This is the complete log of my session: NOTE: when I move out from captive portal page from my iphone wifi disconnect automatically. If I keep open the page all is working.
Jan 14 17:57:08 localhost packetfence_httpd.aaa: httpd.aaa(19425) INFO: [mac:f0:98:9d:7c:2e:36] handling radius autz request: from switch_ip => (192.168.110.185), connection_type => Wireless-802.11-NoEAP,switch_mac => (c4:f7:d5:9e:89:20), mac => [f0:98:9d:7c:2e:36], port => 1, username => "f0989d7c2e36", ssid => Ospiti (pf::radius::authorize) Jan 14 17:57:08 localhost packetfence_httpd.aaa: httpd.aaa(19425) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:08 localhost packetfence_httpd.aaa: httpd.aaa(19425) WARN: [mac:f0:98:9d:7c:2e:36] Switch type 'pf::Switch::Cisco::WLC' does not support MABFloatingDevices (pf::SwitchSupports::__ANON__) Jan 14 17:57:08 localhost packetfence_httpd.aaa: httpd.aaa(19425) INFO: [mac:f0:98:9d:7c:2e:36] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Jan 14 17:57:08 localhost packetfence_httpd.aaa: httpd.aaa(19425) INFO: [mac:f0:98:9d:7c:2e:36] (192.168.110.185) Added VLAN 10 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jan 14 17:57:10 localhost packetfence_httpd.aaa: httpd.aaa(19425) INFO: [mac:[undef]] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) Jan 14 17:57:10 localhost packetfence_httpd.aaa: httpd.aaa(19425) WARN: [mac:[undef]] Switch type 'pf::Switch::Cisco::WLC' does not support RoamingAccounting (pf::SwitchSupports::__ANON__) Jan 14 17:57:10 localhost pfqueue: pfqueue(21716) WARN: [mac:f0:98:9d:7c:2e:36] Unable to match MAC address to IP '10.2.0.51' (pf::ip4log::ip2mac) Jan 14 17:57:10 localhost pfqueue: pfqueue(21707) WARN: [mac:f0:98:9d:7c:2e:36] Unable to pull accounting history for device f0:98:9d:7c:2e:36. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 17:57:10 localhost pfqueue: pfqueue(21707) WARN: [mac:f0:98:9d:7c:2e:36] Unable to pull accounting history for device f0:98:9d:7c:2e:36. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 17:57:15 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:15 localhost pfqueue: pfqueue(21713) WARN: [mac:f0:98:9d:7c:2e:36] Unable to pull accounting history for device f0:98:9d:7c:2e:36. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 17:57:16 localhost packetfence_httpd.portal: httpd.portal(21638) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:18 localhost pfqueue: pfqueue(21722) WARN: [mac:f0:98:9d:7c:2e:36] Unable to pull accounting history for device f0:98:9d:7c:2e:36. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 17:57:18 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:18 localhost packetfence_httpd.portal: httpd.portal(21638) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:30 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:30 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] registering guest through a sponsor (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration) Jan 14 17:57:30 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] Using sources local, file1, AD-Admins, AD-Admins-foo, AD-Admins-Machine for matching (pf::authentication::match) Jan 14 17:57:30 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] Adding guest person e.pasqualotto@mydomain (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration) Jan 14 17:57:30 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] new activation code successfully generated (pf::activation::create) Jan 14 17:57:30 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:31 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] User [email protected]<mailto:[email protected]> has authenticated on the portal. (Class::MOP::Class:::after) Jan 14 17:57:36 localhost packetfence_httpd.portal: httpd.portal(21638) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Here I move from captive portal page "Your registration is pending approval. Once approved you will be automatically redirected" for Iphone home screen (and wifi disconnect automatically from guest ssid). Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:a4:34:d9:cb:b7:ae] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:a4:34:d9:cb:b7:ae] [f0:98:9d:7c:2e:36] Activation code sent to email assistenza@mydomain from e.pasqualotto@mydomain successfully verified. for activation type: sponsor (pf::activation::validate_code) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) WARN: [mac:a4:34:d9:cb:b7:ae] Use of uninitialized value in concatenation (.) or string at /usr/local/pf/lib/captiveportal/PacketFence/Controller/Activate/Email.pm line 218. (captiveportal::PacketFence::Controller::Activate::Email::doSponsorRegistration) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) WARN: [mac:a4:34:d9:cb:b7:ae] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:a4:34:d9:cb:b7:ae] Using sources sponsor for matching (pf::authentication::match) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:a4:34:d9:cb:b7:ae] Matched rule (catchall) in source sponsor, returning actions. (pf::Authentication::Source::match_rule) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:a4:34:d9:cb:b7:ae] Matched rule (catchall) in source sponsor, returning actions. (pf::Authentication::Source::match) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:a4:34:d9:cb:b7:ae] a new temporary account has been requested for e.pasqualotto@mydomain. Deleting previous entry (pf::password::generate) Jan 14 17:57:54 localhost packetfence_httpd.portal: httpd.portal(21639) INFO: [mac:a4:34:d9:cb:b7:ae] new temporary account successfully generated (pf::password::generate) Here I try to reconnect to guest ssid but I got the captive portal ask me which type of auth... Jan 14 17:58:14 localhost pfqueue: pfqueue(21722) WARN: [mac:0c:98:38:36:f9:39] Unable to pull accounting history for device 0c:98:38:36:f9:39. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 18:00:36 localhost pfqueue: pfqueue(21719) WARN: [mac:f0:98:9d:7c:2e:36] Unable to match MAC address to IP '10.2.0.60' (pf::ip4log::ip2mac) Jan 14 18:00:36 localhost pfqueue: pfqueue(21722) WARN: [mac:f0:98:9d:7c:2e:36] Unable to pull accounting history for device f0:98:9d:7c:2e:36. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 18:00:36 localhost pfqueue: pfqueue(21722) WARN: [mac:f0:98:9d:7c:2e:36] Unable to pull accounting history for device f0:98:9d:7c:2e:36. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 18:00:40 localhost packetfence_httpd.portal: httpd.portal(21638) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 18:00:40 localhost pfqueue: pfqueue(21718) WARN: [mac:f0:98:9d:7c:2e:36] Unable to pull accounting history for device f0:98:9d:7c:2e:36. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Jan 14 18:00:41 localhost packetfence_httpd.portal: httpd.portal(21636) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile Guest (pf::Connection::ProfileFactory::_from_profile) Jan 14 18:00:51 localhost packetfence_httpd.aaa: httpd.aaa(19425) WARN: [mac:f0:98:9d:7c:2e:36] Trying to match IP address with an invalid MAC address 'undef' (pf::ip4log::mac2ip) Jan 14 18:00:51 localhost packetfence_httpd.aaa: httpd.aaa(19425) INFO: [mac:f0:98:9d:7c:2e:36] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jan 14 18:00:51 localhost packetfence_httpd.aaa: httpd.aaa(19425) WARN: [mac:f0:98:9d:7c:2e:36] Unable to extract audit-session-id for module pf::Switch::Cisco::WLC. SSID-based VLAN assignments won't work. Make sure you enable Vendor Specific Attributes (VSA) on the AP if you want them to work. (pf::Switch::getCiscoAvPairAttribute) Jan 14 18:00:51 localhost packetfence_httpd.aaa: httpd.aaa(19425) WARN: [mac:f0:98:9d:7c:2e:36] Use of uninitialized value $nas_port in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 2375. (pf::Switch::NasPortToIfIndex) This is normal behavior? Thanks On 14/01/20 15:55, Nicolas Quiniou-Briand wrote: Hello Enrico, On 14/01/2020 14:12, Enrico Pasqualotto wrote: What I mean is that guest close browser/popup BEFORE sponsor approve it so he never use Internet connection. [..] I think if no guest is on captive portal page when someone approve the request that session was destroyed. I'm not sure PF works like this in this situation. Expected behavior should be: 1. Guest leave browser after sending approval 2. Sponsor approve guest request 3. Guest status switch from unreg to reg in PF DB 4. PF deauthenticate guest based on its current location 5. A new RADIUS request is sent by network device where guest is connected 6. Guest move to VLAN mapped to its role I didn't check if it our current behavior. If you can, take a look at packetfence.log when you try to replicate your issue. -- Enrico Pasqualotto [https://www.backloop.biz/backloop_loghi/LOGO_BackLoop_small.png] Private mail: [email protected]<mailto:[email protected]> Office: +39 045 9971269 Le informazioni contenute in questo messaggio di posta elettronica e negli eventuali allegati sono riservate e confidenziali e sono indirizzate esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi o conservare tale messaggio se non si รจ il legittimo destinatario dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega di rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer. The information contained in this message and in any attachment is intended exclusively for the recipient. If you are not the intended recipient you are hereby notified not to copy, save, disclose, or distribute it to any third party. If you erroneously received this message you are kindly requested to return it to the sender and eliminate it permanently from your computer.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
