The device was still connected to the WLC, I did verify this. I tried another client and I get a similar error message.
MAC address is: 4c:6b:e8:c7:67:e3 2020-01-17 08:18:36 Syslog.Info 172.20.0.39 ASD-WLC-5508: *pemReceiveTask: Jan 17 08:20:27.879: %APF_HA-6-CLIENT_TEMP_DB_FIND_ERR: [SA]apf_ha_api.c:258 Unable to find Mobile 4c:6b:e8:c7:67:e3 entry in the temporary Client database used for APF HA 2020-01-17 08:18:36 Syslog.Info 172.20.0.39 ASD-WLC-5508: *haSSOServiceTask3: Jan 17 08:20:27.880: %APF_HA-6-CLIENT_DB_FIND_ERR: [SA]apf_ha.c:4745 Unable to find Mobile 4c:6b:e8:c7:67:e3 entry in the database, could not process send update message for Mobile Jan 17 08:18:33 nac packetfence: INFO pfperl-api(6611): Request to /api/v1/dhcp/mac/4c:6b:e8:c7:67:e3 is unauthorized, will perform a login (pf::api::unifiedapiclient::call) Jan 17 08:18:33 nac packetfence: INFO pfperl-api(6611): re-evaluating access (admin_modify called) (pf::enforcement::reevaluate_access) Jan 17 08:18:35 nac pfqueue: pfqueue(13332) INFO: [mac:4c:6b:e8:c7:67:e3] [4c:6b:e8:c7:67:e3] DesAssociating mac on switch (172.22.0.39) (pf::api::desAssociate) Jan 17 08:18:35 nac pfqueue: pfqueue(13332) INFO: [mac:4c:6b:e8:c7:67:e3] deauthenticating (pf::Switch::Cisco::WLC::radiusDisconnect) Jan 17 08:18:37 nac packetfence_httpd.aaa: httpd.aaa(7807) INFO: [mac:4c:6b:e8:c7:67:e3] handling radius autz request: from switch_ip => (172.22.0.39), connection_type => Wireless-802.11-NoEAP,switch_mac => (78:bc:1a:1e:54:e0), mac => [4c:6b:e8:c7:67:e3], port => 13, username => "4c6be8c767e3", ssid => ASDGuest (pf::radius::authorize) Jan 17 08:18:37 nac packetfence_httpd.aaa: httpd.aaa(7807) INFO: [mac:4c:6b:e8:c7:67:e3] Instantiate profile guest (pf::Connection::ProfileFactory::_from_profile) Jan 17 08:18:37 nac packetfence_httpd.aaa: httpd.aaa(7807) WARN: [mac:4c:6b:e8:c7:67:e3] Switch type 'pf::Switch::Cisco::WLC_5500' does not support MABFloatingDevices (pf::SwitchSupports::__ANON__) Jan 17 08:18:37 nac packetfence_httpd.aaa: httpd.aaa(7807) INFO: [mac:4c:6b:e8:c7:67:e3] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Jan 17 08:18:37 nac packetfence_httpd.aaa: httpd.aaa(7807) INFO: [mac:4c:6b:e8:c7:67:e3] (172.22.0.39) Added VLAN 104 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jan 17 08:18:37 nac packetfence_httpd.aaa: httpd.aaa(7807) INFO: [mac:4c:6b:e8:c7:67:e3] (172.22.0.39) Added role Pre-Auth-For_WebRedirect to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jan 17 08:18:37 nac packetfence_httpd.aaa: httpd.aaa(7807) INFO: [mac:4c:6b:e8:c7:67:e3] Adding web authentication redirection to reply using role: 'Pre-Auth-For_WebRedirect' and URL: ' https://nac.rails.altoona.k12.wi.us/Cisco::WLC/sid358caf' (pf::Switch::Cisco::WLC::returnRadiusAccessAccept) Jan 17 08:18:45 nac pfqueue: pfqueue(13332) WARN: [mac:4c:6b:e8:c7:67:e3] Unable to perform RADIUS CoA-Request on (172.22.0.39): Timeout waiting for a reply from 172.22.0.39 on port 3799 at /usr/local/pf/lib/pf/util/radius.pm line 166. (pf::Switch::Cisco::WLC::catch {...} ) Jan 17 08:18:45 nac pfqueue: pfqueue(13332) ERROR: [mac:4c:6b:e8:c7:67:e3] Wrong RADIUS secret or unreachable network device (172.22.0.39)... On some Cisco Wireless Controllers you might have to set disconnectPort=1700 as some versions ignore the CoA requests on port 3799 (pf::Switch::Cisco::WLC::catch {...} ) On Fri, Jan 17, 2020 at 2:05 AM Nicolas Quiniou-Briand via PacketFence-users <[email protected]> wrote: > Hi Andrew, > > 1. Is it possible this device was already disconnected from WLC ? > 2. Could you try with another client that is connected to WLC when you > unreg from PF ? > 3. After you test 2, provide us packetfence.log with lines related to > MAC of your other client and WLC logs. > > Thanks. > -- > Nicolas Quiniou-Briand > [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca > Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence > (https://packetfence.org) and Fingerbank (http://fingerbank.org) > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- -- *Confidentiality Notice:* This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. The views expressed in this transmission are not necessarily the views of the School District of Altoona.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
