Hi all, after upgrading to 5.3.1 i found two problems, which maybe belong to each other:
1. In the „Rule“ window USERS->SOURCES->INTERNAL SOURCES->some AD source->RULES i get the following error message instead of the select „any“ „all“ dialog.. tried different browsers, deleted caches etc.. If <select name="match" id="match" class="input-mini"> <option value="any" id="match.0">any</option> <option value="all" id="match.1" selected="selected">all</option></select> of the following conditions are met: 2. A user who is trying to access a rule defined VLAN via wired auth, get’s access on a not known (Win8.1) PC and could not access from a AD attached (Win7) PC. do I need different rules for WIRED_MAC_AUTH and EAP machines? thank you in advance! [root@testpf vlan]# tail -f /usr/local/pf/logs/packetfence.log Aug 05 17:12:42 httpd.aaa(2825) INFO: [70:5a:b6:a7:a5:0d] handling radius autz request: from switch_ip => (192.168.6.20), connection_type => WIRED_MAC_AUTH,switch_mac => (00:23:34:a6:0f:06), mac => [70:5a:b6:a7:a5:0d], port => 10504, username => "705ab6a7a50d" (pf::radius::authorize) Aug 05 17:12:44 httpd.aaa(2825) INFO: Could not find any IP phones through discovery protocols for ifIndex 10504 (pf::Switch::getPhonesDPAtIfIndex) Aug 05 17:12:44 httpd.aaa(2825) INFO: [70:5a:b6:a7:a5:0d] Can't find provisioner (pf::vlan::getNormalVlan) Aug 05 17:12:44 httpd.aaa(2825) INFO: [70:5a:b6:a7:a5:0d] Can't find scan engine (pf::vlan::getNormalVlan) Aug 05 17:12:44 httpd.aaa(2825) INFO: [70:5a:b6:a7:a5:0d] Connection type is WIRED_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan) Aug 05 17:12:44 httpd.aaa(2825) INFO: [70:5a:b6:a7:a5:0d] Username was NOT defined or unable to match a role - returning node based role '' (pf::vlan::getNormalVlan) Aug 05 17:12:44 httpd.aaa(2825) WARN: No parameter Vlan found in conf/switches.conf for the switch 192.168.6.20 (pf::Switch::getVlanByName) Aug 05 17:12:44 httpd.aaa(2825) WARN: [70:5a:b6:a7:a5:0d] Resolved VLAN for node is not properly defined: Replacing with macDetectionVlan (pf::vlan::fetchVlanForNode) Aug 05 17:12:44 httpd.aaa(2825) INFO: [70:5a:b6:a7:a5:0d] PID: "TESTDOMAIN\\dennis.schulmeyer", Status: reg Returned VLAN: 14, Role: (pf::vlan::fetchVlanForNode) Aug 05 17:12:44 httpd.aaa(2825) INFO: [70:5a:b6:a7:a5:0d] (192.168.6.20) Returning ACCEPT with VLAN 14 and role (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) Aug 05 17:31:56 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Aug 05 17:31:56 pfsetvlan(1) INFO: down trap received on 192.168.6.20 ifIndex 10504 (main::handleTrap) Aug 05 17:31:56 pfsetvlan(1) INFO: security traps are configured on this switch port. Stopping DOWN trap handling here (main::handleTrap) Aug 05 17:31:56 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Aug 05 17:32:05 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] handling radius autz request: from switch_ip => (192.168.6.20), connection_type => Ethernet-EAP,switch_mac => (00:23:34:a6:0f:06), mac => [68:f7:28:d6:9a:04], port => 10504, username => "TESTDOMAIN\\dennis.schulmeyer" (pf::radius::authorize) Aug 05 17:32:06 httpd.aaa(2825) INFO: Could not find any IP phones through discovery protocols for ifIndex 10504 (pf::Switch::getPhonesDPAtIfIndex) Aug 05 17:32:06 httpd.aaa(2825) INFO: Memory configuration is not valid anymore for key resource::authentication_lookup in local cached_hash (pfconfig::cached::is_valid) Aug 05 17:32:06 httpd.aaa(2825) INFO: [TESTDOMAIN Users_AdminDept] Found a match (CN=Dennis Schulmeyer,OU=Users,DC=TESTDOMAIN,DC=com) (pf::Authentication::Source::LDAPSource::match_in_subclass) Aug 05 17:32:06 httpd.aaa(2825) INFO: [TESTDOMAIN Users_AdminDept] Found a match (CN=Dennis Schulmeyer,OU=Users,DC=TESTDOMAIN,DC=com) (pf::Authentication::Source::LDAPSource::match_in_subclass) Aug 05 17:32:06 httpd.aaa(2825) INFO: [TESTDOMAIN Users_AdminDept] Found a match (CN=Dennis Schulmeyer,OU=Users,DC=TESTDOMAIN,DC=com) (pf::Authentication::Source::LDAPSource::match_in_subclass) Aug 05 17:32:06 httpd.aaa(2825) WARN: Trying to compute the unreg date from an undefined value. Stopping processing and making unreg date undefined. (pf::config::dynamic_unreg_date) Aug 05 17:32:06 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] autoregister a node that is already registered, do nothing. (pf::node::node_register) Aug 05 17:32:06 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] Can't find provisioner (pf::vlan::getNormalVlan) Aug 05 17:32:06 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] Can't find scan engine (pf::vlan::getNormalVlan) Aug 05 17:32:06 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] Connection type is EAP. Getting role from node_info (pf::vlan::getNormalVlan) Aug 05 17:32:06 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] Username was defined "TESTDOMAIN\\dennis.schulmeyer" - returning user based role 'VLAN3_Guests' (pf::vlan::getNormalVlan) Aug 05 17:32:06 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] PID: "TESTDOMAIN\\dennis.schulmeyer", Status: reg Returned VLAN: 3, Role: VLAN3_Guests (pf::vlan::fetchVlanForNode) Aug 05 17:32:06 httpd.aaa(2825) INFO: [68:f7:28:d6:9a:04] (192.168.6.20) Returning ACCEPT with VLAN 3 and role (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) Aug 05 17:32:10 pfsetvlan(4) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Aug 05 17:32:10 pfsetvlan(4) INFO: up trap received on 192.168.6.20 ifIndex 10504 (main::handleTrap) Aug 05 17:32:10 pfsetvlan(4) INFO: security traps are configured on this switch port. Stopping UP trap handling here (main::handleTrap) Aug 05 17:32:10 pfsetvlan(4) INFO: finished (main::cleanupAfterThread) Kind regards, Dennis
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
