Hi,
Let me rephrase this question, and also add some log evidence.
Packetfence correctly sets an expiration date for email registrations in
the captive portal, but nevertheless already unregs the devices after 20
minutes, despite the setting correct unreg date.
Let me show you what happens:
Around 08:49, a ueser registers, and the reg email is sent:
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal:
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] User [email protected]
has authenticated on the portal. (Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal:
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] new activation code
successfully generated (pf::activation::create)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal:
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 08:49:53 pf packetfence_httpd.portal:
httpd.portal(6081) INFO: [mac:9c:2a:70:31:9b:9f] Email sent to
[email protected] (ourdomain.com: Email activation required)
(pf::activation::try {...} )
Then at 08:52 the activition code is verified:
./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] [9c:2a:70:31:9b:9f] Activation
code sent to email [email protected] from [email protected]
successfully verified. for activation type: guest
(pf::activation::validate_code)
./packetfence.log.1:Jul 11 08:52:39 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Extending duration to
2017-08-10 08:49:53
(captiveportal::PacketFence::Controller::Activate::Email::code)
and registration duration is correctly extended to 2017-08-10.
Everything seems correct.
HOWEVER 18 minutes later, at 09:10:
./pfmon.log.1:Jul 11 09:10:23 pf pfmon: pfmon(6242) INFO: [mac:unknown]
modified 9c:2a:70:31:9b:9f from status 'reg' to 'unreg' based on unregdate
colum (pf::node::nodes_maintenance)
./packetfence.log.1:Jul 11 09:10:23 pf packetfence_httpd.webservices:
httpd.webservices(6101) INFO: [mac:9c:2a:70:31:9b:9f] stated changed, adapting
firewall rules for proper enforcement (pf::inline::performInlineEnforcement)
./packetfence.log.1:Jul 11 09:10:23 pf packetfence_httpd.webservices:
httpd.webservices(6101) INFO: [mac:9c:2a:70:31:9b:9f] Flushed connections for
10.19.235.15. (pf::ipset::iptables_unmark_node)
And the node is unreg again. :-(
The user tries again at 09:40:
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] User [email protected]
has authenticated on the portal. (Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] new activation code
successfully generated (pf::activation::create)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Email sent to
[email protected] (ourdomain.com: Email activation required)
(pf::activation::try {...} )
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] User [email protected]
has authenticated on the portal. (Class::MOP::Class:::after)
./packetfence.log.1:Jul 11 09:40:24 pf packetfence_httpd.portal:
httpd.portal(6084) WARN: [mac:9c:2a:70:31:9b:9f] Calling match with
empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
the activation link is verified again:
./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] [9c:2a:70:31:9b:9f] Activation
code sent to email [email protected] from [email protected]
successfully verified. for activation type: guest
(pf::activation::validate_code)
./packetfence.log.1:Jul 11 09:41:04 pf packetfence_httpd.portal:
httpd.portal(6084) INFO: [mac:9c:2a:70:31:9b:9f] Extending duration to
2017-08-10 09:40:24
(captiveportal::PacketFence::Controller::Activate::Email::code)
and duration is once again extended to august 10. And this this time, it
seems to have worked, as this date/time also shows up in the pf GUI.
So, the second reg attempt works, first reg attempt doesnt.
In the PF GUI, under reports, "all authentications":
- the first registration attempt is logged "invalidated"
- the second reg attempt is (still!) logged as "incomplete".
So something seems to be malfunctioning....
This is pf 7.1, completely up-to-date with pf-maint.pl
Ideas?
MJ
On 07/10/2017 07:04 PM, mj via PacketFence-users wrote:
Hi,
We're using pf-7.1 with the captive portal with email registration.
While everything appears to work (confirmation mails are sent, the links
are working, users get "mail activation code has been verified. Access
granted for a month" in their browsers.
Yet: under Reports / All authentications, the httpd.portal items remain
marked either "incomplete". (and some "invalidated")
Under Reports / Email registrations they show up as "verified".
It seems strange: one screen says "verified" and the other screen says
"incomplete" or "invalidated".
Any ideas?
MJ
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
