Here are all the entries
+-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+|
mac | switch | port | vlan | connection_type |
dot1x_username | ssid | start_time | end_time | switch_ip
| switch_mac | stripped_user_name | realm | session_id
|+-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+|
60:03:08:a5:84:3a | 172.31.30.12 | 0 | 0 | Inline |
| | 2015-04-30 15:49:32 | 2015-04-30 16:23:52 | 172.31.30.12 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.12
| 0 | 0 | Inline | | | 2015-04-30 16:33:53 |
2015-04-30 16:35:53 | 172.31.30.12 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-05-05 17:47:47 | 2015-05-05 17:49:20 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-05-05 18:05:05 | 2015-05-05 18:06:47 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-05-05 18:29:30 |
2015-05-05 18:41:59 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-05-06 06:39:36 | 2015-05-06 06:41:02 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-05-08 13:43:43 | 2015-05-08 13:46:11 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-05-08 17:28:52 |
2015-05-08 17:30:11 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-05-12 12:19:22 | 2015-05-12 12:36:27 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-05-12 12:51:52 | 2015-05-12 12:53:27 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-05-12 16:29:57 |
2015-05-12 16:31:28 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-05-15 13:05:27 | 2015-05-15 13:23:09 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-05-15 13:23:53 | 2015-05-15 13:25:09 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-05-15 13:25:21 |
2015-05-15 14:14:09 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-16 12:53:01 | 2015-06-16 12:54:09 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-16 16:04:48 | 2015-06-17 16:05:15 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-18 13:00:46 |
2015-06-19 12:23:24 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-19 17:17:37 | 2015-06-19 17:18:01 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-20 05:17:40 | 2015-06-20 05:18:04 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-20 17:17:40 |
2015-06-20 17:18:06 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-21 05:17:41 | 2015-06-21 05:18:07 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-21 17:17:43 | 2015-06-21 17:18:09 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-22 05:17:46 |
2015-06-22 05:18:12 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-23 14:40:07 | 2015-06-23 14:40:22 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-23 14:46:39 | 2015-06-23 14:57:55 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-23 14:58:43 |
2015-06-23 14:58:55 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-23 16:28:13 | 2015-06-23 16:40:04 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-23 16:45:41 | 2015-06-23 16:46:04 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-24 04:45:44 |
2015-06-24 04:46:07 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-24 11:52:58 | 2015-06-24 11:53:08 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-24 11:53:41 | 2015-06-24 11:54:08 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-24 12:07:56 |
2015-06-24 12:08:08 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-24 13:21:54 | 2015-06-24 13:24:55 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-24 13:26:21 | 2015-06-24 13:50:55 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-24 15:39:57 |
2015-06-24 16:01:57 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-24 16:12:20 | 2015-06-24 16:12:57 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-24 16:38:36 | 2015-06-24 16:39:01 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-24 16:44:16 |
2015-06-24 16:55:01 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-24 17:30:51 | 2015-06-24 17:37:48 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-24 17:43:01 | 2015-06-24 17:53:48 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-25 05:46:40 |
2015-06-25 05:46:50 | 172.31.30.11 | NULL | NULL | NULL |
NULL || 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
| | | 2015-06-25 15:28:12 | 2015-06-25 15:28:23 |
172.31.30.11 | NULL | NULL | NULL | NULL ||
60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-25 15:55:41 | 2015-06-25 15:57:23 | 172.31.30.11 | NULL
| NULL | NULL | NULL || 60:03:08:a5:84:3a | 172.31.30.11
| 0 | 0 | Inline | | | 2015-06-25 16:57:13 |
2015-06-25 16:57:23 | 172.31.30.11 | NULL | NULL | NULL |
NULL
|+-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+44
rows in set (0.00 sec)
No there are no entries with end_time as null. I never have an entry where the
end_time is NULL. Should I change something in my networks.conf?
[10.0.1.0]dns=8.8.8.8next_hop=172.31.30.1gateway=10.0.1.1dhcp_start=10.0.1.10domain-name=inlinel3.domainn_name.comnat_enabled=1named=enableddhcp_max_lease_time=86400dhcpd=enabledfake_mac_enabled=0netmask=255.255.255.0type=inlinel3dhcp_end=10.0.1.250dhcp_default_lease_time=86400
Regarding ipset my question was why the IP doesn't appear in ipset list
immediately after registering the device. Why does it only appear in the ipset
list AFTER I have disconnected from AP and reconnected again. I know you said
new DHCP request was made. But same was the case, when I first got on the
inline network isn't it?
As for pinging 8.8.8.8, I am using
Date: Thu, 25 Jun 2015 11:50:19 -0400
From: [email protected]
To: [email protected]
Subject: Re: [PacketFence-users] Signup doesn't work
Hi Andy,
my answer/question bellow.
Le 2015-06-25 11:29, Andy A a écrit :
Hi Fabrice.
Thanks for the comments, here's what you asked for.
service packetfence status
service|shouldBeStarted|pid
dhcpd|1|1733
haproxy|0|0
httpd.aaa|1|1737
httpd.admin|1|1709
httpd.portal|1|1753
httpd.proxy|0|0
httpd.webservices|1|1785
iptables|1|-1
memcached|1|1797
pfbandwidthd|0|0
pfdetect|0|0
pfdhcplistener_eth1|1|1849
pfdhcplistener_eth2|1|1855
pfdns|1|1860
pfmon|1|1866
pfsetvlan|1|1883
radiusd|1|1897
snmptrapd|1|1879
snort|0|0
suricata|0|0
keepalived|0|0
Connecting a laptop to the inline network via the AP. Here
are the pfdhcplistener logs. Yes, I see DHCP request and an IP
address is assigned to the laptop. I can ping 8.8.8.8 at this
stage (once the laptop has acquired an IP address)
Ok so first it's not normal that you can ping 8.8.8.8 when you are
unreg (if you can check on the layer3 interface 172.31.30.1 if you
are able to force 8.8.8.8 to be behind packetfence 172.31.30.10)
pfdhcplistener(6280) INFO: DHCPREQUEST from
60:03:08:a5:84:3a (10.252.7.81) with lease of 7776000
seconds (main::parse_dhcp_request)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) WARN: Unable to match MAC
address to IP '10.252.7.81' (pf::iplog::ip2mac)
pfdhcplistener(6280) ERROR: Use of uninitialized
value in string eq at /usr/local/pf/sbin/pfdhcplistener
line 547.(main::update_iplog)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) WARN: Unable to perform a
Fingerbank lookup for device with MAC address
'60:03:08:a5:84:3a' (pf::fingerbank::process)
pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a
requested an IP with the following informations:
last_dhcp = 2015-06-25 15:28:11,computername =
lappy,dhcp_fingerprint =
1,3,6,15,119,95,252,44,46,dhcp_vendor =
(main::listen_dhcp)
pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of
device type (main::listen_dhcp)
pfdhcplistener(6280) INFO: DHCPOFFER from
172.31.30.11 (00:50:56:93:22:a3) to host
60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_offer)
pfdhcplistener(6280) INFO: DHCPREQUEST from
60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_request)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) WARN: Unable to perform a
Fingerbank lookup for device with MAC address
'60:03:08:a5:84:3a' (pf::fingerbank::process)
pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a
requested an IP with the following informations:
last_dhcp = 2015-06-25 15:28:13,computername =
lappy,dhcp_fingerprint =
1,3,6,15,119,95,252,44,46,dhcp_vendor =
(main::listen_dhcp)
pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of
device type (main::listen_dhcp)
pfdhcplistener(6280) INFO: DHCPACK from 172.31.30.11
(00:50:56:93:22:a3) to host 60:03:08:a5:84:3a
(10.0.1.12) for 86400 seconds (main::parse_dhcp_ack)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
select * from locationlog where mac="60:03:08:a5:84:3a";
60:03:08:a5:84:3a |
172.31.30.11 | 0 | 0 | Inline |
| | 2015-06-25 15:28:12 | 2015-06-25 15:28:23 |
172.31.30.11 | NULL | NULL | NULL |
NULL |
Just so you know, I have 42
enteries for that MAC address as I have been using the same
device to test over the past days.
Do you have a entry with end_time is NULL ?
Also can you post all the result ?
Logs after registering the laptop via portal. I believe you
would need logs from packetfence.log (as nothing showed up in
pfdhcplistener.log)
/usr/local/pf/logs/packetfence.log <==
httpd.portal(6630) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
httpd.portal(6630) INFO: registering
60:03:08:a5:84:3a guest by email
(captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration)
httpd.portal(6630) INFO: Matched rule (catchall) in
source email, returning actions.
(pf::Authentication::Source::match)
httpd.portal(6630) WARN: Can't find provisioner for
60:03:08:a5:84:3a since we don't have it's OS
(pf::Portal::Profile::findProvisioner)
httpd.portal(6630) INFO: [60:03:08:a5:84:3a]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
httpd.portal(6630) WARN: [60:03:08:a5:84:3a] Can't
re-evaluate access because no open locationlog entry was
found (pf::enforcement::reevaluate_access)
This is the issue, since packetfence don't know where the device is
(It's suppose to be marked as Inline on the locationlog)
httpd.portal(6630) INFO: new activation code
successfully generated (pf::activation::create)
httpd.portal(6630) INFO: Email sent to [email protected]
(xxxx.com: Email activation required)
(pf::activation::__ANON__)
httpd.portal(6630) WARN: Can't find provisioner for
60:03:08:a5:84:3a since we don't have it's OS
(pf::Portal::Profile::findProvisioner)
httpd.portal(6643) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
httpd.portal(6659) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
httpd.portal(6621) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
httpd.portal(6621) WARN: Unable to perform a
Fingerbank lookup for device with MAC address
'60:03:08:a5:84:3a' (pf::fingerbank::process)
Here's where the redirection to 'your network should be
enabled within... ' page happens.
httpd.portal(6621) INFO: [60:03:08:a5:84:3a]
shouldn't reach here. Calling access re-evaluation. Make
sure your network device configuration is correct.
(captiveportal::PacketFence::Controller::CaptivePortal::unknownState)
httpd.portal(6621) INFO: [60:03:08:a5:84:3a]
re-evaluating access (redir.cgi called)
(pf::enforcement::reevaluate_access)
httpd.portal(6621) WARN: [60:03:08:a5:84:3a] Can't
re-evaluate access because no open locationlog entry was
found (pf::enforcement::reevaluate_access)
Same here.
Here's the ipset after I have just registered the laptop.
(and I know that the above IP should appear under
pfsession_Reg_10.0.1.0 as a member)
ipset -L
Name: pfsession_Unreg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
Name: pfsession_Reg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
Name: pfsession_Isol_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
And I know it could be a problem with sudoers and the
whole..
su - pf
and launch sudo ipset -L
If it doesn´t work it mean that there is a problem with
sudoers file.
But here's the thing, as soon as I get off the AP and
inline network and then join back here are the logs and ipset
-L
/usr/local/pf/logs/pfdhcplistener.log <==
pfdhcplistener(6280) INFO: DHCPREQUEST from
60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_request)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: [60:03:08:a5:84:3a] stated
changed, adapting firewall rules for proper enforcement
(pf::inline::performInlineEnforcement)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) WARN: Problem trying to run
command: LANG=C sudo ipset --del
pfsession_Unreg_10.0.1.0 10.0.1.12 2>&1 called
from iptables_unmark_node. Child exited with non-zero
value 1 (pf::util::pf_run)
pfdhcplistener(6280) INFO: Flushed connections for
10.0.1.12. (pf::ipset::iptables_unmark_node)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) WARN: Unable to perform a
Fingerbank lookup for device with MAC address
'60:03:08:a5:84:3a' (pf::fingerbank::process)
pfdhcplistener(6280)
INFO: 60:03:08:a5:84:3a requested an IP with the
following informations: last_dhcp = 2015-06-25
15:43:11,computername = lappy,dhcp_fingerprint =
1,3,6,15,119,95,252,44,46,dhcp_vendor = dhcpcd-5.5.6
(main::listen_dhcp)
pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of
device type (main::listen_dhcp)
pfdhcplistener(6280) INFO: DHCPACK from 172.31.30.11
(00:50:56:93:22:a3) to host 60:03:08:a5:84:3a
(10.0.1.12) for 86400 seconds (main::parse_dhcp_ack)
pfdhcplistener(6280) INFO: Matched MAC
'60:03:08:a5:84:3a' to IP address '10.0.1.12' using
OMAPI (pf::iplog::mac2ip)
pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to
MAC address '60:03:08:a5:84:3a' using OMAPI
(pf::iplog::ip2mac)
ipset -L
Name: pfsession_Unreg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
Name: pfsession_Reg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
10.0.1.12
Name: pfsession_Isol_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
I wait for 10 minutes (and
let the device become unregistered again) so ipset -L
says
ipset -L
Name: pfsession_Unreg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
10.0.1.12
Name: pfsession_Reg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
Name: pfsession_Isol_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
after that I was able to
remove the device as follows
su - pf
sudo ipset --del pfsession_Unreg_10.0.1.0 10.0.1.12
2>&1
sudo ipset -L
Name: pfsession_Unreg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
Name: pfsession_Reg_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
Name: pfsession_Isol_10.0.1.0
Type: bitmap:ip
Header: range 10.0.1.0-10.0.1.255
Size in memory: 152
References: 1
Members:
So I am not quite sure what the problem is. Why there is
no entry in ipset when I register, but immediately when I
leave the AP and get back on again, the IP appears in the
ipset list (and the internet works fine).
ipset has been updated because of a new dhcp request.
Date: Thu, 25 Jun 2015 07:42:10 -0400
From: [email protected]
To: [email protected]
Subject: Re: [PacketFence-users] Signup doesn't work
Hi Andy,
Can you check something for me ?
-First service packetfence status
-Next connect the laptop in the inline network and check in
pfdhcplistener.log if you see the dhcp request.
-Next check in the database the locationlog entry if it set
to inline:
select * from locationlog where mac="00:11:22:33:44:55";
-Next register the device and paste the log.
-Paste ipset -L
Are you able to ping 8.8.8.8 ?
With that i will probably be able to let you know what is
the issue.
Regards
Fabrice
Le 2015-06-25 06:20, Andy A
a écrit :
Hi Louis.
Thanks for the reply. Actually, after I sent the
last post, it's gone back to the same and now it's the
same for ALL devices (Android or iOS)
So disregard my momentary jubilation on it working
for Android device.
Thanks for letting me know you are away, that will
certainly dampen my hope of resolving this within the
next 3 days. But I will keep testing and posting.
From: [email protected]
Date: Wed, 24 Jun 2015 15:35:56 -0400
To: [email protected]
Subject: Re: [PacketFence-users] Signup doesn't work
On Jun 24, 2015, at 12:54 , Andy A
<[email protected]>
wrote:
One way to get internet access in
my current situation (where I get 'Your
network should be enabled within a minute or
two message') - I have figured out is, to
disconnect from the AP and then connect back
again.
BOOM
everything then works. But this is a very
horrible experience for a user and I can't
expect the user to try this funky hack to get
internet access after registration.
I
found this
http://www.packetfence.org/bugs/view.php?id=1655 which
describes the exact same issue and is BUG. Not
sure it has been fixed yet. Can anyone confirm
this?
That bug report is so old as to be useless now.
I would rather start from scratch.
Internet access basically depends on being
placed in the proper IPset.
Can you check if registration happens
differently for iOs devices?
Are they placed in the same IPset at the
Android ones?
I’ll be away from work for the next three days.
Back on the 29th.
Keep posting, someone else may be able to help
or else I’ll have a look on Monday.
Regards,
--
Louis Munro
[email protected]
:: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and
PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Monitor
25 network devices or servers for free with
OpManager! OpManager is web-based network management
software that monitors network devices and physical
& virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no
restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Monitor
25 network devices or servers for free with OpManager!
OpManager is web-based network management software that
monitors network devices and physical & virtual servers,
alerts via email & sms for fault. Monitor 25 devices for
free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
