In case anyone runs into this same issue, the solution for me was the
following:
This function was causing issues:
sub deauthenticateMacDefault {
my ( $self, *$ifindex*, $mac, $is_dot1x ) = @_;
my $logger = $self->logger;
if ( !$self->isProductionMode() ) {
$logger->info("not in production mode... we won't perform
deauthentication");
return 1;
}
#Fetching the acct-session-id
my $dynauth = node_accounting_dynauth_attr($mac);
$logger->debug("deauthenticate $mac using RADIUS Disconnect-Request
deauth method");
return $self->radiusDisconnect(
$mac, { 'User-Name' => $dynauth->{'username'} },
);
}
I thought it was the dynauth not getting username or acctsessionid, but it
was actually because the function has incorrect parameters. I searched
through a few other switch files and noticed they had
my ( $self, $mac, $is_dot1x ) = @_;
So I removed the $ifindex and now it works great!
On Wed, Jul 9, 2025 at 1:56 PM Jason Maxfield <[email protected]>
wrote:
> PF version: 14.1
> SmartZone version: 6.1.2
>
>
>
> I can't figure out why PF isn't sending the deauth to SmartZone.
>
> Here is the log during a successful authentication:
>
> 2025-07-09T09:57:40.411141-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(16) INFO: [mac:b6:28:df:72:70:17] User test has authenticated
> on the portal. (captiveportal::PacketFence::DynamicRouting::Module::_
> username_set)
> 2025-07-09T09:57:40.422941-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(16) INFO: [mac:b6:28:df:72:70:17] security_event 1300003
> force-closed for b6:28:df:72:70:17 (pf::security_event::security_
> event_force_close)
> 2025-07-09T09:57:40.427742-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(16) INFO: [mac:b6:28:df:72:70:17] Instantiate profile Wireless
> (pf::Connection::ProfileFactory::_from_profile)
> 2025-07-09T09:57:40.557972-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(14) INFO: [mac:b6:28:df:72:70:17] Instantiate profile Wireless
> (pf::Connection::ProfileFactory::_from_profile)
> 2025-07-09T09:57:40.558489-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(14) WARN: [mac:b6:28:df:72:70:17] locale from the URL is not
> supported (captiveportal::PacketFence::Controller::Root::getLanguages)
> 2025-07-09T09:57:40.569495-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(14) INFO: [mac:b6:28:df:72:70:17] Releasing device
> (captiveportal::PacketFence::DynamicRouting::Module::Root::release)
> 2025-07-09T09:57:40.581710-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(14) INFO: [mac:b6:28:df:72:70:17] re-evaluating access
> (manage_register called) (pf::enforcement::reevaluate_access)
> 2025-07-09T09:57:40.592158-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(14) INFO: [mac:b6:28:df:72:70:17] Instantiate profile Wireless
> (pf::Connection::ProfileFactory::_from_profile)
> 2025-07-09T09:57:40.592478-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(14) INFO: [mac:b6:28:df:72:70:17] VLAN reassignment is forced.
> (pf::enforcement::_should_we_reassign_vlan)
> 2025-07-09T09:57:40.592478-07:00 packetfence
> httpd.portal-docker-wrapper[3640743]:
> httpd.portal(14) INFO: [mac:b6:28:df:72:70:17] switch port is (172.17.1.6)
> ifIndex 0connection type: WiFi MAC Auth (pf::enforcement::_vlan_
> reevaluation)
> 2025-07-09T09:57:41.712067-07:00 packetfence pfqueue-backend[3698633]:
> pfqueue(3698633) INFO: [mac:b6:28:df:72:70:17] [b6:28:df:72:70:17]
> DesAssociating mac on switch (172.17.1.6) (pf::api::desAssociate)
> 2025-07-09T09:57:41.716073-07:00 packetfence pfqueue-backend[3698633]:
> pfqueue(3698633) ERROR: [mac:b6:28:df:72:70:17] Error handling desAssociate
> : must specify key at /usr/local/pf/lib/pf/accounting.pm line 262.
>
>
> As you can see something is getting hung when trying to get the session
> from accounting. The line in question leads me to believe it's not sending
> the MAC properly?
>
> if(my $entry = pf::accounting->cache->get($mac)){
>
>
>
> Here is my switches.conf:
>
> [172.17.1.6]
> FacultyVlan=1
> group=Wireless
> radiusSecret=PF_ENC[data:xxxx,tag:xxxx,iv:xxxx,ad:]
> defaultVlan=1
>
> [group Wireless]
> description=Wireless Controllers
> isolationVlan=107
> defaultVlan=3
> registrationVlan=105
> type=Ruckus::SmartZone
>
> I've tried clearing accounting cache: pmcmd cache accounting clear
>
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
