That is still vulnerable to this.
Make sure the date and role is set for the users and you'll be fine. 4.7
fixes this for good.
On 03/25/2015 11:39 AM, Pete Hoffswell wrote:
AH! Yes. We are suffering from that problem now! Users are getting
online with a default role, and an Owner name of
"host/machinename.ad.davenport.edu <http://machinename.ad.davenport.edu>"
We are running 4.6.0
-
Pete Hoffswell - Network Manager
[email protected] <mailto:[email protected]>
http://www.davenport.edu
On Wed, Mar 25, 2015 at 11:32 AM, Julien Semaan <[email protected]
<mailto:[email protected]>> wrote:
Hi Pete,
This has been fixed in a more recent version of PacketFence.
It's that the machine (host/username.ad.davenport.edu
<http://username.ad.davenport.edu>) is not matching any
unregistration date or access duration.
What version of PacketFence are you running ?
On 03/25/2015 10:57 AM, Pete Hoffswell wrote:
Good morning.
We are seeing this regularly in our packetfence log, and wonder
how to resolve. I am unsure if it is actually causing issues
with our users.
Mar 25 10:42:13 httpd.aaa(28070) INFO: [6c:88:14:xx:xx:xx]
handling radius autz request: from switch_ip => (10.1.49.6),
connection_type => Wireless-802.11-EAP,switch_mac => (), mac =>
[6c:88:14:xx:xx:xx], port => 13, username =>
"host/username.ad.davenport.edu
<http://username.ad.davenport.edu>" (pf::radius::authorize)
Mar 25 10:42:13 httpd.aaa(28070) INFO: person
host/username.ad.davenport.edu <http://username.ad.davenport.edu>
modified to host/username.ad.davenport.edu
<http://username.ad.davenport.edu> (pf::person::person_modify)
Mar 25 10:42:13 httpd.aaa(28070) INFO: autoregister a node that
is already registered, do nothing. (pf::node::node_register)
Mar 25 10:42:13 httpd.aaa(28070) INFO: Can't find provisioner for
6c:88:14:xx:xx:xx (pf::vlan::getNormalVlan)
Mar 25 10:42:13 httpd.aaa(28070) WARN: The year was past, null or
undefined. We used current year (pf::config::dynamic_unreg_date)
Mar 25 10:42:20 httpd.aaa(28070) ERROR: radius authorize failed
with error: The 'month' parameter (undef) to DateTime::new was an
'undef', which is not one of the allowed types: scalar
at /usr/lib64/perl5/vendor_perl/DateTime.pm line 201
DateTime::new(undef, 'year', 2015, 'month', undef, 'day',
undef, 'time_zone',
'DateTime::TimeZone::America::Detroit=HASH(0xxxx)', ...) called
at /usr/local/pf/lib/pf/config.pm <http://config.pm> line 914
pf::config::dynamic_unreg_date(undef) called at
/usr/local/pf/lib/pf/vlan.pm <http://vlan.pm> line 416
pf::vlan::getNormalVlan('pf::vlan::custom=HASH(0xxxx)',
'pf::Switch::Cisco::WLC=HASH(0xxxx)', 13, '6c:88:14:xx:xx:xx',
'HASH(0xxxx)', 385, 'host/username.ad.davenport.edu
<http://username.ad.davenport.edu>', 'DU', 'HASH(0xxxx)', ...)
called at /usr/local/pf/lib/pf/vlan.pm <http://vlan.pm> line 122
pf::vlan::fetchVlanForNode('pf::vlan::custom=HASH(0xxxx)',
'6c:88:14:xx:xx:xx', 'pf::Switch::Cisco::WLC=HASH(0xxxx)', 13,
385, 'host/username.ad.davenport.edu
<http://username.ad.davenport.edu>', 'DU', 'HASH(0xxxx)', undef,
...) called at /usr/local/pf/lib/pf/radius.pm <http://radius.pm>
line 182
pf::radius::authorize('pf::radius::custom=HASH(0xxxx)',
'HASH(0xxxx)') called at /usr/local/pf/lib/pf/api.pm
<http://api.pm> line 61
eval {...} called at /usr/local/pf/lib/pf/api.pm
<http://api.pm> line 60
pf::api::radius_authorize('pf::api', 'NAS-Port-Type',
'Wireless-802.11', 'Service-Type', 'Framed-User', 'Tunnel-Type',
'VLAN', 'Called-Station-Id', 'e8:ba:70:xx:xx:xx:DU', ...) called
at /usr/local/pf/lib/pf/WebAPI/MsgPack.pm line 61
eval {...} called at
/usr/local/pf/lib/pf/WebAPI/MsgPack.pm line 60
pf::WebAPI::MsgPack::handler('pf::WebAPI::MsgPack=HASH(0xxxx)',
'Apache2::RequestRec=SCALAR(0xxxx)') called at
/usr/local/pf/lib/pf/WebAPI.pm line 62
pf::WebAPI::handler('Apache2::RequestRec=SCALAR(0xxxx)') called
at -e line 0
eval {...} called at -e line 0
(pf::api::radius_authorize)
This is a wireless user connecting to an 802.1x network, with a
backend source of Active Directory.
I wonder if there's a PF, radius, or AD setting that needs to be
tweaked.
-
Pete Hoffswell - Network Manager
[email protected] <mailto:[email protected]>
http://www.davenport.edu
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website,
sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for
all
things parallel software development, from weekly thought leadership blogs
to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now.http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Julien Semaan
[email protected] <mailto:[email protected]> ::+1.514.447.4918
<tel:%2B1.514.447.4918> *155 ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) and
PacketFence (www.packetfence.org <http://www.packetfence.org>)
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel
Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your
hub for all
things parallel software development, from weekly thought
leadership blogs to
news, videos, case studies, tutorials and more. Take a look and
join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Julien Semaan
[email protected] :: +1.514.447.4918 *155 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
