Hi Guys,
Another Problem. If I use pf with vlan enforcement, radius with local eap auth
and the following network configuration the virtual machine which is hosting pf
crashes.
Network conf:
Eth0 10.0.0.110 as management
Eth0.20 as registration with dhcp
eth0.30 as isolation with dhcp
Switch is a Cisco Catalyst 2950 configured after your given guide. If I plugin
a new client and automatic client registration via radius credentials is
activated everything is fine and works like a charm. If I disable this setting
and plugin a device I get an ip-address from the registration vlan as it should
be but then shit goes south and the whole VM crashes.
First I thought it could be a missing portal on the registration interface but
I’m not able to assign it.
Pf log:
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $NAS_port in substitution
(s///) at /usr/local/pf/lib/pf/Switch/Cisco/Catalyst_2950.pm line 960.
(pf::Switch::Cisco::Catalyst_2950::NasPortToIfIndex)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Unknown NAS-Port format. ifIndex translation could have
failed. VLAN re-assignment and switch/port accounting will be affected.
(pf::Switch::Cisco::Catalyst_2950::NasPortToIfIndex)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $port in concatenation (.)
or string at /usr/local/pf/lib/pf/radius.pm line 175.
(pf::radius::authorize)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) INFO:
[mac:00:02:3f:11:3b:7b] handling radius autz request: from switch_ip =>
(10.0.0.150), connection_type => Ethernet-EAP,switch_mac => (Unknown), mac =>
[00:02:3f:11:3b:7b], port => , username => "john" (pf::radius::authorize)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) INFO:
[mac:00:02:3f:11:3b:7b] Instantiate profile MAWIRED
(pf::Connection::ProfileFactory::_from_profile)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) INFO:
[mac:00:02:3f:11:3b:7b] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $switch_port in
concatenation (.) or string at /usr/local/pf/lib/pf/floatingdevice.pm line 289.
(pf::floatingdevice::portHasFloatingDevice)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) INFO:
[mac:00:02:3f:11:3b:7b] database query failed with: Column 'port' cannot be
null (errno: 1048) (pf::db::db_query_execute)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) ERROR:
[mac:00:02:3f:11:3b:7b] Database issue: Failed with a non-repeatable error with
query locationlog_insert_start_with_mac_sql (pf::db::db_query_execute)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Unable to insert a locationlog entry.
(pf::locationlog::locationlog_synchronize)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $port in concatenation (.)
or string at /usr/local/pf/lib/pf/radius.pm line 297.
(pf::radius::authorize)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) INFO:
[mac:00:02:3f:11:3b:7b] Switch doesn't support Dynamic VLAN assignment. Setting
VLAN with SNMP on (10.0.0.150) ifIndex to 20 (pf::radius::authorize)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $ifIndex in concatenation
(.) or string at /usr/local/pf/lib/pf/Switch/Cisco.pm line 472.
(pf::Switch::Cisco::isRemovedTrapsEnabled)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $ifIndex in concatenation
(.) or string at /usr/local/pf/lib/pf/Switch/Cisco.pm line 475.
(pf::Switch::Cisco::isRemovedTrapsEnabled)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $ifIndex in concatenation
(.) or string at /usr/local/pf/lib/pf/Switch/Cisco.pm line 937.
(pf::Switch::Cisco::isTrunkPort)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $ifIndex in concatenation
(.) or string at /usr/local/pf/lib/pf/Switch/Cisco.pm line 940.
(pf::Switch::Cisco::isTrunkPort)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) WARN:
[mac:00:02:3f:11:3b:7b] Use of uninitialized value $ifIndex in concatenation
(.) or string at /usr/local/pf/lib/pf/Switch/Cisco.pm line 555.
(pf::Switch::Cisco::_setVlan)
Aug 28 17:16:10 ba-pf-oob packetfence_httpd.aaa: httpd.aaa(1177) INFO:
[mac:00:02:3f:11:3b:7b] (10.0.0.150) Added VLAN 20 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Aug 28 17:16:12 ba-pf-oob pfqueue: pfqueue(3556) INFO: [mac:00:02:3f:11:3b:7b]
oldip (10.0.0.55) and newip (192.168.20.10) are different for 00:02:3f:11:3b:7b
- closing ip4log entry (pf::api::update_ip4log)
Please help.
Best regards,
Moritz
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
