Menu
▾
▴
Re: [PacketFence-users] unregistered device status after login
|
From: Enrico B. <enr...@pg...> - 2020-03-18 08:15:12
|
Dear Ludovic as you can see in my previous post "registration" works fine but wifi devices (Cisco Virtual Wireless Lan Controller) are "unknown" in online/offline field: /[root@pfsrv pf]# bin/pftest authentication becchett XXXXXX RADIUS-AAI// //Testing authentication for "becchett"// // //Authenticating against 'RADIUS-AAI' in context 'admin'// // Authentication SUCCEEDED against RADIUS-AAI (Authentication successful.)// // Matched against RADIUS-AAI for 'authentication' rules// // set_role : default// // set_access_duration : 12h// // Did not match against RADIUS-AAI for 'administration' rules// // //Authenticating against 'RADIUS-AAI' in context 'portal'// // Authentication SUCCEEDED against RADIUS-AAI (Authentication successful.)// // Matched against RADIUS-AAI for 'authentication' rules// // set_role : default// // set_access_duration : 12h// // Did not match against RADIUS-AAI for 'administration' rules/ Thanks a lot. Best Regards Enrico Il 17/03/2020 13:04, Ludovic Zammit ha scritto: > Hello Enrico, > > Nothing in that log says it would or deregister your node. > > Give me the output of that command: > > bin/pftest authentication USERNAME “” RADIUS-AAI > > Thanks, > Ludovic Zammit > lz...@in... <mailto:lz...@in...> :: +1.514.447.4918 (x145) ::www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) > > > > >> On May 30, 2019, at 8:45 AM, Enrico Becchetti via PacketFence-users >> <pac...@li... >> <mailto:pac...@li...>> wrote: >> >> Log from offline node, packetfence.log: >> .... >> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] handling radius autz request: from switch_ip >> => (10.21.0.1), connection_type => Wireless-802.11-EAP,switch_mac => >> (6c:dd:30:49:dc:e0), mac => [2c:4d:54:3a:c9:eb], port => 1, username >> => "USERNAME@domain", ssid => dot1x (pf::radius::authorize) >> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x >> (pf::Connection::ProfileFactory::_from_profile) >> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Found authentication source(s) : 'RADIUS-AAI' >> for realm 'default' (pf::config::util::filter_authentication_sources) >> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: >> [mac:2c:4d:54:3a:c9:eb] Calling match with empty/invalid rule class. >> Defaulting to 'authentication' (pf::authentication::match2) >> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Using sources RADIUS-AAI for matching >> (pf::authentication::match2) >> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Matched rule (catchall) in source RADIUS-AAI, >> returning actions. (pf::Authentication::Source::match_rule) >> May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Matched rule (catchall) in source RADIUS-AAI, >> returning actions. (pf::Authentication::Source::match) >> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Role has already been computed and we don't >> want to recompute it. Getting role from node_info >> (pf::role::getRegisteredRole) >> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Username was defined "USERNAME@domain" >> returning role 'default' (pf::role::getRegisteredRole) >> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] PID: "USERNAME@domain", Status: reg Returned >> VLAN: (undefined), Role: default (pf::role::fetchRoleForNode) >> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] (10.21.0.1) Added VLAN 26 to the returned >> RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] violation 1300003 force-closed for >> 2c:4d:54:3a:c9:eb (pf::violation::violation_force_close) >> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x >> (pf::Connection::ProfileFactory::_from_profile) >> May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:[undef]] oldmac (2c:4d:54:3a:c9:eb) and newmac (0) are different >> for 10.26.1.1 - closing ip4log entry (pf::api::update_ip4log) >> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: >> [mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 0 (pf::api::trigger_scan) >> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: >> [mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x >> (pf::Connection::ProfileFactory::_from_profile) >> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: >> [mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 1 (pf::api::trigger_scan) >> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) WARN: >> [mac:2c:4d:54:3a:c9:eb] Use of uninitialized value $added in >> concatenation (.) or string at /usr/local/pf/lib/pf/api.pm line 989. >> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO: >> [mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 0,added >> (pf::api::trigger_scan) >> May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) WARN: >> [mac:2c:4d:54:3a:c9:eb] Use of uninitialized value $added in numeric >> eq (==) at /usr/local/pf/lib/pf/api.pm line 990. >> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Updating iplog from accounting request >> (pf::api::handle_accounting_metadata) >> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: >> [mac:2c:4d:54:3a:c9:eb] Trying to match IP address with an invalid >> MAC address '0' (pf::ip4log::mac2ip) >> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: >> [mac:2c:4d:54:3a:c9:eb] Unable to match MAC address to IP >> '10.26.1.33' (pf::ip4log::ip2mac) >> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN: >> [mac:2c:4d:54:3a:c9:eb] Trying to open an 'ip4log' table entry with >> an invalid MAC address '0' (pf::ip4log::open) >> May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO: >> [mac:2c:4d:54:3a:c9:eb] Unable to extract MAC from Called-Station-Id: >> 10.21.0.1 (pf::radius::extractApMacFromRadiusRequest) >> .. >> >> Enrico >> >> >> Il 30/05/2019 14:27, Enrico Becchetti ha scritto: >>> Il 30/05/2019 14:08, Nicolas Quiniou-Briand via PacketFence-users ha >>> scritto: >>>> Hello Enrico, >>>> >>>> On 2019-05-30 1:37 p.m., Enrico Becchetti via PacketFence-users wrote: >>>>> but why is it not online ? >>>> >>>> See >>>> https://packetfence.org/doc/PacketFence_Installation_Guide.html#_radius_accounting >>>> >>> Dear all, >>> >>> I enabled "/Update the iplog using the accounting/setting >>> from/System configuration → Main configuration → Advanced/." >>> >>> Do I restart PF after this change ? >>> >>> Thank you so much ! >>> Best Reards >>> Enrico >>> >>> >>> -- >>> _______________________________________________________________________ >>> >>> Enrico Becchetti Servizio di Calcolo e Reti >>> >>> Istituto Nazionale di Fisica Nucleare - Sezione di Perugia >>> Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) >>> Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it >>> ______________________________________________________________________ >> >> >> -- >> _______________________________________________________________________ >> >> Enrico Becchetti Servizio di Calcolo e Reti >> >> Istituto Nazionale di Fisica Nucleare - Sezione di Perugia >> Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) >> Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it >> ______________________________________________________________________ >> _______________________________________________ >> PacketFence-users mailing list >> Pac...@li... >> <mailto:Pac...@li...> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- _______________________________________________________________________ Enrico Becchetti Servizio di Calcolo e Reti Istituto Nazionale di Fisica Nucleare - Sezione di Perugia Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY) Phone:+39 075 5852777 Skype:enrico_becchetti Mail: Enrico.Becchetti<at>pg.infn.it ______________________________________________________________________ |
