Ok now I can see the CoA requests coming through on the IAP using radclient.
root@ip-10-11-8-37:/tmp# cat /tmp/disconnect.txt | radclient -x
172.28.5.250:3799 coa packetfence
Sent CoA-Request Id 205 from 0.0.0.0:41014 to 172.28.5.250:3799 length 54
Calling-Station-Id = "30074d744c55"
User-Name = "30074d744c55"
NAS-IP-Address = 172.28.5.250
Received CoA-ACK Id 205 from 172.28.5.250:3799 to 10.11.8.37:41014 length 32
NAS-IP-Address = 172.28.5.250
NAS-Port-Type = Wireless-802.11
root@ip-10-11-8-37:/tmp# cat /tmp/disconnect2.txt | radclient -x
172.28.5.250:3799 coa packetfence
Sent CoA-Request Id 218 from 0.0.0.0:40023 to 172.28.5.250:3799 length 40
Calling-Station-Id = "30074d744c55"
NAS-IP-Address = 172.28.5.250
Received CoA-ACK Id 218 from 172.28.5.250:3799 to 10.11.8.37:40023 length 32
NAS-IP-Address = 172.28.5.250
NAS-Port-Type = Wireless-802.11
root@ip-10-11-8-37:/tmp# cat /tmp/disconnect3.txt | radclient -x
172.28.5.250:3799 coa packetfence
Sent CoA-Request Id 10 from 0.0.0.0:36541 to 172.28.5.250:3799 length 34
Calling-Station-Id = "30074d744c55"
Received CoA-ACK Id 10 from 172.28.5.250:3799 to 10.11.8.37:36541 length 32
NAS-IP-Address = 172.28.5.250
NAS-Port-Type = Wireless-802.11
But using an Android it is still not working correctly I keep getting these
audit events and Wireshark shows it is still sending RADIUS code 40 not CoA
code 43
RADIUS RequestUser-Name = 30074d744c55 "
NAS-IP-Address = 172.28.5.250 "
Calling-Station-Id = 30074d744c55",
RADIUS ReplyCode = Disconnect-ACK "
NAS-IP-Address = 172.28.5.250 "
NAS-Port-Type = Wireless-802.11
Frame 184: 96 bytes on wire (768 bits), 96 bytes captured (768 bits) on
interface 0
Ethernet II, Src: JuniperN_fd:9c:01 (54:e0:32:fd:9c:01), Dst: HewlettP_cd:7a:a0
(b0:b8:67:cd:7a:a0)
Internet Protocol Version 4, Src: 10.11.8.37, Dst: 172.28.5.250
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 82
Identification: 0x0c26 (3110)
Flags: 0x4000, Don't fragment
Time to live: 52
Protocol: UDP (17)
Header checksum: 0x762f [validation disabled]
[Header checksum status: Unverified]
Source: 10.11.8.37
Destination: 172.28.5.250
User Datagram Protocol, Src Port: 33139, Dst Port: 3799
Source Port: 33139
Destination Port: 3799
Length: 62
Checksum: 0xf9fb [unverified]
[Checksum Status: Unverified]
[Stream index: 12]
[Timestamps]
RADIUS Protocol
Code: Disconnect-Request (40)
Packet identifier: 0x8a (138)
Length: 54
Authenticator: 060ac5075af07e3dfa27635fdff65efe
[The response to this request is in frame 190]
Attribute Value Pairs
AVP: t=NAS-IP-Address(4) l=6 val=172.28.5.250
Type: 4
Length: 6
NAS-IP-Address: 172.28.5.250
AVP: t=Calling-Station-Id(31) l=14 val=30074d744c55
Type: 31
Length: 14
Calling-Station-Id: 30074d744c55
AVP: t=User-Name(1) l=14 val=30074d744c55
Type: 1
Length: 14
User-Name: 30074d744c55
Frame 190: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on
interface 0
Ethernet II, Src: HewlettP_cd:7a:a0 (b0:b8:67:cd:7a:a0), Dst: JuniperN_fd:9c:01
(54:e0:32:fd:9c:01)
Internet Protocol Version 4, Src: 172.28.5.250, Dst: 10.11.8.37
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 60
Identification: 0x822e (33326)
Flags: 0x4000, Don't fragment
Time to live: 64
Protocol: UDP (17)
Header checksum: 0xf43c [validation disabled]
[Header checksum status: Unverified]
Source: 172.28.5.250
Destination: 10.11.8.37
User Datagram Protocol, Src Port: 3799, Dst Port: 33139
Source Port: 3799
Destination Port: 33139
Length: 40
Checksum: 0x4ba9 [unverified]
[Checksum Status: Unverified]
[Stream index: 12]
[Timestamps]
RADIUS Protocol
Code: Disconnect-ACK (41)
Packet identifier: 0x8a (138)
Length: 32
Authenticator: 03b8032802f53d02c3f3537b4312a12b
[This is a response to a request in frame 184]
[Time from request: 0.018888000 seconds]
Attribute Value Pairs
AVP: t=NAS-IP-Address(4) l=6 val=172.28.5.250
Type: 4
Length: 6
NAS-IP-Address: 172.28.5.250
AVP: t=NAS-Port-Type(61) l=6 val=Wireless-802.11(19)
Type: 61
Length: 6
NAS-Port-Type: Wireless-802.11 (19)
Here is a full packetfence.log history from enrolment to disconnect.
admin@ip-10-11-8-37:/tmp$ tail -fn 20 /usr/local/pf/logs/packetfence.log
Aug 29 12:24:25 ip-10-11-8-37 pfqueue: pfqueue(6561) INFO:
[mac:30:07:4d:74:4c:55] [30:07:4d:74:4c:55] DesAssociating mac on switch
(172.28.5.250) (pf::api::desAssociate)
Aug 29 12:24:25 ip-10-11-8-37 pfqueue: pfqueue(6561) INFO:
[mac:30:07:4d:74:4c:55] controllerIp is set, we will use controller
172.28.5.250 to perform deauth
(pf::Switch::Aruba::Instant_Access::radiusDisconnect)
Aug 29 12:24:25 ip-10-11-8-37 pfqueue: pfqueue(6561) WARN:
[mac:30:07:4d:74:4c:55] Unable to perform RADIUS Disconnect-Request.
Disconnect-NAK received with Error-Cause: Session-Context-Not-Found.
(pf::Switch::Aruba::Instant_Access::radiusDisconnect)
Aug 29 12:24:25 ip-10-11-8-37 pfqueue: pfqueue(6561) INFO:
[mac:30:07:4d:74:4c:55] [30:07:4d:74:4c:55] DesAssociating mac on switch
(172.28.5.250) (pf::api::desAssociate)
Aug 29 12:24:25 ip-10-11-8-37 pfqueue: pfqueue(6561) INFO:
[mac:30:07:4d:74:4c:55] controllerIp is set, we will use controller
172.28.5.250 to perform deauth
(pf::Switch::Aruba::Instant_Access::radiusDisconnect)
Aug 29 12:24:25 ip-10-11-8-37 pfqueue: pfqueue(6561) WARN:
[mac:30:07:4d:74:4c:55] Unable to perform RADIUS Disconnect-Request.
Disconnect-NAK received with Error-Cause: Session-Context-Not-Found.
(pf::Switch::Aruba::Instant_Access::radiusDisconnect)
Aug 29 12:26:07 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:07 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:07 ip-10-11-8-37 pfqueue: pfqueue(5518) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:07 ip-10-11-8-37 pfqueue: pfqueue(5518) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:08 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:08 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:08 ip-10-11-8-37 pfqueue: pfqueue(5738) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:09 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:09 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:08 ip-10-11-8-37 pfqueue: pfqueue(5738) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:11 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1653)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:11 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1653)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:13 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:13 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:13 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:13 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:17 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:17 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:18 ip-10-11-8-37 pfqueue: pfqueue(5475) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:18 ip-10-11-8-37 pfqueue: pfqueue(5475) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:28 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:28 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:31 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:31 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] registering guest through a sponsor
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources local, GBST-AD, GBST-PC, file1 for
matching (pf::authentication::match)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (email-sponsor) in source GBST-AD,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (email-sponsor) in source GBST-AD,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Adding guest person [email protected]
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] new activation code successfully generated
(pf::activation::create)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] registering guest through a sponsor
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources local, GBST-AD, GBST-PC, file1 for
matching (pf::authentication::match)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (email-sponsor) in source GBST-AD,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (email-sponsor) in source GBST-AD,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Adding guest person [email protected]
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] new activation code successfully generated
(pf::activation::create)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] person [email protected] added
(pf::person::person_add)
Aug 29 12:26:32 ip-10-11-8-37 pfqueue: pfqueue(5720) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:26:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] person [email protected] added
(pf::person::person_add)
Aug 29 12:26:32 ip-10-11-8-37 pfqueue: pfqueue(5720) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:38 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:38 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:39 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:39 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:40 ip-10-11-8-37 pfqueue: pfqueue(5720) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:40 ip-10-11-8-37 pfqueue: pfqueue(5720) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:43 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:43 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:44 ip-10-11-8-37 pfqueue: pfqueue(5518) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:44 ip-10-11-8-37 pfqueue: pfqueue(5518) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:48 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1653)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:48 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1653)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:50 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:50 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:51 ip-10-11-8-37 pfqueue: pfqueue(5455) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:51 ip-10-11-8-37 pfqueue: pfqueue(5455) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:53 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:53 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:54 ip-10-11-8-37 pfqueue: pfqueue(5738) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:54 ip-10-11-8-37 pfqueue: pfqueue(5738) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:26:58 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:58 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:unknown] Unable to match MAC address to IP '172.28.0.66'
(pf::ip4log::ip2mac)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Unable to match MAC address to IP '172.28.0.66'
(pf::ip4log::ip2mac)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::endpoint_attributes)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Use of uninitialized value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
138.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::update_collector_endpoint_data)
Aug 29 12:26:59 ip-10-11-8-37 pfqueue: pfqueue(5518) ERROR: [mac:unknown] Error
while communicating with the Fingerbank collector. 404 Not Found
(pf::fingerbank::endpoint_attributes)
Aug 29 12:26:59 ip-10-11-8-37 pfqueue: pfqueue(5518) ERROR: [mac:unknown]
Unable to fetch query arguments for Fingerbank query. Aborting.
(pf::fingerbank::process)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] [30:07:4d:74:4c:55] Activation code sent to email
[email protected] from [email protected] successfully verified.
for activation type: sponsor (pf::activation::validate_code)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/captiveportal/PacketFence/Controller/Activate/Email.pm line
188.
(captiveportal::PacketFence::Controller::Activate::Email::doSponsorRegistration)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Calling match with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Matched rule (catchall) in source gbst-sponsor, returning
actions. (pf::Authentication::Source::match_rule)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Matched rule (catchall) in source gbst-sponsor, returning
actions. (pf::Authentication::Source::match)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:unknown] Unable to match MAC address to IP '172.28.0.66'
(pf::ip4log::ip2mac)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Unable to match MAC address to IP '172.28.0.66'
(pf::ip4log::ip2mac)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::endpoint_attributes)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Use of uninitialized value in string ne at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line
138.
(captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
ERROR: [mac:0] Error while communicating with the Fingerbank collector. 404 Not
Found (pf::fingerbank::update_collector_endpoint_data)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] [30:07:4d:74:4c:55] Activation code sent to email
[email protected] from [email protected] successfully verified.
for activation type: sponsor (pf::activation::validate_code)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/captiveportal/PacketFence/Controller/Activate/Email.pm line
188.
(captiveportal::PacketFence::Controller::Activate::Email::doSponsorRegistration)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:0] Calling match with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Matched rule (catchall) in source gbst-sponsor, returning
actions. (pf::Authentication::Source::match_rule)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] Matched rule (catchall) in source gbst-sponsor, returning
actions. (pf::Authentication::Source::match)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] new temporary account successfully generated
(pf::password::generate)
Aug 29 12:26:59 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:0] new temporary account successfully generated
(pf::password::generate)
Aug 29 12:26:59 ip-10-11-8-37 pfqueue: pfqueue(5518) ERROR: [mac:unknown] Error
while communicating with the Fingerbank collector. 404 Not Found
(pf::fingerbank::endpoint_attributes)
Aug 29 12:26:59 ip-10-11-8-37 pfqueue: pfqueue(5518) ERROR: [mac:unknown]
Unable to fetch query arguments for Fingerbank query. Aborting.
(pf::fingerbank::process)
Aug 29 12:27:00 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:00 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:01 ip-10-11-8-37 pfqueue: pfqueue(5518) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:01 ip-10-11-8-37 pfqueue: pfqueue(5518) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Activation record has been validated.
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::check_activation)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Activation record has been validated.
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::check_activation)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:27:04 ip-10-11-8-37 pfqueue: pfqueue(5475) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:27:03 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Using sources gbst-sponsor for matching
(pf::authentication::match)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match_rule)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Matched rule (catchall) in source gbst-sponsor,
returning actions. (pf::Authentication::Source::match)
Aug 29 12:27:04 ip-10-11-8-37 pfqueue: pfqueue(5475) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] a new temporary account has been requested for
[email protected]. Deleting previous entry (pf::password::generate)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] new temporary account successfully generated
(pf::password::generate)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Local account for external source gbst-sponsor
created with PID [email protected]
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::create_local_account)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] a new temporary account has been requested for
[email protected]. Deleting previous entry (pf::password::generate)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] new temporary account successfully generated
(pf::password::generate)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Local account for external source gbst-sponsor
created with PID [email protected]
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::create_local_account)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1653)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:04 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1653)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:11 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:11 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:12 ip-10-11-8-37 pfqueue: pfqueue(5701) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:12 ip-10-11-8-37 pfqueue: pfqueue(5701) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:16 ip-10-11-8-37 packetfence: INFO -e(6870): generating
/usr/local/pf/var/conf/snmptrapd.conf
(pf::services::manager::snmptrapd::generateConfig)
Aug 29 12:27:16 ip-10-11-8-37 packetfence: INFO -e(6870): generating
/usr/local/pf/var/conf/snmptrapd.conf
(pf::services::manager::snmptrapd::generateConfig)
Aug 29 12:27:21 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:21 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:32 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] No provisioner found for 30:07:4d:74:4c:55.
Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1655)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] No provisioner found for 30:07:4d:74:4c:55.
Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] User [email protected] has authenticated on
the portal. (Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] security_event 1300003 force-closed for
30:07:4d:74:4c:55 (pf::security_event::security_event_force_close)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Use of uninitialized value in concatenation (.)
or string at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm line
89.
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:unknown] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:30:07:4d:74:4c:55] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:30:07:4d:74:4c:55] locale from the URL is not supported
(captiveportal::PacketFence::Controller::Root::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] User default has authenticated on the portal.
(Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:30:07:4d:74:4c:55] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 pfqueue: pfqueue(5738) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] VLAN reassignment is forced.
(pf::enforcement::_should_we_reassign_vlan)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] switch port is (172.28.5.250) ifIndex unknown
connection type: WiFi 802.1X (pf::enforcement::_vlan_reevaluation)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] security_event 1300003 force-closed for
30:07:4d:74:4c:55 (pf::security_event::security_event_force_close)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1657)
WARN: [mac:30:07:4d:74:4c:55] Use of uninitialized value in concatenation (.)
or string at
/usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm line
89.
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:unknown] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:30:07:4d:74:4c:55] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:30:07:4d:74:4c:55] locale from the URL is not supported
(captiveportal::PacketFence::Controller::Root::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] User default has authenticated on the portal.
(Class::MOP::Class:::after)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
WARN: [mac:30:07:4d:74:4c:55] locale from the URL is not supported
(pf::Portal::Session::getLanguages)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] re-evaluating access (manage_register called)
(pf::enforcement::reevaluate_access)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] VLAN reassignment is forced.
(pf::enforcement::_should_we_reassign_vlan)
Aug 29 12:27:37 ip-10-11-8-37 packetfence_httpd.portal: httpd.portal(1659)
INFO: [mac:30:07:4d:74:4c:55] switch port is (172.28.5.250) ifIndex unknown
connection type: WiFi 802.1X (pf::enforcement::_vlan_reevaluation)
Aug 29 12:27:37 ip-10-11-8-37 pfqueue: pfqueue(5738) WARN:
[mac:30:07:4d:74:4c:55] Unable to pull accounting history for device
30:07:4d:74:4c:55. The history set doesn't exist yet.
(pf::accounting_events_history::latest_mac_history)
Aug 29 12:27:39 ip-10-11-8-37 pfqueue: pfqueue(6914) INFO:
[mac:30:07:4d:74:4c:55] [30:07:4d:74:4c:55] DesAssociating mac on switch
(172.28.5.250) (pf::api::desAssociate)
Aug 29 12:27:39 ip-10-11-8-37 pfqueue: pfqueue(6914) INFO:
[mac:30:07:4d:74:4c:55] controllerIp is set, we will use controller
172.28.5.250 to perform deauth
(pf::Switch::Aruba::Instant_Access::radiusDisconnect)
Aug 29 12:27:39 ip-10-11-8-37 pfqueue: pfqueue(6914) INFO:
[mac:30:07:4d:74:4c:55] [30:07:4d:74:4c:55] DesAssociating mac on switch
(172.28.5.250) (pf::api::desAssociate)
Aug 29 12:27:39 ip-10-11-8-37 pfqueue: pfqueue(6914) INFO:
[mac:30:07:4d:74:4c:55] controllerIp is set, we will use controller
172.28.5.250 to perform deauth
(pf::Switch::Aruba::Instant_Access::radiusDisconnect)
-----Original Message-----
From: Durand fabrice via PacketFence-users
<[email protected]>
Sent: Thursday, 29 August 2019 10:50 AM
To: [email protected]
Cc: Durand fabrice <[email protected]>
Subject: Re: [PacketFence-users] DesAssociating mac on switch
Hello Peter,
if you do vlan by role then PacketFence will send a Disconnect, if it's role by
switch role then it will be a CoA. (just to explain the logic)
Also "Received invalid reply digest from RADIUS server" sounds me that the
shared secret is invalid.
What you set in the radius tab (swicth config) needs to be the same when you
define packetfence as a radius server in the Aruba AP and for the
CoA/Disconnect. (there is no way in the code to have a different shared secret
for auth/acct and coa/disconnect)
Did you test the command Nicolas gave you and did it worked ? If no can you
just try the same command but with only the Calling_Station-Id attribute ?
Regards
Fabice
Le 19-08-28 à 18 h 38, Peter Reissenweber via PacketFence-users a écrit :
> I can't really expect users or network team to do this for guest access
> everytime it is needed.
>
> There were some maintenance patches that were mentioned in other threads were
> these applied to the Debian repositories the same as Centos repos?
>
> There seems to be other issues if I disable CoA via the GUI it is still
> active after a reboot and the same if I change the CoA port number to 5999 or
> anything else it still uses port 3799 after a reboot.
>
> I will still try work with Aruba but I don't think they can really assist
> when it is PF that is sending code 40 instead of 43.
>
> Please can I get a better solution as management is keen to use this product
> to replace our existing clearpass solution.
>
> -----Original Message-----
> From: Nicolas Quiniou-Briand <[email protected]>
> Sent: Wednesday, 28 August 2019 9:59 PM
> To: Peter Reissenweber <[email protected]>;
> [email protected]
> Subject: Re: [PacketFence-users] DesAssociating mac on switch
>
>
>
> On 2019-08-28 2:23 a.m., Peter Reissenweber wrote:
>> RADIUS Protocol
>> Code: Disconnect-Request (40)
> It looks like PF is still not sending a CoA-Request (43).
> What you can do is to use `radclient` to forge a CoA-Request after your
> device is connected to network.
>
> #v+
> echo "Calling-Station-Id = 30074d744c55" >> /tmp/disconnect.txt echo
> "User-Name = 30074d744c55" >> /tmp/disconnect.txt echo "NAS-IP-Address
> = 172.28.5.250" >> /tmp/disconnect.txt
>
> # this will send a CoA-Request message cat /tmp/disconnect.txt |
> radclient -x IP_OF_YOUR_IAP coa RADIUS_SECRET_KEY
> #v-
> --
> Nicolas Quiniou-Briand
> [email protected] :: +1.514.447.4918 *140 ::
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Finve
> rse.ca&data=02%7C01%7Cpeter.reissenweber%40gbst.com%7Cd232fd58c0c2
> 4183efee08d72c1b0717%7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%7C6370
> 26366913909314&sdata=Nb7d8Dk%2FGK9DOmq2DBnBy7YQSif9hUjys9%2BTuFe6E
> OM%3D&reserved=0 Inverse inc. :: Leaders behind SOGo
> (https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsog
> o.nu&data=02%7C01%7Cpeter.reissenweber%40gbst.com%7Cd232fd58c0c241
> 83efee08d72c1b0717%7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%7C637026
> 366913909314&sdata=3Ig3nae7uzZFvLSA7Lc1DOxgZT8hFVxBPkAOEQWIZuA%3D&
> amp;reserved=0), PacketFence
> (https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpac
> ketfence.org&data=02%7C01%7Cpeter.reissenweber%40gbst.com%7Cd232fd
> 58c0c24183efee08d72c1b0717%7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%
> 7C637026366913909314&sdata=VE92uywPCXDBbeANq8xZf99HVHbLvlXyiJpsuae
> wm5g%3D&reserved=0) and Fingerbank
> (https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffing
> erbank.org&data=02%7C01%7Cpeter.reissenweber%40gbst.com%7Cd232fd58
> c0c24183efee08d72c1b0717%7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%7C
> 637026366913909314&sdata=cXLiQxU0xDiPL24NjrN2e2H2fP02d3tgTnZAdao%2
> BI04%3D&reserved=0) The information transmitted is intended only
> for the person or entity to which it is addressed and may contain
> confidential and / or privileged material that may be governed by
> confidential information provisions contained in the agreement between GBST
> and your company. Any disclosure, copying, distribution, or other use without
> the express consent of the sender is prohibited. If you received this in
> error, please contact the sender and delete the material from any computer.
> All rights in the information transmitted, including copyright, are reserved.
> Nothing in this message should be interpreted as a digital signature that can
> be used to authenticate a document. No warranty is given by the sender that
> any attachments to this email are free from viruses or other defects.
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> s.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7
> C01%7Cpeter.reissenweber%40gbst.com%7Cd232fd58c0c24183efee08d72c1b0717
> %7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%7C637026366913909314&s
> data=ABa1lNUH1P%2FhOmipzMOPFhE8%2B7f2PWtlcZKtrP0%2FCbo%3D&reserved
> =0
_______________________________________________
PacketFence-users mailing list
[email protected]
https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7Cpeter.reissenweber%40gbst.com%7Cd232fd58c0c24183efee08d72c1b0717%7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%7C637026366913909314&sdata=ABa1lNUH1P%2FhOmipzMOPFhE8%2B7f2PWtlcZKtrP0%2FCbo%3D&reserved=0
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and / or privileged material that
may be governed by confidential information provisions contained in the
agreement between GBST and your company. Any disclosure, copying, distribution,
or other use without the express consent of the sender is prohibited. If you
received this in error, please contact the sender and delete the material from
any computer. All rights in the information transmitted, including copyright,
are reserved. Nothing in this message should be interpreted as a digital
signature that can be used to authenticate a document. No warranty is given by
the sender that any attachments to this email are free from viruses or other
defects.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
