Hi all, I've just upgraded my setup to 5.6.0 but the same issues persist. Thanks, Andrew
On 14.01.2016 09:25, Andrew Jones wrote: > Hi all, > I have a packetfence (5.5.2) installation running on debian, in vlan > enforcement mode with a Juniper ex2200 running junos 12.3R11.2 using > 802.1x and Mac Auth. For the most part it's working well, but I have > a > couple of issues that I've noticed: > 1. Nodes' sessions, once authenticated, don't appear to end as far as > packetfence is concerned until the same node authenticates again, > either > on the same port, or elsewhere. This can be seen from the either the > 'IP > address' or 'location' tabs of the node status page, there is no end > date for either. It doesn't matter whether this connection was mac > auth > or 802.1x (EAP-TLS), the end timestamp doesn't appear until the node > re-authenticates, despite the radius server having closed out the > session: > mysql> select * from radacct where radacctid=107\G > *************************** 1. row *************************** > radacctid: 107 > acctsessionid: 8O2.1x81ed00d60005f22d > acctuniqueid: e416089bd67238bf > username: 308d9916bad0 > groupname: > realm: > nasipaddress: 172.31.1.51 > nasportid: 74 > nasporttype: Ethernet > acctstarttime: 2016-01-13 17:59:33 > acctstoptime: 2016-01-13 17:59:45 > acctsessiontime: 12 > acctauthentic: > connectinfo_start: > connectinfo_stop: > acctinputoctets: 1690207 > acctoutputoctets: 3273920 > calledstationid: 288a1c01b600 > callingstationid: 308d9916bad0 > acctterminatecause: Admin-Reboot > servicetype: > framedprotocol: > framedipaddress: > acctstartdelay: 0 > acctstopdelay: 0 > xascendsessionsvrkey: > 1 row in set (0.00 sec) > > I'm not quite sure how freeradius notifies pf that the session has > ended, but whatever this mechanism is, it doesn't appear to be > working > correctly in my setup. > > 2. Each authenticated node appears twice in the node list in the web > interface, but only during an authenticated session, all details of > both > entries are identical. The radacct table only shows a single radius > session for the conenction, so it doesn't appear that the switch is > sending radius requests twice, or anything like that. > > If anyone has any suggestions regarding these issues, I'll be very > grateful. > > Thanks, > Andrew > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application > Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
