On May 6, 2015, at 15:27 , John Baker <[email protected]> wrote:
> PacketFence v5.0.1 using inline mode only.
>
> I see a lot of this in my log since the upgrade. Guest users register but
> never get inserted in ipset. The error is sporadic and usually clears after a
> restart but not always
>
Are you sure it’s not in ipset?
I am not doubting you, just trying to find out how you saw that happening.
How many devices do you have in the ipset when that happens?
Try increasing the verbosity of the packetfence.log to DEBUG and see if you get
better error messages.
> May 05 08:50:08 httpd.portal(32014) INFO: [5c:97:f3:c4:75:83] shouldn't reach
> here. Calling access re-evaluation. Make sure your network device
> configuration is correct.
> (captiveportal::PacketFence::Controller::CaptivePortal::unknownState)
> May 05 08:50:08 httpd.portal(32014) INFO: [5c:97:f3:c4:75:83] re-evaluating
> access (redir.cgi called) (pf::enforcement::reevaluate_access)
> May 05 08:50:08 httpd.portal(32014) WARN: [5c:97:f3:c4:75:83] Can't
> re-evaluate access because no open locationlog entry was found
> (pf::enforcement::reevaluate_access
>
The last line is significant.
The question is, why is there no entry in the locationlog for that MAC?
Is the pfdhcplistener process correctly running in your registration VLAN?
Is it seeing your device (what does logs/pfdhcplistener.log say about it)?
Ho many such processes are running?
Are there database insert or update errors in the logs?
> The error message came in between this in the system log.
>
> May 5 08:50:06 larry dhcpd: DHCPREQUEST for 172.20.10.3 from
> 5c:97:f3:c4:75:83 via vlan6: wrong network.
> May 5 08:50:06 larry dhcpd: DHCPNAK on 172.20.10.3 to 5c:97:f3:c4:75:83 via
> vlan6
> May 5 08:50:09 larry dhcpd: DHCPREQUEST for 172.16.2.222 from
> 5c:97:f3:c4:75:83 (Barrys-iPad) via vlan6
> May 5 08:50:09 larry dhcpd: DHCPACK on 172.16.2.222 to 5c:97:f3:c4:75:83
> (Barrys-iPad) via vlan6
This is normal for a device changing networks.
It first tries the old IP it had, the server NAK’s it and then it tries again
without an IP to get a new one in the correct subnet.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
