Ok, thanks. I followed your instructions and rebooted. Here is the new log:
Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of Called-Station-Id: 20:4c:03:58:99:8a (pf::Switch::extractSSIDFromCalledStationId) Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] handling radius autz request: from switch_ip => (198.18.255.64), connection_type => Wireless-802.11-NoEAP,switch_mac => (20:4c:03:58:99:8a), mac => [00:24:d6:5b:30:bc], port => 0, username => "00-24-d6-5b-30-bc", ssid => Lab-Open-Guest (pf::radius::authorize) Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile Lab-Aruba-OpenGuest-copy (pf::Connection::ProfileFactory::_from_profile) Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] Match rule MAC-Auth (pf::access_filter::test) Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] vlan filter match ; belongs into REJECT VLAN (pf::role::getRegistrationRole) Oct 8 14:06:19 localhost packetfence_httpd.aaa: httpd.aaa(2066) INFO: [mac:00:24:d6:5b:30:bc] According to rules in fetchRoleForNode this node must be kicked out. Returning USERLOCK (pf::Switch::Template::handleRadiusDeny) I switched my switch back to “Aruba Wireless Controller” template. Should I be doing that or what should I have configured here? It does look like it now shows the SSID here. Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 8, 2020, at 1:47 PM, Fabrice Durand <fdur...@inverse.ca> wrote: > > Revert the change in Switch.pm then do: > > cd /usr/local/pf/ > > curl > https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/5903.diff > | patch -p1 > > Le 20-10-08 à 14 h 43, Louis Scaringella a écrit : >> What should I do with that file you sent? Add that to switch.pm or replace >> it? >> >> Louis Scaringella >> Security Systems Engineer >> Yellow Dog Networks, Inc >> 785-342-7903 >> >>> On Oct 8, 2020, at 1:41 PM, Fabrice Durand <fdur...@inverse.ca> wrote: >>> >>> Hello Louis, >>> >>> let's take a look at >>> https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/5903.diff >>> >>> Also it can happen when per example the registration network is an inline >>> network. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-10-08 à 14 h 37, Louis Scaringella a écrit : >>>> What would cause the httpd.aaa process to match the correct profile but >>>> then the httpd.portal to match the default? >>>> Does it not use the same criteria and filters as the connection profile >>>> does? >>>> >>>> The only change here between scenarios is the SSID filter added to the >>>> connection profile so something just isn’t right here. >>>> >>>> Louis Scaringella >>>> Security Systems Engineer >>>> Yellow Dog Networks, Inc >>>> 785-342-7903 >>>> >>>>> On Oct 8, 2020, at 12:11 PM, Louis Scaringella via PacketFence-users >>>>> <packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>> From the Aruba.pm switch file I see this: >>>>> >>>>> >>>>> sub extractSsid { >>>>> my ($self, $radius_request) = @_; >>>>> my $logger = $self->logger; >>>>> >>>>> # Aruba-Essid-Name VSA >>>>> if (defined($radius_request->{'Aruba-Essid-Name'})) { >>>>> return $radius_request->{'Aruba-Essid-Name'}; >>>>> } >>>>> >>>>> $logger->warn( >>>>> "Unable to extract SSID for module " . ref($self) . ". SSID-based >>>>> VLAN assignments won't work. " >>>>> . "Please let us know so we can add support for it." >>>>> ); >>>>> return; >>>>> >>>>> It looks to be searching for the Aruba-ESSID-NAME instead of >>>>> Called-Station-SSID. Do you think we’d have to change the switch.pm to >>>>> reflect that instead then? >>>>> >>>>> Louis Scaringella >>>>> Security Systems Engineer >>>>> Yellow Dog Networks, Inc >>>>> 785-342-7903 >>>>> >>>>>> On Oct 7, 2020, at 1:58 PM, Fabrice Durand <fdur...@inverse.ca> wrote: >>>>>> >>>>>> It looks to be a bug in the switch template. >>>>>> >>>>>> Right now there is no method to extract the ssid in other attributes >>>>>> than colling-station-id. >>>>>> >>>>>> We will make a patch to update the default method to extract the ssid >>>>>> from Called-Station-SSID. >>>>>> >>>>>> Le 20-10-07 à 14 h 19, Louis Scaringella a écrit : >>>>>>> Here is the request: >>>>>>> >>>>>>> RADIUS Request >>>>>>> User-Name = "00-24-d6-5b-30-bc" >>>>>>> User-Password = "******" >>>>>>> NAS-IP-Address = 198.18.255.64 >>>>>>> NAS-Port = 0 >>>>>>> Service-Type = Call-Check >>>>>>> Called-Station-Id = "20:4c:03:58:99:8a" >>>>>>> Calling-Station-Id = "00:24:d6:5b:30:bc" >>>>>>> NAS-Port-Type = Wireless-802.11 >>>>>>> Event-Timestamp = "Oct 7 2020 13:14:28 CDT" >>>>>>> Message-Authenticator = 0x0ba983427b333601e7704e6fbfc6739d >>>>>>> Aruba-Essid-Name = "Lab-Open-Guest" >>>>>>> Aruba-Location-Id = "Lab AP-A0:E4" >>>>>>> Aruba-AP-Group = "default" >>>>>>> Stripped-User-Name = "00-24-d6-5b-30-bc" >>>>>>> Realm = "null" >>>>>>> FreeRADIUS-Client-IP-Address = 198.18.255.64 >>>>>>> Called-Station-SSID = "Lab-Open-Guest" >>>>>>> PacketFence-KeyBalanced = "8a61332855442ed4efb3a8b31b7b9e13" >>>>>>> PacketFence-Radius-Ip = "198.18.255.132" >>>>>>> SQL-User-Name = "00-24-d6-5b-30-bc” >>>>>>> >>>>>>> It seems to show under the Called-Station-SSID as well as >>>>>>> Aruba-ESSID-NAME. >>>>>>> >>>>>>> Louis Scaringella >>>>>>> Security Systems Engineer >>>>>>> Yellow Dog Networks, Inc >>>>>>> 785-342-7903 >>>>>>> >>>>>>>> On Oct 7, 2020, at 1:17 PM, Fabrice Durand <fdur...@inverse.ca> wrote: >>>>>>>> >>>>>>>> Check in the radius audit log for the radius request and check if one >>>>>>>> of the attribute contain the SSID. >>>>>>>> >>>>>>>> If the SSID is defined in one of the attribute then we will be able to >>>>>>>> fix it , if no then check on the aruba side if there a way to push it. >>>>>>>> (it's by default) >>>>>>>> >>>>>>>> Le 20-10-07 à 14 h 12, Louis Scaringella a écrit : >>>>>>>>> Here it is. It appears it isn’t able to extract the SSID from the >>>>>>>>> Aruba Controller. This is ArubaOS 8.6 running on the controller. >>>>>>>>> >>>>>>>>> Any ideas to workaround this? It even says to let you all know so you >>>>>>>>> can add support for it. I appreciate all you do to keep this product >>>>>>>>> awesome! >>>>>>>>> >>>>>>>>> Oct 7 13:08:35 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of >>>>>>>>> Called-Station-Id: 20:4c:03:58:99:8a (pf::Switch::extractSsid) >>>>>>>>> Oct 7 13:08:35 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> WARN: [mac:00:24:d6:5b:30:bc] Unable to extract SSID for module >>>>>>>>> pf::Switch::Template. SSID-based VLAN assignments won't work. Please >>>>>>>>> let us know so we can add support for it. (pf::Switch::extractSsid) >>>>>>>>> Oct 7 13:08:35 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] handling radius autz request: from >>>>>>>>> switch_ip => (198.18.255.64), connection_type => >>>>>>>>> Wireless-802.11-NoEAP,switch_mac => (20:4c:03:58:99:8a), mac => >>>>>>>>> [00:24:d6:5b:30:bc], port => 0, username => "00-24-d6-5b-30-bc" >>>>>>>>> (pf::radius::authorize) >>>>>>>>> Oct 7 13:08:35 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile default >>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:08:35 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Match rule MAC-Auth >>>>>>>>> (pf::access_filter::test) >>>>>>>>> Oct 7 13:08:35 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] vlan filter match ; belongs into REJECT >>>>>>>>> VLAN (pf::role::getRegistrationRole) >>>>>>>>> Oct 7 13:08:35 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] According to rules in fetchRoleForNode >>>>>>>>> this node must be kicked out. Returning USERLOCK >>>>>>>>> (pf::Switch::Template::handleRadiusDeny) >>>>>>>>> Oct 7 13:08:44 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:08:51 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:08:52 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2657) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:08:57 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:08:57 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2657) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:08:59 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:00:24:d6:5b:30:bc] Calling match with >>>>>>>>> empty/invalid rule class. Defaulting to 'authentication' >>>>>>>>> (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Using sources >>>>>>>>> OpenWifi for matching (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Matched rule >>>>>>>>> (catchall) in source OpenWifi, returning actions. >>>>>>>>> (pf::Authentication::Source::match_rule) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Matched rule >>>>>>>>> (catchall) in source OpenWifi, returning actions. >>>>>>>>> (pf::Authentication::Source::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:00:24:d6:5b:30:bc] Calling match with >>>>>>>>> empty/invalid rule class. Defaulting to 'authentication' >>>>>>>>> (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Using sources >>>>>>>>> OpenWifi for matching (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:00:24:d6:5b:30:bc] Calling match with >>>>>>>>> empty/invalid rule class. Defaulting to 'authentication' >>>>>>>>> (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Using sources >>>>>>>>> OpenWifi for matching (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Matched rule >>>>>>>>> (catchall) in source OpenWifi, returning actions. >>>>>>>>> (pf::Authentication::Source::match_rule) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Matched rule >>>>>>>>> (catchall) in source OpenWifi, returning actions. >>>>>>>>> (pf::Authentication::Source::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:00:24:d6:5b:30:bc] Calling match with >>>>>>>>> empty/invalid rule class. Defaulting to 'authentication' >>>>>>>>> (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Using sources >>>>>>>>> OpenWifi for matching (pf::authentication::match) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2657) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] No provisioner found >>>>>>>>> for 00:24:d6:5b:30:bc. Continuing. >>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] security_event >>>>>>>>> 1300003 force-closed for 00:24:d6:5b:30:bc >>>>>>>>> (pf::security_event::security_event_force_close) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2655) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:unknown] locale from the URL is not >>>>>>>>> supported (pf::Portal::Session::getLanguages) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:00:24:d6:5b:30:bc] locale from the URL >>>>>>>>> is not supported (pf::Portal::Session::getLanguages) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:00:24:d6:5b:30:bc] locale from the URL >>>>>>>>> is not supported >>>>>>>>> (captiveportal::PacketFence::Controller::Root::getLanguages) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Releasing device >>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Module::Root::release) >>>>>>>>> Oct 7 13:09:00 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] User default has >>>>>>>>> authenticated on the portal. (Class::MOP::Class:::after) >>>>>>>>> Oct 7 13:09:01 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) WARN: [mac:00:24:d6:5b:30:bc] locale from the URL >>>>>>>>> is not supported (pf::Portal::Session::getLanguages) >>>>>>>>> Oct 7 13:09:01 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] re-evaluating access >>>>>>>>> (manage_register called) (pf::enforcement::reevaluate_access) >>>>>>>>> Oct 7 13:09:01 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile >>>>>>>>> default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:09:01 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] VLAN reassignment is >>>>>>>>> forced. (pf::enforcement::_should_we_reassign_vlan) >>>>>>>>> Oct 7 13:09:01 localhost packetfence_httpd.portal: >>>>>>>>> httpd.portal(2656) INFO: [mac:00:24:d6:5b:30:bc] switch port is >>>>>>>>> (198.18.255.64) ifIndex 0connection type: WiFi MAC Auth >>>>>>>>> (pf::enforcement::_vlan_reevaluation) >>>>>>>>> Oct 7 13:09:02 localhost pfqueue: pfqueue(4604) INFO: >>>>>>>>> [mac:00:24:d6:5b:30:bc] [00:24:d6:5b:30:bc] DesAssociating mac on >>>>>>>>> switch (198.18.255.64) (pf::api::desAssociate) >>>>>>>>> Oct 7 13:09:02 localhost pfqueue: pfqueue(4604) INFO: >>>>>>>>> [mac:00:24:d6:5b:30:bc] deauthenticating >>>>>>>>> (pf::Switch::Template::radiusDisconnect) >>>>>>>>> Oct 7 13:09:02 localhost pfqueue: pfqueue(4604) INFO: >>>>>>>>> [mac:00:24:d6:5b:30:bc] controllerIp is set, we will use controller >>>>>>>>> 198.18.255.64 to perform deauth >>>>>>>>> (pf::Switch::Template::disconnectAddress) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Unable to extract SSID of >>>>>>>>> Called-Station-Id: 20:4c:03:58:99:8a (pf::Switch::extractSsid) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> WARN: [mac:00:24:d6:5b:30:bc] Unable to extract SSID for module >>>>>>>>> pf::Switch::Template. SSID-based VLAN assignments won't work. Please >>>>>>>>> let us know so we can add support for it. (pf::Switch::extractSsid) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] handling radius autz request: from >>>>>>>>> switch_ip => (198.18.255.64), connection_type => >>>>>>>>> Wireless-802.11-NoEAP,switch_mac => (20:4c:03:58:99:8a), mac => >>>>>>>>> [00:24:d6:5b:30:bc], port => 0, username => "00-24-d6-5b-30-bc" >>>>>>>>> (pf::radius::authorize) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Instantiate profile default >>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Found authentication source(s) : >>>>>>>>> 'local,file1,LabDC,LabDC-TestSponsor' for realm 'null' >>>>>>>>> (pf::config::util::filter_authentication_sources) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Connection type is MAC-AUTH. Getting >>>>>>>>> role from node_info (pf::role::getRegisteredRole) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Username was defined >>>>>>>>> "00-24-d6-5b-30-bc" - returning role 'guest' >>>>>>>>> (pf::role::getRegisteredRole) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] PID: "default", Status: reg Returned >>>>>>>>> VLAN: (undefined), Role: guest (pf::role::fetchRoleForNode) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> WARN: [mac:00:24:d6:5b:30:bc] No parameter guestVlan found in >>>>>>>>> conf/switches.conf for the switch 198.18.255.64 >>>>>>>>> (pf::Switch::getVlanByName) >>>>>>>>> Oct 7 13:09:02 localhost packetfence_httpd.aaa: httpd.aaa(2063) >>>>>>>>> INFO: [mac:00:24:d6:5b:30:bc] Updating locationlog from accounting >>>>>>>>> request (pf::api::handle_accounting_metadata) >>>>>>>>> Louis Scaringella >>>>>>>>> Security Systems Engineer >>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>> 785-342-7903 >>>>>>>>> >>>>>>>>>> On Oct 7, 2020, at 11:41 AM, Fabrice Durand <fdur...@inverse.ca> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> What i am looking for is the line in packetfence.log that start with >>>>>>>>>> "handling radius autz request" >>>>>>>>>> >>>>>>>>>> Le 20-10-07 à 12 h 02, Louis Scaringella a écrit : >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> When I add the SSID filter to the connection profile, this is the >>>>>>>>>>> log I see: >>>>>>>>>>> >>>>>>>>>>> Oct 7 10:59:54 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile default (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> >>>>>>>>>>> If the SSID filter is removed, it matches the connection profile I >>>>>>>>>>> want which is the one with the customized portal logo and different >>>>>>>>>>> guest authentication types. That is the "Lab-Aruba-OpenGuest-copy” >>>>>>>>>>> profile in this case. >>>>>>>>>>> >>>>>>>>>>> Louis Scaringella >>>>>>>>>>> Security Systems Engineer >>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>> 785-342-7903 >>>>>>>>>>> >>>>>>>>>>>> On Oct 7, 2020, at 8:17 AM, Fabrice Durand via PacketFence-users >>>>>>>>>>>> <packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hello Louis, >>>>>>>>>>>> >>>>>>>>>>>> can you provide the packetfence.log when you authenticate and hit >>>>>>>>>>>> the portal ? >>>>>>>>>>>> >>>>>>>>>>>> Regards >>>>>>>>>>>> >>>>>>>>>>>> Fabrice >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Le 20-10-06 à 17 h 30, Louis Scaringella via PacketFence-users a >>>>>>>>>>>> écrit : >>>>>>>>>>>>> Still no luck with this. Can someone verify that my profile >>>>>>>>>>>>> config looks alright? It seems very straightforward with the SSID >>>>>>>>>>>>> filter in place. >>>>>>>>>>>>> >>>>>>>>>>>>> I really appreciate any help that you can provide. >>>>>>>>>>>>> >>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>> >>>>>>>>>>>>>> On Oct 6, 2020, at 8:58 AM, Louis Scaringella via >>>>>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> To add to this, I tried add an advanced filter with what showed >>>>>>>>>>>>>> up for the SSID name in the Radius request in the audit logs but >>>>>>>>>>>>>> still didn’t match this. Things like called-station-ID and >>>>>>>>>>>>>> ArubaESSID but none of those worked either. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The wireless vendor is Aruba and there is a controller used. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Oct 5, 2020, at 7:13 PM, Louis Scaringella via >>>>>>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Any ideas on this? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Oct 5, 2020, at 8:50 AM, Louis Scaringella >>>>>>>>>>>>>>>> <lscaringe...@yellowdognetworks.com> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> When I remove the SSID filter, the NoEap connection type >>>>>>>>>>>>>>>> matches perfectly and it uses that profile and presents that >>>>>>>>>>>>>>>> customized page for the captive portal. Whenever I use the >>>>>>>>>>>>>>>> SSID filter in addition to the connection type, it seems to >>>>>>>>>>>>>>>> match the default and presents the default captive portal >>>>>>>>>>>>>>>> screen. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Oct 5, 2020, at 6:52 AM, Ludovic Zammit >>>>>>>>>>>>>>>>> <lzam...@inverse.ca> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hello Louis, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Could you show me your conf/profile.conf please. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Ludovic Zammit >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>>>>>>>>>>>>> www.inverse.ca >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo ( >>>>>>>>>>>>>>>>> http://www.sogo.nu) and PacketFence (http://packetfence.org) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Oct 3, 2020, at 5:00 AM, Louis Scaringella via >>>>>>>>>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Ultimately what I am trying to accomplish is to have >>>>>>>>>>>>>>>>>> multiple connection profiles chosen by SSID so that I can >>>>>>>>>>>>>>>>>> present different captive portal pages and authentication >>>>>>>>>>>>>>>>>> types. The only way I see to do that is through the >>>>>>>>>>>>>>>>>> connection profile. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Am I missing something with the SSID filter not working with >>>>>>>>>>>>>>>>>> non-EAP connection types? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Oct 3, 2020, at 2:16 AM, Louis Scaringella >>>>>>>>>>>>>>>>>>> <lscaringe...@yellowdognetworks.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I am running 10.1, I forgot to mention. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Oct 3, 2020, at 1:40 AM, Louis Scaringella >>>>>>>>>>>>>>>>>>>> <lscaringe...@yellowdognetworks.com> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> When I configure a custom connection profile for my open >>>>>>>>>>>>>>>>>>>> guest captive portal connection with AUP, I am able to >>>>>>>>>>>>>>>>>>>> have the connection profile get triggered and used when I >>>>>>>>>>>>>>>>>>>> use the Connection Type filter with >>>>>>>>>>>>>>>>>>>> “Wireless-802.11-NoEAP”. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> However, if I add the condition of all and add the SSID >>>>>>>>>>>>>>>>>>>> filter, it doesn’t match that connection profile and just >>>>>>>>>>>>>>>>>>>> uses the default even though the SSID is correct. I have >>>>>>>>>>>>>>>>>>>> to manually type the SSID in and the SSID doesn’t show >>>>>>>>>>>>>>>>>>>> anywhere in the nodes section which from past messages, I >>>>>>>>>>>>>>>>>>>> understand that this is where that comes from. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I found a bug that describes this issue close enough. >>>>>>>>>>>>>>>>>>>> Could this be that problem? >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> The information transmitted, including any attachments, is >>>>>>>>>>>>>>>>>> intended only for the person or entity to which it is >>>>>>>>>>>>>>>>>> addressed and may contain confidential and/or privileged >>>>>>>>>>>>>>>>>> material. Any review, retransmission, dissemination or other >>>>>>>>>>>>>>>>>> use of, or taking of any action in reliance upon, this >>>>>>>>>>>>>>>>>> information by persons or entities other than the intended >>>>>>>>>>>>>>>>>> recipient is prohibited, and all liability arising therefrom >>>>>>>>>>>>>>>>>> is disclaimed. If you received this in error, please contact >>>>>>>>>>>>>>>>>> the sender and delete the material from any computer. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>>>> The information transmitted, including any attachments, is >>>>>>>>>>>>>>> intended only for the person or entity to which it is addressed >>>>>>>>>>>>>>> and may contain confidential and/or privileged material. Any >>>>>>>>>>>>>>> review, retransmission, dissemination or other use of, or >>>>>>>>>>>>>>> taking of any action in reliance upon, this information by >>>>>>>>>>>>>>> persons or entities other than the intended recipient is >>>>>>>>>>>>>>> prohibited, and all liability arising therefrom is disclaimed. >>>>>>>>>>>>>>> If you received this in error, please contact the sender and >>>>>>>>>>>>>>> delete the material from any computer. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>>> The information transmitted, including any attachments, is >>>>>>>>>>>>>> intended only for the person or entity to which it is addressed >>>>>>>>>>>>>> and may contain confidential and/or privileged material. Any >>>>>>>>>>>>>> review, retransmission, dissemination or other use of, or taking >>>>>>>>>>>>>> of any action in reliance upon, this information by persons or >>>>>>>>>>>>>> entities other than the intended recipient is prohibited, and >>>>>>>>>>>>>> all liability arising therefrom is disclaimed. If you received >>>>>>>>>>>>>> this in error, please contact the sender and delete the material >>>>>>>>>>>>>> from any computer. >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>> The information transmitted, including any attachments, is >>>>>>>>>>>>> intended only for the person or entity to which it is addressed >>>>>>>>>>>>> and may contain confidential and/or privileged material. Any >>>>>>>>>>>>> review, retransmission, dissemination or other use of, or taking >>>>>>>>>>>>> of any action in reliance upon, this information by persons or >>>>>>>>>>>>> entities other than the intended recipient is prohibited, and all >>>>>>>>>>>>> liability arising therefrom is disclaimed. If you received this >>>>>>>>>>>>> in error, please contact the sender and delete the material from >>>>>>>>>>>>> any computer. >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>> -- >>>>>>>>>>>> Fabrice Durand >>>>>>>>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> The information transmitted, including any attachments, is intended >>>>>>>>>>> only for the person or entity to which it is addressed and may >>>>>>>>>>> contain confidential and/or privileged material. Any review, >>>>>>>>>>> retransmission, dissemination or other use of, or taking of any >>>>>>>>>>> action in reliance upon, this information by persons or entities >>>>>>>>>>> other than the intended recipient is prohibited, and all liability >>>>>>>>>>> arising therefrom is disclaimed. If you received this in error, >>>>>>>>>>> please contact the sender and delete the material from any computer. >>>>>>>>>> -- >>>>>>>>>> Fabrice Durand >>>>>>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>> The information transmitted, including any attachments, is intended >>>>>>>>> only for the person or entity to which it is addressed and may >>>>>>>>> contain confidential and/or privileged material. Any review, >>>>>>>>> retransmission, dissemination or other use of, or taking of any >>>>>>>>> action in reliance upon, this information by persons or entities >>>>>>>>> other than the intended recipient is prohibited, and all liability >>>>>>>>> arising therefrom is disclaimed. If you received this in error, >>>>>>>>> please contact the sender and delete the material from any computer. >>>>>>>> -- >>>>>>>> Fabrice Durand >>>>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>> PacketFence (http://packetfence.org) >>>>>>>> >>>>>>> The information transmitted, including any attachments, is intended >>>>>>> only for the person or entity to which it is addressed and may contain >>>>>>> confidential and/or privileged material. Any review, retransmission, >>>>>>> dissemination or other use of, or taking of any action in reliance >>>>>>> upon, this information by persons or entities other than the intended >>>>>>> recipient is prohibited, and all liability arising therefrom is >>>>>>> disclaimed. If you received this in error, please contact the sender >>>>>>> and delete the material from any computer. >>>>>> -- >>>>>> Fabrice Durand >>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>>> (http://packetfence.org) >>>>> The information transmitted, including any attachments, is intended only >>>>> for the person or entity to which it is addressed and may contain >>>>> confidential and/or privileged material. Any review, retransmission, >>>>> dissemination or other use of, or taking of any action in reliance upon, >>>>> this information by persons or entities other than the intended recipient >>>>> is prohibited, and all liability arising therefrom is disclaimed. If you >>>>> received this in error, please contact the sender and delete the material >>>>> from any computer. >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> The information transmitted, including any attachments, is intended only >>>> for the person or entity to which it is addressed and may contain >>>> confidential and/or privileged material. Any review, retransmission, >>>> dissemination or other use of, or taking of any action in reliance upon, >>>> this information by persons or entities other than the intended recipient >>>> is prohibited, and all liability arising therefrom is disclaimed. If you >>>> received this in error, please contact the sender and delete the material >>>> from any computer. >>> -- >>> Fabrice Durand >>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >> The information transmitted, including any attachments, is intended only for >> the person or entity to which it is addressed and may contain confidential >> and/or privileged material. Any review, retransmission, dissemination or >> other use of, or taking of any action in reliance upon, this information by >> persons or entities other than the intended recipient is prohibited, and all >> liability arising therefrom is disclaimed. If you received this in error, >> please contact the sender and delete the material from any computer. > > -- > Fabrice Durand > fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > The information transmitted, including any attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited, and all liability arising therefrom is disclaimed. If you received this in error, please contact the sender and delete the material from any computer. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
