Hello All, I see the following error message when doing SSO with the Firewall. Could someone please help.
Jun 10 14:56:57 packetfence packetfence: pfperl-api(10751) INFO: getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Jun 10 14:56:57 packetfence packetfence: pfperl-api(10753) INFO: Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Jun 10 14:56:57 packetfence packetfence: pfperl-api(10753) INFO: All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Jun 10 14:56:57 packetfence packetfence: pfperl-api(10754) INFO: processed 0 security_events during security_event maintenance (1623317217.13024 1623317217.1369) (pf::security_event::security_event_maintenance) Jun 10 14:56:57 packetfence packetfence: pfperl-api(10754) INFO: processed 0 security_events during security_event maintenance (1623317217.13824 1623317217.14037) (pf::security_event::security_event_maintenance) Jun 10 14:57:00 packetfence packetfence_httpd.portal: httpd.portal(18445) WARN: [mac:unknown] Unable to match MAC address to IP '10.0.2.161' (pf::ip4log::ip2mac) Jun 10 14:57:00 packetfence packetfence_httpd.portal: httpd.portal(18445) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.0.2.161' (pf::ip4log::ip2mac) Jun 10 14:57:01 packetfence packetfence_httpd.portal: httpd.portal(18445) INFO: [mac:00:11:22:33:44:55] Allowing user through portal even though he is registered as the release bypass is set and the connection profile is configured to let registered users use the registration module of the portal. (captiveportal::PacketFence::DynamicRouting::Module::Root::execute_child) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] handling radius autz request: from switch_ip => (192.168.2.12), connection_type => Ethernet-EAP,switch_mac => (c0:62:6b:68:f4:0b), mac => [94:c6:91:a8:d3:1c], port => 10009, username => "regulartest" (pf::radius::authorize) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Instantiate profile dot1x-per-port (pf::Connection::ProfileFactory::_from_profile) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Found authentication source(s) : 'set-group-based-role' for realm 'null' (pf::config::util::filter_authentication_sources) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Using sources set-group-based-role for matching (pf::authentication::match2) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN: [mac:94:c6:91:a8:d3:1c] [set-group-based-role set-role-full-access] Searching for (&(sAMAccountName=regulartest)(memberOf=CN=Bypassed,OU=AOL-Group,DC=AOLIC,DC=NET)), from DC=aolic,DC=net, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] LDAP testing connection (pf::LDAP::expire_if) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN: [mac:94:c6:91:a8:d3:1c] [set-group-based-role set-role-hod] Searching for (&(sAMAccountName=regulartest)(memberOf=CN=HOD,OU=AOL-Group,DC=AOLIC,DC=NET)), from DC=aolic,DC=net, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN: [mac:94:c6:91:a8:d3:1c] [set-group-based-role set-role-regular] Searching for (&(sAMAccountName=regulartest)(memberOf=CN=Regular,OU=AOL-Group,DC=AOLIC,DC=NET)), from DC=aolic,DC=net, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Matched rule (set-role-regular) in source set-group-based-role, returning actions. (pf::Authentication::Source::match_rule) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Matched rule (set-role-regular) in source set-group-based-role, returning actions. (pf::Authentication::Source::match) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Found authentication source(s) : 'set-group-based-role' for realm 'null' (pf::config::util::filter_authentication_sources) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Role has already been computed and we don't want to recompute it. Getting role from node_info (pf::role::getRegisteredRole) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Username was defined "regulartest" - returning role 'Regular' (pf::role::getRegisteredRole) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] PID: "regulartest", Status: reg Returned VLAN: (undefined), Role: Regular (pf::role::fetchRoleForNode) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] (192.168.2.12) Added VLAN 21 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jun 10 14:57:07 packetfence pfqueue: pfqueue(19388) INFO: [mac:unknown] Already did a person lookup for regulartest (pf::lookup::person::lookup_person) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN: [mac:94:c6:91:a8:d3:1c] No parameter RegularRole found in conf/switches.conf for the switch 192.168.2.12 (pf::Switch::getRoleByName) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] security_event 1300003 force-closed for 94:c6:91:a8:d3:1c (pf::security_event::security_event_force_close) Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Instantiate profile dot1x-per-port (pf::Connection::ProfileFactory::_from_profile) Jun 10 14:57:08 packetfence pfsso[10156]: t=2021-06-10T14:57:08+0530 lvl=info msg="Processing SSO Start" pid=10156 request-uuid=073c93c1-c9ce-11eb-9887-000c2929a0ed username=regulartest ip=10.0.101.11 mac=94:c6:91:a8:d3:1c role=Regular firewall-id=172.16.30.18 Jun 10 14:57:08 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) Jun 10 14:57:08 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN: [mac:94:c6:91:a8:d3:1c] Firewall SSO Notify (pf::api::firewallsso_accounting) Jun 10 14:57:08 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO: [mac:94:c6:91:a8:d3:1c] Sending a firewall SSO 'Update' request for MAC '94:c6:91:a8:d3:1c' and IP '10.0.101.11' (pf::firewallsso::do_sso) Jun 10 14:57:08 packetfence pfqueue: pfqueue(18817) INFO: [mac:94:c6:91:a8:d3:1c] Sending a firewall SSO 'Update' request for MAC '94:c6:91:a8:d3:1c' and IP '10.0.101.11' (pf::firewallsso::do_sso) Jun 10 14:57:08 packetfence pfsso[10156]: t=2021-06-10T14:57:08+0530 lvl=info msg="Processing SSO Start" pid=10156 request-uuid=0765aa40-c9ce-11eb-9887-000c2929a0ed username=regulartest ip=10.0.101.11 mac=94:c6:91:a8:d3:1c role=Regular firewall-id=172.16.30.18 Jun 10 14:57:13 packetfence pfsso[10156]: t=2021-06-10T14:57:13+0530 lvl=eror msg="Couldn't SSO to the fortigate, got the following error: context deadline exceeded" pid=10156 request-uuid=073c93c1-c9ce-11eb-9887-000c2929a0ed username=regulartest ip=10.0.101.11 mac=94:c6:91:a8:d3:1c role=Regular firewall-id=172.16.30.18 Jun 10 14:57:13 packetfence pfsso[10156]: t=2021-06-10T14:57:13+0530 lvl=eror msg="Error while sending SSO to context deadline exceeded: %!s(MISSING)172.16.30.18" pid=10156 request-uuid=073c93c1-c9ce-11eb-9887-000c2929a0ed username=regulartest ip=10.0.101.11 mac=94:c6:91:a8:d3:1c role=Regular Jun 10 14:57:13 packetfence pfsso[10156]: t=2021-06-10T14:57:13+0530 lvl=eror msg="Couldn't SSO to the fortigate, got the following error: context deadline exceeded" pid=10156 request-uuid=0765aa40-c9ce-11eb-9887-000c2929a0ed username=regulartest ip=10.0.101.11 mac=94:c6:91:a8:d3:1c role=Regular firewall-id=172.16.30.18 Jun 10 14:57:13 packetfence pfsso[10156]: t=2021-06-10T14:57:13+0530 lvl=eror msg="Error while sending SSO to context deadline exceeded: %!s(MISSING)172.16.30.18" pid=10156 request-uuid=0765aa40-c9ce-11eb-9887-000c2929a0ed username=regulartest ip=10.0.101.11 mac=94:c6:91:a8:d3:1c role=Regular Jun 10 14:57:14 packetfence packetfence_httpd.portal: httpd.portal(18445) WARN: [mac:unknown] Unable to match MAC address to IP '10.0.2.161' (pf::ip4log::ip2mac) Jun 10 14:57:14 packetfence packetfence_httpd.portal: httpd.portal(18445) WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP '10.0.2.161' (pf::ip4log::ip2mac) Jun 10 14:57:14 packetfence packetfence_httpd.portal: httpd.portal(18445) INFO: [mac:00:11:22:33:44:55] Allowing user through portal even though he is registered as the release bypass is set and the connection profile is configured to let registered users use the registration module of the portal. (captiveportal::PacketFence::DynamicRouting::Module::Root::execute_child) Jun 10 14:57:31 packetfence packetfence_httpd.portal: httpd.portal(18445) WARN: [mac:unknown] Unable to match MAC address to IP '10.0.2.161' (pf::ip4log::ip2mac)
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
