[PacketFence-users] radius COA on private SSID not working

[Barry Quiel]

When I register a device on the public ssid the COA correctly kicks the 
node and then returns the correct VLAN when the node re-associates:

Jun 01 21:06:15 register.cgi(0) INFO: 192.168.20.22 - 00:23:4e:53:cd:cf 
on registration page 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 01 21:06:15 register.cgi(0) INFO: performing node registration MAC: 
00:23:4e:53:cd:cf pid: barry.quiel (pf::web::_sanitize_and_register)
Jun 01 21:06:15 register.cgi(0) INFO: re-evaluating access for node 
00:23:4e:53:cd:cf (manage_register called) 
(pf::enforcement::reevaluate_access)
Jun 01 21:06:15 register.cgi(0) INFO: 00:23:4e:53:cd:cf is currentlog 
connected at 192.168.3.36 ifIndex 1 in VLAN 2020 
(pf::enforcement::_should_we_reassign_vlan)
Jun 01 21:06:15 register.cgi(0) INFO: MAC: 00:23:4e:53:cd:cf, PID: 
barry.quiel, Status: reg. Returned VLAN: 2171 (pf::vlan::fetchVlanForNode)
Jun 01 21:06:15 register.cgi(0) INFO: VLAN reassignment required for 
00:23:4e:53:cd:cf (current VLAN = 2020 but should be in VLAN 2171) 
(pf::enforcement::_should_we_reassign_vlan)
Jun 01 21:06:15 register.cgi(0) INFO: switch port for 00:23:4e:53:cd:cf 
is 192.168.3.36 ifIndex 1 connection type: WiFi MAC Auth 
(pf::enforcement::_vlan_reevaluation)
Jun 01 21:06:15 register.cgi(0) INFO: 192.168.20.22 - 00:23:4e:53:cd:cf 
on registration page 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 01 21:06:18 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 
192.168.3.36 (main::parseTrap)
Jun 01 21:06:18 pfsetvlan(11) INFO: nb of items in queue: 1; nb of 
threads running: 0 (main::startTrapHandlers)
Jun 01 21:06:18 pfsetvlan(11) INFO: desAssociate trap received on 
192.168.3.36 for wireless client 00:23:4e:53:cd:cf (main::handleTrap)
Jun 01 21:06:19 pfsetvlan(11) INFO: finished (main::cleanupAfterThread)
Jun 01 21:06:21 pf::WebAPI(21846) INFO: handling radius autz request: 
from switch_ip => 192.168.3.36, connection_type => Wireless-802.11-NoEAP 
mac => 00:23:4e:53:cd:cf, port => 1, username => 00-23-4E-53-CD-CF 
(pf::radius::authorize)
Jun 01 21:06:21 pf::WebAPI(21846) INFO: MAC: 00:23:4e:53:cd:cf, PID: 
barry.quiel, Status: reg. Returned VLAN: 2171 (pf::vlan::fetchVlanForNode)
Jun 01 21:07:15 pfmon(1) INFO: running expire check (main::cleanup)
Jun 01 21:07:15 pfmon(1) INFO: checking registered nodes for expiration 
(main::cleanup)
Jun 01 21:07:15 pfmon(1) INFO: checking accounting data for potential 
bandwidth abuse (main::cleanup)
Jun 01 21:07:15 pfmon(1) INFO: getting violations triggers for 
accounting cleanup (pf::accounting::acct_maintenance)


But when that node is on the private ssid in the registration vlan COA 
does not correct kick the node.  There is in error in perl-Net-Radius ( 
version 1.56-1 installed )

Jun 01 21:11:52 register.cgi(0) INFO: 192.168.20.22 - 00:23:4e:53:cd:cf 
on registration page 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 01 21:11:52 register.cgi(0) INFO: performing node registration MAC: 
00:23:4e:53:cd:cf pid: barry.quiel (pf::web::_sanitize_and_register)
Jun 01 21:11:52 register.cgi(0) INFO: re-evaluating access for node 
00:23:4e:53:cd:cf (manage_register called) 
(pf::enforcement::reevaluate_access)
Jun 01 21:11:52 register.cgi(0) INFO: 00:23:4e:53:cd:cf is currentlog 
connected at 192.168.3.36 ifIndex 1 in VLAN 2020 
(pf::enforcement::_should_we_reassign_vlan)
Jun 01 21:11:52 register.cgi(0) INFO: MAC: 00:23:4e:53:cd:cf, PID: 
barry.quiel, Status: reg. Returned VLAN: 1171 (pf::vlan::fetchVlanForNode)
Jun 01 21:11:52 register.cgi(0) INFO: VLAN reassignment required for 
00:23:4e:53:cd:cf (current VLAN = 2020 but should be in VLAN 1171) 
(pf::enforcement::_should_we_reassign_vlan)
Jun 01 21:11:52 register.cgi(0) INFO: switch port for 00:23:4e:53:cd:cf 
is 192.168.3.36 ifIndex 1 connection type: WiFi 802.1X 
(pf::enforcement::_vlan_reevaluation)
Jun 01 21:11:52 register.cgi(0) INFO: trying to dissociate a wireless 
802.1x user, this might not work depending on hardware support. If its 
your case please file a bug (pf::enforcement::_vlan_reevaluation)
Jun 01 21:11:52 register.cgi(0) INFO: 192.168.20.22 - 00:23:4e:53:cd:cf 
on registration page 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 01 21:11:54 pfsetvlan(23) INFO: local (127.0.0.1) trap for switch 
192.168.3.36 (main::parseTrap)
Jun 01 21:11:54 pfsetvlan(15) INFO: nb of items in queue: 1; nb of 
threads running: 0 (main::startTrapHandlers)
Jun 01 21:11:54 pfsetvlan(15) INFO: desAssociate trap received on 
192.168.3.36 for wireless client 00:23:4e:53:cd:cf (main::handleTrap)
Jun 01 21:11:55 pfcmd_vlan(22102) INFO: wireless deauthentication of a 
802.1x MAC (main::)
Use of uninitialized value $val in length at 
/usr/share/perl5/vendor_perl/Net/Radius/Packet.pm line 402.
Use of uninitialized value $val in pack at 
/usr/share/perl5/vendor_perl/Net/Radius/Packet.pm line 402.
Jun 01 21:11:55 pfsetvlan(15) INFO: finished (main::cleanupAfterThread)
Jun 01 21:12:01 pf::WebAPI(22001) INFO: handling radius autz request: 
from switch_ip => 192.168.3.36, connection_type => Wireless-802.11-EAP 
mac => 00:23:4e:53:cd:cf, port => 1, username => CHICO\\barry.quiel 
(pf::radius::authorize)
Jun 01 21:12:01 pf::WebAPI(22001) INFO: MAC: 00:23:4e:53:cd:cf, PID: 
barry.quiel, Status: reg. Returned VLAN: 1171 (pf::vlan::fetchVlanForNode)

It looks similar to bug ID 0001426, so I guess and looked in 
/usr/local/pf/lib/pf/util/radius.pm for $attributes_ref = { 
%$attributes_ref, $add_attributes_ref };, but didn't find.  The fix 
didn't specify which file to make the change in.  Could this be vendor 
specific?  I'm using a moto AP7131 with 5.2 somthing.


Is this a bug or more broken perl?

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users