Menu
▾
▴
Re: [PacketFence-users] Signup doesn't work
|
From: <Hol...@t-...> - 2015-07-10 15:56:54
|
If there will be an update, will it include some other fixes, too? Like - Kerberos/winbind/samba Files without MIT or other specialties for everybody - A migrate.pl script, that does not fail if someone uses keywords like "workgroup" in comments - Maybe either some hints in the documentation or, which I would prefer, a samba/winbind config which does not use rpc "dns" (which is deprecated with win2000+) (As it is somehow the "actual" Windows Server Version: maybe some hints in the Docs how to marry pf with a bare "stupid" standard installation of Windows Server 2012R2 AD Server) Why? Because, as the mails in the user-group show, if one sits down and installs a Linux server with pf from scratch for pf and a "naked" Windows 2012R2 AD (both just plain, as the "standard howtos describe), they just do not not play together without a hassle, especially, if one uses OutOfBand. Not to forget: thanks for all your work and care so far! I fear, I still will trouble you with further questions in the future... From: Andy A [mailto:and...@ho...] Sent: Friday, July 10, 2015 12:21 AM To: pac...@li... Subject: Re: [PacketFence-users] Signup doesn't work Okay thanks. After it's been reworked, I believe there will be a minor version release? ________________________________ Date: Tue, 7 Jul 2015 07:40:38 -0400 From: fd...@in...<mailto:fd...@in...> To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work It will probably be merge in the stable version but i have to rework it. Regards Fabrice Le 2015-07-06 14:01, Andy A a écrit : Okay. Thanks. So when I have to redo the setup on a different server in the future, I am assuming that I have apply the patch, right? or is this patch going to make it to the main code base? ________________________________ Date: Mon, 6 Jul 2015 08:57:14 -0400 From: fd...@in...<mailto:fd...@in...> To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work Hi Andy, Le 2015-07-06 08:06, Andy A a écrit : Hi Fabrice. After testing on all the device I can say that the hack that you provided works. Can you explain to me, what was the problem and what does this hack fix so that I understand it for future reference. The problem in your setup is that something close the locationlog entry of the device so packetfence don't know what to do after the registration. What i did in the patch is to add a new locationlog entry just after the registration, so packetfence know that it have to re-évaluate the access by dealing with ipset. Regards Fabrice Thanks a lot for your help. ________________________________ Date: Thu, 2 Jul 2015 09:48:54 -0400 From: fd...@in...<mailto:fd...@in...> To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work Hello Andy, so can you apply this on your setup (5.2): https://github.com/inverse-inc/packetfence/compare/feature/hybrid_mode_by_vlan_filter.diff And in vlan_filters.conf add this: [all] filter = node_info operator = match attribute = mac value = (.*) [6:all] scope = InlinePortalRegistration role = 1 And restart pf and retry. Regards Fabrice Le 2015-07-01 14:43, Andy A a écrit : Hey Fabrice. Thanks. Happy Canada day. ________________________________ Date: Wed, 1 Jul 2015 12:41:18 -0400 From: fd...@in...<mailto:fd...@in...> To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work Hi Andy, today is a day of in Canada, i will be back to you tomorrow with a hack. Regards Fabrice Le 2015-07-01 07:27, Andy A a écrit : Anything else I can look at to get this working? ________________________________ From: and...@ho...<mailto:and...@ho...> To: pac...@li...<mailto:pac...@li...> Date: Tue, 30 Jun 2015 16:17:39 +0000 Subject: Re: [PacketFence-users] Signup doesn't work Hi Fabrice More testing on this. I have observed that if I connect the device on a 'WIRED' connection to the inline VLAN end_time appears NULL in locationlog. So far all the logs that I have sent in the previous posts, are with a wireless device connected to the inline VLAN. Thanks ________________________________ From: and...@ho...<mailto:and...@ho...> To: pac...@li...<mailto:pac...@li...> Date: Tue, 30 Jun 2015 12:17:46 +0000 Subject: Re: [PacketFence-users] Signup doesn't work Hi Fabrice. I have modified the code and added the logger line to api.pm and connected the laptop over vlan (haven't registered the device yet) here's the log httpd.webservices(19776) WARN: 172.31.30.11, 172.31.30.11, , 0, 0, 60:03:08:a5:84:3a, no, 32, , ,, (pf::api::synchronize_locationlog) httpd.webservices(19776) WARN: 172.31.30.11, 172.31.30.11, , 0, 0, 60:03:08:a5:84:3a, no, 32, , ,, (pf::api::synchronize_locationlog) Here's the entry in locationlog table. (end_time IS NOT null) select * from locationlog where mac = '60:03:08:a5:84:3a'; +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ | mac | switch | port | vlan | connection_type | dot1x_username | ssid | start_time | end_time | switch_ip | switch_mac | stripped_user_name | realm | session_id | +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-30 13:11:42 | 2015-06-30 13:11:45 | 172.31.30.11 | NULL | NULL | NULL | NULL | +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ 1 row in set (0.00 sec) ________________________________ Date: Thu, 25 Jun 2015 14:00:09 -0400 From: fd...@in...<mailto:fd...@in...> To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work Hi Andy, i tried to replicate your issue on a pf 5.2 and i can't replicate it. The only thing that can update the locationlog in an inline setup is the pfdhcplistener. So what i want you to do is the following: edit api.pm and change the function synchronize_locationlog with that: -------------------- sub synchronize_locationlog : Public { my ( $class, $switch, $switch_ip, $switch_mac, $ifIndex, $vlan, $mac, $voip_status, $connection_type, $connection_sub_type, $user_name, $ssid ,$stripped_user_name, $realm) = @_; my $logger = pf::log::get_logger(); $logger->warn( "$switch, $switch_ip, $switch_mac, $ifIndex, $vlan, $mac, $voip_status, $connection_type, $connection_sub_type, $user_name, $ssid ,$stripped_user_name, $realm"); return (pf::locationlog::locationlog_synchronize($switch, $switch_ip, $switch_mac, $ifIndex, $vlan, $mac, $voip_status, $connection_type, $connection_sub_type, $user_name, $ssid, $stripped_user_name, $realm)); } -------------------- and restart httpd.webservices Delete the locationlog entry delete from locationlog where mac="60:03:08:a5:84:3a"; Plug the laptop on the inline vlan and check immediately in the locationlog the last entry for the 60:03:08:a5:84:3a mac address (the end time should be NULL). Also check packetfence.log like this: tail -f logpacketfence.log|grep synchronize_locationlog And give me the result. Regards Fabrice Le 2015-06-25 12:11, Andy A a écrit : Here are all the entries +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ | mac | switch | port | vlan | connection_type | dot1x_username | ssid | start_time | end_time | switch_ip | switch_mac | stripped_user_name | realm | session_id | +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ | 60:03:08:a5:84:3a | 172.31.30.12 | 0 | 0 | Inline | | | 2015-04-30 15:49:32 | 2015-04-30 16:23:52 | 172.31.30.12 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.12 | 0 | 0 | Inline | | | 2015-04-30 16:33:53 | 2015-04-30 16:35:53 | 172.31.30.12 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-05 17:47:47 | 2015-05-05 17:49:20 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-05 18:05:05 | 2015-05-05 18:06:47 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-05 18:29:30 | 2015-05-05 18:41:59 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-06 06:39:36 | 2015-05-06 06:41:02 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-08 13:43:43 | 2015-05-08 13:46:11 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-08 17:28:52 | 2015-05-08 17:30:11 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-12 12:19:22 | 2015-05-12 12:36:27 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-12 12:51:52 | 2015-05-12 12:53:27 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-12 16:29:57 | 2015-05-12 16:31:28 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-15 13:05:27 | 2015-05-15 13:23:09 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-15 13:23:53 | 2015-05-15 13:25:09 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-05-15 13:25:21 | 2015-05-15 14:14:09 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-16 12:53:01 | 2015-06-16 12:54:09 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-16 16:04:48 | 2015-06-17 16:05:15 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-18 13:00:46 | 2015-06-19 12:23:24 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-19 17:17:37 | 2015-06-19 17:18:01 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-20 05:17:40 | 2015-06-20 05:18:04 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-20 17:17:40 | 2015-06-20 17:18:06 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-21 05:17:41 | 2015-06-21 05:18:07 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-21 17:17:43 | 2015-06-21 17:18:09 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-22 05:17:46 | 2015-06-22 05:18:12 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-23 14:40:07 | 2015-06-23 14:40:22 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-23 14:46:39 | 2015-06-23 14:57:55 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-23 14:58:43 | 2015-06-23 14:58:55 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-23 16:28:13 | 2015-06-23 16:40:04 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-23 16:45:41 | 2015-06-23 16:46:04 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 04:45:44 | 2015-06-24 04:46:07 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 11:52:58 | 2015-06-24 11:53:08 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 11:53:41 | 2015-06-24 11:54:08 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 12:07:56 | 2015-06-24 12:08:08 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 13:21:54 | 2015-06-24 13:24:55 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 13:26:21 | 2015-06-24 13:50:55 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 15:39:57 | 2015-06-24 16:01:57 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 16:12:20 | 2015-06-24 16:12:57 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 16:38:36 | 2015-06-24 16:39:01 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 16:44:16 | 2015-06-24 16:55:01 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 17:30:51 | 2015-06-24 17:37:48 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-24 17:43:01 | 2015-06-24 17:53:48 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-25 05:46:40 | 2015-06-25 05:46:50 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-25 15:28:12 | 2015-06-25 15:28:23 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-25 15:55:41 | 2015-06-25 15:57:23 | 172.31.30.11 | NULL | NULL | NULL | NULL | | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-25 16:57:13 | 2015-06-25 16:57:23 | 172.31.30.11 | NULL | NULL | NULL | NULL | +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ 44 rows in set (0.00 sec) No there are no entries with end_time as null. I never have an entry where the end_time is NULL. Should I change something in my networks.conf? [10.0.1.0] dns=8.8.8.8 next_hop=172.31.30.1 gateway=10.0.1.1 dhcp_start=10.0.1.10 domain-name=inlinel3.domainn_name.com nat_enabled=1 named=enabled dhcp_max_lease_time=86400 dhcpd=enabled fake_mac_enabled=0 netmask=255.255.255.0 type=inlinel3 dhcp_end=10.0.1.250 dhcp_default_lease_time=86400 Regarding ipset my question was why the IP doesn't appear in ipset list immediately after registering the device. Why does it only appear in the ipset list AFTER I have disconnected from AP and reconnected again. I know you said new DHCP request was made. But same was the case, when I first got on the inline network isn't it? As for pinging 8.8.8.8, I am using ________________________________ Date: Thu, 25 Jun 2015 11:50:19 -0400 From: fd...@in...<mailto:fd...@in...> To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work Hi Andy, my answer/question bellow. Le 2015-06-25 11:29, Andy A a écrit : Hi Fabrice. Thanks for the comments, here's what you asked for. service packetfence status service|shouldBeStarted|pid dhcpd|1|1733 haproxy|0|0 httpd.aaa|1|1737 httpd.admin|1|1709 httpd.portal|1|1753 httpd.proxy|0|0 httpd.webservices|1|1785 iptables|1|-1 memcached|1|1797 pfbandwidthd|0|0 pfdetect|0|0 pfdhcplistener_eth1|1|1849 pfdhcplistener_eth2|1|1855 pfdns|1|1860 pfmon|1|1866 pfsetvlan|1|1883 radiusd|1|1897 snmptrapd|1|1879 snort|0|0 suricata|0|0 keepalived|0|0 Connecting a laptop to the inline network via the AP. Here are the pfdhcplistener logs. Yes, I see DHCP request and an IP address is assigned to the laptop. I can ping 8.8.8.8 at this stage (once the laptop has acquired an IP address) Ok so first it's not normal that you can ping 8.8.8.8 when you are unreg (if you can check on the layer3 interface 172.31.30.1 if you are able to force 8.8.8.8 to be behind packetfence 172.31.30.10) pfdhcplistener(6280) INFO: DHCPREQUEST from 60:03:08:a5:84:3a (10.252.7.81) with lease of 7776000 seconds (main::parse_dhcp_request) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) WARN: Unable to match MAC address to IP '10.252.7.81' (pf::iplog::ip2mac) pfdhcplistener(6280) ERROR: Use of uninitialized value in string eq at /usr/local/pf/sbin/pfdhcplistener line 547.(main::update_iplog) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) WARN: Unable to perform a Fingerbank lookup for device with MAC address '60:03:08:a5:84:3a' (pf::fingerbank::process) pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a requested an IP with the following informations: last_dhcp = 2015-06-25 15:28:11,computername = lappy,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor = (main::listen_dhcp) pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of device type (main::listen_dhcp) pfdhcplistener(6280) INFO: DHCPOFFER from 172.31.30.11 (00:50:56:93:22:a3) to host 60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_offer) pfdhcplistener(6280) INFO: DHCPREQUEST from 60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_request) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) WARN: Unable to perform a Fingerbank lookup for device with MAC address '60:03:08:a5:84:3a' (pf::fingerbank::process) pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a requested an IP with the following informations: last_dhcp = 2015-06-25 15:28:13,computername = lappy,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor = (main::listen_dhcp) pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of device type (main::listen_dhcp) pfdhcplistener(6280) INFO: DHCPACK from 172.31.30.11 (00:50:56:93:22:a3) to host 60:03:08:a5:84:3a (10.0.1.12) for 86400 seconds (main::parse_dhcp_ack) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) select * from locationlog where mac="60:03:08:a5:84:3a"; 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline | | | 2015-06-25 15:28:12 | 2015-06-25 15:28:23 | 172.31.30.11 | NULL | NULL | NULL | NULL | Just so you know, I have 42 enteries for that MAC address as I have been using the same device to test over the past days. Do you have a entry with end_time is NULL ? Also can you post all the result ? Logs after registering the laptop via portal. I believe you would need logs from packetfence.log (as nothing showed up in pfdhcplistener.log) /usr/local/pf/logs/packetfence.log <== httpd.portal(6630) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) httpd.portal(6630) INFO: registering 60:03:08:a5:84:3a guest by email (captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration) httpd.portal(6630) INFO: Matched rule (catchall) in source email, returning actions. (pf::Authentication::Source::match) httpd.portal(6630) WARN: Can't find provisioner for 60:03:08:a5:84:3a since we don't have it's OS (pf::Portal::Profile::findProvisioner) httpd.portal(6630) INFO: [60:03:08:a5:84:3a] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) httpd.portal(6630) WARN: [60:03:08:a5:84:3a] Can't re-evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) This is the issue, since packetfence don't know where the device is (It's suppose to be marked as Inline on the locationlog) httpd.portal(6630) INFO: new activation code successfully generated (pf::activation::create) httpd.portal(6630) INFO: Email sent to te...@xx...<mailto:te...@xx...> (xxxx.com: Email activation required) (pf::activation::__ANON__) httpd.portal(6630) WARN: Can't find provisioner for 60:03:08:a5:84:3a since we don't have it's OS (pf::Portal::Profile::findProvisioner) httpd.portal(6643) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) httpd.portal(6659) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) httpd.portal(6621) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) httpd.portal(6621) WARN: Unable to perform a Fingerbank lookup for device with MAC address '60:03:08:a5:84:3a' (pf::fingerbank::process) Here's where the redirection to 'your network should be enabled within... ' page happens. httpd.portal(6621) INFO: [60:03:08:a5:84:3a] shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (captiveportal::PacketFence::Controller::CaptivePortal::unknownState) httpd.portal(6621) INFO: [60:03:08:a5:84:3a] re-evaluating access (redir.cgi called) (pf::enforcement::reevaluate_access) httpd.portal(6621) WARN: [60:03:08:a5:84:3a] Can't re-evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) Same here. Here's the ipset after I have just registered the laptop. (and I know that the above IP should appear under pfsession_Reg_10.0.1.0 as a member) ipset -L Name: pfsession_Unreg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: Name: pfsession_Reg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: Name: pfsession_Isol_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: And I know it could be a problem with sudoers and the whole.. su - pf and launch sudo ipset -L If it doesn´t work it mean that there is a problem with sudoers file. But here's the thing, as soon as I get off the AP and inline network and then join back here are the logs and ipset -L /usr/local/pf/logs/pfdhcplistener.log <== pfdhcplistener(6280) INFO: DHCPREQUEST from 60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_request) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: [60:03:08:a5:84:3a] stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) WARN: Problem trying to run command: LANG=C sudo ipset --del pfsession_Unreg_10.0.1.0 10.0.1.12 2>&1 called from iptables_unmark_node. Child exited with non-zero value 1 (pf::util::pf_run) pfdhcplistener(6280) INFO: Flushed connections for 10.0.1.12. (pf::ipset::iptables_unmark_node) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) WARN: Unable to perform a Fingerbank lookup for device with MAC address '60:03:08:a5:84:3a' (pf::fingerbank::process) pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a requested an IP with the following informations: last_dhcp = 2015-06-25 15:43:11,computername = lappy,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,dhcp_vendor = dhcpcd-5.5.6 (main::listen_dhcp) pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of device type (main::listen_dhcp) pfdhcplistener(6280) INFO: DHCPACK from 172.31.30.11 (00:50:56:93:22:a3) to host 60:03:08:a5:84:3a (10.0.1.12) for 86400 seconds (main::parse_dhcp_ack) pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a' to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip) pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac) ipset -L Name: pfsession_Unreg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: Name: pfsession_Reg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: 10.0.1.12 Name: pfsession_Isol_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: I wait for 10 minutes (and let the device become unregistered again) so ipset -L says ipset -L Name: pfsession_Unreg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: 10.0.1.12 Name: pfsession_Reg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: Name: pfsession_Isol_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: after that I was able to remove the device as follows su - pf sudo ipset --del pfsession_Unreg_10.0.1.0 10.0.1.12 2>&1 sudo ipset -L Name: pfsession_Unreg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: Name: pfsession_Reg_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: Name: pfsession_Isol_10.0.1.0 Type: bitmap:ip Header: range 10.0.1.0-10.0.1.255 Size in memory: 152 References: 1 Members: So I am not quite sure what the problem is. Why there is no entry in ipset when I register, but immediately when I leave the AP and get back on again, the IP appears in the ipset list (and the internet works fine). ipset has been updated because of a new dhcp request. ________________________________ Date: Thu, 25 Jun 2015 07:42:10 -0400 From: fd...@in...<mailto:fd...@in...> To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work Hi Andy, Can you check something for me ? -First service packetfence status -Next connect the laptop in the inline network and check in pfdhcplistener.log if you see the dhcp request. -Next check in the database the locationlog entry if it set to inline: select * from locationlog where mac="00:11:22:33:44:55"; -Next register the device and paste the log. -Paste ipset -L Are you able to ping 8.8.8.8 ? With that i will probably be able to let you know what is the issue. Regards Fabrice Le 2015-06-25 06:20, Andy A a écrit : Hi Louis. Thanks for the reply. Actually, after I sent the last post, it's gone back to the same and now it's the same for ALL devices (Android or iOS) So disregard my momentary jubilation on it working for Android device. Thanks for letting me know you are away, that will certainly dampen my hope of resolving this within the next 3 days. But I will keep testing and posting. ________________________________ From: lm...@in...<mailto:lm...@in...> Date: Wed, 24 Jun 2015 15:35:56 -0400 To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] Signup doesn't work On Jun 24, 2015, at 12:54 , Andy A <and...@ho...<mailto:and...@ho...>> wrote: One way to get internet access in my current situation (where I get 'Your network should be enabled within a minute or two message') - I have figured out is, to disconnect from the AP and then connect back again. BOOM everything then works. But this is a very horrible experience for a user and I can't expect the user to try this funky hack to get internet access after registration. I found this http://www.packetfence.org/bugs/view.php?id=1655 which describes the exact same issue and is BUG. Not sure it has been fixed yet. Can anyone confirm this? That bug report is so old as to be useless now. I would rather start from scratch. Internet access basically depends on being placed in the proper IPset. Can you check if registration happens differently for iOs devices? Are they placed in the same IPset at the Android ones? I'll be away from work for the next three days. Back on the 29th. Keep posting, someone else may be able to help or else I'll have a look on Monday. Regards, -- Louis Munro lm...@in...<mailto:lm...@in...> :: www.inverse.ca<http://www.inverse.ca> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>) ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o<http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o<http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o<http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o<http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fd...@in...<mailto:fd...@in...> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o<http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o<http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fd...@in...<mailto:fd...@in...> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o<http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fd...@in...<mailto:fd...@in...> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ _______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users |
