What you can try, even if it's an aruba controller is to use the Aruba
Instant access module instead(we did it because the CoA changed on this
equipment)
curl
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/4211.diff
| patch -p1
Also is it a Aruba COntroller in cluster ?
Regards
Fabrice
Le 19-05-15 à 11 h 11, Louis Scaringella via PacketFence-users a écrit :
Hi Fabrice,
I ran the /usr/local/pf/addons/pf-maint.pl script and it performed some updates
and I rebooted the Packetfence server.
I can tell you that when I either manually disconnect on the laptop and
reconnect or disconnect my session from the controller and the client connects
again, the role is correct on the controller and I am able to get access. This
would be after the MAC address/device is “registered” already.
So it does appear that something with the CoA process after the AUP is accepted
is the problem. What appears to be happening is that the session on the Aruba
controller that PacketFence is trying to disconnect doesn’t exist. This shows
both in Packetfence and in Aruba debugs. Not sure what’s happening there, but
the MAC address does match and this controller literally only has this one
session on it because it is our lab and testing environment.
CoA should be working fine, the RADIUS key is correct and rfc 3576 is setup on
the controller to use the Packetfence server for the CoA server. I’ll verify
this again, but I don’t think the communication is the problem because of the
“invalid session” type error i’m seeing in the logs and on the Controller. The
CoA is getting to the controller and processed, so something with the session
isn’t right.
Any ideas?
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On May 14, 2019, at 8:32 PM, Louis Scaringella via PacketFence-users
<packetfence-users@lists.sourceforge.net> wrote:
It’s an actual Controller and not instant. I will check tomorrow and post the
information. COA should be good to go, but I’ll include what I have setup.
Thank so much for helping!
Thank you,
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks
785-342-7903
On May 14, 2019, at 8:17 PM, Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net> wrote:
Hello Louis,
sorry for the late reply.
As i remember the documentation about the nat source was to do web
authentication and not vlan enforcement.
Just before going to far, can you run /usr/local/pf/addons/pf-maint.pl to have
the latest bug fixes.
So right now the CoA looks that it's not working correctly, did you enable rfc
3574 on the Aruba side with the same shared secret than you set in radius
authentication ?
Last thing if it's an Aruba instant access then you will need to apply this
patch:
cd /usr/local/pf
curl
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/4211.diff
| patch -p1
and restart packetfence and choose "Aruba Instant Access" as the switch model.
Regards
Fabrice
Le 19-05-14 à 12 h 20, Louis Scaringella via PacketFence-users a écrit :
I’m very confused because also seeing this in Packetfence logs. Looks like it
is authenticating then dissociating right away.
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] No provisioner found for 00:24:d6:5b:30:bc.
Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] violation 1300003 force-closed for
00:24:d6:5b:30:bc (pf::violation::violation_force_close)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile Aruba-Guest
(pf::Connection::ProfileFactory::_from_profile)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3367)
WARN: [mac:00:24:d6:5b:30:bc] Use of uninitialized value in concatenation (.)
or string at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm line
89.
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
WARN: [mac:unknown] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
WARN: [mac:00:24:d6:5b:30:bc] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile Aruba-Guest
(pf::Connection::ProfileFactory::_from_profile)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
WARN: [mac:00:24:d6:5b:30:bc] locale from the URL is not supported
(captiveportal::PacketFence::Controller::Root::getLanguages)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
WARN: [mac:00:24:d6:5b:30:bc] Use of uninitialized value
$pf::web::constants::URL_NETWORK_LOGOFF in string eq at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
303.
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
INFO: [mac:00:24:d6:5b:30:bc] Replacing destination URL
https://packetfence.lab.ydn.co/?cmd since it points to the captive portal
(captiveportal::PacketFence::DynamicRouting::Application::process_destination_url)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
INFO: [mac:00:24:d6:5b:30:bc] Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
INFO: [mac:00:24:d6:5b:30:bc] User default has authenticated on the portal.
(Class::MOP::Class:::after)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
WARN: [mac:00:24:d6:5b:30:bc] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
INFO: [mac:00:24:d6:5b:30:bc] re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
INFO: [mac:00:24:d6:5b:30:bc] VLAN reassignment is forced.
(pf::enforcement::_should_we_reassign_vlan)
May 14 16:17:12 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3366)
INFO: [mac:00:24:d6:5b:30:bc] switch port is (198.18.255.67) ifIndex unknown
connection type: WiFi MAC Auth (pf::enforcement::_vlan_reevaluation)
May 14 16:17:13 PacketFence-ZEN pfqueue: pfqueue(4506) INFO:
[mac:00:24:d6:5b:30:bc] [00:24:d6:5b:30:bc] DesAssociating mac on switch
(198.18.255.67) (pf::api::desAssociate)
May 14 16:17:13 PacketFence-ZEN pfqueue: pfqueue(4506) INFO:
[mac:00:24:d6:5b:30:bc] deauthenticating 00:24:d6:5b:30:bc
(pf::Switch::Aruba::radiusDisconnect)
May 14 16:17:13 PacketFence-ZEN pfqueue: pfqueue(4506) INFO:
[mac:00:24:d6:5b:30:bc] controllerIp is set, we will use controller
198.18.255.67 to perform deauth (pf::Switch::Aruba::radiusDisconnect)
May 14 16:17:13 PacketFence-ZEN pfqueue: pfqueue(4506) INFO:
[mac:00:24:d6:5b:30:bc] [198.18.255.67] Returning ACCEPT with role:
PFence-Guest-PostAuth (pf::Switch::Aruba::try {...} )
May 14 16:17:13 PacketFence-ZEN pfqueue: pfqueue(4506) WARN:
[mac:00:24:d6:5b:30:bc] Unable to perform RADIUS Disconnect-Request. CoA-NAK
received with Error-Cause: Session-Context-Not-Found.
(pf::Switch::Aruba::radiusDisconnect)
May 14 16:18:11 PacketFence-ZEN pfqueue: pfqueue(4539) INFO:
[mac:00:24:d6:5b:30:bc] [00:24:d6:5b:30:bc] DesAssociating mac on switch
(198.18.255.67) (pf::api::desAssociate)
May 14 16:18:11 PacketFence-ZEN pfqueue: pfqueue(4539) INFO:
[mac:00:24:d6:5b:30:bc] deauthenticating 00:24:d6:5b:30:bc
(pf::Switch::Aruba::radiusDisconnect)
May 14 16:18:11 PacketFence-ZEN pfqueue: pfqueue(4539) INFO:
[mac:00:24:d6:5b:30:bc] controllerIp is set, we will use controller
198.18.255.67 to perform deauth (pf::Switch::Aruba::radiusDisconnect)
May 14 16:18:11 PacketFence-ZEN pfqueue: pfqueue(4539) WARN:
[mac:00:24:d6:5b:30:bc] Unable to perform RADIUS Disconnect-Request.
Disconnect-NAK received with Error-Cause: Session-Context-Not-Found.
(pf::Switch::Aruba::radiusDisconnect)
May 14 16:18:18 PacketFence-ZEN pfqueue: pfqueue(4544) INFO:
[mac:00:24:d6:5b:30:bc] [00:24:d6:5b:30:bc] DesAssociating mac on switch
(198.18.255.67) (pf::api::desAssociate)
May 14 16:18:18 PacketFence-ZEN pfqueue: pfqueue(4544) INFO:
[mac:00:24:d6:5b:30:bc] deauthenticating 00:24:d6:5b:30:bc
(pf::Switch::Aruba::radiusDisconnect)
May 14 16:18:18 PacketFence-ZEN pfqueue: pfqueue(4544) INFO:
[mac:00:24:d6:5b:30:bc] controllerIp is set, we will use controller
198.18.255.67 to perform deauth (pf::Switch::Aruba::radiusDisconnect)
May 14 16:18:18 PacketFence-ZEN pfqueue: pfqueue(4544) WARN:
[mac:00:24:d6:5b:30:bc] Unable to perform RADIUS Disconnect-Request.
Disconnect-NAK received with Error-Cause: Session-Context-Not-Found.
(pf::Switch::Aruba::radiusDisconnect)
May 14 16:18:47 PacketFence-ZEN pfipset[2353]: t=2019-05-14T16:18:47+0000 lvl=info
msg="No Inline Network bypass ipsets reload" pid=2353
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On May 14, 2019, at 11:06 AM, Louis Scaringella
<lscaringe...@yellowdognetworks.com> wrote:
Captive portal AUP page is now displayed, I hit accept, and it says “You
network access is currently being enabled…..”, however the new role isn’t sent
to the controller.
But getting this error now:
[root@PacketFence-ZEN DynamicRouting]# cat /usr/local/pf/logs/httpd.portal.error
May 14 15:40:36 PacketFence-ZEN httpd_portal_err: Use of uninitialized value
$pf::web::constants::URL_NETWORK_LOGOFF in string eq at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
303.
May 14 15:40:37 PacketFence-ZEN httpd_portal_err: Use of uninitialized value
$pf::web::constants::URL_NETWORK_LOGOFF in string eq at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
303.
May 14 15:40:37 PacketFence-ZEN httpd_portal_err: Use of uninitialized value in
concatenation (.) or string at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm line
89.
May 14 15:40:37 PacketFence-ZEN httpd_portal_err: Use of uninitialized value
$pf::web::constants::URL_NETWORK_LOGOFF in string eq at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
303.
May 14 15:47:50 PacketFence-ZEN httpd_portal_err: [Tue May 14 15:47:50.715478
2019] [mpm_prefork:emerg] [pid 1105] (4)Interrupted system call: AH00144:
couldn't grab the accept mutex
May 14 15:47:50 PacketFence-ZEN httpd_portal_err: [Tue May 14 15:47:50.715607
2019] [mpm_prefork:notice] [pid 2613] AH00170: caught SIGWINCH, shutting down
gracefully
May 14 15:47:50 PacketFence-ZEN httpd_portal_err: [Tue May 14 15:47:50.716441
2019] [mpm_prefork:emerg] [pid 32293] (4)Interrupted system call: AH00144:
couldn't grab the accept mutex
May 14 15:47:51 PacketFence-ZEN httpd_portal_err: [Tue May 14 15:47:51.715809
2019] [core:alert] [pid 2613] AH00050: Child 1105 returned a Fatal error...
Apache is exiting!
May 14 15:49:32 PacketFence-ZEN httpd_portal_err: AH00558: httpd: Could not
reliably determine the server's fully qualified domain name, using
fe80::20c:29ff:fec8:a1a8. Set the 'ServerName' directive globally to suppress
this message
May 14 15:49:33 PacketFence-ZEN httpd_portal_err: [Tue May 14 15:49:33.024951
2019] [mpm_prefork:notice] [pid 2623] AH00163: Apache/2.4.6 (CentOS)
mod_apreq2-20090110/2.8.0 mod_perl/2.0.9 Perl/v5.16.3 configured -- resuming
normal operations
May 14 15:49:33 PacketFence-ZEN httpd_portal_err: [Tue May 14 15:49:33.025023
2019] [core:notice] [pid 2623] AH00094: Command line: '/usr/sbin/httpd -f
/usr/local/pf/var/conf/httpd.conf.d/httpd.portal -D FOREGROUND -D rhel'
May 14 15:50:48 PacketFence-ZEN httpd_portal_err: Use of uninitialized value
$pf::web::constants::URL_NETWORK_LOGOFF in string eq at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
303.
May 14 15:50:50 PacketFence-ZEN httpd_portal_err: Use of uninitialized value
$pf::web::constants::URL_NETWORK_LOGOFF in string eq at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
303.
May 14 15:56:43 PacketFence-ZEN httpd_portal_err: Use of uninitialized value
$pf::web::constants::URL_NETWORK_LOGOFF in string eq at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
303.
Any ideas?
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
On May 13, 2019, at 10:04 PM, Louis Scaringella
<lscaringe...@yellowdognetworks.com> wrote:
New information,
I realized that based on the documentation and/or network devices guide, it
said to configure source NAT on the controller for when destined to Packetfence
using 443 and that is why I am seeing the controller IP only. Makes sense that
the controller’s MAC address wasn’t seen as a “node” in the database.
After disabling source NAT, I now see the default AUP page showing up. Not sure
why this (source NAT) was a configuration step in the guide, but I haven’t had
to do this with Clearpass before with the controller. Maybe behavior has
changed since the documentation was compiled.
More testing to follow.
Louis Scaringella
On May 13, 2019, at 9:49 PM, Louis Scaringella
<lscaringe...@yellowdognetworks.com> wrote:
Hello,
I’m relatively new to PacketFence, but not NAC in general. I’m having some
difficulty getting PacketFence to work in my lab environment with the Captive
Portal correctly.
I have a single interface that i’ve setup for management, RADIUS, and the
portal. I have an Aruba wireless controller that works well with Aruba
Clearpass in the same manner so this config is very well tested already
although I understand there may be differences.
In my lab, the laptop I am testing with and the wireless controller are in the
same VLAN and subnet which is 198.18.255.0/24. So DHCP relays shouldn’t really
play a part here because PacketFence should be seeing the exact MAC address in
requests or in the DHCP messages themselves since its the same VLAN.
----------------
**So, what happens is when I connect, I do get redirected to the portal but see
the below message:
An error occured
Your computer was not found in the PacketFence database. Please reboot to solve
this issue.
If you have questions about this page, contact your local support staff for
assistance. Please provide the following information:
IP 198.18.255.67
MAC 0
IP 198.18.255.67 is my Aruba wireless controller. In the logs, it sees the MAC
address just fine of this. I’m wondering if this is normal or should I see the
endpoint IP here which is 198.18.255.113 in this case. Lots of other posts show
this being a DHCP relay/iP helper problem with PacketFence not seeing this
information, but this is all one flat VLAN so it should.
Any ideas here? I can provide any additional information you’d like. I greatly
appreciate any assistance.
Here is the snippet from a log entry in packetfence.log
May 14 02:36:54 PacketFence-ZEN pfqueue: pfqueue(3748) INFO:
[mac:00:24:d6:5b:30:bc] controllerIp is set, we will use controller
198.18.255.67 to perform deauth (pf::Switch::Aruba::radiusDisconnect)
May 14 02:36:54 PacketFence-ZEN pfqueue: pfqueue(3748) WARN:
[mac:00:24:d6:5b:30:bc] Unable to perform RADIUS Disconnect-Request.
Disconnect-NAK received with Error-Cause: Session-Context-Not-Found.
(pf::Switch::Aruba::radiusDisconnect)
May 14 02:37:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO: [mac:00:24:d6:5b:30:bc] handling
radius autz request: from switch_ip => (198.18.255.67), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (00:0b:86:de:65:00), mac => [00:24:d6:5b:30:bc], port => 0,
username => "00-24-d6-5b-30-bc", ssid => PacketFence-Guest (pf::radius::authorize)
May 14 02:37:11 PacketFence-ZEN pfqueue: pfqueue(2970) WARN:
[mac:00:24:d6:5b:30:bc] Unable to match MAC address to IP '198.18.250.10'
(pf::ip4log::ip2mac)
May 14 02:37:11 PacketFence-ZEN pfqueue: pfqueue(2970) INFO:
[mac:00:24:d6:5b:30:bc] oldip (198.18.200.11) and newip (198.18.250.10) are
different for 00:24:d6:5b:30:bc - closing ip4log entry (pf::api::update_ip4log)
May 14 02:37:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] Instantiate profile Aruba-Guest
(pf::Connection::ProfileFactory::_from_profile)
May 14 02:37:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
May 14 02:37:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] (198.18.255.67) Added VLAN 1255 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)
May 14 02:37:11 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] (198.18.255.67) Added role PFence-Guest-PreAuth to the
returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
May 14 02:37:14 PacketFence-ZEN pfqueue: pfqueue(2970) INFO: [mac:unknown]
Device Windows OS is a Windows OS (pf::fingerbank::__ANON__)
May 14 02:38:28 PacketFence-ZEN pfipset[2359]: t=2019-05-14T02:38:28+0000 lvl=info
msg="No Inline Network bypass ipsets reload" pid=2359
May 14 02:39:16 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO: [mac:00:24:d6:5b:30:bc] handling
radius autz request: from switch_ip => (198.18.255.67), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (00:0b:86:de:65:00), mac => [00:24:d6:5b:30:bc], port => 0,
username => "00-24-d6-5b-30-bc", ssid => PacketFence-Guest (pf::radius::authorize)
May 14 02:39:17 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] Instantiate profile Aruba-Guest
(pf::Connection::ProfileFactory::_from_profile)
May 14 02:39:17 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
May 14 02:39:17 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] (198.18.255.67) Added VLAN 1255 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)
May 14 02:39:17 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] (198.18.255.67) Added role PFence-Guest-PreAuth to the
returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
May 14 02:39:20 PacketFence-ZEN pfqueue: pfqueue(2970) WARN:
[mac:00:24:d6:5b:30:bc] Unable to match MAC address to IP '198.18.255.113'
(pf::ip4log::ip2mac)
May 14 02:39:20 PacketFence-ZEN pfqueue: pfqueue(2970) INFO:
[mac:00:24:d6:5b:30:bc] oldip (198.18.250.10) and newip (198.18.255.113) are
different for 00:24:d6:5b:30:bc - closing ip4log entry (pf::api::update_ip4log)
May 14 02:39:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO: [mac:00:24:d6:5b:30:bc] handling
radius autz request: from switch_ip => (198.18.255.67), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (00:0b:86:de:65:00), mac => [00:24:d6:5b:30:bc], port => 0,
username => "00-24-d6-5b-30-bc", ssid => PacketFence-Guest (pf::radius::authorize)
May 14 02:39:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] Instantiate profile Aruba-Guest
(pf::Connection::ProfileFactory::_from_profile)
May 14 02:39:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)
May 14 02:39:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] (198.18.255.67) Added VLAN 1255 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)
May 14 02:39:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2573) INFO:
[mac:00:24:d6:5b:30:bc] (198.18.255.67) Added role PFence-Guest-PreAuth to the
returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341)
INFO: [mac:unknown] Instantiate profile Aruba-Guest
(pf::Connection::ProfileFactory::_from_profile)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341)
WARN: [mac:unknown] Unable to match MAC address to IP '198.18.255.67'
(pf::ip4log::ip2mac)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341)
WARN: [mac:0] Unable to match MAC address to IP '198.18.255.67'
(pf::ip4log::ip2mac)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341)
INFO: [mac:0] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::endpoint_attributes)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341)
WARN: [mac:0] Use of uninitialized value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
137.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3341)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::update_collector_endpoint_data)
May 14 02:40:09 PacketFence-ZEN pfqueue: pfqueue(2969) ERROR: [mac:unknown]
Error while communicating with the Fingerbank collector. 404 Not Found
(pf::fingerbank::endpoint_attributes)
May 14 02:40:09 PacketFence-ZEN pfqueue: pfqueue(2969) ERROR: [mac:unknown]
Unable to fetch query arguments for Fingerbank query. Aborting.
(pf::fingerbank::process)
May 14 02:40:09 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3340)
WARN: [mac:unknown] Unable to match MAC address to IP '198.18.255.67'
(pf::ip4log::ip2mac)
May 14 02:40:10 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3340)
WARN: [mac:0] Unable to match MAC address to IP '198.18.255.67'
(pf::ip4log::ip2mac)
May 14 02:40:10 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3340)
INFO: [mac:0] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May 14 02:40:10 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3340)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::endpoint_attributes)
May 14 02:40:10 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3340)
WARN: [mac:0] Use of uninitialized value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
137.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
May 14 02:40:10 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(3340)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::update_collector_endpoint_data)
May 14 02:40:10 PacketFence-ZEN pfqueue: pfqueue(2966) ERROR: [mac:unknown]
Error while communicating with the Fingerbank collector. 404 Not Found
(pf::fingerbank::endpoint_attributes)
May 14 02:40:10 PacketFence-ZEN pfqueue: pfqueue(2966) ERROR: [mac:unknown]
Unable to fetch query arguments for Fingerbank query. Aborting.
(pf::fingerbank::process)
May 14 02:43:28 PacketFence-ZEN pfipset[2359]: t=2019-05-14T02:43:28+0000 lvl=info
msg="No Inline Network bypass ipsets reload" pid=2359
[root@PacketFence-ZEN ~]#
[root@PacketFence-ZEN ~]#
198.18.255.67-controller
198.18.255.113-laptop
Louis Scaringella
Security Systems Engineer
Yellow Dog Networks, Inc
785-342-7903
The information transmitted, including any attachments, is intended only for
the person or entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of, or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited, and all liability
arising therefrom is disclaimed. If you received this in error, please contact
the sender and delete the material from any computer.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
The information transmitted, including any attachments, is intended only for
the person or entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of, or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited, and all liability
arising therefrom is disclaimed. If you received this in error, please contact
the sender and delete the material from any computer.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
The information transmitted, including any attachments, is intended only for
the person or entity to which it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of, or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited, and all liability
arising therefrom is disclaimed. If you received this in error, please contact
the sender and delete the material from any computer.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
