Hello Dean,
i has been fixed in devel, it was because of an apache filter.
cd /usr/local/pf
wget
https://github.com/inverse-inc/packetfence/commit/1a84821125d197025f9cc12941d2aeb7ee6deb72.diff
patch -p1 < 1a84821125d197025f9cc12941d2aeb7ee6deb72.diff
And don't forget to rename apache_filters.conf.example to
apache_filters.conf and do a pfcmd configreload hard
Regards
Fabrice
Le 2017-01-28 à 20:45, Dean Holland a écrit :
So I changed the httpd.portal.tt <http://httpd.portal.tt> file to use
RSA ciphers for TLS, which allowed me to decrypt a packet capture of
the registration interface with Wireshark, the agent is getting a 501
error from the portal. HTTP trace follows.
GET /profile.xml HTTP/1.1
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.1.1; Nexus 7 Build/LMY47V)
Host: www.packetfence.org <http://www.packetfence.org>
Connection: Keep-Alive
Accept-Encoding: gzip
HTTP/1.1 501 Not Implemented
Date: Sun, 29 Jan 2017 01:34:52 GMT
Server: Apache
X-DNS-Prefetch-Control: off
Allow:
Content-Length: 202
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>501 Not Implemented</title>
</head><body>
<h1>Not Implemented</h1>
<p>GET to /profile.xml not supported.<br />
</p>
</body></html>
Dean
On Fri, Jan 6, 2017 at 9:27 AM Dean Holland <[email protected]
<mailto:[email protected]>> wrote:
Hi Fabrice,
Correct - nothing in that log file either.
On Fri, Jan 6, 2017 at 8:12 AM Durand fabrice <[email protected]
<mailto:[email protected]>> wrote:
it's normal that it's an iphone profile since the android app
use the same format.
Nothing in httpd.portal.catalyst too ?
Le 2017-01-05 à 01:46, Dean Holland a écrit :
No errors in httpd.portal.error - in fact nothing logged at all!
If I browse to www.packetfence.org/profile.xml
<http://www.packetfence.org/profile.xml> (which resolves to
the portal) I get what looks like an iOS profile - it starts with
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<!-- Generated by the iPhone Configuration Utility /-->
<plist version="1.0">
On Thu, Jan 5, 2017 at 10:40 AM Durand fabrice
<[email protected] <mailto:[email protected]>> wrote:
Hello Dean,
can you check all the log files to see if you find the
error. (probably in httpd.portal.error)
And can you try from a web browser to go directly at
www.packetfence.org/profile.xml
<http://www.packetfence.org/profile.xml> and check if you
can have the error.
Regards
Fabrice
Le 2017-01-04 à 03:14, Dean Holland a écrit :
Hello,
I have a PF 6.4 install on Debian Jessie and am having
issues provisioning Android devices. When I get to the
stage of installing the wireless profile, opening the PF
agent results in an "Error fetching profile" message.
This has happened on two separate tablets - both of
which are identified as Android as the correct
provisioner is being displayed on the portal.
The certificate is being requested (I can see it in the
mspki console), and being transferred from NDES (can see
it in tcpdump) but it looks as though the profile
generation is encountering a 501 error:
192.168.99.11 - - [04/Jan/2017:15:32:22 +0800]
"www.packetfence.org <http://www.packetfence.org>" "GET
/profile.xml HTTP/1.1" 501 202 "-" "Dalvik/2.1.0 (Linux;
U; Android 5.1.1; Nexus 7 Build/LMY47V)" 897
This used to work, though I haven't had to provision a
device in a while so I'm not sure when it stopped. I can
request a user certificate, manually install it on the
device with the CA certs and connect to the wireless
successfully using PF as the RADIUS server. Anywhere I
can start looking as to why the profile isn't generated
successfully?
profiles.conf:
[default]
locale=
autoregister=enabled
sources=Haveacry_AD
provisioners=android-haveacry,ios
provisioning.conf
[android-haveacry]
description=Haveacry Wireless
security_type=WPA
can_sign_profile=0
category=default
ssid=haveacry
pki_provider=Haveacry_SCEP
type=android
oses=
broadcast=1
eap_type=13
pki_providers.conf
[Haveacry_SCEP]
state=XXXXXX
cn_attribute=pid
url=http://ndes01.xxx.xxx.xxx/CertSrv/mscep/
organization=Have a Cry
organizational_unit=Infrastructure
server_cert_path=/usr/local/pf/conf/ssl/tls_certs/server.pem
locality=XXXXXXXX
country=XX
type=scep
ca_cert_path=/usr/local/pf/conf/ssl/tls_certs/MyCA.pem
packetfence.log
Jan 04 16:07:58 httpd.portal(7755) INFO: [mac:unknown]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:07:58 httpd.portal(7755) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:07:58 httpd.portal(7755) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO: [mac:unknown]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Authenticating user using
sources : Haveacry_AD
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] [Haveacry_AD] Authentication
successful for dean
(pf::Authentication::Source::LDAPSource::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Authentication successful for
'dean' in source Haveacry_AD (AD)
(pf::authentication::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] User dean has authenticated on
the portal. (Class::MOP::Class:::after)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Successfully authenticated dean
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] User dean has authenticated on
the portal. (Class::MOP::Class:::after)
Jan 04 16:08:09 httpd.portal(7756) WARN:
[mac:30:85:a9:4b:5b:e7] Calling match with empty/invalid
rule class. Defaulting to 'authentication'
(pf::authentication::match)
Jan 04 16:08:09 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Using sources Haveacry_AD for
matching (pf::authentication::match)
Jan 04 16:08:10 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Matched rule (WiFi_Default) in
source Haveacry_AD, returning actions.
(pf::Authentication::Source::match)
Jan 04 16:08:10 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:10 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] User dean has authenticated on
the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7756) WARN:
[mac:30:85:a9:4b:5b:e7] Calling match with empty/invalid
rule class. Defaulting to 'authentication'
(pf::authentication::match)
Jan 04 16:08:10 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Using sources Haveacry_AD for
matching (pf::authentication::match)
Jan 04 16:08:10 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Matched rule (WiFi_Default) in
source Haveacry_AD, returning actions.
(pf::Authentication::Source::match)
Jan 04 16:08:10 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:10 httpd.portal(7756) INFO:
[mac:30:85:a9:4b:5b:e7] Found source Haveacry_AD in
session. (Class::MOP::Class:::around)
Jan 04 16:08:10 httpd.portal(7754) INFO: [mac:unknown]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:10 httpd.portal(7754) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:10 httpd.portal(7754) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:10 httpd.portal(7754) INFO:
[mac:30:85:a9:4b:5b:e7] User dean has authenticated on
the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7754) INFO:
[mac:30:85:a9:4b:5b:e7] Found provisioner
android-haveacry for 30:85:a9:4b:5b:e7
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Jan 04 16:08:10 httpd.portal(7754) INFO:
[mac:30:85:a9:4b:5b:e7] User dean has authenticated on
the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7754) INFO:
[mac:30:85:a9:4b:5b:e7] User dean has authenticated on
the portal. (Class::MOP::Class:::after)
Jan 04 16:08:10 httpd.portal(7754) INFO:
[mac:30:85:a9:4b:5b:e7] User: 'dean' found in the
directory
(pf::Authentication::Source::LDAPSource::search_attributes_in_subclass)
Jan 04 16:08:17 httpd.portal(7757) INFO: [mac:unknown]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:17 httpd.portal(7757) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:17 httpd.portal(7757) INFO:
[mac:30:85:a9:4b:5b:e7] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 04 16:08:17 httpd.portal(7757) INFO:
[mac:30:85:a9:4b:5b:e7] Found provisioner
android-haveacry for 30:85:a9:4b:5b:e7
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Jan 04 16:08:17 httpd.portal(7757) INFO:
[mac:30:85:a9:4b:5b:e7] User dean has authenticated on
the portal. (Class::MOP::Class:::after)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the
world's most
engaging tech sites, SlashDot.org!
http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!
http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
