Menu
▾
▴
Re: [PacketFence-users] Signup doesn't work
|
From: Durand f. <fd...@in...> - 2015-07-11 00:25:29
|
Yes sure but not in 5.3 because it will be release next week. Le 2015-07-09 18:20, Andy A a écrit : > Okay thanks. After it's been reworked, I believe there will be a minor > version release? > > ------------------------------------------------------------------------ > Date: Tue, 7 Jul 2015 07:40:38 -0400 > From: fd...@in... > To: pac...@li... > Subject: Re: [PacketFence-users] Signup doesn't work > > It will probably be merge in the stable version but i have to rework it. > > Regards > Fabrice > > Le 2015-07-06 14:01, Andy A a écrit : > > Okay. Thanks. So when I have to redo the setup on a different > server in the future, I am assuming that I have apply the patch, > right? or is this patch going to make it to the main code base? > > ------------------------------------------------------------------------ > Date: Mon, 6 Jul 2015 08:57:14 -0400 > From: fd...@in... <mailto:fd...@in...> > To: pac...@li... > <mailto:pac...@li...> > Subject: Re: [PacketFence-users] Signup doesn't work > > Hi Andy, > > Le 2015-07-06 08:06, Andy A a écrit : > > Hi Fabrice. > > After testing on all the device I can say that the hack that > you provided works. > > Can you explain to me, what was the problem and what does this > hack fix so that I understand it for future reference. > > The problem in your setup is that something close the locationlog > entry of the device so packetfence don't know what to do after the > registration. > What i did in the patch is to add a new locationlog entry just > after the registration, so packetfence know that it have to > re-évaluate the access by dealing with ipset. > > Regards > Fabrice > > Thanks a lot for your help. > > ------------------------------------------------------------------------ > Date: Thu, 2 Jul 2015 09:48:54 -0400 > From: fd...@in... <mailto:fd...@in...> > To: pac...@li... > <mailto:pac...@li...> > Subject: Re: [PacketFence-users] Signup doesn't work > > Hello Andy, > > so can you apply this on your setup (5.2): > > https://github.com/inverse-inc/packetfence/compare/feature/hybrid_mode_by_vlan_filter.diff > > And in vlan_filters.conf add this: > > [all] > filter = node_info > operator = match > attribute = mac > value = (.*) > > [6:all] > scope = InlinePortalRegistration > role = 1 > > And restart pf and retry. > > Regards > Fabrice > > > Le 2015-07-01 14:43, Andy A a écrit : > > Hey Fabrice. > > Thanks. Happy Canada day. > > ------------------------------------------------------------------------ > Date: Wed, 1 Jul 2015 12:41:18 -0400 > From: fd...@in... <mailto:fd...@in...> > To: pac...@li... > <mailto:pac...@li...> > Subject: Re: [PacketFence-users] Signup doesn't work > > Hi Andy, > > today is a day of in Canada, i will be back to you > tomorrow with a hack. > > Regards > Fabrice > > > Le 2015-07-01 07:27, Andy A a écrit : > > Anything else I can look at to get this working? > > ------------------------------------------------------------------------ > From: and...@ho... > <mailto:and...@ho...> > To: pac...@li... > <mailto:pac...@li...> > Date: Tue, 30 Jun 2015 16:17:39 +0000 > Subject: Re: [PacketFence-users] Signup doesn't work > > Hi Fabrice > > More testing on this. I have observed that if I > connect the device on a 'WIRED' connection to the > inline VLAN end_time appears NULL in locationlog. > So far all the logs that I have sent in the previous > posts, are with a wireless device connected to the > inline VLAN. > > Thanks > > ------------------------------------------------------------------------ > From: and...@ho... > <mailto:and...@ho...> > To: pac...@li... > <mailto:pac...@li...> > Date: Tue, 30 Jun 2015 12:17:46 +0000 > Subject: Re: [PacketFence-users] Signup doesn't work > > > Hi Fabrice. > > I have modified the code and added the logger line to > api.pm and connected the laptop over vlan (haven't > registered the device yet) here's the log > > httpd.webservices(19776) WARN: 172.31.30.11, > 172.31.30.11, , 0, 0, 60:03:08:a5:84:3a, no, 32, , ,, > (pf::api::synchronize_locationlog) > httpd.webservices(19776) WARN: 172.31.30.11, > 172.31.30.11, , 0, 0, 60:03:08:a5:84:3a, no, 32, , ,, > (pf::api::synchronize_locationlog) > > Here's the entry in locationlog table. (end_time *IS > NOT *null) > > select * from locationlog where mac = '60:03:08:a5:84:3a'; > +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ > | mac | switch | port | vlan | > connection_type | dot1x_username | ssid | start_time > | end_time | switch_ip | switch_mac | > stripped_user_name | realm | session_id | > +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-30 13:11:42 | 2015-06-30 > 13:11:45 | 172.31.30.11 | NULL | NULL | NULL > | NULL | > +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ > 1 row in set (0.00 sec) > > > ------------------------------------------------------------------------ > Date: Thu, 25 Jun 2015 14:00:09 -0400 > From: fd...@in... <mailto:fd...@in...> > To: pac...@li... > <mailto:pac...@li...> > Subject: Re: [PacketFence-users] Signup doesn't work > > Hi Andy, > > i tried to replicate your issue on a pf 5.2 and i > can't replicate it. > > The only thing that can update the locationlog in an > inline setup is the pfdhcplistener. > > So what i want you to do is the following: > edit api.pm and change the function > synchronize_locationlog with that: > > -------------------- > sub synchronize_locationlog : Public { > my ( $class, $switch, $switch_ip, $switch_mac, > $ifIndex, $vlan, $mac, $voip_status, $connection_type, > $connection_sub_type, $user_name, $ssid > ,$stripped_user_name, $realm) = @_; > my $logger = pf::log::get_logger(); > $logger->warn( "$switch, $switch_ip, $switch_mac, > $ifIndex, $vlan, $mac, $voip_status, $connection_type, > $connection_sub_type, $user_name, $ssid > ,$stripped_user_name, $realm"); > > return > (pf::locationlog::locationlog_synchronize($switch, > $switch_ip, $switch_mac, $ifIndex, $vlan, $mac, > $voip_status, $connection_type, $connection_sub_type, > $user_name, $ssid, $stripped_user_name, $realm)); > } > -------------------- > and restart httpd.webservices > > Delete the locationlog entry > delete from locationlog where mac="60:03:08:a5:84:3a"; > > Plug the laptop on the inline vlan and check > immediately in the locationlog the last entry for the > 60:03:08:a5:84:3a mac address (the end time should be > NULL). > > Also check packetfence.log like this: > tail -f logpacketfence.log|grep synchronize_locationlog > > > And give me the result. > > Regards > Fabrice > > > > Le 2015-06-25 12:11, Andy A a écrit : > > Here are all the entries > > +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ > | mac | switch | port | vlan | > connection_type | dot1x_username | ssid | > start_time | end_time | switch_ip | > switch_mac | stripped_user_name | realm | session_id | > +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ > | 60:03:08:a5:84:3a | 172.31.30.12 | 0 | 0 | > Inline | | | 2015-04-30 15:49:32 | > 2015-04-30 16:23:52 | 172.31.30.12 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.12 | 0 | 0 | > Inline | | | 2015-04-30 16:33:53 | > 2015-04-30 16:35:53 | 172.31.30.12 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-05 17:47:47 | > 2015-05-05 17:49:20 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-05 18:05:05 | > 2015-05-05 18:06:47 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-05 18:29:30 | > 2015-05-05 18:41:59 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-06 06:39:36 | > 2015-05-06 06:41:02 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-08 13:43:43 | > 2015-05-08 13:46:11 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-08 17:28:52 | > 2015-05-08 17:30:11 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-12 12:19:22 | > 2015-05-12 12:36:27 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-12 12:51:52 | > 2015-05-12 12:53:27 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-12 16:29:57 | > 2015-05-12 16:31:28 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-15 13:05:27 | > 2015-05-15 13:23:09 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-15 13:23:53 | > 2015-05-15 13:25:09 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-05-15 13:25:21 | > 2015-05-15 14:14:09 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-16 12:53:01 | > 2015-06-16 12:54:09 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-16 16:04:48 | > 2015-06-17 16:05:15 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-18 13:00:46 | > 2015-06-19 12:23:24 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-19 17:17:37 | > 2015-06-19 17:18:01 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-20 05:17:40 | > 2015-06-20 05:18:04 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-20 17:17:40 | > 2015-06-20 17:18:06 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-21 05:17:41 | > 2015-06-21 05:18:07 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-21 17:17:43 | > 2015-06-21 17:18:09 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-22 05:17:46 | > 2015-06-22 05:18:12 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-23 14:40:07 | > 2015-06-23 14:40:22 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-23 14:46:39 | > 2015-06-23 14:57:55 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-23 14:58:43 | > 2015-06-23 14:58:55 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-23 16:28:13 | > 2015-06-23 16:40:04 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-23 16:45:41 | > 2015-06-23 16:46:04 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 04:45:44 | > 2015-06-24 04:46:07 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 11:52:58 | > 2015-06-24 11:53:08 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 11:53:41 | > 2015-06-24 11:54:08 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 12:07:56 | > 2015-06-24 12:08:08 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 13:21:54 | > 2015-06-24 13:24:55 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 13:26:21 | > 2015-06-24 13:50:55 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 15:39:57 | > 2015-06-24 16:01:57 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 16:12:20 | > 2015-06-24 16:12:57 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 16:38:36 | > 2015-06-24 16:39:01 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 16:44:16 | > 2015-06-24 16:55:01 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 17:30:51 | > 2015-06-24 17:37:48 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-24 17:43:01 | > 2015-06-24 17:53:48 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-25 05:46:40 | > 2015-06-25 05:46:50 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-25 15:28:12 | > 2015-06-25 15:28:23 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-25 15:55:41 | > 2015-06-25 15:57:23 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | > Inline | | | 2015-06-25 16:57:13 | > 2015-06-25 16:57:23 | 172.31.30.11 | NULL | > NULL | NULL | NULL | > +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+ > 44 rows in set (0.00 sec) > > No there are no entries with end_time as null. I > never have an entry where the end_time is NULL. > Should I change something in my networks.conf? > > [10.0.1.0] > dns=8.8.8.8 > next_hop=172.31.30.1 > gateway=10.0.1.1 > dhcp_start=10.0.1.10 > domain-name=inlinel3.domainn_name.com > nat_enabled=1 > named=enabled > dhcp_max_lease_time=86400 > dhcpd=enabled > fake_mac_enabled=0 > netmask=255.255.255.0 > type=inlinel3 > dhcp_end=10.0.1.250 > dhcp_default_lease_time=86400 > > > Regarding ipset my question was why the IP doesn't > appear in ipset list immediately after registering > the device. Why does it only appear in the ipset > list AFTER I have disconnected from AP and > reconnected again. I know you said new DHCP > request was made. But same was the case, when I > first got on the inline network isn't it? > > As for pinging 8.8.8.8, I am using > > ------------------------------------------------------------------------ > Date: Thu, 25 Jun 2015 11:50:19 -0400 > From: fd...@in... <mailto:fd...@in...> > To: pac...@li... > <mailto:pac...@li...> > Subject: Re: [PacketFence-users] Signup doesn't work > > Hi Andy, > > my answer/question bellow. > > Le 2015-06-25 11:29, Andy A a écrit : > > Hi Fabrice. > Thanks for the comments, here's what you asked > for. > > service packetfence status > service|shouldBeStarted|pid > dhcpd|1|1733 > haproxy|0|0 > httpd.aaa|1|1737 > httpd.admin|1|1709 > httpd.portal|1|1753 > httpd.proxy|0|0 > httpd.webservices|1|1785 > iptables|1|-1 > memcached|1|1797 > pfbandwidthd|0|0 > pfdetect|0|0 > pfdhcplistener_eth1|1|1849 > pfdhcplistener_eth2|1|1855 > pfdns|1|1860 > pfmon|1|1866 > pfsetvlan|1|1883 > radiusd|1|1897 > snmptrapd|1|1879 > snort|0|0 > suricata|0|0 > keepalived|0|0 > > > Connecting a laptop to the inline network via > the AP. Here are the pfdhcplistener logs. Yes, > I see DHCP request and an IP address is > assigned to the laptop. I can ping 8.8.8.8 at > this stage (once the laptop has acquired an IP > address) > > Ok so first it's not normal that you can ping > 8.8.8.8 when you are unreg (if you can check on > the layer3 interface 172.31.30.1 if you are able > to force 8.8.8.8 to be behind packetfence > 172.31.30.10) > > > pfdhcplistener(6280) INFO: DHCPREQUEST > from 60:03:08:a5:84:3a (10.252.7.81) > with lease of 7776000 seconds > (main::parse_dhcp_request) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) WARN: Unable to > match MAC address to IP '10.252.7.81' > (pf::iplog::ip2mac) > > pfdhcplistener(6280) ERROR: Use of > uninitialized value in string eq at > /usr/local/pf/sbin/pfdhcplistener line > 547.(main::update_iplog) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) WARN: Unable to > perform a Fingerbank lookup for device > with MAC address '60:03:08:a5:84:3a' > (pf::fingerbank::process) > > pfdhcplistener(6280) INFO: > 60:03:08:a5:84:3a requested an IP with > the following informations: last_dhcp > = 2015-06-25 15:28:11,computername = > lappy,dhcp_fingerprint = > 1,3,6,15,119,95,252,44,46,dhcp_vendor > = (main::listen_dhcp) > > pfdhcplistener(6280) INFO: > 60:03:08:a5:84:3a is of device type > (main::listen_dhcp) > > pfdhcplistener(6280) INFO: DHCPOFFER > from 172.31.30.11 (00:50:56:93:22:a3) > to host 60:03:08:a5:84:3a (10.0.1.12) > (main::parse_dhcp_offer) > > pfdhcplistener(6280) INFO: DHCPREQUEST > from 60:03:08:a5:84:3a (10.0.1.12) > (main::parse_dhcp_request) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) WARN: Unable to > perform a Fingerbank lookup for device > with MAC address '60:03:08:a5:84:3a' > (pf::fingerbank::process) > > pfdhcplistener(6280) INFO: > 60:03:08:a5:84:3a requested an IP with > the following informations: last_dhcp > = 2015-06-25 15:28:13,computername = > lappy,dhcp_fingerprint = > 1,3,6,15,119,95,252,44,46,dhcp_vendor > = (main::listen_dhcp) > > pfdhcplistener(6280) INFO: > 60:03:08:a5:84:3a is of device type > (main::listen_dhcp) > > pfdhcplistener(6280) INFO: DHCPACK > from 172.31.30.11 (00:50:56:93:22:a3) > to host 60:03:08:a5:84:3a (10.0.1.12) > for 86400 seconds (main::parse_dhcp_ack) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > > select * from locationlog where > mac="60:03:08:a5:84:3a"; > > 60:03:08:a5:84:3a | 172.31.30.11 | 0 | > 0 | Inline | | | 2015-06-25 > 15:28:12 | 2015-06-25 15:28:23 | > 172.31.30.11 | NULL | NULL | > NULL | NULL | > > Just so you know, I have 42 enteries for that > MAC address as I have been using the same > device to test over the past days. > > Do you have a entry with end_time is NULL ? > Also can you post all the result ? > > Logs after registering the laptop via portal. > I believe you would need logs from > packetfence.log (as nothing showed up in > pfdhcplistener.log) > > /usr/local/pf/logs/packetfence.log <== > > httpd.portal(6630) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > httpd.portal(6630) INFO: registering > 60:03:08:a5:84:3a guest by email > (captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration) > > httpd.portal(6630) INFO: Matched rule > (catchall) in source email, returning > actions. > (pf::Authentication::Source::match) > > httpd.portal(6630) WARN: Can't find > provisioner for 60:03:08:a5:84:3a > since we don't have it's OS > (pf::Portal::Profile::findProvisioner) > > httpd.portal(6630) INFO: > [60:03:08:a5:84:3a] re-evaluating > access (manage_register called) > (pf::enforcement::reevaluate_access) > > httpd.portal(6630) WARN: > [60:03:08:a5:84:3a] Can't re-evaluate > access because no open locationlog > entry was found > (pf::enforcement::reevaluate_access) > > This is the issue, since packetfence don't know > where the device is (It's suppose to be marked as > Inline on the locationlog) > > httpd.portal(6630) INFO: new > activation code successfully generated > (pf::activation::create) > > httpd.portal(6630) INFO: Email sent to > te...@xx... <mailto:te...@xx...> > (xxxx.com: Email activation required) > (pf::activation::__ANON__) > > httpd.portal(6630) WARN: Can't find > provisioner for 60:03:08:a5:84:3a > since we don't have it's OS > (pf::Portal::Profile::findProvisioner) > > httpd.portal(6643) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > httpd.portal(6659) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > httpd.portal(6621) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > httpd.portal(6621) WARN: Unable to > perform a Fingerbank lookup for device > with MAC address '60:03:08:a5:84:3a' > (pf::fingerbank::process) > > > Here's where the redirection to 'your network > should be enabled within... ' page happens. > > httpd.portal(6621) INFO: > [60:03:08:a5:84:3a] shouldn't reach > here. Calling access re-evaluation. > Make sure your network device > configuration is correct. > (captiveportal::PacketFence::Controller::CaptivePortal::unknownState) > > httpd.portal(6621) INFO: > [60:03:08:a5:84:3a] re-evaluating > access (redir.cgi called) > (pf::enforcement::reevaluate_access) > > httpd.portal(6621) WARN: > [60:03:08:a5:84:3a] Can't re-evaluate > access because no open locationlog > entry was found > (pf::enforcement::reevaluate_access) > > Same here. > > > Here's the ipset after I have just registered > the laptop. (and I know that the above IP > should appear under pfsession_Reg_10.0.1.0 as > a member) > ipset -L > Name: pfsession_Unreg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > Name: pfsession_Reg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > Name: pfsession_Isol_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > > And I know it could be a problem with sudoers > and the whole.. > su - pf > and launch sudo ipset -L > If it doesn´t work it mean that there is a > problem with sudoers file. > > But here's the thing, as soon as I get off the > AP and inline network and then join back here > are the logs and ipset -L > > /usr/local/pf/logs/pfdhcplistener.log <== > > pfdhcplistener(6280) INFO: DHCPREQUEST > from 60:03:08:a5:84:3a (10.0.1.12) > (main::parse_dhcp_request) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: > [60:03:08:a5:84:3a] stated changed, > adapting firewall rules for proper > enforcement > (pf::inline::performInlineEnforcement) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > *pfdhcplistener(6280) WARN: Problem > trying to run command: LANG=C sudo > ipset --del pfsession_Unreg_10.0.1.0 > 10.0.1.12 2>&1 called from > iptables_unmark_node. Child exited > with non-zero value 1 (pf::util::pf_run)* > > pfdhcplistener(6280) INFO: Flushed > connections for 10.0.1.12. > (pf::ipset::iptables_unmark_node) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) WARN: Unable to > perform a Fingerbank lookup for device > with MAC address '60:03:08:a5:84:3a' > (pf::fingerbank::process) > > pfdhcplistener(6280) INFO: > 60:03:08:a5:84:3a requested an IP with > the following informations: last_dhcp > = 2015-06-25 15:43:11,computername = > lappy,dhcp_fingerprint = > 1,3,6,15,119,95,252,44,46,dhcp_vendor > = dhcpcd-5.5.6 (main::listen_dhcp) > > pfdhcplistener(6280) INFO: > 60:03:08:a5:84:3a is of device type > (main::listen_dhcp) > > pfdhcplistener(6280) INFO: DHCPACK > from 172.31.30.11 (00:50:56:93:22:a3) > to host 60:03:08:a5:84:3a (10.0.1.12) > for 86400 seconds (main::parse_dhcp_ack) > > pfdhcplistener(6280) INFO: Matched MAC > '60:03:08:a5:84:3a' to IP address > '10.0.1.12' using OMAPI > (pf::iplog::mac2ip) > > pfdhcplistener(6280) INFO: Matched IP > '10.0.1.12' to MAC address > '60:03:08:a5:84:3a' using OMAPI > (pf::iplog::ip2mac) > > > ipset -L > Name: pfsession_Unreg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > Name: pfsession_Reg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > 10.0.1.12 > > Name: pfsession_Isol_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > I wait for 10 minutes (and let the device > become unregistered again) so ipset -L says > ipset -L > Name: pfsession_Unreg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > 10.0.1.12 > > Name: pfsession_Reg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > > Name: pfsession_Isol_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > after that I was able to remove the device as > follows > su - pf > sudo ipset --del pfsession_Unreg_10.0.1.0 > 10.0.1.12 2>&1 > sudo ipset -L > Name: pfsession_Unreg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > Name: pfsession_Reg_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > > Name: pfsession_Isol_10.0.1.0 > Type: bitmap:ip > Header: range 10.0.1.0-10.0.1.255 > Size in memory: 152 > References: 1 > Members: > > So I am not quite sure what the problem is. > Why there is no entry in ipset when I > register, but immediately when I leave the AP > and get back on again, the IP appears in the > ipset list (and the internet works fine). > > ipset has been updated because of a new dhcp request. > > ------------------------------------------------------------------------ > Date: Thu, 25 Jun 2015 07:42:10 -0400 > From: fd...@in... > <mailto:fd...@in...> > To: pac...@li... > <mailto:pac...@li...> > Subject: Re: [PacketFence-users] Signup > doesn't work > > Hi Andy, > > Can you check something for me ? > > -First service packetfence status > -Next connect the laptop in the inline network > and check in pfdhcplistener.log if you see the > dhcp request. > -Next check in the database the locationlog > entry if it set to inline: > select * from locationlog where > mac="00:11:22:33:44:55"; > -Next register the device and paste the log. > -Paste ipset -L > > Are you able to ping 8.8.8.8 ? > > With that i will probably be able to let you > know what is the issue. > > Regards > Fabrice > > Le 2015-06-25 06:20, Andy A a écrit : > > Hi Louis. > > Thanks for the reply. Actually, after I > sent the last post, it's gone back to the > same and now it's the same for ALL devices > (Android or iOS) > So disregard my momentary jubilation on it > working for Android device. > > Thanks for letting me know you are away, > that will certainly dampen my hope of > resolving this within the next 3 days. But > I will keep testing and posting. > > ------------------------------------------------------------------------ > From: lm...@in... > <mailto:lm...@in...> > Date: Wed, 24 Jun 2015 15:35:56 -0400 > To: > pac...@li... > <mailto:pac...@li...> > Subject: Re: [PacketFence-users] Signup > doesn't work > > > > On Jun 24, 2015, at 12:54 , Andy A > <and...@ho... > <mailto:and...@ho...>> wrote: > > One way to get internet access in my > current situation (where I get 'Your > network should be enabled within a > minute or two message') - I have > figured out is, to disconnect from the > AP and then connect back again. > BOOM everything then works. But this > is a very horrible experience for a > user and I can't expect the user to > try this funky hack to get internet > access after registration. > > I found this > http://www.packetfence.org/bugs/view.php?id=1655 which > describes the exact same issue and is > BUG. Not sure it has been fixed yet. > Can anyone confirm this? > > > That bug report is so old as to be useless > now. > > I would rather start from scratch. > > Internet access basically depends on being > placed in the proper IPset. > Can you check if registration happens > differently for iOs devices? > Are they placed in the same IPset at the > Android ones? > > > I’ll be away from work for the next three > days. Back on the 29th. > Keep posting, someone else may be able to > help or else I’ll have a look on Monday. > > Regards, > -- > Louis Munro > lm...@in... > <mailto:lm...@in...> :: > www.inverse.ca <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 > x125 > Inverse inc. :: Leaders behind SOGo > (www.sogo.nu <http://www.sogo.nu>) and > PacketFence (www.packetfence.org > <http://www.packetfence.org>) > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for > free with OpManager! OpManager is > web-based network management software that > monitors network devices and physical & > virtual servers, alerts via email & sms > for fault. Monitor 25 devices for free > with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o > <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free with OpManager! > OpManager is web-based network management software that monitors > network devices and physical & virtual servers, alerts via email & sms > for fault. Monitor 25 devices for free with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> > > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free > with OpManager! OpManager is web-based network > management software that monitors network > devices and physical & virtual servers, alerts > via email & sms for fault. Monitor 25 devices > for free with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o > <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> > _______________________________________________ PacketFence-users > mailing list > Pac...@li... > <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free with OpManager! > OpManager is web-based network management software that monitors > network devices and physical & virtual servers, alerts via email & sms > for fault. Monitor 25 devices for free with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> > > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > -- > Fabrice Durand > fd...@in... <mailto:fd...@in...> :: +1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) > > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free > with OpManager! OpManager is web-based network > management software that monitors network devices > and physical & virtual servers, alerts via email & > sms for fault. Monitor 25 devices for free with no > restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o > <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free with OpManager! > OpManager is web-based network management software that monitors > network devices and physical & virtual servers, alerts via email & sms > for fault. Monitor 25 devices for free with no restriction. Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> > > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > -- > Fabrice Durand > fd...@in... <mailto:fd...@in...> :: +1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) > > > ------------------------------------------------------------------------------ > Monitor 25 network devices or servers for free with > OpManager! OpManager is web-based network management > software that monitors network devices and physical & > virtual servers, alerts via email & sms for fault. > Monitor 25 devices for free with no restriction. > Download now > http://ad.doubleclick.net/ddm/clk/292181274;119417398;o <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo> > _______... [truncated message content] |
