Hi all,
I have a packetfence (5.5.2) installation running on debian, in vlan
enforcement mode with a Juniper ex2200 running junos 12.3R11.2 using
802.1x and Mac Auth. For the most part it's working well, but I have a
couple of issues that I've noticed:
1. Nodes' sessions, once authenticated, don't appear to end as far as
packetfence is concerned until the same node authenticates again, either
on the same port, or elsewhere. This can be seen from the either the 'IP
address' or 'location' tabs of the node status page, there is no end
date for either. It doesn't matter whether this connection was mac auth
or 802.1x (EAP-TLS), the end timestamp doesn't appear until the node
re-authenticates, despite the radius server having closed out the
session:
mysql> select * from radacct where radacctid=107\G
*************************** 1. row ***************************
radacctid: 107
acctsessionid: 8O2.1x81ed00d60005f22d
acctuniqueid: e416089bd67238bf
username: 308d9916bad0
groupname:
realm:
nasipaddress: 172.31.1.51
nasportid: 74
nasporttype: Ethernet
acctstarttime: 2016-01-13 17:59:33
acctstoptime: 2016-01-13 17:59:45
acctsessiontime: 12
acctauthentic:
connectinfo_start:
connectinfo_stop:
acctinputoctets: 1690207
acctoutputoctets: 3273920
calledstationid: 288a1c01b600
callingstationid: 308d9916bad0
acctterminatecause: Admin-Reboot
servicetype:
framedprotocol:
framedipaddress:
acctstartdelay: 0
acctstopdelay: 0
xascendsessionsvrkey:
1 row in set (0.00 sec)
I'm not quite sure how freeradius notifies pf that the session has
ended, but whatever this mechanism is, it doesn't appear to be working
correctly in my setup.
2. Each authenticated node appears twice in the node list in the web
interface, but only during an authenticated session, all details of both
entries are identical. The radacct table only shows a single radius
session for the conenction, so it doesn't appear that the switch is
sending radius requests twice, or anything like that.
If anyone has any suggestions regarding these issues, I'll be very
grateful.
Thanks,
Andrew
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
