Hi Durand,
Thanks for your reply and please see if my understanding is correct
about the locationlog.
If the locationlog is correct, from mysql, I should see one entry when
a device reach captive portal, and another entry immediately after the
authentication complete, with matching start / end time?
If the locationlog is wrong, the new entry may be missing even the
authentication is completed?
I checked a log from an issue reported few hours ago. User
"12:34:56:33:22:11" completed the authentication at 11:11am, but there
is no entry about the updated role (staff) for this device until the
user retry the connection at 13:06. Is this a kind of wrong
locationlog?
I also found another mysql output for a device which had a smooth VLAN
re-direction in its 1st try. mysql output shows one entry when a
device reach captive portal, and another entry after the
authentication complete with matching start / end time.
Also, for your information, we are using Ruckus ZoneDirector and the
SSID setting is mac-auth.
I'll check with users in real-time to see about the queue and mysql
output, and let you know the result.
The following is the related log / mysql output for the issue reported.
Jan 20 11:11:59 httpd.portal(6296) INFO: [mac:12:34:56:33:22:11]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Jan 20 11:11:59 httpd.portal(6296) WARN: [mac:12:34:56:33:22:11] Can't
re-evaluate access because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
Jan 20 11:15:29 httpd.aaa(2033) INFO: [mac:12:34:56:33:22:11] Updating
locationlog from accounting request
(pf::api::handle_accounting_metadata)
Jan 20 13:06:53 httpd.aaa(2033) INFO: [mac:12:34:56:33:22:11] handling
radius autz request.......
select * from locationlog where mac="12:34:56:33:22:11";
+-------------------+-------------+------+------+--------------+-----------------------+---------------------+-------------------+--------------+---------------------+---------------------+-------------+-------------------+--------------------+-------+------------+
| mac | switch | port | vlan | role |
connection_type | connection_sub_type | dot1x_username | ssid
| start_time | end_time | switch_ip |
switch_mac | stripped_user_name | realm | session_id |
+-------------------+-------------+------+------+--------------+-----------------------+---------------------+-------------------+--------------+---------------------+---------------------+-------------+-------------------+--------------------+-------+------------+
| 12:34:56:33:22:11 | 172.18.4.61 | 0 | 50 | staff |
Wireless-802.11-NoEAP | NULL | 12:34:56:33:22:11 |
SSID_A | 2018-01-20 13:06:53 | 0000-00-00 00:00:00 | 172.18.4.61
| 11:22:33:44:55:0d | 12:34:56:33:22:11 | null | NULL |
| 12:34:56:33:22:11 | 172.18.4.61 | 0 | 501 | registration |
Wireless-802.11-NoEAP | NULL | 12:34:56:33:22:11 |
SSID_A | 2018-01-20 11:10:51 | 2018-01-20 11:11:12 | 172.18.4.61
| 11:22:33:44:55:09 | 12:34:56:33:22:11 | null | NULL |
| 12:34:56:33:22:11 | 172.18.4.61 | 0 | 501 | registration |
Wireless-802.11-NoEAP | NULL | 12:34:56:33:22:11 |
SSID_A | 2018-01-20 11:11:12 | 2018-01-20 11:11:38 | 172.18.4.61
| 11:22:33:44:55:0d | 12:34:56:33:22:11 | null | NULL |
+-------------------+-------------+------+------+--------------+-----------------------+---------------------+-------------------+--------------+---------------------+---------------------+-------------+-------------------+--------------------+-------+------------+
Regards,
Tom
On Sat, Jan 20, 2018 at 10:01 AM, Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net> wrote:
> Hello Tom,
>
> just after a radius request, can you check in the database if the
> locationlog is correct ? (the radius request is suppose to update the
> locationlog)
>
> And also when it failed.
>
> select * from locationlog where mac="ab:cd:ef:12:34:56";
>
> Last thing, can you verify if the queue is full when this problem occur
> (from the admin gui in queue)
>
> Regards
> Fabrice
>
>
> Le 2018-01-16 à 20:33, tom lo via PacketFence-users a écrit :
>>
>> Hi,
>>
>>
>> We checked packetfence.log and did a comparison between working and
>> non-working VLAN redirection.
>>
>> When VLAN redirection works properly, "re-evaluating access" related
>> log has no warning.
>>
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] is
>> currentlog connected at (172.18.4.62) ifIndex 0 registration
>> (pf::enforcement::_should_we_reassign_vlan)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Connection type is WIRELESS_MAC_AUTH. Getting role from node_info
>> (pf::role::getRegisteredRole)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Username was defined "ab:cd:ef:12:34:56" - returning role 'edu-intern'
>> (pf::role::getRegisteredRole)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] PID:
>> "user001", Status: reg Returned VLAN: (undefined), Role: edu-intern
>> (pf::role::fetchRoleForNode)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] VLAN
>> reassignment required (current VLAN = 501 but should be in VLAN 50)
>> (pf::enforcement::_should_we_reassign_vlan)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> switch port is (172.18.4.62) ifIndex unknown connection type: WiFi MAC
>> Auth (pf::enforcement::_vlan_reevaluation)
>>
>>
>> But if VLAN redirection fail, we found warning "Can't re-evaluate
>> access because no open locationlog entry was found".
>>
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
>> re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jan 12 14:28:20 httpd.portal(2273) WARN: [mac:ab:cd:ef:12:34:56] Can't
>> re-evaluate access because no open locationlog entry was found
>> (pf::enforcement::reevaluate_access)
>>
>>
>>
>> The full log of both success and failed VLAN redirection are as below.
>>
>> #### 1st try, authentication success and being moved to production VLAN
>> (50)
>>
>> Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] handling
>> radius autz request: from switch_ip => (172.18.4.62), connection_type
>> => Wireless-802.11-NoEAP,switch_mac => (84:18:3a:12:34:56), mac =>
>> [ab:cd:ef:12:34:56], port => 0, username => "ab:cd:ef:12:34:56", ssid
>> => SSID_A (pf::radius::authorize)
>> Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] is of
>> status unreg; belongs into registration VLAN
>> (pf::role::getRegistrationRole)
>> Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
>> (172.18.4.62) Added VLAN 501 to the returned RADIUS Access-Accept
>> (pf::Switch::returnRadiusAccessAccept)
>>
>> Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Updating node user_agent with useragent: 'Mozilla/5.0 (Macintosh;
>> Intel Mac OS X 10_11_6) AppleWebKit/601.7.8 (KHTML, like Gecko)'
>>
>> (captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)
>> Jan 12 12:07:05 httpd.portal(3102) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:05 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:05 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>>
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Authenticating user using sources : edu_intern_AD,edu_Staff_AD
>>
>> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> [edu_intern_AD] Authentication successful for user001
>> (pf::Authentication::Source::LDAPSource::authenticate)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Authentication successful for 'user001' in source edu_intern_AD (AD)
>> (pf::authentication::authenticate)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Successfully authenticated user001
>>
>> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 12:07:18 httpd.portal(3099) WARN: [mac:ab:cd:ef:12:34:56]
>> Calling match with empty/invalid rule class. Defaulting to
>> 'authentication' (pf::authentication::match)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Using
>> sources edu_intern_AD for matching (pf::authentication::match)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Matched rule (rule1) in source edu_intern_AD, returning actions.
>> (pf::Authentication::Source::match)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 12:07:18 httpd.portal(3099) WARN: [mac:ab:cd:ef:12:34:56]
>> Calling match with empty/invalid rule class. Defaulting to
>> 'authentication' (pf::authentication::match)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Using
>> sources edu_intern_AD for matching (pf::authentication::match)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
>> Matched rule (rule1) in source edu_intern_AD, returning actions.
>> (pf::Authentication::Source::match)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] No
>> provisioner found for ab:cd:ef:12:34:56. Continuing.
>>
>> (captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
>> violation 1300003 force-closed for ab:cd:ef:12:34:56
>> (pf::violation::violation_force_close)
>> Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Releasing device
>> (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] User
>> default has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3102) WARN: [mac:ab:cd:ef:12:34:56] Use
>> of uninitialized value in string eq at
>> /usr/local/pf/lib/pf/Switch/Ruckus.pm line 75.
>> (pf::Switch::Ruckus::supportsWebFormRegistration)
>>
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] is
>> currentlog connected at (172.18.4.62) ifIndex 0 registration
>> (pf::enforcement::_should_we_reassign_vlan)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Connection type is WIRELESS_MAC_AUTH. Getting role from node_info
>> (pf::role::getRegisteredRole)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> Username was defined "ab:cd:ef:12:34:56" - returning role 'edu-intern'
>> (pf::role::getRegisteredRole)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] PID:
>> "user001", Status: reg Returned VLAN: (undefined), Role: edu-intern
>> (pf::role::fetchRoleForNode)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] VLAN
>> reassignment required (current VLAN = 501 but should be in VLAN 50)
>> (pf::enforcement::_should_we_reassign_vlan)
>> Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
>> switch port is (172.18.4.62) ifIndex unknown connection type: WiFi MAC
>> Auth (pf::enforcement::_vlan_reevaluation)
>>
>> Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] handling
>> radius autz request: from switch_ip => (172.18.4.62), connection_type
>> => Wireless-802.11-NoEAP,switch_mac => (84:18:3a:12:34:56), mac =>
>> [ab:cd:ef:12:34:56], port => 0, username => "ab:cd:ef:12:34:56", ssid
>> => SSID_A (pf::radius::authorize)
>> Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
>> Connection type is WIRELESS_MAC_AUTH. Getting role from node_info
>> (pf::role::getRegisteredRole)
>> Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] Username
>> was defined "ab:cd:ef:12:34:56" - returning role 'edu-intern'
>> (pf::role::getRegisteredRole)
>> Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] PID:
>> "user001", Status: reg Returned VLAN: (undefined), Role: edu-intern
>> (pf::role::fetchRoleForNode)
>> Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
>> (172.18.4.62) Added VLAN 50 to the returned RADIUS Access-Accept
>> (pf::Switch::returnRadiusAccessAccept)
>>
>>
>> #### 2nd try, first de-register the mac address in PF GUI, then
>> perform authentication again, and the device stays in registration
>> VLAN (501)
>>
>>
>> Jan 12 14:26:00 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] handling
>> radius autz request: from switch_ip => (172.18.4.62), connection_type
>> => Wireless-802.11-NoEAP,switch_mac => (24:79:2a:12:34:56), mac =>
>> [ab:cd:ef:12:34:56], port => 0, username => "ab:cd:ef:12:34:56", ssid
>> => SSID_A (pf::radius::authorize)
>> Jan 12 14:26:00 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:26:01 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] is of
>> status unreg; belongs into registration VLAN
>> (pf::role::getRegistrationRole)
>> Jan 12 14:26:01 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
>> (172.18.4.62) Added VLAN 501 to the returned RADIUS Access-Accept
>> (pf::Switch::returnRadiusAccessAccept)
>>
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> Authenticating user using sources : edu_intern_AD,edu_Staff_AD
>>
>> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
>> Jan 12 14:28:20 httpd.portal(2282) ERROR: [mac:ab:cd:ef:12:34:56]
>> Error binding 'Connection reset by peer' (pf::LDAP::bind)
>> Jan 12 14:28:20 httpd.portal(2282) WARN: [mac:ab:cd:ef:12:34:56] LDAP
>> connection expired (pf::LDAP::expire_if)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> [edu_intern_AD] Authentication successful for user001
>> (pf::Authentication::Source::LDAPSource::authenticate)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> Authentication successful for 'user001' in source edu_intern_AD (AD)
>> (pf::authentication::authenticate)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> Successfully authenticated user001
>>
>> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:28:20 httpd.portal(2282) WARN: [mac:ab:cd:ef:12:34:56]
>> Calling match with empty/invalid rule class. Defaulting to
>> 'authentication' (pf::authentication::match)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Using
>> sources edu_intern_AD for matching (pf::authentication::match)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> Matched rule (rule1) in source edu_intern_AD, returning actions.
>> (pf::Authentication::Source::match)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:28:20 httpd.portal(2282) WARN: [mac:ab:cd:ef:12:34:56]
>> Calling match with empty/invalid rule class. Defaulting to
>> 'authentication' (pf::authentication::match)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Using
>> sources edu_intern_AD for matching (pf::authentication::match)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
>> Matched rule (rule1) in source edu_intern_AD, returning actions.
>> (pf::Authentication::Source::match)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
>> source edu_intern_AD in session. (Class::MOP::Class:::around)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:unknown] Memory
>> configuration is not valid anymore for key
>> interfaces::management_network in local cached_hash
>> (pfconfig::cached::is_valid)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] No
>> provisioner found for ab:cd:ef:12:34:56. Continuing.
>>
>> (captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
>> user001 has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> violation 1300003 force-closed for ab:cd:ef:12:34:56
>> (pf::violation::violation_force_close)
>> Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:unknown] Memory
>> configuration is not valid anymore for key
>> interfaces::management_network in local cached_hash
>> (pfconfig::cached::is_valid)
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
>> Releasing device
>> (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56] User
>> default has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>>
>> Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
>> re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jan 12 14:28:20 httpd.portal(2273) WARN: [mac:ab:cd:ef:12:34:56] Can't
>> re-evaluate access because no open locationlog entry was found
>> (pf::enforcement::reevaluate_access)
>>
>> Jan 12 14:29:20 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] Updating
>> locationlog from accounting request
>> (pf::api::handle_accounting_metadata)
>> Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
>> default has authenticated on the portal. (Class::MOP::Class:::after)
>> Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> Reevaluating access of device.
>> (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
>>
>> Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
>> re-evaluating access (manage_register called)
>> (pf::enforcement::reevaluate_access)
>> Jan 12 14:29:23 httpd.portal(2256) WARN: [mac:ab:cd:ef:12:34:56] Can't
>> re-evaluate access because no open locationlog entry was found
>> (pf::enforcement::reevaluate_access)
>> Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:unknown] Memory
>> configuration is not valid anymore for key
>> interfaces::management_network in local cached_hash
>> (pfconfig::cached::is_valid)
>> Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:unknown] Instantiate
>> profile default (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>> Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:ab:cd:ef:12:34:56]
>> Instantiate profile default
>> (pf::Portal::ProfileFactory::_from_profile)
>>
>>
>>
>>
>> Regards,
>> Tom
>>
>>
>> On Tue, Jan 16, 2018 at 10:57 PM, tom lo <tom.16413515...@gmail.com>
>> wrote:
>>>
>>> Hi Ludovic,
>>>
>>> We are still using ZoneDirector, not the newer SmartZone controller,
>>> and seems Packetfence start supporting SmartZone from version 6.5
>>> In version 6.4, which we are using, there are only one switch type for
>>> select "Ruckus Wireless Controllers".
>>> So you would suggest we to try another switch module?
>>>
>>>
>>> Regards,
>>> Tom
>>>
>>>
>>> On Tue, Jan 16, 2018 at 10:48 PM, Ludovic Zammit <lzam...@inverse.ca>
>>> wrote:
>>>>
>>>> Hello there,
>>>>
>>>> PacketFence two different switch module, there is a legacy one and the
>>>> other
>>>> one is meant for the SmartZone controller.
>>>>
>>>> Have you tried to change the switch module ?
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> Ludovic Zammit
>>>> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca
>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>> (http://packetfence.org)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Jan 16, 2018, at 9:32 AM, tom lo via PacketFence-users
>>>> <packetfence-users@lists.sourceforge.net> wrote:
>>>>
>>>> Hi,
>>>>
>>>>
>>>> We've been using Packetfence ZEN 6.4 with Ruckus ZoneDirector for a
>>>> while, to authentication user against AD before putting them into
>>>> production VLAN.
>>>> It was working fine until recently that users report that when they
>>>> doing authentication in captive portal, they start seeing the message
>>>> "Unable to detect network connectivity. Try to restarting your web
>>>> browser or opening a new tab to see if your access has been
>>>> successfully enabled."
>>>> They tried to turn off/on WiFi and they will see "Your network should
>>>> be enabled within a minute or two. If it is not reboot your computer",
>>>> if they wait for around 15 mins, sometimes they found their device
>>>> could fall into production VLAN.
>>>> During the issue happens to user, we could see in ZoneDirector that
>>>> the client device were still in registration VLN,
>>>> and from packetfence admin portal, user mac address "Info" page, the
>>>> role is set to a registered role.
>>>> If we delete the client connection manually from ZoneDirector GUI, we
>>>> found the client device will re-connect and fall into the production
>>>> VLAN.
>>>>
>>>> We tried one suggestion from this mailing list, toggle $TRUE and
>>>> $FALSE for synchronize_locationlog in /Switch/Ruckus.pm#L190, and
>>>> restart httpd.portal, but made no difference.
>>>>
>>>> We captured the packetfence.log, and found some warning but not sure
>>>> if it's related to the issue.
>>>> httpd.portal(2282) WARN: [mac:ab:cd:00:00:12:34] Use of uninitialized
>>>> value in concatenation (.) or string at
>>>> /usr/local/pf/lib/pf/authentication.pm line 284.
>>>> httpd.portal(2282) WARN: [mac:ab:cd:00:00:12:34] Calling match with
>>>> empty/invalid rule class. Defaulting to 'authentication'
>>>> (pf::authentication::match)
>>>> httpd.portal(2245) WARN: [mac:ab:cd:00:00:12:34] Can't re-evaluate
>>>> access because no open locationlog entry was found
>>>> (pf::enforcement::reevaluate_access)
>>>>
>>>> Please advise what we could do to troubleshoot the issue. Thanks for
>>>> your
>>>> time.
>>>>
>>>>
>>>> Regards,
>>>> Tom
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
