Hello,
I have a PF 6.4 install on Debian Jessie and am having issues provisioning
Android devices. When I get to the stage of installing the wireless
profile, opening the PF agent results in an "Error fetching profile"
message. This has happened on two separate tablets - both of which are
identified as Android as the correct provisioner is being displayed on the
portal.
The certificate is being requested (I can see it in the mspki console), and
being transferred from NDES (can see it in tcpdump) but it looks as though
the profile generation is encountering a 501 error:
192.168.99.11 - - [04/Jan/2017:15:32:22 +0800] "www.packetfence.org" "GET
/profile.xml HTTP/1.1" 501 202 "-" "Dalvik/2.1.0 (Linux; U; Android 5.1.1;
Nexus 7 Build/LMY47V)" 897
This used to work, though I haven't had to provision a device in a while so
I'm not sure when it stopped. I can request a user certificate, manually
install it on the device with the CA certs and connect to the wireless
successfully using PF as the RADIUS server. Anywhere I can start looking as
to why the profile isn't generated successfully?
profiles.conf:
[default]
locale=
autoregister=enabled
sources=Haveacry_AD
provisioners=android-haveacry,ios
provisioning.conf
[android-haveacry]
description=Haveacry Wireless
security_type=WPA
can_sign_profile=0
category=default
ssid=haveacry
pki_provider=Haveacry_SCEP
type=android
oses=
broadcast=1
eap_type=13
pki_providers.conf
[Haveacry_SCEP]
state=XXXXXX
cn_attribute=pid
url=http://ndes01.xxx.xxx.xxx/CertSrv/mscep/
organization=Have a Cry
organizational_unit=Infrastructure
server_cert_path=/usr/local/pf/conf/ssl/tls_certs/server.pem
locality=XXXXXXXX
country=XX
type=scep
ca_cert_path=/usr/local/pf/conf/ssl/tls_certs/MyCA.pem
packetfence.log
Jan 04 16:07:58 httpd.portal(7755) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:07:58 httpd.portal(7755) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:07:58 httpd.portal(7755) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7]
Authenticating user using sources : Haveacry_AD
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7]
[Haveacry_AD] Authentication successful for dean
(pf::Authentication::Source::LDAPSource::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7]
Authentication successful for 'dean' in source Haveacry_AD (AD)
(pf::authentication::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] User dean
has authenticated on the portal. (Class::MOP::Class:::after)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7]
Successfully authenticated dean
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] User dean
has authenticated on the portal. (Class::MOP::Class:::after)
Jan 04 16:08:09 httpd.portal(7756) WARN: [mac:30:85:a9:4b:5b:e7] Calling
match with empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Using
sources Haveacry_AD for matching (pf::authentication::match)
Jan 04 16:08:10 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Matched
rule (WiFi_Default) in source Haveacry_AD, returning actions.
(pf::Authentication::Source::match)
Jan 04 16:08:10 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:10 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] User dean
has authenticated on the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7756) WARN: [mac:30:85:a9:4b:5b:e7] Calling
match with empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
Jan 04 16:08:10 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Using
sources Haveacry_AD for matching (pf::authentication::match)
Jan 04 16:08:10 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Matched
rule (WiFi_Default) in source Haveacry_AD, returning actions.
(pf::Authentication::Source::match)
Jan 04 16:08:10 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:10 httpd.portal(7756) INFO: [mac:30:85:a9:4b:5b:e7] Found
source Haveacry_AD in session. (Class::MOP::Class:::around)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:30:85:a9:4b:5b:e7] User dean
has authenticated on the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:30:85:a9:4b:5b:e7] Found
provisioner android-haveacry for 30:85:a9:4b:5b:e7
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:30:85:a9:4b:5b:e7] User dean
has authenticated on the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:30:85:a9:4b:5b:e7] User dean
has authenticated on the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:30:85:a9:4b:5b:e7] User:
'dean' found in the directory
(pf::Authentication::Source::LDAPSource::search_attributes_in_subclass)
Jan 04 16:08:17 httpd.portal(7757) INFO: [mac:unknown] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:17 httpd.portal(7757) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:17 httpd.portal(7757) INFO: [mac:30:85:a9:4b:5b:e7]
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:17 httpd.portal(7757) INFO: [mac:30:85:a9:4b:5b:e7] Found
provisioner android-haveacry for 30:85:a9:4b:5b:e7
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Jan 04 16:08:17 httpd.portal(7757) INFO: [mac:30:85:a9:4b:5b:e7] User dean
has authenticated on the portal. (Class::MOP::Class:::after)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
