Hi,
We checked packetfence.log and did a comparison between working and
non-working VLAN redirection.
When VLAN redirection works properly, "re-evaluating access" related
log has no warning.
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] is
currentlog connected at (172.18.4.62) ifIndex 0 registration
(pf::enforcement::_should_we_reassign_vlan)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Connection type is WIRELESS_MAC_AUTH. Getting role from node_info
(pf::role::getRegisteredRole)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Username was defined "ab:cd:ef:12:34:56" - returning role 'edu-intern'
(pf::role::getRegisteredRole)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] PID:
"user001", Status: reg Returned VLAN: (undefined), Role: edu-intern
(pf::role::fetchRoleForNode)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] VLAN
reassignment required (current VLAN = 501 but should be in VLAN 50)
(pf::enforcement::_should_we_reassign_vlan)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
switch port is (172.18.4.62) ifIndex unknown connection type: WiFi MAC
Auth (pf::enforcement::_vlan_reevaluation)
But if VLAN redirection fail, we found warning "Can't re-evaluate
access because no open locationlog entry was found".
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Jan 12 14:28:20 httpd.portal(2273) WARN: [mac:ab:cd:ef:12:34:56] Can't
re-evaluate access because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
The full log of both success and failed VLAN redirection are as below.
#### 1st try, authentication success and being moved to production VLAN
(50)
Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] handling
radius autz request: from switch_ip => (172.18.4.62), connection_type
=> Wireless-802.11-NoEAP,switch_mac => (84:18:3a:12:34:56), mac =>
[ab:cd:ef:12:34:56], port => 0, username => "ab:cd:ef:12:34:56", ssid
=> SSID_A (pf::radius::authorize)
Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] is of
status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
Jan 12 12:06:48 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
(172.18.4.62) Added VLAN 501 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:05 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Updating node user_agent with useragent: 'Mozilla/5.0 (Macintosh;
Intel Mac OS X 10_11_6) AppleWebKit/601.7.8 (KHTML, like Gecko)'
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)
Jan 12 12:07:05 httpd.portal(3102) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:05 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:05 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Authenticating user using sources : edu_intern_AD,edu_Staff_AD
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
[edu_intern_AD] Authentication successful for user001
(pf::Authentication::Source::LDAPSource::authenticate)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Authentication successful for 'user001' in source edu_intern_AD (AD)
(pf::authentication::authenticate)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Successfully authenticated user001
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 12:07:18 httpd.portal(3099) WARN: [mac:ab:cd:ef:12:34:56]
Calling match with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Using
sources edu_intern_AD for matching (pf::authentication::match)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Matched rule (rule1) in source edu_intern_AD, returning actions.
(pf::Authentication::Source::match)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 12:07:18 httpd.portal(3099) WARN: [mac:ab:cd:ef:12:34:56]
Calling match with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Using
sources edu_intern_AD for matching (pf::authentication::match)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56]
Matched rule (rule1) in source edu_intern_AD, returning actions.
(pf::Authentication::Source::match)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 12:07:18 httpd.portal(3099) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] No
provisioner found for ab:cd:ef:12:34:56. Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
violation 1300003 force-closed for ab:cd:ef:12:34:56
(pf::violation::violation_force_close)
Jan 12 12:07:18 httpd.portal(3101) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] User
default has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3102) WARN: [mac:ab:cd:ef:12:34:56] Use
of uninitialized value in string eq at
/usr/local/pf/lib/pf/Switch/Ruckus.pm line 75.
(pf::Switch::Ruckus::supportsWebFormRegistration)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] is
currentlog connected at (172.18.4.62) ifIndex 0 registration
(pf::enforcement::_should_we_reassign_vlan)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Connection type is WIRELESS_MAC_AUTH. Getting role from node_info
(pf::role::getRegisteredRole)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
Username was defined "ab:cd:ef:12:34:56" - returning role 'edu-intern'
(pf::role::getRegisteredRole)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] PID:
"user001", Status: reg Returned VLAN: (undefined), Role: edu-intern
(pf::role::fetchRoleForNode)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56] VLAN
reassignment required (current VLAN = 501 but should be in VLAN 50)
(pf::enforcement::_should_we_reassign_vlan)
Jan 12 12:07:18 httpd.portal(3102) INFO: [mac:ab:cd:ef:12:34:56]
switch port is (172.18.4.62) ifIndex unknown connection type: WiFi MAC
Auth (pf::enforcement::_vlan_reevaluation)
Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] handling
radius autz request: from switch_ip => (172.18.4.62), connection_type
=> Wireless-802.11-NoEAP,switch_mac => (84:18:3a:12:34:56), mac =>
[ab:cd:ef:12:34:56], port => 0, username => "ab:cd:ef:12:34:56", ssid
=> SSID_A (pf::radius::authorize)
Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
Connection type is WIRELESS_MAC_AUTH. Getting role from node_info
(pf::role::getRegisteredRole)
Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] Username
was defined "ab:cd:ef:12:34:56" - returning role 'edu-intern'
(pf::role::getRegisteredRole)
Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] PID:
"user001", Status: reg Returned VLAN: (undefined), Role: edu-intern
(pf::role::fetchRoleForNode)
Jan 12 12:07:27 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
(172.18.4.62) Added VLAN 50 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
#### 2nd try, first de-register the mac address in PF GUI, then
perform authentication again, and the device stays in registration
VLAN (501)
Jan 12 14:26:00 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] handling
radius autz request: from switch_ip => (172.18.4.62), connection_type
=> Wireless-802.11-NoEAP,switch_mac => (24:79:2a:12:34:56), mac =>
[ab:cd:ef:12:34:56], port => 0, username => "ab:cd:ef:12:34:56", ssid
=> SSID_A (pf::radius::authorize)
Jan 12 14:26:00 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:26:01 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] is of
status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
Jan 12 14:26:01 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56]
(172.18.4.62) Added VLAN 501 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
Authenticating user using sources : edu_intern_AD,edu_Staff_AD
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 12 14:28:20 httpd.portal(2282) ERROR: [mac:ab:cd:ef:12:34:56]
Error binding 'Connection reset by peer' (pf::LDAP::bind)
Jan 12 14:28:20 httpd.portal(2282) WARN: [mac:ab:cd:ef:12:34:56] LDAP
connection expired (pf::LDAP::expire_if)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
[edu_intern_AD] Authentication successful for user001
(pf::Authentication::Source::LDAPSource::authenticate)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
Authentication successful for 'user001' in source edu_intern_AD (AD)
(pf::authentication::authenticate)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
Successfully authenticated user001
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:28:20 httpd.portal(2282) WARN: [mac:ab:cd:ef:12:34:56]
Calling match with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Using
sources edu_intern_AD for matching (pf::authentication::match)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
Matched rule (rule1) in source edu_intern_AD, returning actions.
(pf::Authentication::Source::match)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:28:20 httpd.portal(2282) WARN: [mac:ab:cd:ef:12:34:56]
Calling match with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Using
sources edu_intern_AD for matching (pf::authentication::match)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56]
Matched rule (rule1) in source edu_intern_AD, returning actions.
(pf::Authentication::Source::match)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 14:28:20 httpd.portal(2282) INFO: [mac:ab:cd:ef:12:34:56] Found
source edu_intern_AD in session. (Class::MOP::Class:::around)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:unknown] Memory
configuration is not valid anymore for key
interfaces::management_network in local cached_hash
(pfconfig::cached::is_valid)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] No
provisioner found for ab:cd:ef:12:34:56. Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
user001 has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
violation 1300003 force-closed for ab:cd:ef:12:34:56
(pf::violation::violation_force_close)
Jan 12 14:28:20 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:unknown] Memory
configuration is not valid anymore for key
interfaces::management_network in local cached_hash
(pfconfig::cached::is_valid)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56] User
default has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:28:20 httpd.portal(2273) INFO: [mac:ab:cd:ef:12:34:56]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Jan 12 14:28:20 httpd.portal(2273) WARN: [mac:ab:cd:ef:12:34:56] Can't
re-evaluate access because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
Jan 12 14:29:20 httpd.aaa(8040) INFO: [mac:ab:cd:ef:12:34:56] Updating
locationlog from accounting request
(pf::api::handle_accounting_metadata)
Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56] User
default has authenticated on the portal. (Class::MOP::Class:::after)
Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
Reevaluating access of device.
(captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
Jan 12 14:29:23 httpd.portal(2256) INFO: [mac:ab:cd:ef:12:34:56]
re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Jan 12 14:29:23 httpd.portal(2256) WARN: [mac:ab:cd:ef:12:34:56] Can't
re-evaluate access because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:unknown] Memory
configuration is not valid anymore for key
interfaces::management_network in local cached_hash
(pfconfig::cached::is_valid)
Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:unknown] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jan 12 14:29:23 httpd.portal(3156) INFO: [mac:ab:cd:ef:12:34:56]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Regards,
Tom
On Tue, Jan 16, 2018 at 10:57 PM, tom lo <tom.16413515...@gmail.com>
wrote:
Hi Ludovic,
We are still using ZoneDirector, not the newer SmartZone controller,
and seems Packetfence start supporting SmartZone from version 6.5
In version 6.4, which we are using, there are only one switch type for
select "Ruckus Wireless Controllers".
So you would suggest we to try another switch module?
Regards,
Tom
On Tue, Jan 16, 2018 at 10:48 PM, Ludovic Zammit <lzam...@inverse.ca>
wrote:
Hello there,
PacketFence two different switch module, there is a legacy one and the
other
one is meant for the SmartZone controller.
Have you tried to change the switch module ?
Thanks,
Ludovic Zammit
lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence
(http://packetfence.org)
On Jan 16, 2018, at 9:32 AM, tom lo via PacketFence-users
<packetfence-users@lists.sourceforge.net> wrote:
Hi,
We've been using Packetfence ZEN 6.4 with Ruckus ZoneDirector for a
while, to authentication user against AD before putting them into
production VLAN.
It was working fine until recently that users report that when they
doing authentication in captive portal, they start seeing the message
"Unable to detect network connectivity. Try to restarting your web
browser or opening a new tab to see if your access has been
successfully enabled."
They tried to turn off/on WiFi and they will see "Your network should
be enabled within a minute or two. If it is not reboot your computer",
if they wait for around 15 mins, sometimes they found their device
could fall into production VLAN.
During the issue happens to user, we could see in ZoneDirector that
the client device were still in registration VLN,
and from packetfence admin portal, user mac address "Info" page, the
role is set to a registered role.
If we delete the client connection manually from ZoneDirector GUI, we
found the client device will re-connect and fall into the production
VLAN.
We tried one suggestion from this mailing list, toggle $TRUE and
$FALSE for synchronize_locationlog in /Switch/Ruckus.pm#L190, and
restart httpd.portal, but made no difference.
We captured the packetfence.log, and found some warning but not sure
if it's related to the issue.
httpd.portal(2282) WARN: [mac:ab:cd:00:00:12:34] Use of uninitialized
value in concatenation (.) or string at
/usr/local/pf/lib/pf/authentication.pm line 284.
httpd.portal(2282) WARN: [mac:ab:cd:00:00:12:34] Calling match with
empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
httpd.portal(2245) WARN: [mac:ab:cd:00:00:12:34] Can't re-evaluate
access because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
Please advise what we could do to troubleshoot the issue. Thanks for
your
time.
Regards,
Tom
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users