Wireless Access

Reply
Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

VIA and Linux

Hello all!

 

I'm hoping somebody out there has worked with LInux and the VIA client - we can get the client installed, and connected, but for some reason it is not pulling down the DNS server information for the network

 

When we run

 

Configure SELinux to allow DNS setup for VIA VPN plug-in.

# grep /usr/sbin/NetworkManager /var/log/audit/audit.log | audit2allow -D -M mypol2 (page 27 of the Linux via pdf) we see the following error:

 

lation failed:
mypol2.te:6:ERROR 'syntax error' at token '' on line 6:


/usr/bin/checkmodule:  error(s) encountered while parsing configuration
/usr/bin/checkmodule:  loading policy configuration from mypol2.te

 

The mypol2.te file has 1 line in it. We have not continued with the rest of the steps (but maybe we should anyway)

 

Any how - I would be interested if anybody out there has DNS working properly for VIA clients on LInux.

 

Thank you


Lirria

Aruba Employee
Posts: 28
Registered: ‎09-05-2012

Re: VIA and Linux

Is SELinux turned off?

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: VIA and Linux

I'll have to check when I'm back in the office on Monday.
thanks!

Lirria
Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: VIA and Linux

Ok - finally getting some time to look at this - SELinux was not installed - I did install it - but still am not having any luck getting the VIA client to connect. It connects for about 2 seconds and then disconnects - sometimes it doesn't even show up on the Clearpass server - it's awesome - but anyway - here's the logs from a connection:


Request log details for session: R00000dce-01-531a2d88
Time  Message
2014-03-07 13:35:20,533  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 255:164:xx.xx.xx.xx
2014-03-07 13:35:20,533  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - The attribute xx.xx.xx.xx does not contain MAC Address
2014-03-07 13:35:20,538  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7699 h=79 r=R00000dce-01-531a2d88] INFO Core.ServiceReqHandler - Service classification result = VIAVpn-TLS
2014-03-07 13:35:20,539  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "VIAVpn-TLS"
2014-03-07 13:35:20,539  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_sql: searching for user username in Local:localhost
2014-03-07 13:35:20,539  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: searching for user username in AD:dcname.domain.local
2014-03-07 13:35:20,541  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: found user username in AD:dcname.domain.local
2014-03-07 13:35:20,541  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: authenticating "username"
2014-03-07 13:35:25,551  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: user username authenticated succesfully
2014-03-07 13:35:25,551  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.
2014-03-07 13:35:25,551  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - The attribute xx.xx.xx.xx does not contain MAC Address
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] WARN Common.MacAddrAttrProvider - HostMac missing, not populating different mac representations
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.TagAttrTableUtil - buildTagAttrTableInput: Connection:Client-Mac-Address is not found
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - No InstanceTagDefCacheMap found for instance id = 3001 entity id = 29
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - Building the TagDefMapTable for NAD instance=3001
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - Built 0 tag(s) for NAD instanceId=3001|entityId=29
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=3001|entity=Device
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.EndpointTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Endpoint)
2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)
2014-03-07 13:35:25,556  [RequestHandler-1-0x7f3304761700 h=62148 c=R00000dce-01-531a2d88] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Started ***
2014-03-07 13:35:25,556  [RequestHandler-1-0x7f3304761700 h=62149 c=R00000dce-01-531a2d88] WARN REC.EvaluatorCtx - Prerequisites set is empty, not populating the Request Map
2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Host:Name}$)(objectClass=computer)), error=No values for param=Host:Name
2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Onboard:Owner})(objectClass=user)), error=No values for param=Onboard:Owner
2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Onboard:Owner})(objectClass=user))
2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{Onboard memberOf}), error=No values for param=Onboard memberOf
2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{Onboard memberOf})
2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - Failed to get value for attributes=HostName, OSServicePack, Onboard Groups, OperatingSystem]
2014-03-07 13:35:25,558  [RequestHandler-1-0x7f3304761700 h=62150 c=R00000dce-01-531a2d88] INFO Core.PETaskRoleMapping - Roles: User Authenticated]
2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62153 c=R00000dce-01-531a2d88] INFO Core.PETaskEnforcement - EnfProfiles: Allow Access Profile]
2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62158 c=R00000dce-01-531a2d88] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device
2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62157 c=R00000dce-01-531a2d88] WARN Core.PETaskPostAuthEnfProfileBuilder - No client macaddress found in the request
2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62157 c=R00000dce-01-531a2d88] WARN Core.PETaskPostAuthEnfProfileBuilder - startHandler: Failed to fetch NAutz attributes
2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62155 c=R00000dce-01-531a2d88] WARN Core.PETaskRadiusCoAEnfProfileBuilder - No client key found for session lookup
2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62155 c=R00000dce-01-531a2d88] WARN Core.PETaskRadiusCoAEnfProfileBuilder - startHandler: Failed to fetch NAutz attributes
2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.PETaskRadiusEnfProfileBuilder - EnfProfileAction=ACCEPT
2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.PETaskRadiusEnfProfileBuilder - Radius enfProfiles used: Allow Access Profile]
2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.EnfProfileComputer - getFinalSessionTimeout: sessionTimeout = 0
2014-03-07 13:35:25,561  [RequestHandler-1-0x7f3304761700 h=62159 c=R00000dce-01-531a2d88] INFO Core.PETaskCliEnforcement - startHandler: No commands for CLI enforcement
2014-03-07 13:35:25,564  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Received Accept Enforcement Profile
2014-03-07 13:35:25,564  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Added Class attribute with value Class = 0xf65c0316a22d463186d437b695b78a11bd0b0000000000005230303030306463652d30312d35333161326438380000000000000000000000
2014-03-07 13:35:25,564  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Policy Server reply does not contain Posture-Validation-Response
2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 h=62161 c=R00000dce-01-531a2d88] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs
2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 h=62161 c=R00000dce-01-531a2d88] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 h=62160 c=R00000dce-01-531a2d88] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 r=R00000dce-01-531a2d88 h=62148 c=R00000dce-01-531a2d88] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Completed ***

 

Not sure why it's not working - but I do see the message about HostMac missing, not populating different mac representations and wonder if when I manually created the cert on the ClearPass server if I did something wrong. The only mac that I included on the certificate with the wireless one and it looks like I really need both of them.

 

any thoughts, help or solutions are greatfully appreciated.

 

Lirria

Search Airheads
Showing results for 
Search instead for 
Did you mean: