Okay so this is the one from today. get's matched to the
Ethernet profile and denied.
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) INFO:
[mac:00:24:d7:90:be:84] handling radius autz request: from
switch_ip => (192.168.100.216), connection_type =>
Wireless-802.11-EAP,switch_mac => (c8:b5:ad:ce:43:7c), mac =>
[00:24:d7:90:be:84], port => 0, username => "host/ tacos
-016.BluedogRV.lan" (pf::radius::authorize)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) INFO:
[mac:00:24:d7:90:be:84] is doing machine auth with account 'host/
tacos . tacos.lan'. (pf::radius::authorize)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] instantiating new pf::role object
(pf::role::new)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] instantiating new
pf::access_filter::vlan (pf::access_filter::new)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] No engine found for IsPhone
(pf::access_filter::test)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Trying to match IP address to MAC
'00:24:d7:90:be:84' using SQL 'ip4log' table (pf::ip4log::mac2ip)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Viewing an 'ip4log' table entry
for the following MAC address '00:24:d7:90:be:84'
(pf::ip4log::_view_by_mac)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Matched MAC '00:24:d7:90:be:84' to
IP address '192.168.50.119' using SQL 'ip4log' table
(pf::ip4log::mac2ip)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Memory configuration is not valid
anymore for key FilterEngine::Profile() in local cached_hash
(pfconfig::cached::is_valid)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Memory configuration is not valid
anymore for key config::Profiles() in local cached_hash
(pfconfig::cached::is_valid)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) INFO:
[mac:00:24:d7:90:be:84] Instantiate profile Ethernet802.1x
(pf::Connection::ProfileFactory::_from_profile)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] instantiating new
pf::Connection::Profile object (pf::Connection::Profile::new)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] instantiating new
pf::access_filter::vlan (pf::access_filter::new)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] No engine found for AutoRegister
(pf::access_filter::test)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Autoregistration set on profile
Ethernet802.1x (pf::role::shouldAutoRegister)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] instantiating new
pf::access_filter::vlan (pf::access_filter::new)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] No engine found for
NodeInfoForAutoReg (pf::access_filter::test)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Memory configuration is not valid
anymore for key config::Profiles() in local cached_hash
(pfconfig::cached::is_valid)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Used realm tacos tacos.lan is
associated to the configured realm tacos.lan
(pf::config::util::get_realm_authentication_source)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) INFO:
[mac:00:24:d7:90:be:84] Found authentication source(s) : 'tacod1'
for realm ' tacos.lan'
(pf::config::util::filter_authentication_sources)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] EAP connection with a username
"host/ tacos -016. tacos .lan". Trying to match rules from
authentication sources. (pf::role::getNodeInfoForAutoReg)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) WARN:
[mac:00:24:d7:90:be:84] Use of uninitialized value in
concatenation (.) or string at
/usr/local/pf/lib/pf/authentication.pm <http://authentication.pm>
line 389.
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Match called with parameters
radius_request => HASH(0x55bbf87d1a00), rule_class =>
authentication, stripped_user_name => , SSID => , username =>
host/tacos-016. tacos .lan, realm => BluedogRV.lan, context =>
radius, connection_type => Wireless-802.11-EAP
(pf::authentication::match2)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] Stripping username is enabled in
this context (radius). Will return a split username and realm.
(pf::config::util::strip_username_if_needed)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) INFO:
[mac:00:24:d7:90:be:84] Using sources tacos for matching
(pf::authentication::match2)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) INFO:
[mac:00:24:d7:90:be:84] LDAP testing connection (pf::LDAP::expire_if)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] cache get for namespace='Default',
key='ARRAY(0x55bbfd640658)', cache='RawMemory', time='0ms': HIT
(CHI::Driver::_log_get_result)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [ tacos ] Using LDAP connection to
192.168.20.98 (pf::Authentication::Source::LDAPSource::_connect)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [ tacos tacos ] Searching for
(|(sAMAccountName=host/ tacos -016. tacos
.lan)(servicePrincipalName=host/ tacos -016. tacos .lan)), from
DC= tacos ,DC=lan, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [ tacos tacos ] Found 1 results
(pf::Authentication::Source::LDAPSource::_match_in_subclass)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [ tacos tacos ] Searching
is_member filter (|(member=CN= tacos -016,OU=Post Falls,OU= tacos
Computers,DC= tacos ,DC=lan)(uniqueMember=CN= tacos -016,OU=Post
Falls,OU= tacos Computers,DC= tacos ,DC=lan)(memberUid=))
(pf::Authentication::Source::LDAPSource::_match_in_subclass)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [ tacos Domain_Users] Searching
for (|(sAMAccountName=host/ tacos -016. tacos
.lan)(servicePrincipalName=host/ tacos -016. tacos .lan)), from
DC= tacos ,DC=lan, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [ tacos Domain_Users] Found 1
results (pf::Authentication::Source::LDAPSource::_match_in_subclass)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [ tacos Domain_Users] Searching
is_member filter (|(member=CN= tacos -016,OU=Post Falls,OU= tacos
Computers,DC= tacos ,DC=lan)(uniqueMember=CN= tacos -016,OU=Post
Falls,OU= tacos Computers,DC= tacos ,DC=lan)(memberUid=))
(pf::Authentication::Source::LDAPSource::_match_in_subclass)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) WARN:
[mac:00:24:d7:90:be:84] No category computed for autoreg
(pf::role::getNodeInfoForAutoReg)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] [00:24:d7:90:be:84]
auto-registering node (pf::radius::authorize)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641) WARN:
[mac:00:24:d7:90:be:84] No role specified or found for pid host/
tacos -016.BluedogRV.lan (MAC 00:24:d7:90:be:84); assume maximum
number of registered nodes is reached
(pf::node::is_max_reg_nodes_reached)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
ERROR: [mac:00:24:d7:90:be:84] max nodes per pid met or exceeded
- registration of 00:24:d7:90:be:84 to host/ tacos
-016.BluedogRV.lan failed
(pf::registration::setup_node_for_registration)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
ERROR: [mac:00:24:d7:90:be:84] auto-registration of node failed
max nodes per pid met or exceeded (pf::radius::authorize)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
ERROR: [mac:00:24:d7:90:be:84] Database query failed with non
retryable error: Cannot add or update a child row: a foreign key
constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY
(`tenant_id`, `pid`) REFERENCES `person` (`tenant_id`, `pid`) ON
DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT INTO
`node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`,
`bypass_vlan`, `category_id`, `computername`, `detect_date`,
`device_class`, `device_manufacturer`, `device_score`,
`device_type`, `device_version`, `dhcp6_enterprise`,
`dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`,
`machine_account`, `notes`, `pid`, `regdate`, `sessionid`,
`status`, `tenant_id`, `time_balance`, `unregdate`, `user_agent`,
`voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE
KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `machine_account`
= ?, `pid` = ?, `status` = ?, `tenant_id` = ?]{yes, NULL, NULL,
NULL, NULL, NULL, 2020-03-11 08:53:16, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, 0000-00-00
00:00:00, 0000-00-00 00:00:00, 00:24:d7:90:be:84, host/ tacos
-016.BluedogRV.lan, NULL, host/ tacos -016.BluedogRV.lan,
0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00,
NULL, no, yes, host/ tacos -016. tacos .lan, host/ tacos
-016.BluedogRV.lan, reg, 1} (pf::dal::db_execute)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
DEBUG: [mac:00:24:d7:90:be:84] disconnecting db
(pf::db::db_disconnect)
Mar 11 08:57:01 NAC1 packetfence_httpd.aaa: httpd.aaa(9641)
ERROR: [mac:00:24:d7:90:be:84] Cannot save 00:24:d7:90:be:84
error (500) (pf::radius::authorize)
#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
sources=null
[Wire_noEAP]
locale=
filter=connection_type:Ethernet-NoEAP
autoregister=enabled
[Wireless_EAP]
filter_match_style=all
description=Wireless_EAP
sources=tacos-MachineAuth
filter=connection_type:Wireless-802.11-EAP,ssid:tacos
autoregister=enabled
redirecturl=https://www.tacos.com
logo=/common/Logo-horz.png
#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[Ethernet802.1x]
filter=connection_type:Ethernet-EAP,connection_sub_type:MS-CHAP-V2
sources=BDRVDC1
unreg_on_acct_stop=enabled
autoregister=enabled
[Wireless_BYOD]
filter_match_style=all
description=Wireless_EAP
sources=BDRVDC1
filter=connection_type:Wireless-802.11-EAP,ssid:tacos-BYOD
autoregister=enabled
logo=/common/Logo-horz.png
redirecturl=https://www.tacos.com
#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
~
~
~
~
~
~
~
On Wed, Mar 11, 2020 at 8:48 AM Zacharry Williams
<zachar...@gmail.com <mailto:zachar...@gmail.com>> wrote:
Yep I'm scrubbing them now. It's also matching clients
connecting on wireless-eap to wired-eap
On Tue, Mar 10, 2020, 4:53 PM Durand fabrice via
PacketFence-users <packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello,
can you provide the packetfence.log file and the
profiles.conf file ?
Regards
Fabrice
Le 20-03-10 à 15 h 19, Zacharry Williams via
PacketFence-users a écrit :
Hey all,
Randomly it matched the correct connection profile, one
time. Is this like a 9.3 bug where connection profiles
aren't being match?
On Mon, Mar 9, 2020 at 3:06 PM Zacharry Williams
<zachar...@gmail.com <mailto:zachar...@gmail.com>> wrote:
Hey all,
I've been working on setting up a guest LAN and a
byod LAN for a few days now. When I use a PSK or AD
Authentication it works fine, but the captive portal
isn't working like I think it should be.
I revisited the guide a few times to check and I
don't think i'm missing any settings. I customized a
captive portal with a logo and an acceptable use
policy but every time I get the captive portal, I
don't get the portal I customized but instead get
the default one. It's like the default connection
profile is matched first. I set the httpd.aaa.conf
logging to debug but nothing shows up as to why it's
picking that connection profile in packetfence.log.
I'm using Aruba instants, and managing them through
Aruba Central.
Where are the logs to read into why it's picking
that portal?
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
