Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

VIA and Linux

  • 1.  VIA and Linux

    Posted Dec 18, 2013 05:11 PM

    Hello all!

     

    I'm hoping somebody out there has worked with LInux and the VIA client - we can get the client installed, and connected, but for some reason it is not pulling down the DNS server information for the network

     

    When we run

     

    Configure SELinux to allow DNS setup for VIA VPN plug-in.

    # grep /usr/sbin/NetworkManager /var/log/audit/audit.log | audit2allow -D -M mypol2 (page 27 of the Linux via pdf) we see the following error:

     

    lation failed:
    mypol2.te:6:ERROR 'syntax error' at token '' on line 6:


    /usr/bin/checkmodule:  error(s) encountered while parsing configuration
    /usr/bin/checkmodule:  loading policy configuration from mypol2.te

     

    The mypol2.te file has 1 line in it. We have not continued with the rest of the steps (but maybe we should anyway)

     

    Any how - I would be interested if anybody out there has DNS working properly for VIA clients on LInux.

     

    Thank you


    Lirria



  • 2.  RE: VIA and Linux

    Posted Dec 21, 2013 04:07 AM

    Is SELinux turned off?



  • 3.  RE: VIA and Linux

    Posted Dec 21, 2013 04:53 AM
    I'll have to check when I'm back in the office on Monday.
    thanks!

    Lirria


  • 4.  RE: VIA and Linux

    Posted Mar 07, 2014 03:45 PM

    Ok - finally getting some time to look at this - SELinux was not installed - I did install it - but still am not having any luck getting the VIA client to connect. It connects for about 2 seconds and then disconnects - sometimes it doesn't even show up on the Clearpass server - it's awesome - but anyway - here's the logs from a connection:


    Request log details for session: R00000dce-01-531a2d88
    Time  Message
    2014-03-07 13:35:20,533  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_service: Starting Service Categorization - 255:164:xx.xx.xx.xx
    2014-03-07 13:35:20,533  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - The attribute xx.xx.xx.xx does not contain MAC Address
    2014-03-07 13:35:20,538  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7699 h=79 r=R00000dce-01-531a2d88] INFO Core.ServiceReqHandler - Service classification result = VIAVpn-TLS
    2014-03-07 13:35:20,539  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_service: The request has been categorized into service "VIAVpn-TLS"
    2014-03-07 13:35:20,539  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_sql: searching for user username in Local:localhost
    2014-03-07 13:35:20,539  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: searching for user username in AD:dcname.domain.local
    2014-03-07 13:35:20,541  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: found user username in AD:dcname.domain.local
    2014-03-07 13:35:20,541  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: authenticating "username"
    2014-03-07 13:35:25,551  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_ldap: user username authenticated succesfully
    2014-03-07 13:35:25,551  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Starting Policy Evaluation.
    2014-03-07 13:35:25,551  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - The attribute xx.xx.xx.xx does not contain MAC Address
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] WARN Common.MacAddrAttrProvider - HostMac missing, not populating different mac representations
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.TagAttrTableUtil - buildTagAttrTableInput: Connection:Client-Mac-Address is not found
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - No InstanceTagDefCacheMap found for instance id = 3001 entity id = 29
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - Building the TagDefMapTable for NAD instance=3001
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO Common.TagDefinitionCacheTable - Built 0 tag(s) for NAD instanceId=3001|entityId=29
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.TagAttrHolderBuilder - No tags built for instanceId=3001|entity=Device
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.AluTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL AuthLocalUser)
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.GuTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL GuestUser)
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.EndpointTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Endpoint)
    2014-03-07 13:35:25,555  [RequestHandler-1-0x7f3304761700 r=psauto-1390013968-7700 h=83 r=R00000dce-01-531a2d88] INFO TAT.OnboardTagAttrHolderBuilder - buildAttrHolder: Tags cannot be built for instanceId=0 (NULL Onboard Device User)
    2014-03-07 13:35:25,556  [RequestHandler-1-0x7f3304761700 h=62148 c=R00000dce-01-531a2d88] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Started ***
    2014-03-07 13:35:25,556  [RequestHandler-1-0x7f3304761700 h=62149 c=R00000dce-01-531a2d88] WARN REC.EvaluatorCtx - Prerequisites set is empty, not populating the Request Map
    2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Host:Name}$)(objectClass=computer)), error=No values for param=Host:Name
    2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Host:Name}$)(objectClass=computer))
    2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(sAMAccountName=%{Onboard:Owner})(objectClass=user)), error=No values for param=Onboard:Owner
    2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(sAMAccountName=%{Onboard:Owner})(objectClass=user))
    2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(distinguishedName=%{Onboard memberOf}), error=No values for param=Onboard memberOf
    2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - execute: Failed to construct filter=(distinguishedName=%{Onboard memberOf})
    2014-03-07 13:35:25,557  [AuthReqThreadPool-5-0x7f33337d0700 r=R00000dce-01-531a2d88 h=22] WARN Ldap.LdapQuery - Failed to get value for attributes=HostName, OSServicePack, Onboard Groups, OperatingSystem]
    2014-03-07 13:35:25,558  [RequestHandler-1-0x7f3304761700 h=62150 c=R00000dce-01-531a2d88] INFO Core.PETaskRoleMapping - Roles: User Authenticated]
    2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62153 c=R00000dce-01-531a2d88] INFO Core.PETaskEnforcement - EnfProfiles: Allow Access Profile]
    2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62158 c=R00000dce-01-531a2d88] INFO Core.PETaskGenericEnfProfileBuilder - getApplicableProfiles: No App enforcement (Generic) profiles applicable for this device
    2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62157 c=R00000dce-01-531a2d88] WARN Core.PETaskPostAuthEnfProfileBuilder - No client macaddress found in the request
    2014-03-07 13:35:25,559  [RequestHandler-1-0x7f3304761700 h=62157 c=R00000dce-01-531a2d88] WARN Core.PETaskPostAuthEnfProfileBuilder - startHandler: Failed to fetch NAutz attributes
    2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62155 c=R00000dce-01-531a2d88] WARN Core.PETaskRadiusCoAEnfProfileBuilder - No client key found for session lookup
    2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62155 c=R00000dce-01-531a2d88] WARN Core.PETaskRadiusCoAEnfProfileBuilder - startHandler: Failed to fetch NAutz attributes
    2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.PETaskRadiusEnfProfileBuilder - EnfProfileAction=ACCEPT
    2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.PETaskRadiusEnfProfileBuilder - Radius enfProfiles used: Allow Access Profile]
    2014-03-07 13:35:25,560  [RequestHandler-1-0x7f3304761700 h=62154 c=R00000dce-01-531a2d88] INFO Core.EnfProfileComputer - getFinalSessionTimeout: sessionTimeout = 0
    2014-03-07 13:35:25,561  [RequestHandler-1-0x7f3304761700 h=62159 c=R00000dce-01-531a2d88] INFO Core.PETaskCliEnforcement - startHandler: No commands for CLI enforcement
    2014-03-07 13:35:25,564  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Received Accept Enforcement Profile
    2014-03-07 13:35:25,564  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Added Class attribute with value Class = 0xf65c0316a22d463186d437b695b78a11bd0b0000000000005230303030306463652d30312d35333161326438380000000000000000000000
    2014-03-07 13:35:25,564  [Th 2 Req 32402 SessId R00000dce-01-531a2d88] INFO RadiusServer.Radius - rlm_policy: Policy Server reply does not contain Posture-Validation-Response
    2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 h=62161 c=R00000dce-01-531a2d88] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs
    2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 h=62161 c=R00000dce-01-531a2d88] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
    2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 h=62160 c=R00000dce-01-531a2d88] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
    2014-03-07 13:35:25,564  [RequestHandler-1-0x7f3304761700 r=R00000dce-01-531a2d88 h=62148 c=R00000dce-01-531a2d88] INFO Core.PETaskScheduler - *** PE_TASK_SCHEDULE_RADIUS Completed ***

     

    Not sure why it's not working - but I do see the message about HostMac missing, not populating different mac representations and wonder if when I manually created the cert on the ClearPass server if I did something wrong. The only mac that I included on the certificate with the wireless one and it looks like I really need both of them.

     

    any thoughts, help or solutions are greatfully appreciated.

     

    Lirria