Re: [PacketFence-users] Packetfence "Unable to detect network connectivity"

[Durand fabrice via PacketFence-users]

Hello Isma'il,

Le 19-02-15 à 18 h 49, Isma'il Yusha'u via PacketFence-users a écrit :
Hello Caiqui,
I am currently implementing Packetfence Zen 8.x in a lab setting and I 
was using VLAN enforcement using Huawei s5710 switch. I was using the 
Manual Provided by Packetfence. I make the necessary recommended 
configs on the switch. But the switch recommended was a controller. I 
am trying to configure 8021.x EAP.

I have been managed to set up the server after a month of blind trial 
and error since I got stuck after error after error. I have managed to 
reach a spot where I am able to land the captive portal and 
authenticate users based on htaccess file source and active directory 
source.

But after my dummy users are authenticated, they cant read the 
internet. because they are greeted with this error "

Unable to detect network connectivity

below is a snippet of my packetfence.log and an output of my ipset -L
if you are doing vlan enforcement that ipset is not used.

ipset -L
Name: parking
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 2
Members:

Name: pfsession_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 2
Members:

Name: pfsession_isol_passthrough
Type: hash:ip,port
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16528
References: 2
Members:

This is some logs related to the portal preview, give the log where we 
can see the mac address of your device.

Also do you see incoming radius request (cf radius.log) ?


### packetfence.log

Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found authentication source(s) : 
'file1,ADSource' for realm 'null' 
(pf::config::util::filter_authentication_sources)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Authenticating user using sources : 
file1,ADSource 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Authentication successful for myuser in source 
file1 (Htpasswd) (pf::authentication::authenticate)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Successfully authenticated 
myuser (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) WARN: 
[mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. 
Defaulting to 'authentication' (pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Using sources file1 for matching 
(pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Matched rule (FileRule) in source file1, 
returning actions. (pf::Authentication::Source::match_rule)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Matched rule (FileRule) in source file1, 
returning actions. (pf::Authentication::Source::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) WARN: 
[mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. 
Defaulting to 'authentication' (pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Using sources file1 for matching 
(pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Matched rule (FileRule) in source file1, 
returning actions. (pf::Authentication::Source::match_rule)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Matched rule (FileRule) in source file1, 
returning actions. (pf::Authentication::Source::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) WARN: 
[mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. 
Defaulting to 'authentication' (pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Using sources file1 for matching 
(pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) WARN: 
[mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. 
Defaulting to 'authentication' (pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Using sources file1 for matching 
(pf::authentication::match)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(8357) INFO: 
[mac:00:11:22:33:44:55] Found source file1 in session. 
(Class::MOP::Class:::around)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] Instantiate profile Profile 
(pf::Connection::ProfileFactory::_from_profile)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 <http://127.0.0.1:4723> 
(pf::fingerbank::endpoint_attributes)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) WARN: 
[mac:00:11:22:33:44:55] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm 
line 137.
 (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 <http://127.0.0.1:4723> 
(pf::fingerbank::update_collector_endpoint_data)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf pfqueue: pfqueue(8041) ERROR: [mac:unknown] Error 
while communicating with the Fingerbank collector. 500 Can't connect 
to 127.0.0.1:4723 <http://127.0.0.1:4723> 
(pf::fingerbank::endpoint_attributes)
Feb 15 19:55:56 pf pfqueue: pfqueue(8041) ERROR: [mac:unknown] Unable 
to fetch query arguments for Fingerbank query. Aborting. 
(pf::fingerbank::process)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] No provisioner found for 00:11:22:33:44:55. 
Continuing. 
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] User myuser has authenticated on the portal. 
(Class::MOP::Class:::after)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] violation 1300003 force-closed for 
00:11:22:33:44:55 (pf::violation::violation_force_close)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) INFO: 
[mac:00:11:22:33:44:55] Instantiate profile default 
(pf::Connection::ProfileFactory::_from_profile)
Feb 15 19:55:56 pf packetfence_httpd.portal: httpd.portal(7953) WARN: 
[mac:00:11:22:33:44:55] Use of uninitialized value in concatenation 
(.) or string at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm 
line 89.
 (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Feb 15 19:55:57 pf packetfence_httpd.portal: httpd.portal(7959) WARN: 
[mac:unknown] locale from the URL  is not supported 
(pf::Portal::Session::getLanguages)
Feb 15 19:55:57 pf packetfence_httpd.portal: httpd.portal(7959) WARN: 
[mac:00:11:22:33:44:55] locale from the URL  is not supported 
(pf::Portal::Session::getLanguages)
Feb 15 19:55:57 pf packetfence_httpd.portal: httpd.portal(7959) INFO: 
[mac:00:11:22:33:44:55] Instantiate profile Profile 
(pf::Connection::ProfileFactory::_from_profile)
Feb 15 19:55:57 pf packetfence_httpd.portal: httpd.portal(7959) WARN: 
[mac:00:11:22:33:44:55] locale from the URL  is not supported 
(captiveportal::PacketFence::Controller::Root::getLanguages)
Feb 15 19:55:57 pf packetfence_httpd.portal: httpd.portal(7959) ERROR: 
[mac:00:11:22:33:44:55] Error while communicating with the Fingerbank 
collector. 500 Can't connect to 127.0.0.1:4723 <http://127.0.0.1:4723> 
(pf::fingerbank::endpoint_attributes)
Feb 15 19:55:57 pf packetfence_httpd.portal: httpd.portal(7959) WARN: 
[mac:00:11:22:33:44:55] Use of uninitialized value in string ne at 
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm 
line 137.
 (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)

The config looks correct.
### Huawei Config
[AC] radius-server template radius_packetfence
[AC-radius-radius_packetfence] radius-server authentication 
192.168.2.1 1812 weight 80
[AC-radius-radius_packetfence] radius-server accounting 192.168.2.1 
1813 weight 80
[AC-radius-radius_packetfence] radius-server shared-key cipher s3cr3t
[AC-radius-radius_packetfence] undo radius-server user-name 
domain-included
[AC-radius-radius_packetfence] quit
[AC] radius-server authorization 192.168.2.1 shared-key cipher s3cr3t 
server-group radius_packetfence
[AC] aaa
[AC-aaa] authentication-scheme radius_packetfence
[AC-aaa-authen-radius_packetfence] authentication-mode radius
[AC-aaa-authen-radius_packetfence] quit
[AC-aaa] accounting-scheme radius_packetfence
[AC-aaa-accounting-radius_packetfence] accounting-mode radius
[AC-aaa-accounting-radius_packetfence] quit

[AC-aaa] domain mydomain.com <http://mydomain.com>
[AC-aaa-domain-mydomain.com] authentication-scheme radius_packetfence
[AC-aaa-domain-mydomain.com] accounting-scheme radius_packetfence
[AC-aaa-domain-mydomain.com] radius-server radius_packetfence
[AC-aaa-domain-mydomain.com] quit
[AC-aaa] quit

<AC>system-view
[AC] dot1x enable

I pray I will get some attention, Kind regards

Regards

Fabrice




_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users