omnivista-cirrus-10-local-ldap-byod
Dies ist eine alte Version des Dokuments!
Inhaltsverzeichnis
OVCX/OVTX: BYOD mit lokalem LDAP und Captive Portal
In diesem Beispiel soll die Authentifizierung der Nutzer (nach Kenntnis des PSK für BYOD-SSID) über einen lokalen LDAP-Server mit Anmeldung an Captive Portal erfolgen.
Einrichtung des LDAP-Servers (auf Debian)
Der Server ist im lokalen Netz über die IPv4 Adresse 192.168.2.1 erreichbar.
Installation
benny@shiva:~$ sudo apt install slapd ldap-utils Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: libodbc2 Suggested packages: libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal odbc-postgresql tdsodbc The following NEW packages will be installed: ldap-utils libodbc2 slapd 0 upgraded, 3 newly installed, 0 to remove and 109 not upgraded. Need to get 1,730 kB of archives. After this operation, 5,950 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://ftp2.de.debian.org/debian bookworm/main amd64 libodbc2 amd64 2.3.11-2+deb12u1 [150 kB] Get:2 http://ftp2.de.debian.org/debian bookworm/main amd64 slapd amd64 2.5.13+dfsg-5 [1,435 kB] Get:3 http://ftp2.de.debian.org/debian bookworm/main amd64 ldap-utils amd64 2.5.13+dfsg-5 [144 kB] Fetched 1,730 kB in 0s (5,650 kB/s) Preconfiguring packages ... Selecting previously unselected package libodbc2:amd64. (Reading database ... 112109 files and directories currently installed.) Preparing to unpack .../libodbc2_2.3.11-2+deb12u1_amd64.deb ... Unpacking libodbc2:amd64 (2.3.11-2+deb12u1) ... Selecting previously unselected package slapd. Preparing to unpack .../slapd_2.5.13+dfsg-5_amd64.deb ... Unpacking slapd (2.5.13+dfsg-5) ... Selecting previously unselected package ldap-utils. Preparing to unpack .../ldap-utils_2.5.13+dfsg-5_amd64.deb ... Unpacking ldap-utils (2.5.13+dfsg-5) ... Setting up ldap-utils (2.5.13+dfsg-5) ... Setting up libodbc2:amd64 (2.3.11-2+deb12u1) ... Setting up slapd (2.5.13+dfsg-5) ... Creating new user openldap... done. Creating initial configuration... done. Creating LDAP directory... done. Processing triggers for man-db (2.11.2-2) ... Processing triggers for libc-bin (2.36-9+deb12u10) ... benny@shiva:~$
Schema einrichten
Schema für "example.com"
benny@shiva:~$ sudo dpkg-reconfigure -plow slapd
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.5.13+dfsg-5... done.
Moving old database directory to /var/backups:
There are leftover files in /var/lib/ldap. This will probably break
creating the initial directory. If that's the case please move away
stuff in there and retry the configuration.
Creating initial configuration... done.
Creating LDAP directory... done.
benny@shiva:~$
benny@shiva:~$ ldapsearch -x -LLL -s base -b "" namingContexts
dn:
namingContexts: dc=example,dc=com
benny@shiva:~$ sudo ldapsearch -LLLQ -Y EXTERNAL -H ldapi:/// -b cn=config dn
dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}mdb,cn=config
Schema für "people"
benny@shiva:~/ldap$ cat people dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people
Daten für "testuser"
benny@shiva:~/ldap$ cat testuser dn: uid=testuser,ou=people,dc=example,dc=com objectClass: inetOrgPerson cn: Test User sn: User givenName: Test uid: testuser mail: testuser@example.com userPassword: testpass
Schema anlegen und "testuser" hinzufügen
benny@shiva:~/ldap$ ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f people Enter LDAP Password: adding new entry "ou=people,dc=example,dc=com" benny@shiva:~/ldap$ ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f testuser Enter LDAP Password: adding new entry "uid=testuser,ou=people,dc=example,dc=com" benny@shiva:~/ldap$ ldapsearch -x -b "dc=example,dc=com" "(uid=testuser)" # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (uid=testuser) # requesting: ALL # # testuser, people, example.com dn: uid=testuser,ou=people,dc=example,dc=com objectClass: inetOrgPerson cn: Test User sn: User givenName: Test uid: testuser mail: testuser@example.com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Externe Abfrage des LDAP-Servers
benny@Bennys-MacBook-Pro-8 ~ % ldapsearch -x -H ldap://192.168.2.1 -D "cn=admin,dc=example,dc=com" -W -b "dc=example,dc=com" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # example.com dn: dc=example,dc=com objectClass: top objectClass: dcObject objectClass: organization o: example dc: example # people, example.com dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people # testuser, people, example.com dn: uid=testuser,ou=people,dc=example,dc=com objectClass: inetOrgPerson cn: Test User sn: User givenName: Test uid: testuser mail: testuser@example.com userPassword:: dGVzdHBhc3M= # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3
Einrichtung in OVCX/OVTX
LDAP-Server anlegen
Für den produktiven Einsatz empfehlen wir natürlich eine verschlüsselte Kommunikation zwischen LDAP-Server und Access Point!
- Wichtig ist insbesondere der Punkt Use as On-Premises Server
- Der Benutzername (Admin Name) muss in einem Format wie diesem hinterlegt werden
cn=admin,dc=example,dc=com - In diesem Beispiel nutzen wir als Search Base folgendes
dc=example,dc=com
BYOD Access Strategy
- Wichtig ist insbesondere der Punkt On-Premises LDAP Server
SSID-Konfiguration bzgl. BYOD
BYOD Client / Remembered Devices
Ausgaben auf dem Stellar AP
/tmp/log/eag.log
[2025-06-18 17:31:03.645807]: eag_qoe.c:223:portal.report username:testuser, server_ip:143.209.0.2
[2025-06-18 17:31:03.645874]: eag_stamsg.c:765:Receive USER_DEL leave msg status:NotAuthed,apmac DC:08:56:85:FB:00, usermac:7a:57:5c:2c:d7:65, wlan service name:byodtest, ssid:byodtest, ARP name:VLAN11, leave_reason:0
[2025-06-18 17:31:03.645953]: appconn.c:426:appconn_del_from_db, user_macstr=7A:57:5C:2C:D7:65, user_ipstr=192.168.11.179, family=4
[2025-06-18 17:33:00.052071]: eag_ins.c:8663:Unified_AAA_Server_Profile shivaldap modify
[2025-06-18 17:33:17.903155]: eag_stamsg.c:1282:stamsg_recieive usermac 32:A3:91:0E:32:80,userip 192.168.11.122, OP: 1
[2025-06-18 17:33:17.903287]: eag_stamsg.c:732:stamsg_proc, appconn not exist, usermac=32:a3:91:0e:32:80
[2025-06-18 17:33:18.621320]: eag_stamsg.c:350:external_portal 0,mac_auth 2
[2025-06-18 17:33:18.621432]: eag_stamsg.c:354:stamsg_proc, appconn not exist, usermac=7A:57:5C:2C:D7:65
[2025-06-18 17:33:18.621780]: eag_iptables.c:5260:iptables add_and_del_entry lock
[2025-06-18 17:33:18.622180]: eag_iptables.c:5363:insert_and_del_mss_by_mac, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:0, target_name:TCPMSS, type:4(iptables add)
[2025-06-18 17:33:18.622803]: eag_iptables.c:821:add_and_del_mac_entry, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:0, target_name:DROP, type:4(iptables add), entry_num:0
[2025-06-18 17:33:18.625257]: eag_iptables.c:821:add_and_del_mac_entry, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:1, target_name:DROP, type:4(iptables add), entry_num:0
[2025-06-18 17:33:18.626227]: eag_iptables.c:1004:add_and_del_mac_limit_entry, table:nat, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_DNAT, match_type:0, target_name:CP_N_DEFAULT, type:4(iptables add), entry_num:0
[2025-06-18 17:33:18.627117]: eag_iptables.c:1004:add_and_del_mac_limit_entry, table:nat, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_DNAT, match_type:0, target_name:CP_DNAT_RULE, type:4(iptables add), entry_num:0
[2025-06-18 17:33:18.627661]: eag_iptables.c:1325:ipv6_add_and_del_mac_entry, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:0, target_name:DROP, type:4(iptables add)
[2025-06-18 17:33:18.628001]: eag_iptables.c:1325:ipv6_add_and_del_mac_entry, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:1, target_name:DROP, type:4(iptables add)
[2025-06-18 17:33:18.628362]: eag_iptables.c:1325:ipv6_add_and_del_mac_entry, table:nat, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_DNAT, match_type:0, target_name:CP_N_DEFAULT, type:4(iptables add)
[2025-06-18 17:33:18.628726]: eag_iptables.c:1325:ipv6_add_and_del_mac_entry, table:nat, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_DNAT, match_type:0, target_name:CP_DNAT_RULE, type:4(iptables add)
[2025-06-18 17:33:18.634299]: eag_ins.c:11071:eag_send_user_login_status_to_dns cmd=ubus call dns_snooping SendDnssUserlogout '{"user_mac":"7A575C2CD765"}' return={
"status": "failed"
}
[2025-06-18 17:33:18.634514]: appconn.c:1291:bridge : ,intf : ath103
[2025-06-18 17:33:18.634600]: eag_ins.c:5797:ARP VLAN11 mapingType VLAN
[2025-06-18 17:33:18.634665]: eag_ins.c:5782:ARP VLAN11 vlanid = 11
[2025-06-18 17:33:18.634725]: eag_stamsg.c:448:redirect_url 107,external_portal 0
[2025-06-18 17:33:18.634791]: eag_ins.c:6417:aaaprofile __byodtest ,trust radius status 0
[2025-06-18 17:33:18.634850]: eag_stamsg.c:473:portal_session_get_aaa_parameter succeed
[2025-06-18 17:33:18.634911]: eag_ins.c:5968:name __byodtest
[2025-06-18 17:33:18.634977]: eag_ins.c:12852:set radius aaa profile name = __byodtest success
[2025-06-18 17:33:18.635043]: eag_stamsg.c:306:eag_stamsg_get_url_custom_file:
[2025-06-18 17:33:18.635101]: eag_stamsg.c:517:Receive USER_ADD msg status:NotAuthed, apmac: DC:08:56:85:FB:00,usermac:7A:57:5C:2C:D7:65,userip 0.0.0.0, wlan service name:byodtest, ssid:byodtest ,ARP name: VLAN11, redirect URL: https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765redirect ipv6 URL:https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765
[2025-06-18 17:33:18.635181]: eag_ins.c:10107:mqtt reply start
[2025-06-18 17:33:18.635243]: eag_ins.c:10116:status:sucess,usermac:7a:57:5c:2c:d7:65,reason:0
[2025-06-18 17:33:18.635324]: eag_ins.c:10132:mqtt reply end
[2025-06-18 17:33:23.301922]: eag_stamsg.c:1282:stamsg_recieive usermac A6:DE:DC:22:EE:D3,userip 192.168.11.178, OP: 1
[2025-06-18 17:33:23.302220]: eag_stamsg.c:732:stamsg_proc, appconn not exist, usermac=a6:de:dc:22:ee:d3
[2025-06-18 17:33:23.309212]: appconn.c:1018:eag_ipinfo_get before userip=192.168.11.179
[2025-06-18 17:33:23.311968]: appconn.c:1025:eag_ipinfo_get after userip=192.168.11.179,usermac=7A:57:5C:2C:D7:65,interface=br-vlan11
[2025-06-18 17:33:23.312130]: appconn.c:1030:appconn_check_is_conflict eag_ipinfo_get userip 192.168.11.179, interface(br-vlan11), usermac(7A:57:5C:2C:D7:65)
[2025-06-18 17:33:23.322084]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:23.322204]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:23.322273]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:23.322334]: eag_redir.c:3517:user ip = 192.168.11.179
[2025-06-18 17:33:23.322401]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:23.330861]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:23.331063]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:23.331131]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:23.340716]: eag_redir.c:2949:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:23.347091]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:23.347289]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:23.347354]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:23.347562]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REQUEST_EVENT result_code:0
[2025-06-18 17:33:23.347710]: eag_ins.c:7104:the custon file not exist
[2025-06-18 17:33:23.347783]: eag_redir.c:1726:PortalRedirect___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,Interface:ath103,NasID:,redirURL:https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765&url=http://captive.apple.com/hotspot-detect.html
[2025-06-18 17:33:23.347875]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REDIRECT_EVENT result_code:0
[2025-06-18 17:33:23.348029]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:23.354769]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:23.354964]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:23.355027]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:23.379896]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:23.386288]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:23.386483]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:23.386548]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:24.229811]: eag_redir.c:2949:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:24.236622]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:24.236820]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:24.236903]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:24.246552]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REQUEST_EVENT result_code:0
[2025-06-18 17:33:24.246727]: eag_ins.c:7104:the custon file not exist
[2025-06-18 17:33:24.246814]: eag_redir.c:1726:PortalRedirect___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,Interface:ath103,NasID:,redirURL:https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765&url=http://captive.apple.com/hotspot-detect.html
[2025-06-18 17:33:24.246913]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REDIRECT_EVENT result_code:0
[2025-06-18 17:33:24.417788]: eag_redir.c:2949:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:24.424515]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:24.424709]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:24.424775]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:24.424983]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REQUEST_EVENT result_code:0
[2025-06-18 17:33:24.425127]: eag_ins.c:7104:the custon file not exist
[2025-06-18 17:33:24.425200]: eag_redir.c:1726:PortalRedirect___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,Interface:ath103,NasID:,redirURL:https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765&url=http://captive.apple.com/hotspot-detect.html
[2025-06-18 17:33:24.425292]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REDIRECT_EVENT result_code:0
[2025-06-18 17:33:24.611510]: eag_redir.c:2949:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:24.618578]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:24.618781]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:24.618843]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:24.619046]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REQUEST_EVENT result_code:0
[2025-06-18 17:33:24.619189]: eag_ins.c:7104:the custon file not exist
[2025-06-18 17:33:24.619261]: eag_redir.c:1726:PortalRedirect___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,Interface:ath103,NasID:,redirURL:https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765&url=http://captive.apple.com/hotspot-detect.html
[2025-06-18 17:33:24.619351]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REDIRECT_EVENT result_code:0
[2025-06-18 17:33:25.229720]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:25.236907]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:25.237105]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:25.237170]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:25.263909]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:25.270585]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:25.270785]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:25.270853]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:25.295569]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:25.302140]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:25.302335]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:25.302401]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:25.327414]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:25.334263]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:25.334466]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:25.334533]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:33.898726]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:33.905464]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:33.905698]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:33.905765]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:43.885386]: eag_portal.c:3850:portal fd(21) receive 22 bytes from 127.0.0.1:56744
[2025-06-18 17:33:43.885571]: eag_portal.c:3750:Receive portal packet type=1,userip=0xb30ba8c0,errcode=0 from portal server 0x7f000001:56744
[2025-06-18 17:33:43.885651]: eag_portal.c:1261:Receive start LDAP auth 1
[2025-06-18 17:33:43.885730]: eag_portal.c:1306:PortalReqChallenge___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,PortalIP:127.0.0.1,Interface:ath103,NasID:
[2025-06-18 17:33:43.885843]: eag_portal.c:1519:PortalAckChallenge___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,PortalIP:127.0.0.1,Interface:ath103,NasID:,ErrCode:0,ErrReason:
[2025-06-18 17:33:43.886641]: eag_portal.c:3850:portal fd(21) receive 54 bytes from 127.0.0.1:56744
[2025-06-18 17:33:43.886728]: eag_portal.c:3750:Receive portal packet type=3,userip=0xb30ba8c0,errcode=0 from portal server 0x7f000001:56744
[2025-06-18 17:33:43.886799]: eag_portal.c:2062:eag_portal_chapauth_proc username testuser
testpassf}?I|h?`???kp
[2025-06-18 17:33:43.886874]: eag_portal.c:2111:PortalReqAuth___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,UserName:testuser,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,PortalIP:127.0.0.1,Interface:ath103,NasID:,ChapAuth
[2025-06-18 17:33:43.886952]: eag_time.c:89:preemptionCountDown is 600s, Time of two Authentication interval is 1750260823.89s
[2025-06-18 17:33:43.888420]: eag_ldap.c:361:[search_base:dc=example,dc=com]
[search_filter:(|(uid=testuser)(CN=testuser)(sAMAccountName=testuser))]
[2025-06-18 17:33:43.890008]: eag_ldap.c:394:ldap_get_dn:uid=testuser,ou=people,dc=example,dc=com
[2025-06-18 17:33:43.890682]: eag_ldap.c:136:Get User attr : %22objectClass%22:%22inetOrgPerson%22,%22cn%22:%22Test User%22,%22sn%22:%22User%22,%22givenName%22:%22Test%22,%22uid%22:%22testuser%22,%22mail%22:%22testuser@example.com%22,%22userPassword%22:%22testpass%22
[2025-06-18 17:33:43.890782]: eag_portal.c:4290:PortalAckAuth___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,Username:testuser,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,PortalIP:127.0.0.1,Interface:ath103,ErrCode:0
[2025-06-18 17:33:43.891266]: eag_portal.c:2318:LDAP in Primary Server
[2025-06-18 17:33:43.891495]: eag_portal.c:3850:portal fd(21) receive 16 bytes from 127.0.0.1:56744
[2025-06-18 17:33:43.891578]: eag_portal.c:3750:Receive portal packet type=7,userip=0xb30ba8c0,errcode=0 from portal server 0x7f000001:56744
[2025-06-18 17:33:43.891678]: eag_portal.c:3370:PortalAffAckAuth___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,Username:testuser,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,PortalIP:127.0.0.1,Interface:ath103,NasID:
[2025-06-18 17:33:43.891753]: eag_portal.c:3400:eag_portal_aff_ack_auth_proc userip 192.168.11.179, sess_status AFF_WAIT not match user_state 0
[2025-06-18 17:33:43.909804]: eag_redir.c:2949:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:43.916804]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:43.917003]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:43.917068]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:43.917288]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REQUEST_EVENT result_code:0
[2025-06-18 17:33:43.917435]: eag_ins.c:7104:the custon file not exist
[2025-06-18 17:33:43.917508]: eag_redir.c:1726:PortalRedirect___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,Interface:ath103,NasID:,redirURL:https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765&url=http://captive.apple.com/hotspot-detect.html
[2025-06-18 17:33:43.917714]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REDIRECT_EVENT result_code:0
[2025-06-18 17:33:44.025198]: eag_redir.c:3559:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:44.031983]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:44.032186]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:44.032249]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:44.960557]: eag_redir.c:2949:reget local link addr mac:7a:57:5c:2c:d7:65 bridge:br-vlan11
[2025-06-18 17:33:44.967232]: eag_ipinfo.c:1400:[ip -6 neigh |grep 7a:57:5c:2c:d7:65|grep br-vlan11 |awk '{print $1}' |grep fe80::]:[addr:]
[2025-06-18 17:33:44.967430]: eag_ipinfo.c:1402:ipv6:::
[2025-06-18 17:33:44.967495]: appconn.c:320:user local llink address is null
[2025-06-18 17:33:44.967704]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REQUEST_EVENT result_code:0
[2025-06-18 17:33:44.967849]: eag_ins.c:7104:the custon file not exist
[2025-06-18 17:33:44.967921]: eag_redir.c:1726:PortalRedirect___UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,ApMAC:DC-08-56-85-FB-00,SSID:byodtest,NasIP:192.168.15.151,Interface:ath103,NasID:,redirURL:https://eu.manage.ovcirrus.com:443/portalpages/a4fc006ea2b1312d9457522635e28ec7/login.html?mac=7A575C2CD765&url=http://captive.apple.com/hotspot-detect.html
[2025-06-18 17:33:44.968012]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: HTTP_REDIRECT_EVENT result_code:0
[2025-06-18 17:33:45.106290]: eag_coa.c:1575:receive coa message ID 43
[2025-06-18 17:33:45.106532]: eag_coa.c:808:get_coa_param User-Name=testuser, attr_len=8
[2025-06-18 17:33:45.106617]: eag_coa.c:832:get_coa_param user mac=7A:57:5C:2C:D7:65, attr_len=12
[2025-06-18 17:33:45.106696]: eag_coa.c:1244:RadiusCoaRequest___UserName:testuser,UserIP:0.0.0.0,SessionID:
[2025-06-18 17:33:45.106740]: eag_coa.c:874:get appconn by coa_param, userip 0xc0a80bb3(0.0.0.0) 4
[2025-06-18 17:33:45.106799]: eag_coa.c:704:config_coa_session sessiontimeoutRad=0
[2025-06-18 17:33:45.106935]: eag_ins.c:4453:eag_trap: ubus call wmaagent sendtrap '{"contents":"{\"trapType\":\"apStationAuthenticationSuccessful\",\"apUptime\":\"3038186\",\"apTraptime\":\"Wed Jun 18 17:33:45 2025\",\"apMAC\":\"DC:08:56:85:FB:00\",\"apSSID\":\"byodtest\",\"apEncryptType\":\"3\",\"apAuthType\":\"2\",\"apStaMAC\":\"7A:57:5C:2C:D7:65\",\"apStaIP\":\"192.168.11.179\",\"apUserName\":\"testuser\"}"}'
[2025-06-18 17:33:45.110886]: eag_coa.c:1302:RadiusCoaAck___UserName:testuser,UserIP:192.168.11.179,SessionID:192.168.15.151_18/06/2025_17:33:18_7a575c2cd765
[2025-06-18 17:33:45.110999]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: COA_REQ_EVENT result_code:0
[2025-06-18 17:33:45.111134]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: COA_ACK_EVENT result_code:0
[2025-06-18 17:33:45.111240]: eag_iptables.c:2059:eag_del_usermac_filter:2059 7a, 4
[2025-06-18 17:33:45.111983]: eag_iptables.c:821:add_and_del_mac_entry, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:0, target_name:DROP, type:5(iptables delte), entry_num:0
[2025-06-18 17:33:45.113363]: eag_iptables.c:821:add_and_del_mac_entry, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:1, target_name:DROP, type:5(iptables delte), entry_num:0
[2025-06-18 17:33:45.113563]: eag_iptables.c:5260:iptables add_and_del_entry lock
[2025-06-18 17:33:45.113960]: eag_iptables.c:5363:insert_and_del_mss_by_mac, table:filter, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_FILTER, match_type:0, target_name:TCPMSS, type:5(iptables delte)
[2025-06-18 17:33:45.114871]: eag_iptables.c:1004:add_and_del_mac_limit_entry, table:nat, user_mac:7A:57:5C:2C:D7:65, chain_name:CP_DNAT, match_type:0, target_name:CP_DNAT_RULE, type:5(iptables delte), entry_num:2
[2025-06-18 17:33:45.119017]: eag_ins.c:11071:eag_send_user_login_status_to_dns cmd=ubus call dns_snooping SendDnssUserLogin '{"user_mac":"7A575C2CD765"}' return={
"status": "success"
}
[2025-06-18 17:33:45.119172]: eag_qoe.c:119:QOE_EVENT[7A:57:5C:2C:D7:65][ath103]: PORTAL_END_EVENT result_code:0
[2025-06-18 17:33:45.119302]: eag_qoe.c:223:portal.report username:testuser, server_ip:143.209.0.2
[2025-06-18 17:33:45.123039]: eag_ins.c:4549:eag_get_getlocation cmd=getlocation return=Router / 1/1/1 / AP-Wohnzimmer
[2025-06-18 17:33:45.123173]: eag_ins.c:4555:eag_get_getlocation location = Router / 1/1/1 / AP-Wohnzimmer
[2025-06-18 17:33:45.123237]: eag_radius.c:801:nas id = byodtest
[2025-06-18 17:33:45.123299]: eag_radius.c:808:after apply CALLING STATION = 7A575C2CD765,len = 12
[2025-06-18 17:33:45.123365]: eag_radius.c:821:CALLED STATION ID = DC085685FB00:byodtest,len = 21
[2025-06-18 17:33:45.123426]: eag_radius.c:843:nas port id = wifi-5G
[2025-06-18 17:33:45.123486]: eag_radius.c:853:filter id = VLAN11
[2025-06-18 17:33:45.123543]: eag_radius.c:862:session (VLAN)ID = 11
[2025-06-18 17:33:45.123600]: eag_radius.c:1399:RadiusAcctRequestStart___UserName:testuser,UserIP:192.168.11.179,UserMAC:7A-57-5C-2C-D7-65,SSID:byodtest,Authtype:Portal,APMAC:DC-08-56-85-FB-00,NasIP:192.168.15.151,RadiusAcctIP:143.209.0.2,Interface:ath103,NasID:
[2025-06-18 17:33:45.123851]: eag_stamsg.c:1419:stamsg send sockpath:/var/run/wam_table, userip:192.168.11.179, usermac:7A:57:5C:2C:D7:65, Op:5
[2025-06-18 17:33:45.124758]: eag_ins.c:9865:eag send event sta_info_notify, success
[2025-06-18 17:33:45.149832]: eag_radius.c:2314:RadiusAcctResponseStart___UserName:testuser,UserIP:192.168.11.179,UserMAC:7A575C2CD765,NasIP:192.168.15.151,RadiusAcctIP:143.209.0.2,NasID:byodtest
[2025-06-18 17:34:08.007691]: eag_ipinfo.c:2034:iwr.ifr_name=ath103
[2025-06-18 17:34:08.007980]: appconn.c:1863:appconn_check_flux userip=192.168.11.179, output_octets=1090196, total_octets=1203020
eag_cli show user all
support@Wohnzimmer:/tmp/local_config$ eag_cli show user all user num : 1 ID UserName UserIP UserMAC SessionTime OutputFlow InputFlow AuthType ESSID 1 testuser 192.168.11.179 7A:57:5C:2C:D7:65 0:09:36 1215495 192402 PORTAL byodtest
omnivista-cirrus-10-local-ldap-byod.1750764050.txt.gz · Zuletzt geändert: von benny