Hello Jason, It looks like you are missing a radius shared in your switch config in PF.
Make sure it set every where. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Sep 25, 2025, at 2:18 PM, Jason Maxfield <thejasonmaxfi...@gmail.com> > wrote: > > This Message Is From an Untrusted Sender > You have not previously corresponded with this sender. > Hi Ludovic, > > Yes I do see the Acct-Session-Id. I also see it in all other connections as > well. > > Here is some more info: > > radsniff log: > > Accounting-Request Id 111 eth0:172.17.1.6:42214 > <https://urldefense.com/v3/__http://172.17.1.6:42214__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w3M81tIJA$> > -> 172.17.1.9:1813 > <https://urldefense.com/v3/__http://172.17.1.9:1813__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w2oy9Wlog$> > +0.028 > User-Name = "aa:90:2d:xx:xx:xx" > NAS-IP-Address = 172.17.1.6 > NAS-Port = 72 > Framed-IP-Address = 172.17.2.48 > Called-Station-Id = "C8-84-8C-xx-xx-xx:xxxxx" > Calling-Station-Id = "AA-90-2D-xx-xx-xx" > NAS-Identifier = "C8-84-8C-xx-xx-xx" > Proxy-State = 0x323533 > NAS-Port-Type = Wireless-802.11 > Acct-Status-Type = Interim-Update > Acct-Input-Octets = 2286535 > Acct-Output-Octets = 71838619 > Acct-Session-Id = "68D580B5-3765D001" > Acct-Authentic = Local > Acct-Session-Time = 300 > Acct-Input-Packets = 6893 > Acct-Output-Packets = 140404 > Acct-Multi-Session-Id = "c88x" > Acct-Link-Count = 1 > Event-Timestamp = "Sep 25 2025 10:54:41 PDT" > Connect-Info = "CONNECT 802.11a/n/ac/ax" > Ruckus-Sta-RSSI = 37 > Ruckus-SSID = "xxxxxx" > Ruckus-Location = "xxxxx" > Ruckus-SCG-CBlade-IP = xxxxxxx > Ruckus-VLAN-ID = 1 > Ruckus-BSSID = 0xc88x > Authenticator-Field = 0x4f2x > 2025-09-25 10:54:41.708585 (4) Accounting-Response Id 111 > eth0:172.17.1.6:42214 > <https://urldefense.com/v3/__http://172.17.1.6:42214__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w3M81tIJA$> > <- 172.17.1.9:1813 > <https://urldefense.com/v3/__http://172.17.1.9:1813__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w2oy9Wlog$> > +0.029 +0.000 > Reply-Message = "Accounting OK" > Proxy-State = 0x323533 > Authenticator-Field = 0x73bx > > RADIUS Audit log in PF: > RADIUS > RADIUS Request > Called-Station-Id = "c8:84:8c:xx:xx:xx:xxxxx", > Called-Station-SSID = "xxxxx", > Calling-Station-Id = "aa:90:2d:xx:xx:xx", > Event-Timestamp = "Sep 25 2025 10:49:41 PDT", > FreeRADIUS-Client-IP-Address = "172.17.1.6", > Location-Data = "0x313x", > Location-Data = "0x323x", > Message-Authenticator = "0x355x", > NAS-IP-Address = "172.17.1.6", > NAS-Identifier = "C8-84-8C-xx-xx-xx", > NAS-Port-Type = "Wireless-802.11", > PacketFence-KeyBalanced = "cb9x", > PacketFence-Radius-Ip = "172.17.1.9", > Proxy-State = "0x313x", > Realm = "null", > Ruckus-BSSID = "0xc88x", > Ruckus-Cluster-Name = "xxxxxx", > Ruckus-Domain-Name = "xxxxxxx", > Ruckus-Location = "xxxxxxx", > Ruckus-SCG-CBlade-IP = "2.88x", > Ruckus-SSID = "xxxxxx", > Ruckus-VLAN-ID = "1", > Ruckus-Wlan-Name = "xxxxx", > Ruckus-Zone-Name = "xxxxxxx", > Service-Type = "Framed-User", > Stripped-User-Name = "aa:90:2d:xx:xx:xx", > User-Name = "aa:90:2d:xx:xx:xx", > User-Password = "******" > RADIUS Reply > Proxy-State = "0x313x", > REST-HTTP-Status-Code = "200", > Tunnel-Medium-Type = "IEEE-802", > Tunnel-Private-Group-Id = "1", > Tunnel-Type = "VLAN" > > Node Information > MAC Address aa:90:2d:xx:xx:xx > Auth Status Accept > Auth Type Accept > Auto Registration No > Calling Station Identifier aa:90:2d:xx:xx:xx > Computer Name N/A > EAP Type > Event Type Radius-Access-Request > IP Address N/A > Is a Phone No > Created at 2025-09-25T10:49:45-07:00 > Node Status reg > Domain > Profile Wireless > Realm null > Reason > Role Faculty > Source N/A > Stripped User Name aa:90:2d:xx:xx:xx > User Name aa:90:2d:xx:xx:xx > Unique Identifier > > > This is the code that errors (specific lines bolded): > > sub node_accounting_dynauth_attr { > my ($mac) = @_; > if(my $entry = pf::accounting->cache->get($mac)){ > return {username => $entry->{'User-Name'}, acctsessionid => > $entry->{'Acct-Session-Id'}}; > } > return _db_item( > -columns => [qw(username acctsessionid)], > -where => { > acctstoptime => undef, > callingstationid => $mac, > }, > -limit => 1, > -order_by => {-desc => 'acctstarttime'}, > ); > } > > > > On Wed, Sep 24, 2025, 11:58 AM Zammit, Ludovic <luza...@akamai.com > <mailto:luza...@akamai.com>> wrote: >> Hello Jason, >> >> Try that: >> >> radnsiff -x -p 1813 >> >> Disconnect and reconnect. >> >> Do you see the accounting start packet with the Session Id? >> >> Thanks, >> >> Ludovic Zammit >> Product Support Engineer Principal Lead >> >> Cell: +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> <https://urldefense.com/v3/__https://www.google.com/maps/search/145*Broadway*Cambridge,*MA*02142?entry=gmail&source=g__;KysrKw!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w298blN9A$> >> Cambridge, MA 02142 >> <https://urldefense.com/v3/__https://www.google.com/maps/search/145*Broadway*Cambridge,*MA*02142?entry=gmail&source=g__;KysrKw!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w298blN9A$> >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w3qG1FIog$> >> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w0QWYboog$> >> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w3YQi1aXg$> >> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!UiGLp9h2kQzM2iepMELVQhU1lTM9dDX9gAyw-tn-dIHw32JR6nGhEPSI1PYED5tQtYlIdFp99fV43QQb8w0YoGLTQA$> >> >>> On Sep 12, 2025, at 12:14 PM, Jason Maxfield via PacketFence-users >>> <packetfence-users@lists.sourceforge.net >>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>> >>> This Message Is From an External Sender >>> This message came from outside your organization. >>> I realize now that I'm not getting Acct-Session-Id. Anyone have any insight >>> on this? >>> >>> This is what shows up in RADIUS Audit Logs: >>> <Screenshot_20250912-090220.png> >>> >>> I'm getting online/offline status of nodes so accounting is working. I feel >>> like there's a config setting somewhere that I'm missing. >>> >>> On Wed, Jul 9, 2025, 1:56 PM Jason Maxfield <thejasonmaxfi...@gmail.com >>> <mailto:thejasonmaxfi...@gmail.com>> wrote: >>>> PF version: 14.1 >>>> SmartZone version: 6.1.2 >>>> >>>> >>>> >>>> I can't figure out why PF isn't sending the deauth to SmartZone. >>>> >>>> Here is the log during a successful authentication: >>>> >>>> 2025-07-09T09:57:40.411141-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(16) INFO: >>>> [mac:b6:28:df:72:70:17] User test has authenticated on the portal. >>>> (captiveportal::PacketFence::DynamicRouting::Module::_username_set) >>>> 2025-07-09T09:57:40.422941-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(16) INFO: >>>> [mac:b6:28:df:72:70:17] security_event 1300003 force-closed for >>>> b6:28:df:72:70:17 (pf::security_event::security_event_force_close) >>>> 2025-07-09T09:57:40.427742-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(16) INFO: >>>> [mac:b6:28:df:72:70:17] Instantiate profile Wireless >>>> (pf::Connection::ProfileFactory::_from_profile) >>>> 2025-07-09T09:57:40.557972-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(14) INFO: >>>> [mac:b6:28:df:72:70:17] Instantiate profile Wireless >>>> (pf::Connection::ProfileFactory::_from_profile) >>>> 2025-07-09T09:57:40.558489-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(14) WARN: >>>> [mac:b6:28:df:72:70:17] locale from the URL is not supported >>>> (captiveportal::PacketFence::Controller::Root::getLanguages) >>>> 2025-07-09T09:57:40.569495-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(14) INFO: >>>> [mac:b6:28:df:72:70:17] Releasing device >>>> (captiveportal::PacketFence::DynamicRouting::Module::Root::release) >>>> 2025-07-09T09:57:40.581710-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(14) INFO: >>>> [mac:b6:28:df:72:70:17] re-evaluating access (manage_register called) >>>> (pf::enforcement::reevaluate_access) >>>> 2025-07-09T09:57:40.592158-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(14) INFO: >>>> [mac:b6:28:df:72:70:17] Instantiate profile Wireless >>>> (pf::Connection::ProfileFactory::_from_profile) >>>> 2025-07-09T09:57:40.592478-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(14) INFO: >>>> [mac:b6:28:df:72:70:17] VLAN reassignment is forced. >>>> (pf::enforcement::_should_we_reassign_vlan) >>>> 2025-07-09T09:57:40.592478-07:00 packetfence >>>> httpd.portal-docker-wrapper[3640743]: httpd.portal(14) INFO: >>>> [mac:b6:28:df:72:70:17] switch port is (172.17.1.6) ifIndex 0connection >>>> type: WiFi MAC Auth (pf::enforcement::_vlan_reevaluation) >>>> 2025-07-09T09:57:41.712067-07:00 packetfence pfqueue-backend[3698633]: >>>> pfqueue(3698633) INFO: [mac:b6:28:df:72:70:17] [b6:28:df:72:70:17] >>>> DesAssociating mac on switch (172.17.1.6) (pf::api::desAssociate) >>>> 2025-07-09T09:57:41.716073-07:00 packetfence pfqueue-backend[3698633]: >>>> pfqueue(3698633) ERROR: [mac:b6:28:df:72:70:17] Error handling >>>> desAssociate : must specify key at /usr/local/pf/lib/pf/accounting.pm >>>> <https://urldefense.com/v3/__http://accounting.pm/__;!!GjvTz_vk!QHNi8l-XARQZocBjU-SwsD7cboLke1x1Xp-NyQsIyBRTxLI9FmR3Rqp-UrsBfYRKQXwbwqWSbviJtHHFfWEGgfgruxpdtX22aah2Cg$> >>>> line 262. >>>> >>>> >>>> As you can see something is getting hung when trying to get the session >>>> from accounting. The line in question leads me to believe it's not sending >>>> the MAC properly? >>>> >>>> if(my $entry = pf::accounting->cache->get($mac)){ >>>> >>>> >>>> >>>> Here is my switches.conf: >>>> >>>> [172.17.1.6] >>>> FacultyVlan=1 >>>> group=Wireless >>>> radiusSecret=PF_ENC[data:xxxx,tag:xxxx,iv:xxxx,ad:] >>>> defaultVlan=1 >>>> >>>> [group Wireless] >>>> description=Wireless Controllers >>>> isolationVlan=107 >>>> defaultVlan=3 >>>> registrationVlan=105 >>>> type=Ruckus::SmartZone >>>> >>>> I've tried clearing accounting cache: pmcmd cache accounting clear >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> <mailto:PacketFence-users@lists.sourceforge.net> >>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!QHNi8l-XARQZocBjU-SwsD7cboLke1x1Xp-NyQsIyBRTxLI9FmR3Rqp-UrsBfYRKQXwbwqWSbviJtHHFfWEGgfgruxpdtX3eAzxp-w$
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users