Hi Andy, i tried to replicate your issue on a pf 5.2 and i can't replicate it.
The only thing that can update the locationlog in an inline setup is the
pfdhcplistener.
So what i want you to do is the following:
edit api.pm and change the function synchronize_locationlog with that:
--------------------
sub synchronize_locationlog : Public {
my ( $class, $switch, $switch_ip, $switch_mac, $ifIndex, $vlan,
$mac, $voip_status, $connection_type, $connection_sub_type, $user_name,
$ssid ,$stripped_user_name, $realm) = @_;
my $logger = pf::log::get_logger();
$logger->warn( "$switch, $switch_ip, $switch_mac, $ifIndex, $vlan,
$mac, $voip_status, $connection_type, $connection_sub_type, $user_name,
$ssid ,$stripped_user_name, $realm");
return (pf::locationlog::locationlog_synchronize($switch,
$switch_ip, $switch_mac, $ifIndex, $vlan, $mac, $voip_status,
$connection_type, $connection_sub_type, $user_name, $ssid,
$stripped_user_name, $realm));
}
--------------------
and restart httpd.webservices
Delete the locationlog entry
delete from locationlog where mac="60:03:08:a5:84:3a";
Plug the laptop on the inline vlan and check immediately in the
locationlog the last entry for the 60:03:08:a5:84:3a mac address (the
end time should be NULL).
Also check packetfence.log like this:
tail -f logpacketfence.log|grep synchronize_locationlog
And give me the result.
Regards
Fabrice
Le 2015-06-25 12:11, Andy A a écrit :
> Here are all the entries
>
> +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+
> | mac | switch | port | vlan | connection_type |
> dot1x_username | ssid | start_time | end_time |
> switch_ip | switch_mac | stripped_user_name | realm | session_id |
> +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+
> | 60:03:08:a5:84:3a | 172.31.30.12 | 0 | 0 | Inline |
> | | 2015-04-30 15:49:32 | 2015-04-30 16:23:52 |
> 172.31.30.12 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.12 | 0 | 0 | Inline |
> | | 2015-04-30 16:33:53 | 2015-04-30 16:35:53 |
> 172.31.30.12 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-05 17:47:47 | 2015-05-05 17:49:20 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-05 18:05:05 | 2015-05-05 18:06:47 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-05 18:29:30 | 2015-05-05 18:41:59 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-06 06:39:36 | 2015-05-06 06:41:02 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-08 13:43:43 | 2015-05-08 13:46:11 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-08 17:28:52 | 2015-05-08 17:30:11 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-12 12:19:22 | 2015-05-12 12:36:27 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-12 12:51:52 | 2015-05-12 12:53:27 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-12 16:29:57 | 2015-05-12 16:31:28 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-15 13:05:27 | 2015-05-15 13:23:09 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-15 13:23:53 | 2015-05-15 13:25:09 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-05-15 13:25:21 | 2015-05-15 14:14:09 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-16 12:53:01 | 2015-06-16 12:54:09 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-16 16:04:48 | 2015-06-17 16:05:15 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-18 13:00:46 | 2015-06-19 12:23:24 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-19 17:17:37 | 2015-06-19 17:18:01 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-20 05:17:40 | 2015-06-20 05:18:04 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-20 17:17:40 | 2015-06-20 17:18:06 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-21 05:17:41 | 2015-06-21 05:18:07 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-21 17:17:43 | 2015-06-21 17:18:09 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-22 05:17:46 | 2015-06-22 05:18:12 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-23 14:40:07 | 2015-06-23 14:40:22 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-23 14:46:39 | 2015-06-23 14:57:55 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-23 14:58:43 | 2015-06-23 14:58:55 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-23 16:28:13 | 2015-06-23 16:40:04 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-23 16:45:41 | 2015-06-23 16:46:04 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 04:45:44 | 2015-06-24 04:46:07 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 11:52:58 | 2015-06-24 11:53:08 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 11:53:41 | 2015-06-24 11:54:08 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 12:07:56 | 2015-06-24 12:08:08 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 13:21:54 | 2015-06-24 13:24:55 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 13:26:21 | 2015-06-24 13:50:55 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 15:39:57 | 2015-06-24 16:01:57 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 16:12:20 | 2015-06-24 16:12:57 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 16:38:36 | 2015-06-24 16:39:01 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 16:44:16 | 2015-06-24 16:55:01 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 17:30:51 | 2015-06-24 17:37:48 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-24 17:43:01 | 2015-06-24 17:53:48 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-25 05:46:40 | 2015-06-25 05:46:50 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-25 15:28:12 | 2015-06-25 15:28:23 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-25 15:55:41 | 2015-06-25 15:57:23 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> | 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline |
> | | 2015-06-25 16:57:13 | 2015-06-25 16:57:23 |
> 172.31.30.11 | NULL | NULL | NULL | NULL |
> +-------------------+--------------+------+------+-----------------+----------------+------+---------------------+---------------------+--------------+------------+--------------------+-------+------------+
> 44 rows in set (0.00 sec)
>
> No there are no entries with end_time as null. I never have an entry
> where the end_time is NULL. Should I change something in my networks.conf?
>
> [10.0.1.0]
> dns=8.8.8.8
> next_hop=172.31.30.1
> gateway=10.0.1.1
> dhcp_start=10.0.1.10
> domain-name=inlinel3.domainn_name.com
> nat_enabled=1
> named=enabled
> dhcp_max_lease_time=86400
> dhcpd=enabled
> fake_mac_enabled=0
> netmask=255.255.255.0
> type=inlinel3
> dhcp_end=10.0.1.250
> dhcp_default_lease_time=86400
>
>
> Regarding ipset my question was why the IP doesn't appear in ipset
> list immediately after registering the device. Why does it only appear
> in the ipset list AFTER I have disconnected from AP and reconnected
> again. I know you said new DHCP request was made. But same was the
> case, when I first got on the inline network isn't it?
>
> As for pinging 8.8.8.8, I am using
>
> ------------------------------------------------------------------------
> Date: Thu, 25 Jun 2015 11:50:19 -0400
> From: [email protected]
> To: [email protected]
> Subject: Re: [PacketFence-users] Signup doesn't work
>
> Hi Andy,
>
> my answer/question bellow.
>
> Le 2015-06-25 11:29, Andy A a écrit :
>
> Hi Fabrice.
> Thanks for the comments, here's what you asked for.
>
> service packetfence status
> service|shouldBeStarted|pid
> dhcpd|1|1733
> haproxy|0|0
> httpd.aaa|1|1737
> httpd.admin|1|1709
> httpd.portal|1|1753
> httpd.proxy|0|0
> httpd.webservices|1|1785
> iptables|1|-1
> memcached|1|1797
> pfbandwidthd|0|0
> pfdetect|0|0
> pfdhcplistener_eth1|1|1849
> pfdhcplistener_eth2|1|1855
> pfdns|1|1860
> pfmon|1|1866
> pfsetvlan|1|1883
> radiusd|1|1897
> snmptrapd|1|1879
> snort|0|0
> suricata|0|0
> keepalived|0|0
>
>
> Connecting a laptop to the inline network via the AP. Here are the
> pfdhcplistener logs. Yes, I see DHCP request and an IP address is
> assigned to the laptop. I can ping 8.8.8.8 at this stage (once the
> laptop has acquired an IP address)
>
> Ok so first it's not normal that you can ping 8.8.8.8 when you are
> unreg (if you can check on the layer3 interface 172.31.30.1 if you are
> able to force 8.8.8.8 to be behind packetfence 172.31.30.10)
>
>
> pfdhcplistener(6280) INFO: DHCPREQUEST from
> 60:03:08:a5:84:3a (10.252.7.81) with lease of 7776000
> seconds (main::parse_dhcp_request)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) WARN: Unable to match MAC address to
> IP '10.252.7.81' (pf::iplog::ip2mac)
>
> pfdhcplistener(6280) ERROR: Use of uninitialized value in
> string eq at /usr/local/pf/sbin/pfdhcplistener line
> 547.(main::update_iplog)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) WARN: Unable to perform a Fingerbank
> lookup for device with MAC address '60:03:08:a5:84:3a'
> (pf::fingerbank::process)
>
> pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a requested an
> IP with the following informations: last_dhcp = 2015-06-25
> 15:28:11,computername = lappy,dhcp_fingerprint =
> 1,3,6,15,119,95,252,44,46,dhcp_vendor = (main::listen_dhcp)
>
> pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of device
> type (main::listen_dhcp)
>
> pfdhcplistener(6280) INFO: DHCPOFFER from 172.31.30.11
> (00:50:56:93:22:a3) to host 60:03:08:a5:84:3a (10.0.1.12)
> (main::parse_dhcp_offer)
>
> pfdhcplistener(6280) INFO: DHCPREQUEST from
> 60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_request)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) WARN: Unable to perform a Fingerbank
> lookup for device with MAC address '60:03:08:a5:84:3a'
> (pf::fingerbank::process)
>
> pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a requested an
> IP with the following informations: last_dhcp = 2015-06-25
> 15:28:13,computername = lappy,dhcp_fingerprint =
> 1,3,6,15,119,95,252,44,46,dhcp_vendor = (main::listen_dhcp)
>
> pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of device
> type (main::listen_dhcp)
>
> pfdhcplistener(6280) INFO: DHCPACK from 172.31.30.11
> (00:50:56:93:22:a3) to host 60:03:08:a5:84:3a (10.0.1.12)
> for 86400 seconds (main::parse_dhcp_ack)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
>
> select * from locationlog where mac="60:03:08:a5:84:3a";
>
> 60:03:08:a5:84:3a | 172.31.30.11 | 0 | 0 | Inline
> | | | 2015-06-25 15:28:12 | 2015-06-25
> 15:28:23 | 172.31.30.11 | NULL | NULL |
> NULL | NULL |
>
> Just so you know, I have 42 enteries for that MAC address as I
> have been using the same device to test over the past days.
>
> Do you have a entry with end_time is NULL ?
> Also can you post all the result ?
>
> Logs after registering the laptop via portal. I believe you would
> need logs from packetfence.log (as nothing showed up in
> pfdhcplistener.log)
>
> /usr/local/pf/logs/packetfence.log <==
>
> httpd.portal(6630) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
> httpd.portal(6630) INFO: registering 60:03:08:a5:84:3a
> guest by email
>
> (captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration)
>
> httpd.portal(6630) INFO: Matched rule (catchall) in source
> email, returning actions. (pf::Authentication::Source::match)
>
> httpd.portal(6630) WARN: Can't find provisioner for
> 60:03:08:a5:84:3a since we don't have it's OS
> (pf::Portal::Profile::findProvisioner)
>
> httpd.portal(6630) INFO: [60:03:08:a5:84:3a] re-evaluating
> access (manage_register called)
> (pf::enforcement::reevaluate_access)
>
> httpd.portal(6630) WARN: [60:03:08:a5:84:3a] Can't
> re-evaluate access because no open locationlog entry was
> found (pf::enforcement::reevaluate_access)
>
> This is the issue, since packetfence don't know where the device is
> (It's suppose to be marked as Inline on the locationlog)
>
> httpd.portal(6630) INFO: new activation code successfully
> generated (pf::activation::create)
>
> httpd.portal(6630) INFO: Email sent to [email protected]
> <mailto:[email protected]> (xxxx.com: Email activation
> required) (pf::activation::__ANON__)
>
> httpd.portal(6630) WARN: Can't find provisioner for
> 60:03:08:a5:84:3a since we don't have it's OS
> (pf::Portal::Profile::findProvisioner)
>
> httpd.portal(6643) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
> httpd.portal(6659) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
> httpd.portal(6621) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
> httpd.portal(6621) WARN: Unable to perform a Fingerbank
> lookup for device with MAC address '60:03:08:a5:84:3a'
> (pf::fingerbank::process)
>
>
> Here's where the redirection to 'your network should be enabled
> within... ' page happens.
>
> httpd.portal(6621) INFO: [60:03:08:a5:84:3a] shouldn't
> reach here. Calling access re-evaluation. Make sure your
> network device configuration is correct.
>
> (captiveportal::PacketFence::Controller::CaptivePortal::unknownState)
>
> httpd.portal(6621) INFO: [60:03:08:a5:84:3a] re-evaluating
> access (redir.cgi called) (pf::enforcement::reevaluate_access)
>
> httpd.portal(6621) WARN: [60:03:08:a5:84:3a] Can't
> re-evaluate access because no open locationlog entry was
> found (pf::enforcement::reevaluate_access)
>
> Same here.
>
>
> Here's the ipset after I have just registered the laptop. (and I
> know that the above IP should appear under pfsession_Reg_10.0.1.0
> as a member)
> ipset -L
> Name: pfsession_Unreg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
> Name: pfsession_Reg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
> Name: pfsession_Isol_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
>
> And I know it could be a problem with sudoers and the whole..
> su - pf
> and launch sudo ipset -L
> If it doesn´t work it mean that there is a problem with sudoers file.
>
> But here's the thing, as soon as I get off the AP and inline
> network and then join back here are the logs and ipset -L
>
> /usr/local/pf/logs/pfdhcplistener.log <==
>
> pfdhcplistener(6280) INFO: DHCPREQUEST from
> 60:03:08:a5:84:3a (10.0.1.12) (main::parse_dhcp_request)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: [60:03:08:a5:84:3a] stated
> changed, adapting firewall rules for proper enforcement
> (pf::inline::performInlineEnforcement)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> *pfdhcplistener(6280) WARN: Problem trying to run command:
> LANG=C sudo ipset --del pfsession_Unreg_10.0.1.0 10.0.1.12
> 2>&1 called from iptables_unmark_node. Child exited with
> non-zero value 1 (pf::util::pf_run)*
>
> pfdhcplistener(6280) INFO: Flushed connections for
> 10.0.1.12. (pf::ipset::iptables_unmark_node)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) WARN: Unable to perform a Fingerbank
> lookup for device with MAC address '60:03:08:a5:84:3a'
> (pf::fingerbank::process)
>
> pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a requested an
> IP with the following informations: last_dhcp = 2015-06-25
> 15:43:11,computername = lappy,dhcp_fingerprint =
> 1,3,6,15,119,95,252,44,46,dhcp_vendor =
> dhcpcd-5.5.6 (main::listen_dhcp)
>
> pfdhcplistener(6280) INFO: 60:03:08:a5:84:3a is of device
> type (main::listen_dhcp)
>
> pfdhcplistener(6280) INFO: DHCPACK from 172.31.30.11
> (00:50:56:93:22:a3) to host 60:03:08:a5:84:3a (10.0.1.12)
> for 86400 seconds (main::parse_dhcp_ack)
>
> pfdhcplistener(6280) INFO: Matched MAC '60:03:08:a5:84:3a'
> to IP address '10.0.1.12' using OMAPI (pf::iplog::mac2ip)
>
> pfdhcplistener(6280) INFO: Matched IP '10.0.1.12' to MAC
> address '60:03:08:a5:84:3a' using OMAPI (pf::iplog::ip2mac)
>
>
> ipset -L
> Name: pfsession_Unreg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
> Name: pfsession_Reg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
> 10.0.1.12
>
> Name: pfsession_Isol_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
> I wait for 10 minutes (and let the device become unregistered
> again) so ipset -L says
> ipset -L
> Name: pfsession_Unreg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
> 10.0.1.12
>
> Name: pfsession_Reg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
>
> Name: pfsession_Isol_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
> after that I was able to remove the device as follows
> su - pf
> sudo ipset --del pfsession_Unreg_10.0.1.0 10.0.1.12 2>&1
> sudo ipset -L
> Name: pfsession_Unreg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
> Name: pfsession_Reg_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
>
> Name: pfsession_Isol_10.0.1.0
> Type: bitmap:ip
> Header: range 10.0.1.0-10.0.1.255
> Size in memory: 152
> References: 1
> Members:
>
> So I am not quite sure what the problem is. Why there is no entry
> in ipset when I register, but immediately when I leave the AP and
> get back on again, the IP appears in the ipset list (and the
> internet works fine).
>
> ipset has been updated because of a new dhcp request.
>
> ------------------------------------------------------------------------
> Date: Thu, 25 Jun 2015 07:42:10 -0400
> From: [email protected] <mailto:[email protected]>
> To: [email protected]
> <mailto:[email protected]>
> Subject: Re: [PacketFence-users] Signup doesn't work
>
> Hi Andy,
>
> Can you check something for me ?
>
> -First service packetfence status
> -Next connect the laptop in the inline network and check in
> pfdhcplistener.log if you see the dhcp request.
> -Next check in the database the locationlog entry if it set to inline:
> select * from locationlog where mac="00:11:22:33:44:55";
> -Next register the device and paste the log.
> -Paste ipset -L
>
> Are you able to ping 8.8.8.8 ?
>
> With that i will probably be able to let you know what is the issue.
>
> Regards
> Fabrice
>
> Le 2015-06-25 06:20, Andy A a écrit :
>
> Hi Louis.
>
> Thanks for the reply. Actually, after I sent the last post,
> it's gone back to the same and now it's the same for ALL
> devices (Android or iOS)
> So disregard my momentary jubilation on it working for Android
> device.
>
> Thanks for letting me know you are away, that will certainly
> dampen my hope of resolving this within the next 3 days. But I
> will keep testing and posting.
>
>
> ------------------------------------------------------------------------
> From: [email protected] <mailto:[email protected]>
> Date: Wed, 24 Jun 2015 15:35:56 -0400
> To: [email protected]
> <mailto:[email protected]>
> Subject: Re: [PacketFence-users] Signup doesn't work
>
>
>
> On Jun 24, 2015, at 12:54 , Andy A <[email protected]
> <mailto:[email protected]>> wrote:
>
> One way to get internet access in my current situation
> (where I get 'Your network should be enabled within a
> minute or two message') - I have figured out is, to
> disconnect from the AP and then connect back again.
> BOOM everything then works. But this is a very horrible
> experience for a user and I can't expect the user to try
> this funky hack to get internet access after registration.
>
> I found
> this http://www.packetfence.org/bugs/view.php?id=1655 which
> describes
> the exact same issue and is BUG. Not sure it has been
> fixed yet. Can anyone confirm this?
>
>
> That bug report is so old as to be useless now.
>
> I would rather start from scratch.
>
> Internet access basically depends on being placed in the
> proper IPset.
> Can you check if registration happens differently for iOs devices?
> Are they placed in the same IPset at the Android ones?
>
>
> I’ll be away from work for the next three days. Back on the 29th.
> Keep posting, someone else may be able to help or else I’ll
> have a look on Monday.
>
> Regards,
> --
> Louis Munro
> [email protected] <mailto:[email protected]> ::
> www.inverse.ca <http://www.inverse.ca>
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu
> <http://www.sogo.nu>) and PacketFence (www.packetfence.org
> <http://www.packetfence.org>)
>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that
> monitors network devices and physical & virtual servers,
> alerts via email & sms for fault. Monitor 25 devices for free
> with no restriction. Download now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email &
> sms
> for fault. Monitor 25 devices for free with no restriction. Download
> now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo>
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email &
> sms for fault. Monitor 25 devices for free with no restriction.
> Download now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo>
> _______________________________________________ PacketFence-users
> mailing list [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email & sms
> for fault. Monitor 25 devices for free with no restriction. Download now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> <http://ad.doubleclick.net/ddm/clk/292181274%3b119417398%3bo>
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Fabrice Durand
> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135) ::
> www.inverse.ca <http://www.inverse.ca>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email & sms
> for fault. Monitor 25 devices for free with no restriction. Download
> now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
> _______________________________________________ PacketFence-users
> mailing list [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> ------------------------------------------------------------------------------
> Monitor 25 network devices or servers for free with OpManager!
> OpManager is web-based network management software that monitors
> network devices and physical & virtual servers, alerts via email & sms
> for fault. Monitor 25 devices for free with no restriction. Download now
> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical & virtual servers, alerts via email & sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
