Dear Ludovic
as you can see in my previous post "registration" works fine but wifi
devices
(Cisco Virtual Wireless Lan Controller) are "unknown" in online/offline
field:
/[root@pfsrv pf]# bin/pftest authentication becchett XXXXXX RADIUS-AAI//
//Testing authentication for "becchett"//
//
//Authenticating against 'RADIUS-AAI' in context 'admin'//
// Authentication SUCCEEDED against RADIUS-AAI (Authentication
successful.)//
// Matched against RADIUS-AAI for 'authentication' rules//
// set_role : default//
// set_access_duration : 12h//
// Did not match against RADIUS-AAI for 'administration' rules//
//
//Authenticating against 'RADIUS-AAI' in context 'portal'//
// Authentication SUCCEEDED against RADIUS-AAI (Authentication
successful.)//
// Matched against RADIUS-AAI for 'authentication' rules//
// set_role : default//
// set_access_duration : 12h//
// Did not match against RADIUS-AAI for 'administration' rules/
Thanks a lot.
Best Regards
Enrico
Il 17/03/2020 13:04, Ludovic Zammit ha scritto:
Hello Enrico,
Nothing in that log says it would or deregister your node.
Give me the output of that command:
bin/pftest authentication USERNAME “” RADIUS-AAI
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145)
::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
On May 30, 2019, at 8:45 AM, Enrico Becchetti via PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Log from offline node, packetfence.log:
....
May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] handling radius autz request: from switch_ip
=> (10.21.0.1), connection_type => Wireless-802.11-EAP,switch_mac =>
(6c:dd:30:49:dc:e0), mac => [2c:4d:54:3a:c9:eb], port => 1, username
=> "USERNAME@domain", ssid => dot1x (pf::radius::authorize)
May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x
(pf::Connection::ProfileFactory::_from_profile)
May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Found authentication source(s) : 'RADIUS-AAI'
for realm 'default' (pf::config::util::filter_authentication_sources)
May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN:
[mac:2c:4d:54:3a:c9:eb] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match2)
May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Using sources RADIUS-AAI for matching
(pf::authentication::match2)
May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Matched rule (catchall) in source RADIUS-AAI,
returning actions. (pf::Authentication::Source::match_rule)
May 30 14:38:52 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Matched rule (catchall) in source RADIUS-AAI,
returning actions. (pf::Authentication::Source::match)
May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Role has already been computed and we don't
want to recompute it. Getting role from node_info
(pf::role::getRegisteredRole)
May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Username was defined "USERNAME@domain"
returning role 'default' (pf::role::getRegisteredRole)
May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] PID: "USERNAME@domain", Status: reg Returned
VLAN: (undefined), Role: default (pf::role::fetchRoleForNode)
May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] (10.21.0.1) Added VLAN 26 to the returned
RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] violation 1300003 force-closed for
2c:4d:54:3a:c9:eb (pf::violation::violation_force_close)
May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x
(pf::Connection::ProfileFactory::_from_profile)
May 30 14:38:53 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:[undef]] oldmac (2c:4d:54:3a:c9:eb) and newmac (0) are different
for 10.26.1.1 - closing ip4log entry (pf::api::update_ip4log)
May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO:
[mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 0 (pf::api::trigger_scan)
May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO:
[mac:2c:4d:54:3a:c9:eb] Instantiate profile dot1x
(pf::Connection::ProfileFactory::_from_profile)
May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO:
[mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 1 (pf::api::trigger_scan)
May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) WARN:
[mac:2c:4d:54:3a:c9:eb] Use of uninitialized value $added in
concatenation (.) or string at /usr/local/pf/lib/pf/api.pm line 989.
May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) INFO:
[mac:2c:4d:54:3a:c9:eb] trigger_run_scan EB 0,added
(pf::api::trigger_scan)
May 30 14:38:58 pfsrv pfqueue: pfqueue(21490) WARN:
[mac:2c:4d:54:3a:c9:eb] Use of uninitialized value $added in numeric
eq (==) at /usr/local/pf/lib/pf/api.pm line 990.
May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Updating iplog from accounting request
(pf::api::handle_accounting_metadata)
May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN:
[mac:2c:4d:54:3a:c9:eb] Trying to match IP address with an invalid
MAC address '0' (pf::ip4log::mac2ip)
May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN:
[mac:2c:4d:54:3a:c9:eb] Unable to match MAC address to IP
'10.26.1.33' (pf::ip4log::ip2mac)
May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) WARN:
[mac:2c:4d:54:3a:c9:eb] Trying to open an 'ip4log' table entry with
an invalid MAC address '0' (pf::ip4log::open)
May 30 14:41:01 pfsrv packetfence_httpd.aaa: httpd.aaa(20753) INFO:
[mac:2c:4d:54:3a:c9:eb] Unable to extract MAC from Called-Station-Id:
10.21.0.1 (pf::radius::extractApMacFromRadiusRequest)
..
Enrico
Il 30/05/2019 14:27, Enrico Becchetti ha scritto:
Il 30/05/2019 14:08, Nicolas Quiniou-Briand via PacketFence-users ha
scritto:
Hello Enrico,
On 2019-05-30 1:37 p.m., Enrico Becchetti via PacketFence-users wrote:
but why is it not online ?
See
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_radius_accounting
Dear all,
I enabled "/Update the iplog using the accounting/setting
from/System configuration → Main configuration → Advanced/."
Do I restart PF after this change ?
Thank you so much !
Best Reards
Enrico
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Skype:enrico_becchetti
Mail: Enrico.Becchetti<at>pg.infn.it
______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
