Hallo Fabrice,
Below is the logs as requested..
Regards,
Kehinde
---------- Forwarded message ----------
From: Akala Kehinde <[email protected]>
Date: Wed, Jun 14, 2017 at 6:22 PM
Subject: Re: WMI prereg and reg scans fail when user connects
To: Fabrice Durand <[email protected]>
Cc: [email protected]
Hallo Fabrice,
Had to do a service pf restart to activate the scan engine in the profile.
Below is the new logs i get when user is in Reg mode.
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO: [mac:00:50:ff:50:11:00]
Instantiate profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO: [mac:00:50:ff:50:11:00]
grace expired on violation 1200005 for node 00:50:ff:50:11:00
(pf::violation::violation_add)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO: [mac:00:50:ff:50:11:00]
violation 1200005 added for 00:50:ff:50:11:00 (pf::violation::violation_add)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO: [mac:00:50:ff:50:11:00]
executing action 'log' on class 1200005 (pf::action::action_execute)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO: [mac:00:50:ff:50:11:00]
/usr/local/pf/logs/violation.log 2017-06-14 18:06:26: Pre Reg System Scan
(1200005) detected on node 00:50:ff:50:11:00 (172.16.98.11)
(pf::action::action_log)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) INFO: [mac:00:50:ff:50:11:00]
Instantiate profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) INFO: [mac:00:50:ff:50:11:00]
New ID generated: 1497456387161100 (pf::util::generate_id)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) ERROR:
[mac:00:50:ff:50:11:00] Error rule wmi rule 'WinRAR_Process_Running':
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
(pf::scan::wmi::rules::test)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) WARN: [mac:00:50:ff:50:11:00]
WMI scan didnt start (pf::scan::wmi::startScan)
Seems violation id 1200005 triggers the wmi violation id 150001. But seems
user access is denied to scan the host.
When I test from PF i get the same error:
[root@pfence ~]# wmic -Uadminuser%pass //172.16.98.11 "select * from
Win_Process"
[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to
uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT
status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
[root@pfence ~]#
I enabled already DCOM access on the user PC but still get the same error.
Regards,
Kehinde
On Wed, Jun 14, 2017 at 5:31 PM, Akala Kehinde <[email protected]>
wrote:
> Hi Frabice,
>
> Also, the portal redirect feature still doesn't work.
> Always have to refresh page. Doesn't redirect automatically.
>
> Regards,
> Kehinde
>
> On Wed, Jun 14, 2017 at 3:46 PM, Akala Kehinde <[email protected]>
> wrote:
>
>> Hallo Fabrice,
>>
>> Below the logs..
>>
>> Jun 14 15:38:06 pfence pfqueue: Unknown vendor attribute 9/252 for
>> unpack()
>> Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] handling radius autz request: from switch_ip =>
>> (172.16.100.4), connection_type => Ethernet-EAP,switch_mac =>
>> (aa:bb:cc:00:05:21), mac => [00:50:ff:50:11:00], port => 7, username =>
>> "kakala" (pf::radius::authorize)
>> Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile default
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] is of status unreg; belongs into registration VLAN
>> (pf::role::getRegistrationRole)
>> Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 98 to the returned RADIUS
>> Access-Accept (pf::Switch::returnRadiusAccessAccept)
>> Jun 14 15:39:04 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] handling radius autz request: from switch_ip =>
>> (172.16.100.4), connection_type => Ethernet-EAP,switch_mac =>
>> (aa:bb:cc:00:05:21), mac => [00:50:ff:50:11:00], port => 7, username =>
>> "kakala" (pf::radius::authorize)
>> Jun 14 15:39:04 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:04 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] is of status unreg; belongs into registration VLAN
>> (pf::role::getRegistrationRole)
>> Jun 14 15:39:05 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 98 to the returned RADIUS
>> Access-Accept (pf::Switch::returnRadiusAccessAccept)
>> Jun 14 15:39:29 pfence packetfence_httpd.portal: httpd.portal(4607) INFO:
>> [mac:unknown] Instantiate profile SNS (pf::Connection::ProfileFactor
>> y::_from_profile)
>> Jun 14 15:39:29 pfence packetfence_httpd.portal: httpd.portal(4607) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:29 pfence packetfence_httpd.portal: httpd.portal(4607) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:29 pfence packetfence_httpd.portal: httpd.portal(4607) INFO:
>> [mac:00:50:ff:50:11:00] Updating node user_agent with useragent:
>> 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2;
>> .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C;
>> .NET4.0E)' (captiveportal::PacketFence::DynamicRouting::Application::pr
>> ocess_user_agent)
>> Jun 14 15:39:29 pfence packetfence_httpd.portal: httpd.portal(4607) INFO:
>> [mac:00:50:ff:50:11:00] Static User-Agent lookup data initialized
>> (pf::useragent::_init)
>> Jun 14 15:39:37 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:unknown] Instantiate profile SNS (pf::Connection::ProfileFactor
>> y::_from_profile)
>> Jun 14 15:39:37 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:37 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:37 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:unknown] Instantiate profile SNS (pf::Connection::ProfileFactor
>> y::_from_profile)
>> Jun 14 15:39:37 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:37 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:58 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:unknown] Instantiate profile SNS (pf::Connection::ProfileFactor
>> y::_from_profile)
>> Jun 14 15:39:58 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:39:59 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Authenticating user using sources : Win_AD
>> (captiveportal::PacketFence::DynamicRouting::Module::Authent
>> ication::Login::authenticate)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] [Win_AD] Authentication successful for kakala
>> (pf::Authentication::Source::LDAPSource::authenticate)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Authentication successful for kakala in source
>> Win_AD (AD) (pf::authentication::authenticate)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] User kakala has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Successfully authenticated kakala
>> (captiveportal::PacketFence::DynamicRouting::Module::Authent
>> ication::Login::authenticate)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence pfqueue: pfqueue(4518) INFO: [mac:unknown] Already
>> did a person lookup for kakala (pf::lookup::person::lookup_person)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] User kakala has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) WARN:
>> [mac:00:50:ff:50:11:00] Calling match with empty/invalid rule class.
>> Defaulting to 'authentication' (pf::authentication::match)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Using sources Win_AD for matching
>> (pf::authentication::match)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Matched rule (kehinde_rule) in source Win_AD,
>> returning actions. (pf::Authentication::Source::match)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] User kakala has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) WARN:
>> [mac:00:50:ff:50:11:00] Calling match with empty/invalid rule class.
>> Defaulting to 'authentication' (pf::authentication::match)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Using sources Win_AD for matching
>> (pf::authentication::match)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Matched rule (kehinde_rule) in source Win_AD,
>> returning actions. (pf::Authentication::Source::match)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Found source Win_AD in session.
>> (Class::MOP::Class:::around)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] User kakala has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] User kakala has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] User kakala has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] User kakala has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] violation 1300003 force-closed for
>> 00:50:ff:50:11:00 (pf::violation::violation_force_close)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4609) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:unknown] Instantiate profile SNS (pf::Connection::ProfileFactor
>> y::_from_profile)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:03 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:04 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Releasing device (captiveportal::PacketFence::D
>> ynamicRouting::Module::Root::release)
>> Jun 14 15:40:04 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] User default has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:04 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:04 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jun 14 15:40:04 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] is currentlog connected at (172.16.100.4) ifIndex 7
>> registration (pf::enforcement::_should_we_reassign_vlan)
>> Jun 14 15:40:04 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:04 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Using sources Win_AD for matching
>> (pf::authentication::match2)
>> Jun 14 15:40:05 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Matched rule (kehinde_rule) in source Win_AD,
>> returning actions. (pf::Authentication::Source::match)
>> Jun 14 15:40:05 pfence pfqueue: pfqueue(4518) INFO: [mac:unknown] Already
>> did a person lookup for kakala (pf::lookup::person::lookup_person)
>> Jun 14 15:40:05 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] Username was defined "kakala" - returning role
>> 'staff' (pf::role::getRegisteredRole)
>> Jun 14 15:40:05 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] PID: "kakala", Status: reg Returned VLAN:
>> (undefined), Role: staff (pf::role::fetchRoleForNode)
>> Jun 14 15:40:05 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] VLAN reassignment required (current VLAN = 98 but
>> should be in VLAN 4) (pf::enforcement::_should_we_reassign_vlan)
>> Jun 14 15:40:05 pfence packetfence_httpd.portal: httpd.portal(4610) INFO:
>> [mac:00:50:ff:50:11:00] switch port is (172.16.100.4) ifIndex 7 connection
>> type: Wired 802.1x (pf::enforcement::_vlan_reevaluation)
>> Jun 14 15:40:06 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:unknown] Instantiate profile SNS (pf::Connection::ProfileFactor
>> y::_from_profile)
>> Jun 14 15:40:06 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:06 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] User default has authenticated on the portal.
>> (Class::MOP::Class:::after)
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Reevaluating access of device.
>> (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
>> Jun 14 15:40:07 pfence pfqueue: pfqueue(5283) INFO:
>> [mac:00:50:ff:50:11:00] deauthenticating (pf::Switch::Cisco::Catalyst_2
>> 960::radiusDisconnect)
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jun 14 15:40:07 pfence pfqueue: pfqueue(5283) WARN:
>> [mac:00:50:ff:50:11:00] Unknown vendor attribute 9/252 for unpack()
>> (Net::Radius::Packet::unpack)
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] is currentlog connected at (172.16.100.4) ifIndex 7
>> registration (pf::enforcement::_should_we_reassign_vlan)
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Using sources Win_AD for matching
>> (pf::authentication::match2)
>> Jun 14 15:40:07 pfence pfqueue: Unknown vendor attribute 9/252 for
>> unpack()
>> Jun 14 15:40:07 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Matched rule (kehinde_rule) in source Win_AD,
>> returning actions. (pf::Authentication::Source::match)
>> Jun 14 15:40:08 pfence pfqueue: pfqueue(4517) INFO: [mac:unknown] Already
>> did a person lookup for kakala (pf::lookup::person::lookup_person)
>> Jun 14 15:40:08 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] Username was defined "kakala" - returning role
>> 'staff' (pf::role::getRegisteredRole)
>> Jun 14 15:40:08 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] PID: "kakala", Status: reg Returned VLAN:
>> (undefined), Role: staff (pf::role::fetchRoleForNode)
>> Jun 14 15:40:08 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] VLAN reassignment required (current VLAN = 98 but
>> should be in VLAN 4) (pf::enforcement::_should_we_reassign_vlan)
>> Jun 14 15:40:08 pfence packetfence_httpd.portal: httpd.portal(4966) INFO:
>> [mac:00:50:ff:50:11:00] switch port is (172.16.100.4) ifIndex 7 connection
>> type: Wired 802.1x (pf::enforcement::_vlan_reevaluation)
>> Jun 14 15:40:08 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] handling radius autz request: from switch_ip =>
>> (172.16.100.4), connection_type => Ethernet-EAP,switch_mac =>
>> (aa:bb:cc:00:05:21), mac => [00:50:ff:50:11:00], port => 7, username =>
>> "kakala" (pf::radius::authorize)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile SNS
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Using sources Win_AD for matching
>> (pf::authentication::match2)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) ERROR:
>> [mac:00:50:ff:50:11:00] Error binding 'Unexpected EOF' (pf::LDAP::bind)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) WARN:
>> [mac:00:50:ff:50:11:00] LDAP connection expired (pf::LDAP::expire_if)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Matched rule (kehinde_rule) in source Win_AD,
>> returning actions. (pf::Authentication::Source::match)
>> Jun 14 15:40:09 pfence pfqueue: pfqueue(4518) INFO: [mac:unknown] Already
>> did a person lookup for kakala (pf::lookup::person::lookup_person)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Username was defined "kakala" - returning role
>> 'staff' (pf::role::getRegisteredRole)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] PID: "kakala", Status: reg Returned VLAN:
>> (undefined), Role: staff (pf::role::fetchRoleForNode)
>> Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 4 to the returned RADIUS
>> Access-Accept (pf::Switch::returnRadiusAccessAccept)
>> Jun 14 15:40:10 pfence pfqueue: pfqueue(5285) INFO:
>> [mac:00:50:ff:50:11:00] deauthenticating (pf::Switch::Cisco::Catalyst_2
>> 960::radiusDisconnect)
>> Jun 14 15:40:10 pfence pfqueue: pfqueue(5285) WARN:
>> [mac:00:50:ff:50:11:00] Unknown vendor attribute 9/252 for unpack()
>> (Net::Radius::Packet::unpack)
>> Jun 14 15:40:10 pfence pfqueue: Unknown vendor attribute 9/252 for
>> unpack()
>> Jun 14 15:40:10 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] handling radius autz request: from switch_ip =>
>> (172.16.100.4), connection_type => Ethernet-EAP,switch_mac =>
>> (aa:bb:cc:00:05:21), mac => [00:50:ff:50:11:00], port => 7, username =>
>> "kakala" (pf::radius::authorize)
>> Jun 14 15:40:10 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Instantiate profile default
>> (pf::Connection::ProfileFactory::_from_profile)
>> Jun 14 15:40:10 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Using sources local, file1, RADIUS, LDAP, Win_AD,
>> Win_AD2 for matching (pf::authentication::match2)
>> Jun 14 15:40:11 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] Username was defined "kakala" - returning role
>> 'staff' (pf::role::getRegisteredRole)
>> Jun 14 15:40:11 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] PID: "kakala", Status: reg Returned VLAN:
>> (undefined), Role: staff (pf::role::fetchRoleForNode)
>> Jun 14 15:40:11 pfence packetfence_httpd.aaa: httpd.aaa(4406) INFO:
>> [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 4 to the returned RADIUS
>> Access-Accept (pf::Switch::returnRadiusAccessAccept)
>>
>>
>> Thanks..
>>
>> Regards,
>> Kehinde
>>
>> On Wed, Jun 14, 2017 at 2:23 PM, Fabrice Durand <[email protected]>
>> wrote:
>>
>>> Hello Kehinde,
>>>
>>> do you have the log when a user authenticate on the portal ?
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>>
>>> Le 2017-06-13 à 09:56, Akala Kehinde a écrit :
>>>
>>> Hello guys,
>>>
>>> Need help uirgently with this..
>>> Have an OOB setup which works. Want to integrate WMI prereg and reg
>>> scans with it. Below is my defined config:
>>>
>>> *WMI Rule*
>>>
>>> [WinRAR_Process_Running]
>>> namespace=ROOT\cimv2
>>> request=select Name from Win32_Process
>>> action= <<EOT
>>> [WinRAR]
>>> attribute = Name
>>> operator = match
>>> value = WinRAR.exe
>>>
>>> [1:WinRAR]
>>> action=trigger_violation
>>> action_param = mac = $mac, tid = 789123, type = INTERNAL
>>> EOT
>>> on_tab=1
>>>
>>> *WMI Scan*
>>>
>>> [WMI_SCAN_ENGINE]
>>> wmi_rules=WinRAR_Process_Running
>>> duration=20s
>>> categories=guest,staff
>>> registration=1
>>> username=Administrator
>>> domain=egelsbach.mawoh.de
>>> post_registration=1
>>> password=Oy3m1cant0
>>> pre_registration=1
>>> oses=1
>>> type=wmi
>>>
>>> *Violation *
>>>
>>> [1500001]
>>> priority=1
>>> trigger=detect::789123
>>> actions=reevaluate_access,log
>>> window=
>>> desc=WinRAR process check
>>> enabled=Y
>>> template=system_scan
>>> auto_enable=N
>>> delay_by=
>>> grace=2m
>>> redirect_url=http://www.mawoh.de
>>>
>>> *Connection profile*
>>>
>>> [SNS]
>>> locale=
>>> filter=vlan:98
>>> description=SNS PROFILE
>>> sources=Win_AD
>>> redirecturl=http://www.mawoh.de
>>> logo=/common/mawoh.png
>>> root_module=SNS_PORTAL
>>> scans=WMI_SCAN_ENGINE
>>>
>>> Nothing works when user is in prereg or reg modes. Even though scan
>>> engine is included in profile, seems not detected when user connects.
>>>
>>> Am I doing something wrong?
>>>
>>> Regards,
>>> Kehinde
>>>
>>>
>>> --
>>> Fabrice [email protected] :: +1.514.447.4918 <(514)%20447-4918>
>>> (x135) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
