Mark, Turn on DEBUG logging in conf/log.conf. Even TRACE may be needed.
PF won't give empty VLAN unless you have an empty string in switches.conf or you have custom code somewhere (vlan/custom.pm, radius/custom.pm). On 12-07-16 6:43 AM, Mark Holmes wrote: > Still having this very annoying issue where pf::vlan::fetchvlanfornode is > returning an empty string for getNormalVLAN some reason > >> From packetfence.log > > Jul 16 11:34:14 pf::WebAPI(31676) INFO: handling radius autz request: from > switch_ip => 163.1.40.23, connection_type => Ethernet-NoEAP mac => > 00:18:8b:ce:22:db, port => 16781313, username => 00188bce22db > (pf::radius::authorize) > Jul 16 11:34:14 pf::WebAPI(31676) INFO: MAC: 00:18:8b:ce:22:db, PID: holmes, > Status: reg. Returned VLAN: (pf::vlan::fetchVlanForNode) > Jul 16 11:34:14 pf::WebAPI(31676) WARN: new VLAN is not a managed VLAN -> > Returning FAIL. Is the target vlan in the vlans=... list? > (pf::radius::authorize) > > > This has happened since upgrading to 3.4.1. The target VLAN is in the > vlans= list. If I put the normalVLAN (3 in my case) into the Bypass VLAN > field on the node it returns it correctly. > > We have no custom code in custom.pm other than uncommenting the three lines > to enable the bypass VLAN, this has been the case since we started using > PacketFence so I can't see it being that. > > I am not sure where to look next... any pointers? > > Thanks, > > Mark > > > > > > > > > -----Original Message----- > From: Mark Holmes [mailto:[email protected]] > Sent: 06 July 2012 13:52 > To: [email protected] > Subject: Re: [PacketFence-users] More PF Problems > > Hi Francois, > > The only change I made to vlan/custom.pm is to uncomment these lines > > if (defined($node_info->{'bypass_vlan'})&& $node_info->{'bypass_vlan'} > ne '') { > return $node_info->{'bypass_vlan'}; > > to enable the bypass vlan stuff > > But I did that about a year ago so I can't see it being that > > I'm not sure what to check next...? > > > Here's the getNormalVLAN code in my custom.pm > > sub getNormalVlan { > # #$switch is the switch object (pf::SNMP) > # #$ifIndex is the ifIndex of the computer connected to > # #$mac is the mac connected > # #$node_info is the node info hashref (result of pf::node's > node_attributes on $mac) > # #$conn_type is set to the connnection type expressed as the constant in > pf::config > # #$user_name is set to the RADIUS User-Name attribute (802.1X Username or > MAC address under MAC Authentication) > # #$ssid is the name of the SSID (Be careful: will be empty string if > radius non-wireless and undef if not radius) > my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type, > $user_name, $ssid) = @_; > my $logger = Log::Log4perl->get_logger(); # > # # custom example: admin category > # # return customVlan5 to nodes in the admin category > # if (defined($node_info->{'category'})&& lc($node_info->{'category'}) eq > "admin") { > # return $switch->getVlanByName('customVlan5'); > # } > # > # # custom example: simple guest user > # # return guestVlan for pid=guest > # if (defined($node_info->{pid})&& $node_info->{pid} =~ /^guest$/i) { > # return $switch->getVlanByName('guestVlan'); > # } > # > # # custom example: enforce a node's bypass VLAN > # # If node record has a bypass_vlan prefer it over normalVlan > # # Note: It might be made the default behavior one day > if (defined($node_info->{'bypass_vlan'})&& $node_info->{'bypass_vlan'} > ne '') { > return $node_info->{'bypass_vlan'}; > } > # > # # custom example: VLAN by SSID > # # return customVlan1 if SSID is 'PacketFenceRocks' > # if (defined($ssid)&& $ssid eq 'PacketFenceRocks') { > # return $switch->getVlanByName('customVlan1'); > # } > # > # return $switch->getVlanByName('normalVlan'); > } > > > > Thanks, > > Mark > > > > > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: 06 July 2012 13:41 > To: [email protected] > Subject: Re: [PacketFence-users] More PF Problems > > Hi Mark, > > This looks odd to me, it is an empty VLAN. Do you have any custom code in > vlan/custom.pm or radius/custom.pm? > > On 12-07-06 7:18 AM, Mark Holmes wrote: >> Jul 06 12:11:28 pf::WebAPI(4054) INFO: MAC: 00:1c:23:33:03:ef, PID: >> holmes, Status: reg. Returned VLAN: (pf::vlan::fetchVlanForNode) Jul >> 06 12:11:28 pf::WebAPI(4054) WARN: new VLAN is not a managed VLAN -> >> Returning FAIL. Is the target vlan in the vlans=... list? >> (pf::radius::authorize) > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse > inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and threat > landscape has changed and how IT managers can respond. Discussions will > include endpoint security, mobile security and the latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > Nuffield College is a Registered Charity No. 1137506. Registered Office: > Nuffield College, New Road, Oxford, OX1 1NF > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and threat > landscape has changed and how IT managers can respond. Discussions will > include endpoint security, mobile security and the latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > Nuffield College is a Registered Charity No. 1137506. Registered Office: > Nuffield College, New Road, Oxford, OX1 1NF > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
