Re: [PacketFence-users] unregistered device status after login

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello Enrico,

Nothing in that log says it would or deregister your node.

Give me the output of that command:

bin/pftest authentication USERNAME “” RADIUS-AAI

Thanks,

Ludovic Zammit
lz...@in... <mailto:lz...@in...> ::  +1.514.447.4918 (x145) ::  www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) 

> On May 30, 2019, at 8:45 AM, Enrico Becchetti via PacketFence-users <pac...@li...> wrote:
> 
> Log from offline node, packetfence.log:
> ....
> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] handling radius autz request: from switch_ip => (10.21.0.1), connection_type => Wireless-802.11-EAP,switch_mac => (6c:dd:30:49:dc:e0), mac => [2c:4d:54:3a:c9:eb], port => 1, username => "USERNAME@domain", ssid => dot1x (pf::radius::authorize)
> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x (pf::Connection::ProfileFactory::_from_profile)
> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Found authentication source(s) : 'RADIUS-AAI' for realm 'default' (pf::config::util::filter_authentication_sources)
> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: [mac:2c:4d:54:3a:c9:eb] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2)
> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Using sources RADIUS-AAI for matching (pf::authentication::match2)
> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Matched rule (catchall) in source RADIUS-AAI, returning actions. (pf::Authentication::Source::match_rule)
> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Matched rule (catchall) in source RADIUS-AAI, returning actions. (pf::Authentication::Source::match)
> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Role has already been computed and we don't want to recompute it. Getting role from node_info (pf::role::getRegisteredRole)
> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Username was defined "USERNAME@domain" returning role 'default' (pf::role::getRegisteredRole)
> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] PID: "USERNAME@domain", Status: reg Returned VLAN: (undefined), Role: default (pf::role::fetchRoleForNode)
> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] (10.21.0.1) Added VLAN 26 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] violation 1300003 force-closed for 2c:4d:54:3a:c9:eb (pf::violation::violation_force_close)
> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x (pf::Connection::ProfileFactory::_from_profile)
> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:[undef]] oldmac (2c:4d:54:3a:c9:eb) and newmac (0) are different for 10.26.1.1 - closing ip4log entry (pf::api::update_ip4log)
> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: [mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 0 (pf::api::trigger_scan)
> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: [mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x (pf::Connection::ProfileFactory::_from_profile)
> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: [mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 1 (pf::api::trigger_scan)
> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) WARN: [mac:2c:4d:54:3a:c9:eb] Use of uninitialized value $added in concatenation (.) or string at /usr/local/pf/lib/pf/api.pm line 989.
> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: [mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 0,added   (pf::api::trigger_scan)
> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) WARN: [mac:2c:4d:54:3a:c9:eb] Use of uninitialized value $added in numeric eq (==) at /usr/local/pf/lib/pf/api.pm line 990.
> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Updating iplog from accounting request (pf::api::handle_accounting_metadata)
> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: [mac:2c:4d:54:3a:c9:eb] Trying to match IP address with an invalid MAC address '0' (pf::ip4log::mac2ip)
> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: [mac:2c:4d:54:3a:c9:eb] Unable to match MAC address to IP '10.26.1.33' (pf::ip4log::ip2mac)
> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: [mac:2c:4d:54:3a:c9:eb] Trying to open an 'ip4log' table entry with an invalid MAC address '0' (pf::ip4log::open)
> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: [mac:2c:4d:54:3a:c9:eb] Unable to extract MAC from Called-Station-Id: 10.21.0.1 (pf::radius::extractApMacFromRadiusRequest)
> ..
> 
> Enrico
> 
> 
> Il 30/05/2019 14:27, Enrico Becchetti ha scritto:
>> Il 30/05/2019 14:08, Nicolas Quiniou-Briand via PacketFence-users ha scritto:
>>> Hello Enrico, 
>>> 
>>> On 2019-05-30 1:37 p.m., Enrico Becchetti via PacketFence-users wrote: 
>>>> but why is it not online ? 
>>> 
>>> See https://packetfence.org/doc/PacketFence_Installation_Guide.html#_radius_accounting <https://packetfence.org/doc/PacketFence_Installation_Guide.html#_radius_accounting>
>>> 
>> Dear all,
>> 
>> I enabled "Update the iplog using the accounting setting from System configuration → Main configuration → Advanced."
>> 
>> Do I restart PF after this change ?
>> 
>> Thank you so much !
>> Best Reards
>> Enrico
>> 
>> 
>> -- 
>> _______________________________________________________________________
>> 
>> Enrico Becchetti                    Servizio di Calcolo e Reti
>> 
>> Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
>> Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
>> Phone:+39 075 5852777             Mail: Enrico.Becchetti<at>pg.infn.it
>> ______________________________________________________________________ 
> 
> 
> -- 
> _______________________________________________________________________
> 
> Enrico Becchetti                    Servizio di Calcolo e Reti
> 
> Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
> Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
> Phone:+39 075 5852777             Mail: Enrico.Becchetti<at>pg.infn.it
> ______________________________________________________________________ 
> _______________________________________________
> PacketFence-users mailing list
> Pac...@li...
> https://lists.sourceforge.net/lists/listinfo/packetfence-users