Hello Charles, can you send me your enforcement.pm file ?
Regards Fabrice Le 2016-02-03 15:36, Rumford, Charles C a écrit : >> On Jan 27, 2016, at 3:34 AM, Will Halsall <[email protected]> wrote: >> >> Hi Fabrice, >> >> Yes that fixies it for me (see logs below) . >> >> Thank you >> >> Will Halsall >> >> >> pfmon.log:Jan 27 08:18:51 pfmon(9137) INFO: modified 00:24:2b:60:ff:79 from >> status 'reg' to 'unreg' based on unregdate colum >> (pf::node::nodes_maintenance) >> pfqueue.log:Jan 27 08:08:51 pfqueue(9083) INFO: [mac:00:24:2b:60:ff:79] >> oldmac (b0:9f:ba:c5:53:5c) and newmac (00:24:2b:60:ff:79) are different for >> 192.168.16.34 - closing iplog entry (pf::api::update_iplog) >> radius.log:Wed Jan 27 08:07:40 2016 : Auth: Login OK: [00:24:2b:60:ff:79] >> (from client 172.16.36.30 port 0 cli 00:24:2b:60:ff:79) >> radius.log:Wed Jan 27 08:07:40 2016 : Auth: rlm_perl: Returning vlan 72 to >> request from 00:24:2b:60:ff:79 port 0 >> radius.log:Wed Jan 27 08:08:44 2016 : Auth: Login OK: [00:24:2b:60:ff:79] >> (from client 172.16.36.30 port 0 cli 00:24:2b:60:ff:79) >> radius.log:Wed Jan 27 08:08:44 2016 : Auth: rlm_perl: Returning vlan 80 to >> request from 00:24:2b:60:ff:79 port 0 >> radius.log:Wed Jan 27 08:08:45 2016 : Auth: Login OK: [00:24:2b:60:ff:79] >> (from client 172.16.36.30 port 0 cli 00:24:2b:60:ff:79) >> radius.log:Wed Jan 27 08:08:45 2016 : Auth: rlm_perl: Returning vlan 80 to >> request from 00:24:2b:60:ff:79 port 0 >> radius.log:Wed Jan 27 08:18:52 2016 : Auth: Login OK: [00:24:2b:60:ff:79] >> (from client 172.16.36.30 port 0 cli 00:24:2b:60:ff:79) >> radius.log:Wed Jan 27 08:18:52 2016 : Auth: rlm_perl: Returning vlan 72 to >> request from 00:24:2b:60:ff:79 port 0 >> radius.log:Wed Jan 27 08:18:53 2016 : Auth: Login OK: [00:24:2b:60:ff:79] >> (from client 172.16.36.30 port 0 cli 00:24:2b:60:ff:79) >> radius.log:Wed Jan 27 08:18:53 2016 : Auth: rlm_perl: Returning vlan 72 to >> request from 00:24:2b:60:ff:79 port 0 >> > > Fabrice - > > I ran the command below, applied the patches, restarted PF, and still not > getting the result I feel I should be. > > PF seems to be performing the maintenance as evidenced by this log message: > > pfmon.log:Feb 03 15:28:35 pfmon(994) INFO: modified 00:0b:6b:b7:e9:d0 from > status 'reg' to 'unreg' based on unregdate colum (pf::node::nodes_maintenance) > > but the user is still in the “reg” role on the wireless controller and was > never moved to the “unreg” role on the controller. I did a packet capture > between the PF box and the controller, and I see the role change request > being sent on registration: > > 15:26:19.577784 IP siepata.net.isc.upenn.edu.38866 > > 10.50.80.52.radius-dynauth: UDP, length 94 > 15:26:19.579269 IP 10.50.80.52.radius-dynauth > > siepata.net.isc.upenn.edu.38866: UDP, length 32 > > but I don’t see it again when the dereg happens. > > Thoughts? > >> -----Original Message----- >> From: Fabrice DURAND [mailto:[email protected]] >> Sent: Tuesday, January 26, 2016 8:21 PM >> To: [email protected] >> Subject: Re: [PacketFence-users] unregistration issue >> >> Hello Charles, >> >> can you do that: >> >> ./usr/local/pf/addons/pf-maint.pl >> >> and restart packetfence and retry ? >> >> Regards >> Fabrice >> >> Le 2016-01-26 11:08, Rumford, Charles C a écrit : >>>> On Jan 26, 2016, at 6:47 AM, Will Halsall <[email protected]> wrote: >>>> >>>> Hi Folks, >>>> >>>> After upgrading to 5.6 I noticed I was having a de-authentication issue. >>>> >>>> After doing an email authentication on the captive portal the e-mail is >>>> sent out as usual and internet access is granted, normally if you do not >>>> click on the link in the email after 10 mins you are de-authenticated. >>>> >>>> At the moment the user goes back into an unreg stat but I cannot see a >>>> de-authentication sent back to the wifi controller and internet access is >>>> not terminated. >>>> >>>> If I manually set the role back to default the user is >>>> de-authenticated >>> I noticed this also with my test installation for email auth. I also >>> noticed that it doesn't de-auth users when a users during clean-up when a >>> session expires. >>> >>> I went digging around in code looking for where and found in >>> PF::Enforcement::reevaluate_access it only does the VLAN re-evaluation. >>> Looking in PF::Enforcement::_vlan_reevaluation, there doesn't seem to be >>> anything regard role re-evaluation. I haven't done any more work beyond >>> that to see where to add a role re-evaulation in, but plan on it if we >>> decide to go with PacketFence. >>> >>> ---- >>> Charles Rumford >>> Network Engineer/Senior Wireless Engineer ISC Network Operations >>> University of Pennsylvania OpenPGP Key ID: 0xF3D8215A >>> (p) 215-746-2808 >>> >>> >>> >>> ---------------------------------------------------------------------- >>> -------- >>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>> Monitor end-to-end web transactions and take corrective actions now >>> Troubleshoot faster and improve end-user experience. Signup Now! >>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice Durand >> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse >> inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> >> >> ********************************************************************** >> This message is intended only for the use of the person(s) to >> whom it is addressed, and may contain privileged and confidential >> information. >> If it has come to you in error, please contact the sender as soon as >> possible, >> and note that you must take no action based on the content, nor must you >> copy, >> distribute, or show the content to any other person. >> >> >> In accordance with its legal obligations, Farnborough College of >> Technology reserves the right to monitor the content of e-mails sent and >> received, but will not do so routinely. >> ********************************************************************** >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> MailScanner thanks transtec Computers for their support. >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ---- > Charles Rumford > Network Engineer/Senior Wireless Engineer > ISC Network Operations > University of Pennsylvania > OpenPGP Key ID: 0xF3D8215A > (p) 215-746-2808 > > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
