on the later versions of smartzone as the supported document \
was for version 3.X from memory.
We have since moved over to another manufacturer who is not currently on the inverse \
supported platforms and have got it working by modifying a Perl script using CoA with \
Mac Auth and portal access should Mac Auth fail. If this is something that might help \
you (of smartzone supports that, it's been over a year since I last touched \
smartzone) I can't send it across to you for you to try.
Kind regards,
Talan
On 4 Sep 2020, at 17:48, Rafael Rocha <rrocha@arpsist.com.br> wrote:
CAUTION: This email originated from outside of the organization. Do not click links \
or open attachments unless you recognize the sender and know the content is safe.
Hi Talan, sorry to interrupt.
I am having the same issue, there is no response coming back from the PF to my \
Smartzone after my guest user go through the guest registration process.
How did you fixed this issue ?
Regards,
Rafael Rocha.
De: Diego Garcia del Rio via PacketFence-users \
<packetfence-users@lists.sourceforge.net> Enviada em: quarta-feira, 4 de setembro de \
2019 13:28
Para: Talan Westby <Talan.Westby@derby-college.ac.uk>
Cc: Diego Garcia del Rio <garci66@gmail.com>; packetfence-users@lists.sourceforge.net
Assunto: Re: [PacketFence-users] Ruckus SmartZone and PF 9
Thanks Talan,
can you show the DC-PF accounting and authentication server config?
And also how is the SZ "switch" configuration in PF?
Cheers,
On Wed, Sep 4, 2019 at 11:05 AM Talan Westby \
<Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>> wrote: Hi \
Diego,
Apologies for the delay please see attached screenshots of how we have the Ruckus SZ \
configured:
Hotspot confirmation
<image001.png>
WLAN Config:
<image002.png>
Thanks for your help once again.
Regards,
Talan
From: Talan Westby via PacketFence-users \
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
Sent: 02 September 2019 21:21
To: Diego Garcia del Rio <garci66@gmail.com<mailto:garci66@gmail.com>>; \
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Talan Westby <Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>>
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9
Hi Diego,
Yes, sure, we are using Web Auth rather than a Mac-auth. We are pushing everything \
through the smartzone controller and using it as a proxy for RADIUS requests as well \
as using external portal enforcement to force portal access to PF. I have followed \
the guide here: https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone
As stated in my previous emails we are able to enrol to PF fine. However, after \
enrolment we do not get a authorization message to the Ruckus SZ.
Also as previously stated we have PF running with our Cisco controllers using Web \
Auth and usually after an enrolment PF sends a CoA disconnect to the controller and \
when it re-connects it performs the RADIUS accept and allows our users on.
I will get you some print screens tomorrow when I am back in the office.
Thanks for taking a look and any advice you could provide would be fantastic.
Regards,
Talan
From: Diego Garcia del Rio <garci66@gmail.com<mailto:garci66@gmail.com>>
Sent: 02 September 2019 19:31
To: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Cc: Nicolas Quiniou-Briand <nqb@inverse.ca<mailto:nqb@inverse.ca>>; Talan Westby \
<Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>>
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9
Dear Talan,
Can you provide more details on how you're doing the authentication? Is this radius \
with mac-auth on the SSID or are you doing "captive portal" in the AP itself?
I have PF working fine with ruckus' smartzone (albeit 3.6.1 but I don't expect any \
differences with 5.1) but I did have to make a small change in PF to get it working \
properly.
I am doing radius in non-proxy mode from the AP directly to PF (so I can't use radius \
de-auth and need to use the northbound API for de-auth).
if you can provide some screenshots on how you configured smartzone I can help you \
most probably.
On Mon, Sep 2, 2019 at 1:09 PM Talan Westby via PacketFence-users \
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> \
wrote: Hi Nicolas,
Thanks for getting back in touch and sorry for the delay.
I have had Ruckus spend some time working with us on this to no avail. What they have \
managed to do is run some RADIUS test from their SmartZone controller back to PF \
which always seem to fail. I would have thought that the RADIUS request would have \
been a MAC request so we have tried putting in a MAC Address as the username and the \
password which always seems to fail. This does work when going via our Cisco WLCs, so \
I guess the Ruckus is doing something slightly different. One thing I have noticed is \
the SmartZone.pm file in PF creates a API call to the Ruckus controller and when I \
take that payload and try the request myself the Ruckus controller responds with "Bad \
Request".
At this point I am wondering if Ruckus have updated their API Northbound endpoints in \
their later versions of software, we are running 5.1 which is a relatively new piece \
of software. Could you confirm whether the PF integration has been tested with this \
newer version of controller?
Also could you confirm the process of on boarding a user to PF from a Ruckus \
controller so we can be sure we are investigating the right section? To clarify users \
are being forwarded to the portal and they are able to enrol but the Ruckus SmartZone \
never receives/recognises that PF has authorized that user for access. If we could \
understand what PF does to send that authorization then we can concentrate on what \
might be causing the issue.
Thanks,
Talan
-----Original Message-----
From: Nicolas Quiniou-Briand <nqb@inverse.ca<mailto:nqb@inverse.ca>>
Sent: 23 August 2019 16:16
To: Talan Westby <Talan.Westby@derby-college.ac.uk<mailto:Talan.Westby@derby-college.ac.uk>>; \
packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9
On 2019-08-23 5:08 p.m., Talan Westby wrote:
> If you could let me know which logs I should be looking at that would be great.
I really don't know which logs.
Did you check on Ruckus documentation ? I found this link [0]
Otherwise, you can try to capture traffic between PacketFence and Ruckus Smartzone \
when a device try to register. If traffic is not encrypted, you could have some hint.
[0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf /usr/local/pf/sbin/
--
Nicolas Quiniou-Briand
nqb@inverse.ca<mailto:nqb@inverse.ca> :: +1.514.447.4918 *140 :: \
https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence \
(https://packetfence.org) and Fingerbank (http://fingerbank.org) \
_____________________________________
This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.
If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk<mailto:dpo@derby-college.ac.uk> immediately. \
_________________________________________
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_____________________________________
This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.
If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk<mailto:dpo@derby-college.ac.uk> immediately. \
_________________________________________ _____________________________________
This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.
If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk<mailto:dpo@derby-college.ac.uk> immediately. \
_________________________________________ _____________________________________
This electronic message contains information from Derby College which may be \
privileged and confidential. The information is intended to be for the use of the \
individual(s) or entity named above.
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.
If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk immediately. _________________________________________
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="auto">
Hi Rafael,
<div><br>
</div>
<div>Unfortunately after some back and forth with other people we concluded we \
couldn't actually get it working on the later versions of smartzone as the supported \
document was for version 3.X from memory. </div> <div><br>
</div>
<div>We have since moved over to another manufacturer who is not currently on the \
inverse supported platforms and have got it working by modifying a Perl script using \
CoA with Mac Auth and portal access should Mac Auth fail. If this is something that \
might help you (of smartzone supports that, it's been over a year since I last \
touched smartzone) I can't send it across to you for you to try. </div> \
<div><br> </div>
<div>Kind regards,</div>
<div>Talan<br>
<div dir="ltr"><br>
<blockquote type="cite">On 4 Sep 2020, at 17:48, Rafael Rocha \
<rrocha@arpsist.com.br> wrote:<br> <br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EstiloDeEmail18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div style="background-color:#FFEB9C; width:100%; border-style: solid; \
border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; \
line-height:12pt; font-family:'Calibri'; color:Black; text-align: left;"> <span \
style="color:#9C6500" ;="" font-weight:bold;="">CAUTION:</span> This email originated \
from outside of the organization. Do not click links or open attachments unless you \
recognize the sender and know the content is safe.</div> <br>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Hi Talan, \
sorry to interrupt.<o:p></o:p></span></p> <p class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">I am having \
the same issue, there is no response coming back from the PF to my Smartzone after my \
guest user go through the guest registration process.<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">How did you \
fixed this issue ? <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal">Regards,<o:p></o:p></p> <p class="MsoNormal">Rafael \
Rocha.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span \
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p> <p \
class="MsoNormal"><b>De:</b> Diego Garcia del Rio via PacketFence-users \
<packetfence-users@lists.sourceforge.net> <br>
<b>Enviada em:</b> quarta-feira, 4 de setembro de 2019 13:28<br>
<b>Para:</b> Talan Westby <Talan.Westby@derby-college.ac.uk><br>
<b>Cc:</b> Diego Garcia del Rio <garci66@gmail.com>; \
packetfence-users@lists.sourceforge.net<br> <b>Assunto:</b> Re: [PacketFence-users] \
Ruckus SmartZone and PF 9<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Thanks Talan,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">can you show the DC-PF accounting and authentication server \
config?<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">And also how is the SZ "switch" configuration in \
PF?<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Wed, Sep 4, 2019 at 11:05 AM Talan Westby <<a \
href="mailto:Talan.Westby@derby-college.ac.uk">Talan.Westby@derby-college.ac.uk</a>> \
wrote:<o:p></o:p></p> </div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm \
6.0pt;margin-left:4.8pt;margin-right:0cm"> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Hi Diego,</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Apologies for the delay please see attached \
screenshots of how we have the Ruckus SZ configured:</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Hotspot confirmation</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB"></p> \
<div><image001.png></div> <o:p></o:p></span>
<p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D"> </span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">WLAN Config:</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D"> </span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB"></p> \
<div><image002.png></div> <o:p></o:p></span>
<p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D"> </span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Thanks for your help once again.</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"><br> Regards,<br>
Talan</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D"> </span><span \
lang="EN-GB"><o:p></o:p></span></p> <div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
lang="EN-US">From:</span></b><span lang="EN-US"> Talan Westby via PacketFence-users \
<<a href="mailto:packetfence-users@lists.sourceforge.net" \
target="_blank">packetfence-users@lists.sourceforge.net</a>> <br>
<b>Sent:</b> 02 September 2019 21:21<br>
<b>To:</b> Diego Garcia del Rio <<a href="mailto:garci66@gmail.com" \
target="_blank">garci66@gmail.com</a>>; <a \
href="mailto:packetfence-users@lists.sourceforge.net" \
target="_blank">packetfence-users@lists.sourceforge.net</a><br> <b>Cc:</b> Talan \
Westby <<a href="mailto:Talan.Westby@derby-college.ac.uk" \
target="_blank">Talan.Westby@derby-college.ac.uk</a>><br> <b>Subject:</b> Re: \
[PacketFence-users] Ruckus SmartZone and PF 9</span><span \
lang="EN-GB"><o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Hi Diego,</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D"> </span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Yes, sure, we are using Web Auth rather than a Mac-auth. We are \
pushing everything through the smartzone controller and using it as a proxy for \
RADIUS requests as well as using external portal enforcement to force portal access \
to PF. I have followed the guide here: </span><span lang="EN-GB"><a \
href="https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone" \
target="_blank">https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_ruckus_smartzone</a><o:p></o:p></span></p>
<p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">As stated in my previous emails we are able to \
enrol to PF fine. However, after enrolment we do not get a authorization message to \
the Ruckus SZ. </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D"> </span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Also as previously stated we have PF running with our Cisco \
controllers using Web Auth and usually after an enrolment PF sends a CoA disconnect \
to the controller and when it re-connects it performs the RADIUS accept and allows \
our users on.</span><span lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">I will get you some print screens tomorrow when I \
am back in the office.</span><span lang="EN-GB"><o:p></o:p></span></p> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D"> </span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D">Thanks for taking a look and any advice you could provide would \
be fantastic.</span><span lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB" \
style="color:#1F497D"><br> Regards,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB" style="color:#1F497D">Talan</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span \
lang="EN-US">From:</span></b><span lang="EN-US"> Diego Garcia del Rio <<a \
href="mailto:garci66@gmail.com" target="_blank">garci66@gmail.com</a>> <br>
<b>Sent:</b> 02 September 2019 19:31<br>
<b>To:</b> <a href="mailto:packetfence-users@lists.sourceforge.net" target="_blank">
packetfence-users@lists.sourceforge.net</a><br>
<b>Cc:</b> Nicolas Quiniou-Briand <<a href="mailto:nqb@inverse.ca" \
target="_blank">nqb@inverse.ca</a>>; Talan Westby <<a \
href="mailto:Talan.Westby@derby-college.ac.uk" \
target="_blank">Talan.Westby@derby-college.ac.uk</a>><br> <b>Subject:</b> Re: \
[PacketFence-users] Ruckus SmartZone and PF 9</span><span \
lang="EN-GB"><o:p></o:p></span></p> <p class="MsoNormal" \
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> <div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">Dear Talan,<o:p></o:p></span></p> <div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">Can you provide more details on how you're doing the authentication? Is \
this radius with mac-auth on the SSID or are you doing "captive portal" in \
the AP itself?<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">I have PF working fine with ruckus' smartzone (albeit 3.6.1 but I don't \
expect any differences with 5.1) but I did have to make a small change in PF to get \
it working properly.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">I am doing radius in non-proxy mode from the AP directly to PF (so I \
can't use radius de-auth and need to use the northbound API for \
de-auth).<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">if you can provide some screenshots on how you configured smartzone I \
can help you most probably.<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> </div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB"> <o:p></o:p></span></p> <div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">On Mon, Sep 2, 2019 at 1:09 PM Talan Westby via PacketFence-users <<a \
href="mailto:packetfence-users@lists.sourceforge.net" \
target="_blank">packetfence-users@lists.sourceforge.net</a>> \
wrote:<o:p></o:p></span></p> </div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm \
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt"> <p \
class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">Hi Nicolas,<br> <br>
Thanks for getting back in touch and sorry for the delay.<br>
<br>
I have had Ruckus spend some time working with us on this to no avail. What they have \
managed to do is run some RADIUS test from their SmartZone controller back to PF \
which always seem to fail. I would have thought that the RADIUS request would have \
been a MAC request so we have tried putting in a MAC Address as the username and the \
password which always seems to fail. This does work when going via our Cisco WLCs, so \
I guess the Ruckus is doing something slightly different. One thing I have noticed is \
the SmartZone.pm file in PF creates a API call to the Ruckus controller and when I \
take that payload and try the request myself the Ruckus controller responds with \
"Bad Request".<br> <br>
At this point I am wondering if Ruckus have updated their API Northbound endpoints in \
their later versions of software, we are running 5.1 which is a relatively new piece \
of software. Could you confirm whether the PF integration has been tested with this \
newer version of controller?<br>
<br>
Also could you confirm the process of on boarding a user to PF from a Ruckus \
controller so we can be sure we are investigating the right section? To clarify users \
are being forwarded to the portal and they are able to enrol but the Ruckus SmartZone \
never receives/recognises that PF has authorized that user for access. If we could \
understand what PF does to send that authorization then we can concentrate on what \
might be causing the issue.<br> <br>
Thanks,<br>
Talan<br>
<br>
-----Original Message-----<br>
From: Nicolas Quiniou-Briand <<a href="mailto:nqb@inverse.ca" \
target="_blank">nqb@inverse.ca</a>><br>
Sent: 23 August 2019 16:16<br>
To: Talan Westby <<a href="mailto:Talan.Westby@derby-college.ac.uk" \
target="_blank">Talan.Westby@derby-college.ac.uk</a>>; <a \
href="mailto:packetfence-users@lists.sourceforge.net" \
target="_blank">packetfence-users@lists.sourceforge.net</a><br>
Subject: Re: [PacketFence-users] Ruckus SmartZone and PF 9<br>
<br>
On 2019-08-23 5:08 p.m., Talan Westby wrote:<br>
> If you could let me know which logs I should be looking at that would be \
great.<br> <br>
I really don't know which logs.<br>
<br>
Did you check on Ruckus documentation ? I found this link [0]<br>
<br>
Otherwise, you can try to capture traffic between PacketFence and Ruckus Smartzone \
when a device try to register. If traffic is not encrypted, you could have some \
hint.<br> <br>
[0] /usr/local/pf/addons/packages/build-go.sh build /usr/local/pf \
/usr/local/pf/sbin/<br>
--<br>
Nicolas Quiniou-Briand<br>
<a href="mailto:nqb@inverse.ca" target="_blank">nqb@inverse.ca</a> :: \
+1.514.447.4918 *140 :: <a href="https://inverse.ca" \
target="_blank">https://inverse.ca</a> Inverse inc. :: Leaders behind SOGo (<a \
href="https://sogo.nu" target="_blank">https://sogo.nu</a>), PacketFence<br> (<a \
href="https://packetfence.org" target="_blank">https://packetfence.org</a>) and \
Fingerbank (<a href="http://fingerbank.org" \
target="_blank">http://fingerbank.org</a>)<br> \
_____________________________________<br> <br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above.<br> <br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include
<a href="mailto:dpo@derby-college.ac.uk" target="_blank">dpo@derby-college.ac.uk</a> \
immediately.<br> _________________________________________<br>
<br>
_______________________________________________<br>
PacketFence-users mailing list<br>
<a href="mailto:PacketFence-users@lists.sourceforge.net" \
target="_blank">PacketFence-users@lists.sourceforge.net</a><br> <a \
href="https://lists.sourceforge.net/lists/listinfo/packetfence-users" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a><o:p></o:p></span></p>
</blockquote>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span \
lang="EN-GB">_____________________________________<br> <br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above. <br>
<br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include
<a href="mailto:dpo@derby-college.ac.uk" target="_blank">dpo@derby-college.ac.uk</a> \
immediately.<br> _________________________________________<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB">_____________________________________<br>
<br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above. <br>
<br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include
<a href="mailto:dpo@derby-college.ac.uk" target="_blank">dpo@derby-college.ac.uk</a> \
immediately.<br> _________________________________________<o:p></o:p></span></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</div>
_____________________________________<br>
<br>
This electronic message contains information from Derby College which may be \
privileged and confidential.<br> The information is intended to be for the use of the \
individual(s) or entity named above. <br>
<br>
If you are not the intended recipient, be aware that any disclosure, copying, \
distribution or use of the contents of this information is prohibited. Internet \
communications are not secure and therefore Derby College does not accept legal \
responsibility for the contents of this message. Any views or opinions presented are \
only those of the author and not those of Derby College.<br> <br>
If you have received this message in error, please reply to this message and include \
dpo@derby-college.ac.uk immediately.<br> \
_________________________________________<br> </body>
</html>
["image001.png" (image/png)]
["image002.png" (image/png)]
[Attachment #8 (--===============3027902657489669499==)]
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic