Re: [PacketFence-users] Packetfence Wireless-802.11-EAP authentication successfull, but sent to registration pending after some time

Wed, 09 Dec 2020 18:03:03 -0800 

Hello Florian,
it looks that you have a provisioner configured on the connection profile WLAN_EAP. 

Can you remove it and retry ?

Regards

Fabrice


Le 20-12-09 à 03 h 52, Krug, Florian via PacketFence-users a écrit :


Dear Community,


I have a strange behaviour of Packetfence, and do not find the 
problem. I am using Packetfence 10.2.0 on an CentOs System. As 
Wireless AP’s we are Using Unifi Pro Aps.



Authentication through our MSI PKI for Wireless Access with Client 
certificates is successful working, but after some time, I can see 
attached problem in packetfence.log



The Node is than set back to pending and to registration VLAN. Only 
Workaround is to set the nodes back to registered to get client vlan.


Hope you can guide me in the right direction.


Dec  9 08:35:09 packetfence packetfence: pfperl-api(15879) INFO: Using 
300 resolution threshold (pf::pfcron::task::cluster_check::run)



Dec  9 08:35:09 packetfence packetfence: pfperl-api(15879) INFO: All 
cluster members are running the same configuration version 
(pf::pfcron::task::cluster_check::run)



Dec  9 08:35:09 packetfence packetfence: pfperl-api(25991) INFO: 
processed 0 security_events during security_event maintenance 
(1607499309.17937 1607499309.18552) 
(pf::security_event::security_event_maintenance)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] processing 
delayed security_event : 98, 1300002 
(pf::security_event::_security_event_run_delayed)



Dec  9 08:35:09 packetfence packetfence: pfperl-api(25991) INFO: 
processed 1 security_events during security_event maintenance 
(1607499309.18683 1607499309.19435) 
(pf::security_event::security_event_maintenance)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] security_event 
for mac 28:16:a8:56:d0:d4 security_event_id 1300002 modified 
(pf::security_event::security_event_modify)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) WARN: [mac:28:16:a8:56:d0:d4] Warning: 1265: 
Data truncated for column 'release_date' at row 1 (pf::dal::db_execute)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] executing action 
'log' on class 1300002 (pf::action::action_execute)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] 
/usr/local/pf/logs/security_event.log 2020-12-09 08:35:09: 
Provisioning Enforcement (1300002) detected on node 28:16:a8:56:d0:d4 
(10.11.1.157) (pf::action::action_log)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] executing action 
'enforce_provisioning' on class 1300002 (pf::action::action_execute)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] Instantiate 
profile WLAN_EAP (pf::Connection::ProfileFactory::_from_profile)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) WARN: [mac:28:16:a8:56:d0:d4] 
28:16:a8:56:d0:d4 is not authorized anymore with it's provisionner. 
Putting node as pending. (pf::action::action_enforce_provisioning)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] re-evaluating 
access (manage_vopen called) (pf::enforcement::reevaluate_access)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] Instantiate 
profile WLAN_EAP (pf::Connection::ProfileFactory::_from_profile)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] is currentlog 
connected at (10.99.1.128) ifIndex 0 Client 
(pf::enforcement::_should_we_reassign_vlan)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] is of status 
pending; belongs into registration VLAN (pf::role::getRegistrationRole)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] VLAN 
reassignment required (current VLAN = 11 but should be in VLAN 201) 
(pf::enforcement::_should_we_reassign_vlan)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] switch port is 
(10.99.1.128) ifIndex 0connection type: WiFi 802.1X 
(pf::enforcement::_vlan_reevaluation)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] this is a 
non-reevaluate-access security_event, closing security_event entry now 
(pf::action::action_execute)



Dec  9 08:35:09 packetfence packetfence_httpd.webservices: 
httpd.webservices(2559) INFO: [mac:28:16:a8:56:d0:d4] security_event 
1300002 force-closed for 28:16:a8:56:d0:d4 
(pf::security_event::security_event_force_close)



Dec  9 08:35:10 packetfence pfqueue: pfqueue(20477) INFO: 
[mac:28:16:a8:56:d0:d4] [28:16:a8:56:d0:d4] DesAssociating mac on 
switch (10.99.1.128) (pf::api::desAssociate)



Dec  9 08:35:10 packetfence pfqueue: pfqueue(20477) INFO: 
[mac:28:16:a8:56:d0:d4] Found site: Default 
(pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)



Dec  9 08:35:10 packetfence pfqueue: pfqueue(20477) INFO: 
[mac:28:16:a8:56:d0:d4] Deauth on site: Default 
(pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)



Dec  9 08:35:10 packetfence pfqueue: pfqueue(20477) INFO: 
[mac:28:16:a8:56:d0:d4] Switched status on the Unifi controller using 
command kick-sta (pf::Switch::Ubiquiti::Unifi::_deauthenticateMacWithHTTP)



Dec  9 08:35:11 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
INFO: [mac:28:16:a8:56:d0:d4] handling radius autz request: from 
switch_ip => (10.99.1.128), connection_type => 
Wireless-802.11-EAP,switch_mac => (2a:e8:29:9a:bd:c2), mac => 
[28:16:a8:56:d0:d4], port => 0, username => 
"host/PC102.schoepfgmbh.local", ssid => SCHOEPFINTRANET 
(pf::radius::authorize)



Dec  9 08:35:11 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
INFO: [mac:28:16:a8:56:d0:d4] is doing machine auth with account 
'host/PC102.schoepfgmbh.local'. (pf::radius::authorize)



Dec  9 08:35:11 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
INFO: [mac:28:16:a8:56:d0:d4] Instantiate profile WLAN_EAP 
(pf::Connection::ProfileFactory::_from_profile)



Dec  9 08:35:11 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
INFO: [mac:28:16:a8:56:d0:d4] is of status pending; belongs into 
registration VLAN (pf::role::getRegistrationRole)



Dec  9 08:35:11 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
INFO: [mac:28:16:a8:56:d0:d4] (10.99.1.128) Added VLAN 201 to the 
returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)



Dec  9 08:35:12 packetfence pfqueue: pfqueue(20479) INFO: 
[mac:28:16:a8:56:d0:d4] Instantiate profile WLAN_EAP 
(pf::Connection::ProfileFactory::_from_profile)



Dec  9 08:35:12 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
INFO: [mac:28:16:a8:56:d0:d4] Updating locationlog from accounting 
request (pf::api::handle_accounting_metadata)



Dec  9 08:35:13 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
WARN: [mac:28:16:a8:56:d0:d4] Unable to pull accounting history for 
device 28:16:a8:56:d0:d4. The history set doesn't exist yet. 
(pf::accounting_events_history::latest_mac_history)



Dec  9 08:35:13 packetfence packetfence_httpd.aaa: httpd.aaa(2540) 
WARN: [mac:28:16:a8:56:d0:d4] Unable to pull accounting history for 
device 28:16:a8:56:d0:d4. The history set doesn't exist yet. 
(pf::accounting_events_history::latest_mac_history)



Dec  9 08:35:13 packetfence pfqueue: pfqueue(19974) WARN: 
[mac:28:16:a8:56:d0:d4] Unable to match MAC address to IP 
'10.201.1.166' (pf::ip4log::ip2mac)



Dec  9 08:35:13 packetfence pfqueue: pfqueue(19974) INFO: 
[mac:28:16:a8:56:d0:d4] oldip (10.11.1.157) and newip (10.201.1.166) 
are different for 28:16:a8:56:d0:d4 - closing ip4log entry 
(pf::api::update_ip4log)



Dec  9 08:35:13 packetfence pfqueue: pfqueue(20480) INFO: 
[mac:28:16:a8:56:d0:d4] Instantiate profile WLAN_EAP 
(pf::Connection::ProfileFactory::_from_profile)



Dec  9 08:35:13 packetfence pfipset[2314]: t=2020-12-09T08:35:13+0100 
lvl=info msg="No Inline Network bypass ipsets reload" pid=2314


Best regards and many thanks

Florian

------------------------------------------------------------------------
E. Schoepf GmbH
Rathausstraße 18, 95236 Stammbach
Registergericht: Hof, HRB 47
Geschäftsführer: Florian Krug


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to