Re: [PacketFence-users] Firewall SSO failure

d_s_kelly--- via PacketFence-users Mon, 21 Jun 2021 17:54:16 -0700

 Hi Nicolas,
Thanks for getting back to me. I made the changes you suggested, but I noticed 
that it made no attempt to update the firewall when I left the network fields 
empty.
When I did enter a network range (192.168.152.0/23 in this example), it then 
seemed to be trying to SSO _all_ requests, which was very odd. Here's the debug 
text from one IP/MAC, which you'll notice doesn't match the subnet.
(Sorry for the long copy/paste!)
Jun 22 01:00:22 boc-pf pfqueue: pfqueue(89792) DEBUG: [mac:unknown] 
instantiating new pf::inline object (pf::inline::new)Jun 22 01:00:22 boc-pf 
pfqueue: pfqueue(89792) DEBUG: [mac:unknown] Instantiate a new iptables 
modification method. pf::ipset (pf::inline::get_technique)Jun 22 01:00:22 
boc-pf pfqueue: pfqueue(89792) DEBUG: [mac:unknown] instantiating new 
pf::iptables object (pf::iptables::new)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] instantiating new pf::inline object 
(pf::inline::new)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Instantiate a new iptables modification method. pf::ipset 
(pf::inline::get_technique)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
DEBUG: [mac:unknown] instantiating new pf::iptables object 
(pf::iptables::new)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(89792) DEBUG: 
[mac:unknown] instantiating new pf::access_filter::dhcp 
(pf::access_filter::new)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(89792) DEBUG: 
[mac:unknown] cache get for namespace='Default', key='inreadonly', 
cache='RawMemory', time='0ms': MISS (expired) (CHI::Driver::_log_get_result)Jun 
22 01:00:22 boc-pf pfqueue: pfqueue(89792) DEBUG: [mac:unknown] checking handle 
(pf::db::is_old_connection_good)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(89792) 
DEBUG: [mac:unknown] we are currently connected 
(pf::db::is_old_connection_good)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
DEBUG: [mac:unknown] instantiating new pf::access_filter::dhcp 
(pf::access_filter::new)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(89792) DEBUG: 
[mac:unknown] not checking db handle, it has been less than 30 sec from last 
connection (pf::db::is_old_connection_good)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(89792) DEBUG: [mac:unknown] No wsrep provider so considering wsrep as 
healthy (pf::db::db_wsrep_healthy)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(89792) DEBUG: [mac:unknown] cache set for namespace='Default', 
key='inreadonly', size=1, expires='5s', cache='RawMemory', time='0ms' 
(CHI::Driver::_log_set_result)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
DEBUG: [mac:unknown] cache get for namespace='Default', key='inreadonly', 
cache='RawMemory', time='0ms': MISS (expired) (CHI::Driver::_log_get_result)Jun 
22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] not checking db 
handle, it has been less than 30 sec from last connection 
(pf::db::is_old_connection_good)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
DEBUG: [mac:unknown] not checking db handle, it has been less than 30 sec from 
last connection (pf::db::is_old_connection_good)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] No wsrep provider so considering wsrep as 
healthy (pf::db::db_wsrep_healthy)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] cache set for namespace='Default', 
key='inreadonly', size=1, expires='5s', cache='RawMemory', time='0ms' 
(CHI::Driver::_log_set_result)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(89792) 
DEBUG: [mac:unknown] cache get for namespace='fingerbank', 
key='fingerbank::Config::read_config', cache='Redis', time='0ms': HIT 
(CHI::Driver::_log_get_result)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(89792) 
DEBUG: [mac:unknown] cache get for namespace='fingerbank', 
key='fingerbank::Config::read_config-cached_at', cache='Redis', time='0ms': HIT 
(CHI::Driver::_log_get_result)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
DEBUG: [mac:unknown] Viewing an 'ip4log' table entry for the following MAC 
address 'd0:66:7b:68:28:f3' (pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf 
pfqueue: pfqueue(89792) DEBUG: [mac:unknown] Skipping Fingerbank processing 
because no API key is configured (pf::fingerbank::process)Jun 22 01:00:22 
boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 'ip4log' table 
entry for the following IP address '10.24.9.201' (pf::ip4log::_view_by_ip)Jun 
22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:d0:66:7b:68:28:f3] 
Memory configuration is not valid anymore for key config::Firewall_SSO() in 
local cached_hash (pfconfig::cached::is_valid)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) INFO: [mac:d0:66:7b:68:28:f3] Sending a firewall SSO 'Update' 
request for MAC 'd0:66:7b:68:28:f3' and IP '10.24.9.201' 
(pf::firewallsso::do_sso)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) INFO: 
[mac:d0:66:7b:68:28:f3] Request to /api/v1/firewall_sso/update is unauthorized, 
will perform a login (pf::api::unifiedapiclient::call)Jun 22 01:00:22 boc-pf 
pfqueue: pfqueue(77291) ERROR: [mac:d0:66:7b:68:28:f3] Error handling 
firewallsso : malformed JSON string, neither tag, array, object, number, string 
or atom, at character offset 0 (before "An internal error ha...") at 
/usr/local/pf/lib/pf/api/unifiedapiclient.pm line 225. 
(pf::api::can_fork::notify)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
DEBUG: [mac:d0:66:7b:68:28:f3] Fork trigger_scan off 
(pf::api::can_fork::notify)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
DEBUG: [mac:d0:66:7b:68:28:f3] An 'ip4log' table entry already exists for that 
IP (10.24.9.201). Proceed with updating it (pf::ip4log::open)Jun 22 01:00:22 
boc-pf pfqueue: pfqueue(77291) WARN: [mac:unknown] Use of uninitialized value 
in string ne at /usr/local/pf/lib/pf/locationlog.pm line 487. 
(pf::locationlog::_is_locationlog_accurate)Jun 22 01:00:22 boc-pf pfqueue: Use 
of uninitialized value in string ne at /usr/local/pf/lib/pf/locationlog.pm line 
487.Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) WARN: [mac:unknown] Use of 
uninitialized value $switch_mac in string ne at 
/usr/local/pf/lib/pf/locationlog.pm line 487. 
(pf::locationlog::_is_locationlog_accurate)Jun 22 01:00:22 boc-pf pfqueue: Use 
of uninitialized value $switch_mac in string ne at 
/usr/local/pf/lib/pf/locationlog.pm line 487.Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] latest locationlog entry is still accurate 
(pf::locationlog::_is_locationlog_accurate)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] should be allowed through firewall 
(pf::inline::fetchMarkForNode)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) 
INFO: [mac:unknown] stated changed, adapting firewall rules for proper 
enforcement (pf::inline::performInlineEnforcement)Jun 22 01:00:22 boc-pf 
pfipset[7570]: t=2021-06-22T01:00:22+0100 lvl=info msg="Syncing to peers" 
pid=7570 request-uuid=d72007af-d2ec-11eb-8217-005056b1bf91Jun 22 01:00:22 
boc-pf pfipset[7570]: t=2021-06-22T01:00:22+0100 lvl=info msg="Removed 
10.24.9.201 from pfsession_Reg_10.24.9.0" pid=7570 
request-uuid=d72007af-d2ec-11eb-8217-005056b1bf91Jun 22 01:00:22 boc-pf 
pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfipset[7570]: 
t=2021-06-22T01:00:22+0100 lvl=info msg="Syncing to peers" pid=7570 
request-uuid=d72d14ba-d2ec-11eb-8217-005056b1bf91Jun 22 01:00:22 boc-pf 
pfipset[7570]: t=2021-06-22T01:00:22+0100 lvl=info msg="Removed 10.24.9.201 
from PF-iL2_ID13_10.24.9.0 Mac: d0:66:7b:68:28:f3" pid=7570 
request-uuid=d72d14ba-d2ec-11eb-8217-005056b1bf91Jun 22 01:00:22 boc-pf 
pfipset[7570]: t=2021-06-22T01:00:22+0100 lvl=info msg="Removed old ip 
10.24.9.201 from pfsession_Reg_10.24.9.0 Mac: d0:66:7b:68:28:f3" pid=7570 
request-uuid=d72d14ba-d2ec-11eb-8217-005056b1bf91Jun 22 01:00:22 boc-pf 
pfipset[7570]: t=2021-06-22T01:00:22+0100 lvl=info msg="Added 10.24.9.201 
d0:66:7b:68:28:f3 to pfsession_Reg_10.24.9.0" pid=7570 
request-uuid=d72d14ba-d2ec-11eb-8217-005056b1bf91Jun 22 01:00:22 boc-pf 
pfipset[7570]: t=2021-06-22T01:00:22+0100 lvl=info msg="Added 10.24.9.201 to 
PF-iL2_ID13_10.24.9.0 Mac: d0:66:7b:68:28:f3" pid=7570 
request-uuid=d72d14ba-d2ec-11eb-8217-005056b1bf91Jun 22 01:00:22 boc-pf 
pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 01:00:22 boc-pf pfqueue: 
pfqueue(77291) DEBUG: [mac:unknown] Trying to match IP address to MAC 
'd0:66:7b:68:28:f3' using SQL 'ip4log' table (pf::ip4log::mac2ip)Jun 22 
01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: [mac:unknown] Viewing an 
'ip4log' table entry for the following MAC address 'd0:66:7b:68:28:f3' 
(pf::ip4log::_view_by_mac)Jun 22 01:00:22 boc-pf pfqueue: pfqueue(77291) DEBUG: 
[mac:unknown] Matched MAC 'd0:66:7b:68:28:f3' to IP address '10.24.9.201' using 
SQL 'ip4log' table (pf::ip4log::mac2ip)





Regards
Daniel Kelly
    On Monday, 21 June 2021, 11:00:00 BST, Quiniou-Briand, Nicolas 
<nquin...@akamai.com> wrote:  
 
 
Hello,
 
  
 
I did another test today with a basic configuration. 
 
I’m able to send firewall SSO updates using pfsso if my PacketFence server 
received a DHCP request.
 
  
 
I think your initial issue is with pfqueue and doesn’t reach pfsso.
 
  
 
Could you try:
 
- to remove cache_updates setting
 
- to specify a valid role
 
- to leave network fields empty
 
  
 
Also, could you enable debug mode in pfqueue by replacing following line in 
/usr/local/pf/conf/log.conf.d/pfqueue.conf:
 
  
 
#v+
 
log4perl.rootLogger = INFO, QUEUE_SYSLOG
 
#v-
 
  
 
with:
 
  
 
#v+
 
log4perl.rootLogger = DEBUG, QUEUE_SYSLOG
 
#v-
 
  
 
You should see more interesting informations in packetfence.log

  
 
| 
Nicolas Quiniou-Briand
Product Support Engineer
  |
| 

  |
|  |  |
| 
Office: +33156696210
  | 
Akamai Technologies
145 Broadway
Cambridge, MA 02142
  |  |
|  |  |
| 
Connect with Us:
  | 
     
  |  |

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Firewall SSO failure

Reply via email to