Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

[Arun Kangle via PacketFence-users]

Hi Fabrice,
Could you please let us know what was different in our setup that we had to
use the no tenant based packetfence.example and packetfence-tunnel files?
Please let us know the permanent fix.

Thanks in advance,
- Arun

On Sun, Nov 5, 2023 at 8:51 PM Hubert Kupper via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello,
>
>
> I use the new packetfence.example but I also had to copy
> packetfence-tunnel.example to packetfence-tunnel. Now it works well.
>
> Many thanks.
>
>
> Regards, Hubert
>
>
> Am 31.10.23 um 19:12 schrieb Fabrice Durand:
>
> So use this one then, it doesn't contain any references of
> packetfence-set-tenant-id
>
>
> https://github.com/inverse-inc/packetfence/blob/devel/conf/radiusd/packetfence.example
>
>
> Le mar. 31 oct. 2023 à 13:23, Hubert Kupper via PacketFence-users <
> packetfence-users@lists.sourceforge.net> a écrit :
>
>> Hello,
>>
>>
>> I did this and the result was the following:
>>
>> Oct 31 07:48:25 packetfence freeradius[14439]:
>> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Failed to find
>> "packetfence-set-tenant-id" as a module or policy.
>> Oct 31 07:48:25 packetfence freeradius[14439]:
>> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that the
>> configuration exists in
>> /usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
>> Oct 31 07:48:25 packetfence freeradius[14439]:
>> /usr/local/pf/raddb/sites-enabled/packetfence[14]: Errors parsing authorize
>> section.
>> Oct 31 07:48:25 packetfence systemd[1]: packetfence-radiusd-auth.service:
>> Control process exited, code=exited, status=1/FAILURE
>> Oct 31 07:48:25 packetfence systemd[1]: packetfence-radiusd-auth.service:
>> Failed with result 'exit-code'.
>> Oct 31 07:48:25 packe
>>
>>
>> Regards
>>
>> Hubert
>>
>> Am 30.10.23 um 14:51 schrieb Fabrice Durand via PacketFence-users:
>>
>> Hello,
>>
>> it looks that the packetfence radius config didn't applied correctly.
>>
>> Go in /usr/local/pf/conf/radiusd/ and copy packetfence.example to
>> packetfence and restart radiusd
>>
>> Regards
>> Fabrice
>>
>>
>> Le lun. 23 oct. 2023 à 07:59, Hubert Kupper via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> a écrit :
>>
>>> Hi,
>>>
>>>
>>> after upgrade packetfence 12.0 to 13.0 the radiusd-auth is not starting.
>>> Syslog shows the following message:
>>>
>>> root@packetfence:/var/log# tail syslog
>>> Oct 16 12:02:52 packetfence freeradius[16268]:
>>> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that
>>> the configuration exists in
>>> /usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
>>> Oct 16 12:02:52 packetfence freeradius[16268]:
>>> /usr/local/pf/raddb/sites-enabled/packetfence[14]: Errors parsing
>>> authorize section.
>>> Oct 16 12:02:52 packetfence systemd[1]:
>>> packetfence-radiusd-auth.service: Control process exited, code=exited,
>>> status=1/FAILURE
>>> Oct 16 12:02:52 packetfence systemd[1]:
>>> packetfence-radiusd-auth.service: Failed with result 'exit-code'.
>>> Oct 16 12:02:52 packetfence systemd[1]: Failed to start PacketFence
>>> FreeRADIUS authentication multi-protocol authentication server.
>>> Oct 16 12:02:52 packetfence systemd[1]:
>>> packetfence-radiusd-auth.service: Consumed 3.891s CPU time.
>>> Oct 16 12:02:52 packetfence systemd[1]:
>>> packetfence-radiusd-auth.service: Scheduled restart job, restart counter
>>> is at 98.
>>> Oct 16 12:02:52 packetfence systemd[1]: Stopped PacketFence FreeRADIUS
>>> authentication multi-protocol authentication server.
>>> Oct 16 12:02:52 packetfence systemd[1]:
>>> packetfence-radiusd-auth.service: Consumed 3.891s CPU time.
>>> Oct 16 12:02:52 packetfence systemd[1]: Starting PacketFence FreeRADIUS
>>> authentication multi-protocol authentication server...
>>> root@packetfence:/var/log#
>>>
>>> In 12.0 all works fine.
>>>
>>> Regards, Hubert
>>>
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>
>>
>> ___
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] radiusd-auth not starting after upgrade from 12.0 to 13.0

[Arun Kangle via PacketFence-users]

Hi Ludovic,
I have faced the exact same issue. Moreover I get the same error when i
tried to restore the backup manually from 12.2 on freshly installed 13.0.

Thanks,
- Arun

On Mon, Oct 30, 2023 at 4:26 PM Hubert Kupper via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Ludovic,
>
>
> yes, I did do-upgrade.sh. I run the scripts but
>
> Oct 26 09:33:31 packetfence freeradius[33346]:
> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Failed to find
> "packetfence-set-tenant-id" as a module or policy.
> Oct 26 09:33:31 packetfence freeradius[33346]:
> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that the
> configuration exists in
> /usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
> root@packetfence:/var/
>
> Thanks,
>
> Hubert
>
> Am 24.10.23 um 21:55 schrieb Zammit, Ludovic:
>
> Hello Hubert,
>
> How did you upgrade ? If you did not use
> the /usr/local/pf/addons/upgrade/do-upgrade.sh
>
> You will need to run those scripts:
>
> root@packetfence:/usr/local/pf# ls -ltr
> /usr/local/pf/addons/upgrade/to-12*
> -rwxr-xr-x 1 pf   pf   1576 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.2-firewallsso.pl
> -rwxr-xr-x 1 pf   pf   1836 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.1-move-rolebyname-to-vpnbyname-fortigate.pl
> lrwxrwxrwx 1 root root   34 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.1-move-logos-to-profile-templates.pl ->
> move-logos-to-profile-templates.pl
> -rwxr-xr-x 1 pf   pf   3418 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.1-eduroam-migration.pl
> -rwxr-xr-x 1 pf   pf   1888 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.0-use-proxysql.pl
> -rwxr-xr-x 1 pf   pf   2438 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.0-rename-log-files.pl
> -rwxr-xr-x 1 pf   pf   2780 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.0-remove-tenant.pl
> -rwxr-xr-x 1 pf   pf   2655 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-12.0-authentication.pl
>
>
> root@pf21-3:/usr/local/pf# ls -ltr /usr/local/pf/addons/upgrade/to-13*
> -rwxr-xr-x 1 pf pf 3214 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-13.0-remove-provisioner.pl
> -rwxr-xr-x 1 pf pf 1845 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-13.0-convert-switch-types.pl
> -rwxr-xr-x 1 pf pf 3089 Oct 20 13:54 /usr/local/pf/addons/upgrade/
> to-13.0-authentication-conf.pl
>
> My guess is that the problem comes from of the tenant config.
>
> Run all those scripts and restart packetfence:
>
> /usr/local/pf/bin/pfcmd service pf restart
>
> Thanks,
>
>
> *Ludovic Zammit*
> *Product Support Engineer Principal Lead*
>
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:  
>  
> 
> 
>
> On Oct 16, 2023, at 6:07 AM, Hubert Kupper via PacketFence-users
> 
>  wrote:
>
> Hi,
>
>
> after upgrade packetfence 12.0 to 13.0 the radiusd-auth is not starting.
> Syslog shows the following message:
>
> root@packetfence:/var/log# tail syslog
> Oct 16 12:02:52 packetfence freeradius[16268]:
> /usr/local/pf/raddb/sites-enabled/packetfence[31]: Please verify that the
> configuration exists in
> /usr/local/pf/raddb/mods-enabled/packetfence-set-tenant-id.
> Oct 16 12:02:52 packetfence freeradius[16268]:
> /usr/local/pf/raddb/sites-enabled/packetfence[14]: Errors parsing authorize
> section.
> Oct 16 12:02:52 packetfence systemd[1]: packetfence-radiusd-auth.service:
> Control process exited, code=exited, status=1/FAILURE
> Oct 16 12:02:52 packetfence systemd[1]: packetfence-radiusd-auth.service:
> Failed with result 'exit-code'.
> Oct 16 12:02:52 packetfence systemd[1]: Failed to start PacketFence
> FreeRADIUS authentication multi-protocol authentication server.
> Oct 16 12:02:52 packetfence systemd[1]: packetfence-radiusd-auth.service:
> Consumed 3.891s CPU time.
> Oct 16 12:02:52 packetfence systemd[1]: packetfence-radiusd-auth.service:
> Scheduled restart job, restart counter is at 98.
> Oct 16 12:02:52 packetfence systemd[1]: Stopped PacketFence FreeRADIUS
> authentication multi-protocol authentication server.
> Oct 16 12:02:52 packetfence systemd[1]: packetfence-radiusd-auth.service:
> Consumed 3.891s CPU time.
> Oct 16 12:02:52 packetfence systemd[1]: Starting PacketFence FreeRADIUS
> authentication multi-protocol authentication server...
> root@packetfence:/var/log#
>
> In 12.0 all works fine.
>
> Regards, Hubert
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> 

[PacketFence-users] Translations using traditional method

[Arun Kangle via PacketFence-users]

Hello All,
I wanted to rename the "customer_field_1" to "UUID" so I edited the
following file  /conf/locale/en_BR/LC_MESSAGES/packetfence.po:

Msgid "custom_field_1"
Msgid "UUID"

Then I tried to execute in this directory /usr/local/pf the command below

For TRANSLATION in de en es fr he_IL it nl pl_PL pt_BR; of
  / Usr / bin / msgfmt conf / locale / $ TRANSLATION / LC_MESSAGES /
packetfence.po
--output-file conf / locale / $ TRANSLATION / LC_MESSAGES /
packetfence.mo;
Done

 but I i notice that "msgfmt" doesn't exist under /user/bin

Could you please let me know if the above method has changed?

Thanks in advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Firewall SSO broken after upgrade to 13.0 from 12.2

[Arun Kangle via PacketFence-users]

Hi,
After upgrading to 13.0 from 12.2, the firewall SSO is broken. Though
packetfence logs show SSO sent out, I don't see any accounting packets
received on FW so I did tcpdump on packetfence and that as well shows no
packet was sent out from the packetfence. Your expedited help is requested.
Thanks in advance,
- Arun



Pacektfence Log:

Aug 22 08:57:41 aolicnac httpd.webservices-docker-wrapper[4245]:
httpd.webservices(7902) INFO: [mac:94:c6:91:a8:e4:a3] Sending a firewall
SSO 'Update' request for MAC '94:c6:91:a8:e4:a3' and IP '10.0.100.13'
(pf::firewallsso::do_sso)
Aug 22 08:57:41 aolicnac httpd.webservices-docker-wrapper[4245]:
httpd.webservices(7902) INFO: [mac:94:c6:91:a8:e4:a3] Request to
/api/v1/firewall_sso/update is unauthorized, will perform a login
(pf::api::unifiedapiclient::call)
Aug 22 08:57:42 aolicnac pfqueue[43619]: pfqueue(43619) INFO:
[mac:94:c6:91:a8:e4:a3] Trying generic MIB to force 802.1x port
re-authentication. Your mileage may vary. If it doesn't work open a bug
report with your hardware type. (pf::Switch::_dot1xPortReauthenticate)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] handling radius autz request: from switch_ip =>
(192.168.2.12), connection_type => Ethernet-EAP,switch_mac =>
(c0:62:6b:68:f4:07), mac => [94:c6:91:a8:e4:a3], port => 10005, username =>
"hodtest" (pf::radius::authorize)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Instantiate profile dot1x-eap
(pf::Connection::ProfileFactory::_from_profile)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Found authentication source(s) :
'set-group-based-role' for realm 'null'
(pf::config::util::filter_authentication_sources)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Using sources set-group-based-role for matching
(pf::authentication::match2)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:
[mac:94:c6:91:a8:e4:a3] [set-group-based-role set-role-Bypassed] Searching
for
(&(sAMAccountName=hodtest)(memberOf=CN=Bypassed,OU=AOL-Group,DC=AOLIC,DC=NET)),
from DC=AOLIC,DC=NET, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:
[mac:94:c6:91:a8:e4:a3] [set-group-based-role set-role-HOD] Searching for
(&(sAMAccountName=hodtest)(memberOf=CN=HOD,OU=AOL-Group,DC=AOLIC,DC=NET)),
from DC=AOLIC,DC=NET, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Matched rule (set-role-HOD) in source
set-group-based-role, returning actions.
(pf::Authentication::Source::match_rule)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Matched rule (set-role-HOD) in source
set-group-based-role, returning actions. (pf::Authentication::Source::match)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Found authentication source(s) :
'set-group-based-role' for realm 'null'
(pf::config::util::filter_authentication_sources)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Role has already been computed and we don't want to
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Username was defined "hodtest" - returning role
'HOD' (pf::role::getRegisteredRole)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] PID: "hodtest", Status: reg Returned VLAN:
(undefined), Role: HOD (pf::role::fetchRoleForNode)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] (192.168.2.12) Added VLAN 20 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:
[mac:94:c6:91:a8:e4:a3] No parameter HODRole found in conf/switches.conf
for the switch 192.168.2.12 (pf::Switch::getRoleByName)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] security_event 133 force-closed for
94:c6:91:a8:e4:a3 (pf::security_event::security_event_force_close)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Instantiate profile dot1x-eap
(pf::Connection::ProfileFactory::_from_profile)
Aug 22 08:57:43 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Sending a firewall SSO 'Stop' request for MAC
'94:c6:91:a8:e4:a3' and IP '10.0.100.13' (pf::firewallsso::do_sso)
Aug 22 08:57:43 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:
[mac:94:c6:91:a8:e4:a3] 

[PacketFence-users] Firewall SSO broken after upgrade to 13.0 from 12.2

[Arun Kangle via PacketFence-users]

Resending...

Hi,
After upgrading to 13.0 from 12.2, the firewall SSO is broken. Though
packetfence logs show SSO sent out, I don't see any accounting packets
received on FW so I did tcpdump on packetfence and that as well shows no
packet was sent out from the packetfence. Your expedited help is requested.
Thanks in advance,
- Arun



Pacektfence Log:

Aug 22 08:57:41 aolicnac httpd.webservices-docker-wrapper[4245]:
httpd.webservices(7902) INFO: [mac:94:c6:91:a8:e4:a3] Sending a firewall
SSO 'Update' request for MAC '94:c6:91:a8:e4:a3' and IP '10.0.100.13'
(pf::firewallsso::do_sso)
Aug 22 08:57:41 aolicnac httpd.webservices-docker-wrapper[4245]:
httpd.webservices(7902) INFO: [mac:94:c6:91:a8:e4:a3] Request to
/api/v1/firewall_sso/update is unauthorized, will perform a login
(pf::api::unifiedapiclient::call)
Aug 22 08:57:42 aolicnac pfqueue[43619]: pfqueue(43619) INFO:
[mac:94:c6:91:a8:e4:a3] Trying generic MIB to force 802.1x port
re-authentication. Your mileage may vary. If it doesn't work open a bug
report with your hardware type. (pf::Switch::_dot1xPortReauthenticate)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] handling radius autz request: from switch_ip =>
(192.168.2.12), connection_type => Ethernet-EAP,switch_mac =>
(c0:62:6b:68:f4:07), mac => [94:c6:91:a8:e4:a3], port => 10005, username =>
"hodtest" (pf::radius::authorize)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Instantiate profile dot1x-eap
(pf::Connection::ProfileFactory::_from_profile)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Found authentication source(s) :
'set-group-based-role' for realm 'null'
(pf::config::util::filter_authentication_sources)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Using sources set-group-based-role for matching
(pf::authentication::match2)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:
[mac:94:c6:91:a8:e4:a3] [set-group-based-role set-role-Bypassed] Searching
for
(&(sAMAccountName=hodtest)(memberOf=CN=Bypassed,OU=AOL-Group,DC=AOLIC,DC=NET)),
from DC=AOLIC,DC=NET, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:
[mac:94:c6:91:a8:e4:a3] [set-group-based-role set-role-HOD] Searching for
(&(sAMAccountName=hodtest)(memberOf=CN=HOD,OU=AOL-Group,DC=AOLIC,DC=NET)),
from DC=AOLIC,DC=NET, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Matched rule (set-role-HOD) in source
set-group-based-role, returning actions.
(pf::Authentication::Source::match_rule)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Matched rule (set-role-HOD) in source
set-group-based-role, returning actions. (pf::Authentication::Source::match)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Found authentication source(s) :
'set-group-based-role' for realm 'null'
(pf::config::util::filter_authentication_sources)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Role has already been computed and we don't want to
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Username was defined "hodtest" - returning role
'HOD' (pf::role::getRegisteredRole)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] PID: "hodtest", Status: reg Returned VLAN:
(undefined), Role: HOD (pf::role::fetchRoleForNode)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] (192.168.2.12) Added VLAN 20 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:
[mac:94:c6:91:a8:e4:a3] No parameter HODRole found in conf/switches.conf
for the switch 192.168.2.12 (pf::Switch::getRoleByName)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] security_event 133 force-closed for
94:c6:91:a8:e4:a3 (pf::security_event::security_event_force_close)
Aug 22 08:57:42 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Instantiate profile dot1x-eap
(pf::Connection::ProfileFactory::_from_profile)
Aug 22 08:57:43 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) INFO:
[mac:94:c6:91:a8:e4:a3] Sending a firewall SSO 'Stop' request for MAC
'94:c6:91:a8:e4:a3' and IP '10.0.100.13' (pf::firewallsso::do_sso)
Aug 22 08:57:43 aolicnac httpd.aaa-docker-wrapper[3329]: httpd.aaa(8) WARN:

[PacketFence-users] iPhone users getting error that Wi-fi network doesn't appear to be connected to internet

[Arun Kangle via PacketFence-users]

Hello All,
I am facing this issue very specific to the iPhone users (MACOS, Windows
and Android devices are working fine) that suddenly their iPhone will pop a
message that Wi-Fi doesn't have connectivity to the internet and if they
would like to connect to the Mobile Data network.

>From the packetfence Log I see that lot's of accounting updates related to
location and thus 'SSO Stop' is sent to the Firewall.

Has anyone seen this before? Could someone please help.

Thank you in advance,
- Arun

Feb 15 14:23:03 aolicnac packetfence_httpd.aaa[3164630]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request
(pf::api::handle_accounting_metadata)
Feb 15 14:23:03 aolicnac packetfence_httpd.aaa[3164630]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:23:03 aolicnac packetfence_httpd.aaa[3164630]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for
MAC 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC
'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request
(pf::api::handle_accounting_metadata)
Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for
MAC 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC
'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request
(pf::api::handle_accounting_metadata)
Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for
MAC 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC
'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request
(pf::api::handle_accounting_metadata)
Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for
MAC 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:27:28 aolicnac packetfence_httpd.aaa[3163584]: httpd.aaa(2972710)
WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify
(pf::api::firewallsso_accounting)
Feb 15 14:27:28 aolicnac packetfence_httpd.aaa[3163584]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for
MAC 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso)
Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] handling radius autz request: from switch_ip
=> (192.168.2.133), connection_type => Wireless-802.11-EAP,switch_mac =>
(44:48:c1:ce:c3:92), mac => [b4:85:e1:30:27:2f], port => 0, username =>
"adm.nishant", ssid => aolicnet (pf::radius::authorize)
Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Instantiate profile Bypassed-Multi-Role
(pf::Connection::ProfileFactory::_from_profile)
Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710)
INFO: [mac:b4:85:e1:30:27:2f] Found authentication source(s) :

Re: [PacketFence-users] Node search is very slow from GUI on version 11.0.0

[Arun Kangle via PacketFence-users]

Thanks a lot James. It worked. searches are blazing fast now.

- Arun

On Wed, Dec 15, 2021 at 7:47 PM Rouzier, James  wrote:

> Hi Arun,
>
> There is fix for this.
>
> However it requires you to apply a patch manually as it cannot be applied
> through maintenance.
> Since it requires an update to the database.
>
>
> Copy the attached file node-online-query.patch to all of your servers to
> the PacketFence directory /usr/local/pf/
>
> Then on each of your servers run the following commands
> cd /usr/local/pf/
>
> patch -p1 < node-online-query.patch
>
> systemctl restart packetfence-pfperl-api
>
>
>
>
> Then run the following command on only one of your servers.
>
> mysql -uroot -p pf -e "ALTER TABLE bandwidth_accounting DROP INDEX IF
> EXISTS bandwidth_accounting_tenant_id_mac, ADD INDEX
> bandwidth_accounting_tenant_id_mac_last_updated (tenant_id, mac,
> last_updated);"
>
>
> Let me know if this helps
>
> James
>
>
>
> *From: *Arun Kangle via PacketFence-users <
> packetfence-users@lists.sourceforge.net>
> *Reply-To: *"packetfence-users@lists.sourceforge.net" <
> packetfence-users@lists.sourceforge.net>
> *Date: *Wednesday, December 15, 2021 at 8:49 AM
> *To: *"Zammit, Ludovic" 
> *Cc: *Arun Kangle , "
> packetfence-users@lists.sourceforge.net" <
> packetfence-users@lists.sourceforge.net>
> *Subject: *Re: [PacketFence-users] Node search is very slow from GUI on
> version 11.0.0
>
>
>
> Hi Ludovic,
>
> Now I have started getting the "Request Failed with status code 504"
> message every time I search for the node. Screenshot attached. Please help
> on this.
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Mon, Dec 13, 2021 at 11:24 AM Arun Kangle  wrote:
>
> Hi Ludovic,
>
> Any update please?
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Wed, Dec 8, 2021 at 9:47 PM Arun Kangle  wrote:
>
> PFA,
>
> Thanks,
>
> - Arun
>
>
>
> On Wed, Dec 8, 2021 at 6:31 PM Zammit, Ludovic  wrote:
>
> Hello Arun,
>
>
>
> Could you check in chrome developper tool how long the request takes?
>
>
>
> If you do Right click, Inspect and then Network.
>
>
>
> Take a screenshot of that, it should look like this one:
>
>
>
> PastedGraphic-1.tiff
> <https://mail.google.com/mail/?ui=2=ab2ae5bb7a=0.1=msg-f:1719221980826545898=17dbe7486135aeea=fimg=ip=msg-f:1719221980826545898=s0-l75-ft=ANGjdJ-Fiu5FKnErWyXX9IdCVRU3AZYyX4nqjHjnkWi5mZ9xc-h8gGi3NrXcCxXb52Ym58Es_47SRVY-Bc9ov8R1WP0DeU8DptCpLmdxXLsVHz9HvcHfIASAqVf_uBc=emb>
>
>
>
> Thanks,
>
>
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
>
> [image: Image removed by sender.]
>
> *Cell:* +1.613.670.8432
>
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
> [image: Image removed by sender.] <https://community.akamai.com/>[image:
> Image removed by sender.] <http://blogs.akamai.com/>[image: Image removed
> by sender.]
> <https://urldefense.com/v3/__https:/twitter.com/akamai__;!!GjvTz_vk!GsGPbgY1el1no3ouSWeG-lcz4LNwr-Qj_UXqYEsR9ZnGcXxWeuje1jrOrJTiEMBxlA$>[image:
> Image removed by sender.]
> <https://urldefense.com/v3/__http:/www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!GsGPbgY1el1no3ouSWeG-lcz4LNwr-Qj_UXqYEsR9ZnGcXxWeuje1jrOrJQPXIsprQ$>[image:
> Image removed by sender.]
> <https://urldefense.com/v3/__http:/www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!GsGPbgY1el1no3ouSWeG-lcz4LNwr-Qj_UXqYEsR9ZnGcXxWeuje1jrOrJSOO3d0fQ$>[image:
> Image removed by sender.]
> <https://urldefense.com/v3/__http:/www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!GsGPbgY1el1no3ouSWeG-lcz4LNwr-Qj_UXqYEsR9ZnGcXxWeuje1jrOrJRkKxdowA$>
>
>
>
> On Dec 7, 2021, at 11:01 PM, Arun Kangle  wrote:
>
>
>
> Hi Ludovic,
>
> could you please update on this?
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Sun, Dec 5, 2021 at 11:19 AM Arun Kangle  wrote:
>
> Hi Ludovic,
>
> Any update on this?
>
>
>
> Thanks in advance,
>
> - Arun
>
>
>
> On Fri, Dec 3, 2021 at 12:49 PM Arun Kangle  wrote:
>
> Now I started getting the message "Request Failed with Status code 504"
> but i still can search users from "pfcmd" cli without any issue.
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Tue, Nov 30, 2021 at 7:42 AM Arun Kangle  wrote:
>
> Hello Ludovic,
>
> Any update on this please?
>
>
>
> Thanks,
>
> - Arun
>
>
>
> On Tue, Nov 23, 2021 at 7:19 PM Arun Kangle

Re: [PacketFence-users] Node search is very slow from GUI on version 11.0.0

[Arun Kangle via PacketFence-users]

Hi Ludovic,
could you please update on this?

Thanks,
- Arun

On Sun, Dec 5, 2021 at 11:19 AM Arun Kangle  wrote:

> Hi Ludovic,
> Any update on this?
>
> Thanks in advance,
> - Arun
>
> On Fri, Dec 3, 2021 at 12:49 PM Arun Kangle  wrote:
>
>> Now I started getting the message "Request Failed with Status code 504"
>> but i still can search users from "pfcmd" cli without any issue.
>>
>> Thanks,
>> - Arun
>>
>> On Tue, Nov 30, 2021 at 7:42 AM Arun Kangle  wrote:
>>
>>> Hello Ludovic,
>>> Any update on this please?
>>>
>>> Thanks,
>>> - Arun
>>>
>>> On Tue, Nov 23, 2021 at 7:19 PM Arun Kangle  wrote:
>>>
>>>> >>>select count(1) from node;
>>>>
>>>> MariaDB [(none)]> use pf
>>>> Reading table information for completion of table and column names
>>>> You can turn off this feature to get a quicker startup with -A
>>>>
>>>> Database changed
>>>> MariaDB [pf]> select count(1) from node;
>>>> +--+
>>>> | count(1) |
>>>> +--+
>>>> |   69 |
>>>> +--+
>>>> 1 row in set (0.000 sec)
>>>>
>>>> MariaDB [pf]>
>>>>
>>>> I am running it as a VM with 4 vCPU 16Gig RAM and 110GB Disk
>>>>
>>>> Thanks,
>>>> - Arun
>>>>
>>>> On Tue, Nov 23, 2021 at 6:55 PM Zammit, Ludovic 
>>>> wrote:
>>>>
>>>>> Hello Arun,
>>>>>
>>>>> You can connect to the database and run that command:
>>>>>
>>>>> select count(1) from node;
>>>>>
>>>>> What are the specs on your servers? CPU, RAM and disk.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> *Ludovic Zammit*
>>>>> *Product Support Engineer Principal*
>>>>> *Cell:* +1.613.670.8432
>>>>> Akamai Technologies - Inverse
>>>>> 145 Broadway
>>>>> Cambridge, MA 02142
>>>>> Connect with Us: <https://community.akamai.com>
>>>>> <http://blogs.akamai.com> <https://twitter.com/akamai>
>>>>> <http://www.facebook.com/AkamaiTechnologies>
>>>>> <http://www.linkedin.com/company/akamai-technologies>
>>>>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>>>>>
>>>>> On Nov 23, 2021, at 4:55 AM, Arun Kangle  wrote:
>>>>>
>>>>> Hi Ludovic,
>>>>> PFA screenshot. It took around 32 Seconds to search that user.
>>>>>
>>>>> For total count, I am getting below error:
>>>>>
>>>>> root@aolicnac:~# /usr/local/pf/bin/pfcmd node count all
>>>>> Use of uninitialized value in join or string at
>>>>> /usr/local/pf/lib_perl/lib/perl5/SQL/Abstract/Classic.pm line 1386.
>>>>> nb
>>>>>
>>>>> On Mon, Nov 22, 2021 at 11:53 PM Zammit, Ludovic 
>>>>> wrote:
>>>>>
>>>>>> Hello Arun,
>>>>>>
>>>>>> How many device you have in the database ?
>>>>>>
>>>>>> Can you take a screenshot of your node search ?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> *Ludovic Zammit*
>>>>>> *Product Support Engineer Principal*
>>>>>> *Cell:* +1.613.670.8432
>>>>>> Akamai Technologies - Inverse
>>>>>> 145 Broadway
>>>>>> Cambridge, MA 02142
>>>>>> Connect with Us: <https://community.akamai.com/>
>>>>>> <http://blogs.akamai.com/>
>>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfK2klThA$>
>>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf1yplVhg$>
>>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfyTDbOew$>
>>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf4YbWArw$>
>>>>>>
>>>>>> On Nov 19, 2021, at 1:23 AM, Arun Kangle via PacketFence-users <
>>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>>
>>>>>> Hello All,
>>>>>> I recently upgraded to 11.0.0 (now to 11.1.0) from 10.3.0. Upgrade
>>>>>> went fine and everything else works fine but Node search has become very
>>>>>> slow. The first page (row length set to 10) itself takes very long and 
>>>>>> then
>>>>>> equal long time to make any other search.
>>>>>>
>>>>>> Search is faster from CLI using the pfcmd command.
>>>>>>
>>>>>> Has anyone else faced this problem? If yes, any pointers on how to
>>>>>> make it fast?
>>>>>>
>>>>>> root@aolicnac:/usr/local/pf/bin# cat /etc/debian_version
>>>>>> 11.1
>>>>>> root@aolicnac:/usr/local/pf/bin# ./pfcmd version
>>>>>> PacketFence 11.1.0
>>>>>>
>>>>>> Thanks in advance,
>>>>>> - Arun
>>>>>> ___
>>>>>> PacketFence-users mailing list
>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>
>>>>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!CwoHzpvXlN9fV0uLrnxNT2yE9mFbVtRkEY47w_s_Jy7S2d8MsvI9Rd3HVEmQPA4Z$
>>>>>>
>>>>>>
>>>>>> 
>>>>>
>>>>>
>>>>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Node search is very slow from GUI on version 11.0.0

[Arun Kangle via PacketFence-users]

Hi Ludovic,
Any update on this?

Thanks in advance,
- Arun

On Fri, Dec 3, 2021 at 12:49 PM Arun Kangle  wrote:

> Now I started getting the message "Request Failed with Status code 504"
> but i still can search users from "pfcmd" cli without any issue.
>
> Thanks,
> - Arun
>
> On Tue, Nov 30, 2021 at 7:42 AM Arun Kangle  wrote:
>
>> Hello Ludovic,
>> Any update on this please?
>>
>> Thanks,
>> - Arun
>>
>> On Tue, Nov 23, 2021 at 7:19 PM Arun Kangle  wrote:
>>
>>> >>>select count(1) from node;
>>>
>>> MariaDB [(none)]> use pf
>>> Reading table information for completion of table and column names
>>> You can turn off this feature to get a quicker startup with -A
>>>
>>> Database changed
>>> MariaDB [pf]> select count(1) from node;
>>> +--+
>>> | count(1) |
>>> +--+
>>> |   69 |
>>> +--+
>>> 1 row in set (0.000 sec)
>>>
>>> MariaDB [pf]>
>>>
>>> I am running it as a VM with 4 vCPU 16Gig RAM and 110GB Disk
>>>
>>> Thanks,
>>> - Arun
>>>
>>> On Tue, Nov 23, 2021 at 6:55 PM Zammit, Ludovic 
>>> wrote:
>>>
>>>> Hello Arun,
>>>>
>>>> You can connect to the database and run that command:
>>>>
>>>> select count(1) from node;
>>>>
>>>> What are the specs on your servers? CPU, RAM and disk.
>>>>
>>>> Thanks,
>>>>
>>>> *Ludovic Zammit*
>>>> *Product Support Engineer Principal*
>>>> *Cell:* +1.613.670.8432
>>>> Akamai Technologies - Inverse
>>>> 145 Broadway
>>>> Cambridge, MA 02142
>>>> Connect with Us: <https://community.akamai.com>
>>>> <http://blogs.akamai.com> <https://twitter.com/akamai>
>>>> <http://www.facebook.com/AkamaiTechnologies>
>>>> <http://www.linkedin.com/company/akamai-technologies>
>>>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>>>>
>>>> On Nov 23, 2021, at 4:55 AM, Arun Kangle  wrote:
>>>>
>>>> Hi Ludovic,
>>>> PFA screenshot. It took around 32 Seconds to search that user.
>>>>
>>>> For total count, I am getting below error:
>>>>
>>>> root@aolicnac:~# /usr/local/pf/bin/pfcmd node count all
>>>> Use of uninitialized value in join or string at
>>>> /usr/local/pf/lib_perl/lib/perl5/SQL/Abstract/Classic.pm line 1386.
>>>> nb
>>>>
>>>> On Mon, Nov 22, 2021 at 11:53 PM Zammit, Ludovic 
>>>> wrote:
>>>>
>>>>> Hello Arun,
>>>>>
>>>>> How many device you have in the database ?
>>>>>
>>>>> Can you take a screenshot of your node search ?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> *Ludovic Zammit*
>>>>> *Product Support Engineer Principal*
>>>>> *Cell:* +1.613.670.8432
>>>>> Akamai Technologies - Inverse
>>>>> 145 Broadway
>>>>> Cambridge, MA 02142
>>>>> Connect with Us: <https://community.akamai.com/>
>>>>> <http://blogs.akamai.com/>
>>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfK2klThA$>
>>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf1yplVhg$>
>>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfyTDbOew$>
>>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf4YbWArw$>
>>>>>
>>>>> On Nov 19, 2021, at 1:23 AM, Arun Kangle via PacketFence-users <
>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>
>>>>> Hello All,
>>>>> I recently upgraded to 11.0.0 (now to 11.1.0) from 10.3.0. Upgrade
>>>>> went fine and everything else works fine but Node search has become very
>>>>> slow. The first page (row length set to 10) itself takes very long and 
>>>>> then
>>>>> equal long time to make any other search.
>>>>>
>>>>> Search is faster from CLI using the pfcmd command.
>>>>>
>>>>> Has anyone else faced this problem? If yes, any pointers on how to
>>>>> make it fast?
>>>>>
>>>>> root@aolicnac:/usr/local/pf/bin# cat /etc/debian_version
>>>>> 11.1
>>>>> root@aolicnac:/usr/local/pf/bin# ./pfcmd version
>>>>> PacketFence 11.1.0
>>>>>
>>>>> Thanks in advance,
>>>>> - Arun
>>>>> ___
>>>>> PacketFence-users mailing list
>>>>> PacketFence-users@lists.sourceforge.net
>>>>>
>>>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!CwoHzpvXlN9fV0uLrnxNT2yE9mFbVtRkEY47w_s_Jy7S2d8MsvI9Rd3HVEmQPA4Z$
>>>>>
>>>>>
>>>>> 
>>>>
>>>>
>>>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Node search is very slow from GUI on version 11.0.0

[Arun Kangle via PacketFence-users]

Now I started getting the message "Request Failed with Status code 504" but
i still can search users from "pfcmd" cli without any issue.

Thanks,
- Arun

On Tue, Nov 30, 2021 at 7:42 AM Arun Kangle  wrote:

> Hello Ludovic,
> Any update on this please?
>
> Thanks,
> - Arun
>
> On Tue, Nov 23, 2021 at 7:19 PM Arun Kangle  wrote:
>
>> >>>select count(1) from node;
>>
>> MariaDB [(none)]> use pf
>> Reading table information for completion of table and column names
>> You can turn off this feature to get a quicker startup with -A
>>
>> Database changed
>> MariaDB [pf]> select count(1) from node;
>> +--+
>> | count(1) |
>> +--+
>> |   69 |
>> +--+
>> 1 row in set (0.000 sec)
>>
>> MariaDB [pf]>
>>
>> I am running it as a VM with 4 vCPU 16Gig RAM and 110GB Disk
>>
>> Thanks,
>> - Arun
>>
>> On Tue, Nov 23, 2021 at 6:55 PM Zammit, Ludovic 
>> wrote:
>>
>>> Hello Arun,
>>>
>>> You can connect to the database and run that command:
>>>
>>> select count(1) from node;
>>>
>>> What are the specs on your servers? CPU, RAM and disk.
>>>
>>> Thanks,
>>>
>>> *Ludovic Zammit*
>>> *Product Support Engineer Principal*
>>> *Cell:* +1.613.670.8432
>>> Akamai Technologies - Inverse
>>> 145 Broadway
>>> Cambridge, MA 02142
>>> Connect with Us: <https://community.akamai.com>
>>> <http://blogs.akamai.com> <https://twitter.com/akamai>
>>> <http://www.facebook.com/AkamaiTechnologies>
>>> <http://www.linkedin.com/company/akamai-technologies>
>>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>>>
>>> On Nov 23, 2021, at 4:55 AM, Arun Kangle  wrote:
>>>
>>> Hi Ludovic,
>>> PFA screenshot. It took around 32 Seconds to search that user.
>>>
>>> For total count, I am getting below error:
>>>
>>> root@aolicnac:~# /usr/local/pf/bin/pfcmd node count all
>>> Use of uninitialized value in join or string at
>>> /usr/local/pf/lib_perl/lib/perl5/SQL/Abstract/Classic.pm line 1386.
>>> nb
>>>
>>> On Mon, Nov 22, 2021 at 11:53 PM Zammit, Ludovic 
>>> wrote:
>>>
>>>> Hello Arun,
>>>>
>>>> How many device you have in the database ?
>>>>
>>>> Can you take a screenshot of your node search ?
>>>>
>>>> Thanks,
>>>>
>>>> *Ludovic Zammit*
>>>> *Product Support Engineer Principal*
>>>> *Cell:* +1.613.670.8432
>>>> Akamai Technologies - Inverse
>>>> 145 Broadway
>>>> Cambridge, MA 02142
>>>> Connect with Us: <https://community.akamai.com/>
>>>> <http://blogs.akamai.com/>
>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfK2klThA$>
>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf1yplVhg$>
>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfyTDbOew$>
>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf4YbWArw$>
>>>>
>>>> On Nov 19, 2021, at 1:23 AM, Arun Kangle via PacketFence-users <
>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>
>>>> Hello All,
>>>> I recently upgraded to 11.0.0 (now to 11.1.0) from 10.3.0. Upgrade went
>>>> fine and everything else works fine but Node search has become very slow.
>>>> The first page (row length set to 10) itself takes very long and then
>>>> equal long time to make any other search.
>>>>
>>>> Search is faster from CLI using the pfcmd command.
>>>>
>>>> Has anyone else faced this problem? If yes, any pointers on how to make
>>>> it fast?
>>>>
>>>> root@aolicnac:/usr/local/pf/bin# cat /etc/debian_version
>>>> 11.1
>>>> root@aolicnac:/usr/local/pf/bin# ./pfcmd version
>>>> PacketFence 11.1.0
>>>>
>>>> Thanks in advance,
>>>> - Arun
>>>> ___
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>>
>>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!CwoHzpvXlN9fV0uLrnxNT2yE9mFbVtRkEY47w_s_Jy7S2d8MsvI9Rd3HVEmQPA4Z$
>>>>
>>>>
>>>> 
>>>
>>>
>>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Node search is very slow from GUI on version 11.0.0

[Arun Kangle via PacketFence-users]

Hello Ludovic,
Any update on this please?

Thanks,
- Arun

On Tue, Nov 23, 2021 at 7:19 PM Arun Kangle  wrote:

> >>>select count(1) from node;
>
> MariaDB [(none)]> use pf
> Reading table information for completion of table and column names
> You can turn off this feature to get a quicker startup with -A
>
> Database changed
> MariaDB [pf]> select count(1) from node;
> +--+
> | count(1) |
> +--+
> |   69 |
> +--+
> 1 row in set (0.000 sec)
>
> MariaDB [pf]>
>
> I am running it as a VM with 4 vCPU 16Gig RAM and 110GB Disk
>
> Thanks,
> - Arun
>
> On Tue, Nov 23, 2021 at 6:55 PM Zammit, Ludovic 
> wrote:
>
>> Hello Arun,
>>
>> You can connect to the database and run that command:
>>
>> select count(1) from node;
>>
>> What are the specs on your servers? CPU, RAM and disk.
>>
>> Thanks,
>>
>> *Ludovic Zammit*
>> *Product Support Engineer Principal*
>> *Cell:* +1.613.670.8432
>> Akamai Technologies - Inverse
>> 145 Broadway
>> Cambridge, MA 02142
>> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com>
>> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
>> <http://www.linkedin.com/company/akamai-technologies>
>> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>>
>> On Nov 23, 2021, at 4:55 AM, Arun Kangle  wrote:
>>
>> Hi Ludovic,
>> PFA screenshot. It took around 32 Seconds to search that user.
>>
>> For total count, I am getting below error:
>>
>> root@aolicnac:~# /usr/local/pf/bin/pfcmd node count all
>> Use of uninitialized value in join or string at
>> /usr/local/pf/lib_perl/lib/perl5/SQL/Abstract/Classic.pm line 1386.
>> nb
>>
>> On Mon, Nov 22, 2021 at 11:53 PM Zammit, Ludovic 
>> wrote:
>>
>>> Hello Arun,
>>>
>>> How many device you have in the database ?
>>>
>>> Can you take a screenshot of your node search ?
>>>
>>> Thanks,
>>>
>>> *Ludovic Zammit*
>>> *Product Support Engineer Principal*
>>> *Cell:* +1.613.670.8432
>>> Akamai Technologies - Inverse
>>> 145 Broadway
>>> Cambridge, MA 02142
>>> Connect with Us: <https://community.akamai.com/>
>>> <http://blogs.akamai.com/>
>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfK2klThA$>
>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf1yplVhg$>
>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfyTDbOew$>
>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf4YbWArw$>
>>>
>>> On Nov 19, 2021, at 1:23 AM, Arun Kangle via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
>>> Hello All,
>>> I recently upgraded to 11.0.0 (now to 11.1.0) from 10.3.0. Upgrade went
>>> fine and everything else works fine but Node search has become very slow.
>>> The first page (row length set to 10) itself takes very long and then
>>> equal long time to make any other search.
>>>
>>> Search is faster from CLI using the pfcmd command.
>>>
>>> Has anyone else faced this problem? If yes, any pointers on how to make
>>> it fast?
>>>
>>> root@aolicnac:/usr/local/pf/bin# cat /etc/debian_version
>>> 11.1
>>> root@aolicnac:/usr/local/pf/bin# ./pfcmd version
>>> PacketFence 11.1.0
>>>
>>> Thanks in advance,
>>> - Arun
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>>
>>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!CwoHzpvXlN9fV0uLrnxNT2yE9mFbVtRkEY47w_s_Jy7S2d8MsvI9Rd3HVEmQPA4Z$
>>>
>>>
>>> 
>>
>>
>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Node search is very slow from GUI on version 11.0.0

[Arun Kangle via PacketFence-users]

>>>select count(1) from node;

MariaDB [(none)]> use pf
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [pf]> select count(1) from node;
+--+
| count(1) |
+--+
|   69 |
+--+
1 row in set (0.000 sec)

MariaDB [pf]>

I am running it as a VM with 4 vCPU 16Gig RAM and 110GB Disk

Thanks,
- Arun

On Tue, Nov 23, 2021 at 6:55 PM Zammit, Ludovic  wrote:

> Hello Arun,
>
> You can connect to the database and run that command:
>
> select count(1) from node;
>
> What are the specs on your servers? CPU, RAM and disk.
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com>
> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
> <http://www.linkedin.com/company/akamai-technologies>
> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>
> On Nov 23, 2021, at 4:55 AM, Arun Kangle  wrote:
>
> Hi Ludovic,
> PFA screenshot. It took around 32 Seconds to search that user.
>
> For total count, I am getting below error:
>
> root@aolicnac:~# /usr/local/pf/bin/pfcmd node count all
> Use of uninitialized value in join or string at
> /usr/local/pf/lib_perl/lib/perl5/SQL/Abstract/Classic.pm line 1386.
> nb
>
> On Mon, Nov 22, 2021 at 11:53 PM Zammit, Ludovic 
> wrote:
>
>> Hello Arun,
>>
>> How many device you have in the database ?
>>
>> Can you take a screenshot of your node search ?
>>
>> Thanks,
>>
>> *Ludovic Zammit*
>> *Product Support Engineer Principal*
>> *Cell:* +1.613.670.8432
>> Akamai Technologies - Inverse
>> 145 Broadway
>> Cambridge, MA 02142
>> Connect with Us: <https://community.akamai.com/>
>> <http://blogs.akamai.com/>
>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfK2klThA$>
>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf1yplVhg$>
>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3UfyTDbOew$>
>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ezf_4HdrM807WGVSjF3YNUUn3uX7CTB9fkXPhJ5qiY1cNr0A0Hmv3Uf4YbWArw$>
>>
>> On Nov 19, 2021, at 1:23 AM, Arun Kangle via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>> Hello All,
>> I recently upgraded to 11.0.0 (now to 11.1.0) from 10.3.0. Upgrade went
>> fine and everything else works fine but Node search has become very slow.
>> The first page (row length set to 10) itself takes very long and then
>> equal long time to make any other search.
>>
>> Search is faster from CLI using the pfcmd command.
>>
>> Has anyone else faced this problem? If yes, any pointers on how to make
>> it fast?
>>
>> root@aolicnac:/usr/local/pf/bin# cat /etc/debian_version
>> 11.1
>> root@aolicnac:/usr/local/pf/bin# ./pfcmd version
>> PacketFence 11.1.0
>>
>> Thanks in advance,
>> - Arun
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>>
>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!CwoHzpvXlN9fV0uLrnxNT2yE9mFbVtRkEY47w_s_Jy7S2d8MsvI9Rd3HVEmQPA4Z$
>>
>>
>> 
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Node search is very slow from GUI on version 11.0.0

[Arun Kangle via PacketFence-users]

Hello All,
I recently upgraded to 11.0.0 (now to 11.1.0) from 10.3.0. Upgrade went
fine and everything else works fine but Node search has become very slow.
The first page (row length set to 10) itself takes very long and then
equal long time to make any other search.

Search is faster from CLI using the pfcmd command.

Has anyone else faced this problem? If yes, any pointers on how to make it
fast?

root@aolicnac:/usr/local/pf/bin# cat /etc/debian_version
11.1
root@aolicnac:/usr/local/pf/bin# ./pfcmd version
PacketFence 11.1.0

Thanks in advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] How user can deregister old node when "max nodes per pid met or exceeded"

[Arun Kangle via PacketFence-users]

Hello All,
Sending this for the archive purpose.

Thanks to Fabrice for helping me with this.

Problem statement:
In my setup, users are allowed to have only 1 device, so I wanted to
trigger a custom security event when "max nodes per pid met or exceeded",
move the new node to the isolation vlan so that the user can deregister old
node to proceed.

Solution:
1) Patch the trigger.pm with attached file (max_node,diff):
cd /usr/local/pf
patch -p1 --dry-run < max_node.diff
if there is no error:
patch -p1 < max_node.diff

2) Patch the role.pm with below code:

 https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/role.pm#L708

my $open_security_event_count =
pf::security_event::security_event_count_reevaluate_access($args->{'mac'});
if ($open_security_event_count != 0) {
return $FALSE;
}


3) Restart packetfence:

4) Configure the security event:

If you are doing auto registration. You need to trigger the security event
with action isolate.
Then create a vlan filter that disables the autoregistration if the
security event is open for this device.

Then the first request will be rejected (security event triggered) and once
the device reconnects it will go in the isolation vlan.

Vlan filter:

[Disable_Auto_reg]
description=Disable Auto Reg on security event
run_actions=enabled
status=enabled
condition=security_event.id == "309"
top_op=and
scopes=AutoRegister
role=REJECT

Security event:

[309]
trigger=internal::is_max_reg_nodes_reached
desc=Max node
access_duration=12h
actions=reevaluate_access
window=5m
enabled=Y

Set the window to 5 minutes , so when the user connects and triggers the
security event, it has 5 minutes to unregister the old node and when 5
minutes passed then he will be able to login.

Thanks,
- Arun


max_node.diff
Description: Binary data
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Custom Security Event

[Arun Kangle via PacketFence-users]

n_type => Wireless-802.11-EAP,switch_mac =>
>>>> (00:4e:35:cc:8d:ee), mac => [38:ba:f8:de:a7:10], port => 0, username =>
>>>> "hodtest", ssid => aolicnet (pf::radius::authorize)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> INFO: [mac:38:ba:f8:de:a7:10] Instantiate profile dot1x-eap
>>>> (pf::Connection::ProfileFactory::_from_profile)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> INFO: [mac:38:ba:f8:de:a7:10] Found authentication source(s) :
>>>> 'set-group-based-role' for realm 'null'
>>>> (pf::config::util::filter_authentication_sources)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> INFO: [mac:38:ba:f8:de:a7:10] Using sources set-group-based-role for
>>>> matching (pf::authentication::match2)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> WARN: [mac:38:ba:f8:de:a7:10] [set-group-based-role set-role-Bypassed]
>>>> Searching for
>>>> (&(sAMAccountName=hodtest)(memberOf=CN=Bypassed,OU=AOL-Group,DC=AOLIC,DC=NET)),
>>>> from DC=AOLIC,DC=NET, with scope sub
>>>> (pf::Authentication::Source::LDAPSource::match_in_subclass)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> WARN: [mac:38:ba:f8:de:a7:10] [set-group-based-role set-role-HOD] Searching
>>>> for
>>>> (&(sAMAccountName=hodtest)(memberOf=CN=HOD,OU=AOL-Group,DC=AOLIC,DC=NET)),
>>>> from DC=AOLIC,DC=NET, with scope sub
>>>> (pf::Authentication::Source::LDAPSource::match_in_subclass)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> INFO: [mac:38:ba:f8:de:a7:10] Matched rule (set-role-HOD) in source
>>>> set-group-based-role, returning actions.
>>>> (pf::Authentication::Source::match_rule)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> INFO: [mac:38:ba:f8:de:a7:10] Matched rule (set-role-HOD) in source
>>>> set-group-based-role, returning actions. 
>>>> (pf::Authentication::Source::match)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> INFO: [mac:38:ba:f8:de:a7:10] per-role max nodes per-user limit reached: 1
>>>> are already registered to pid hodtest for role HOD
>>>> (pf::node::is_max_reg_nodes_reached)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> WARN: [mac:38:ba:f8:de:a7:10] Unable to pull accounting history for device
>>>> 38:ba:f8:de:a7:10. The history set doesn't exist yet.
>>>> (pf::accounting_events_history::latest_mac_history)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> INFO: [mac:38:ba:f8:de:a7:10] security_event 308 (trigger
>>>> internal::is_max_reg_nodes_reached) already exists for 38:ba:f8:de:a7:10,
>>>> not adding again (pf::security_event::security_event_trigger)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> ERROR: [mac:38:ba:f8:de:a7:10] max nodes per pid met or exceeded -
>>>> registration of 38:ba:f8:de:a7:10 to hodtest failed
>>>> (pf::registration::setup_node_for_registration)
>>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>>> ERROR: [mac:38:ba:f8:de:a7:10] auto-registration of node failed max nodes
>>>> per pid met or exceeded (pf::radius::authorize)
>>>>
>>>>
>>>> On Mon, Sep 13, 2021 at 1:33 PM Arun Kangle  wrote:
>>>>
>>>>> Thanks a lot for your help Fabrice. I patched my server. Will do some
>>>>> testing and let you know.
>>>>>
>>>>> Regards,
>>>>> - Arun
>>>>>
>>>>> On Mon, Sep 13, 2021 at 5:56 AM Fabrice Durand 
>>>>> wrote:
>>>>>
>>>>>> Hello Arun,
>>>>>>
>>>>>> try that.
>>>>>> cd /usr/local/pf
>>>>>> patch -p1 --dry-run < max_node.diff
>>>>>> if there is no error:
>>>>>> patch -p1 < max_node.diff
>>>>>>
>>>>>> Then restart packetfence.
>>>>>>
>>>>>> Regards
>>>>>> Fabrice
>>>>>>
>>>>>> Le sam. 11 sept. 2021 à 10:40, Arun Kangle  a
>>>>>> écrit :
>>>>>>
>>>>>>> Hi Fabrice,
>>>>>>> Thanks for your reply. I will need help on this.
>>>>>>>
>>>>>>> Thanks again,
>>>>>>> - Arun
>>>>>>>
>>>>>>> On Sat, Sep 11, 2021 at 7:25 AM Fabrice Durand 
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hello Arun,
>>>>>>>>
>>>>>>>> there is no security event that trigger that but it´s not something
>>>>>>>> really complicate to add in packetfence.
>>>>>>>>
>>>>>>>> If you look at is_max_reg_nodes_reached in node.pm, you can
>>>>>>>> trigger a security event from there.
>>>>>>>>
>>>>>>>> Let me know if you need help on that, it won´t take me so much time
>>>>>>>> to code it.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> Fabrice
>>>>>>>>
>>>>>>>>
>>>>>>>> Le mer. 25 août 2021 à 05:54, Arun Kangle via PacketFence-users <
>>>>>>>> packetfence-users@lists.sourceforge.net> a écrit :
>>>>>>>>
>>>>>>>>> Hello All,
>>>>>>>>> I went through the install guide and this list but I did not find
>>>>>>>>> information on how to configure a customer security event.
>>>>>>>>> Basically I wanted to trigger a custom security event when " max
>>>>>>>>> nodes per pid met or exceeded" and move the node to the isolation 
>>>>>>>>> vlan so
>>>>>>>>> that the user can deregister one of the nodes to proceed.
>>>>>>>>>
>>>>>>>>> Thanks on advance,
>>>>>>>>> - Arun
>>>>>>>>> ___
>>>>>>>>> PacketFence-users mailing list
>>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>
>>>>>>>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Custom Security Event

[Arun Kangle via PacketFence-users]

Group,DC=AOLIC,DC=NET)),
>> from DC=AOLIC,DC=NET, with scope sub
>> (pf::Authentication::Source::LDAPSource::match_in_subclass)
>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>> INFO: [mac:38:ba:f8:de:a7:10] Matched rule (set-role-HOD) in source
>> set-group-based-role, returning actions.
>> (pf::Authentication::Source::match_rule)
>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>> INFO: [mac:38:ba:f8:de:a7:10] Matched rule (set-role-HOD) in source
>> set-group-based-role, returning actions. (pf::Authentication::Source::match)
>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>> INFO: [mac:38:ba:f8:de:a7:10] per-role max nodes per-user limit reached: 1
>> are already registered to pid hodtest for role HOD
>> (pf::node::is_max_reg_nodes_reached)
>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>> WARN: [mac:38:ba:f8:de:a7:10] Unable to pull accounting history for device
>> 38:ba:f8:de:a7:10. The history set doesn't exist yet.
>> (pf::accounting_events_history::latest_mac_history)
>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>> INFO: [mac:38:ba:f8:de:a7:10] security_event 308 (trigger
>> internal::is_max_reg_nodes_reached) already exists for 38:ba:f8:de:a7:10,
>> not adding again (pf::security_event::security_event_trigger)
>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>> ERROR: [mac:38:ba:f8:de:a7:10] max nodes per pid met or exceeded -
>> registration of 38:ba:f8:de:a7:10 to hodtest failed
>> (pf::registration::setup_node_for_registration)
>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>> ERROR: [mac:38:ba:f8:de:a7:10] auto-registration of node failed max nodes
>> per pid met or exceeded (pf::radius::authorize)
>>
>>
>> On Mon, Sep 13, 2021 at 1:33 PM Arun Kangle  wrote:
>>
>>> Thanks a lot for your help Fabrice. I patched my server. Will do some
>>> testing and let you know.
>>>
>>> Regards,
>>> - Arun
>>>
>>> On Mon, Sep 13, 2021 at 5:56 AM Fabrice Durand 
>>> wrote:
>>>
>>>> Hello Arun,
>>>>
>>>> try that.
>>>> cd /usr/local/pf
>>>> patch -p1 --dry-run < max_node.diff
>>>> if there is no error:
>>>> patch -p1 < max_node.diff
>>>>
>>>> Then restart packetfence.
>>>>
>>>> Regards
>>>> Fabrice
>>>>
>>>> Le sam. 11 sept. 2021 à 10:40, Arun Kangle  a
>>>> écrit :
>>>>
>>>>> Hi Fabrice,
>>>>> Thanks for your reply. I will need help on this.
>>>>>
>>>>> Thanks again,
>>>>> - Arun
>>>>>
>>>>> On Sat, Sep 11, 2021 at 7:25 AM Fabrice Durand 
>>>>> wrote:
>>>>>
>>>>>> Hello Arun,
>>>>>>
>>>>>> there is no security event that trigger that but it´s not something
>>>>>> really complicate to add in packetfence.
>>>>>>
>>>>>> If you look at is_max_reg_nodes_reached in node.pm, you can trigger
>>>>>> a security event from there.
>>>>>>
>>>>>> Let me know if you need help on that, it won´t take me so much time
>>>>>> to code it.
>>>>>>
>>>>>> Regards
>>>>>> Fabrice
>>>>>>
>>>>>>
>>>>>> Le mer. 25 août 2021 à 05:54, Arun Kangle via PacketFence-users <
>>>>>> packetfence-users@lists.sourceforge.net> a écrit :
>>>>>>
>>>>>>> Hello All,
>>>>>>> I went through the install guide and this list but I did not find
>>>>>>> information on how to configure a customer security event.
>>>>>>> Basically I wanted to trigger a custom security event when " max
>>>>>>> nodes per pid met or exceeded" and move the node to the isolation vlan 
>>>>>>> so
>>>>>>> that the user can deregister one of the nodes to proceed.
>>>>>>>
>>>>>>> Thanks on advance,
>>>>>>> - Arun
>>>>>>> ___
>>>>>>> PacketFence-users mailing list
>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>
>>>>>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Custom Security Event

[Arun Kangle via PacketFence-users]

)
>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>> INFO: [mac:38:ba:f8:de:a7:10] Matched rule (set-role-HOD) in source
>>> set-group-based-role, returning actions. (pf::Authentication::Source::match)
>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>> INFO: [mac:38:ba:f8:de:a7:10] per-role max nodes per-user limit reached: 1
>>> are already registered to pid hodtest for role HOD
>>> (pf::node::is_max_reg_nodes_reached)
>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>> WARN: [mac:38:ba:f8:de:a7:10] Unable to pull accounting history for device
>>> 38:ba:f8:de:a7:10. The history set doesn't exist yet.
>>> (pf::accounting_events_history::latest_mac_history)
>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>> INFO: [mac:38:ba:f8:de:a7:10] security_event 308 (trigger
>>> internal::is_max_reg_nodes_reached) already exists for 38:ba:f8:de:a7:10,
>>> not adding again (pf::security_event::security_event_trigger)
>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>> ERROR: [mac:38:ba:f8:de:a7:10] max nodes per pid met or exceeded -
>>> registration of 38:ba:f8:de:a7:10 to hodtest failed
>>> (pf::registration::setup_node_for_registration)
>>> Sep 13 22:27:49 aolicnac packetfence_httpd.aaa[3379]: httpd.aaa(2029)
>>> ERROR: [mac:38:ba:f8:de:a7:10] auto-registration of node failed max nodes
>>> per pid met or exceeded (pf::radius::authorize)
>>>
>>>
>>> On Mon, Sep 13, 2021 at 1:33 PM Arun Kangle  wrote:
>>>
>>>> Thanks a lot for your help Fabrice. I patched my server. Will do some
>>>> testing and let you know.
>>>>
>>>> Regards,
>>>> - Arun
>>>>
>>>> On Mon, Sep 13, 2021 at 5:56 AM Fabrice Durand 
>>>> wrote:
>>>>
>>>>> Hello Arun,
>>>>>
>>>>> try that.
>>>>> cd /usr/local/pf
>>>>> patch -p1 --dry-run < max_node.diff
>>>>> if there is no error:
>>>>> patch -p1 < max_node.diff
>>>>>
>>>>> Then restart packetfence.
>>>>>
>>>>> Regards
>>>>> Fabrice
>>>>>
>>>>> Le sam. 11 sept. 2021 à 10:40, Arun Kangle  a
>>>>> écrit :
>>>>>
>>>>>> Hi Fabrice,
>>>>>> Thanks for your reply. I will need help on this.
>>>>>>
>>>>>> Thanks again,
>>>>>> - Arun
>>>>>>
>>>>>> On Sat, Sep 11, 2021 at 7:25 AM Fabrice Durand 
>>>>>> wrote:
>>>>>>
>>>>>>> Hello Arun,
>>>>>>>
>>>>>>> there is no security event that trigger that but it´s not something
>>>>>>> really complicate to add in packetfence.
>>>>>>>
>>>>>>> If you look at is_max_reg_nodes_reached in node.pm, you can trigger
>>>>>>> a security event from there.
>>>>>>>
>>>>>>> Let me know if you need help on that, it won´t take me so much time
>>>>>>> to code it.
>>>>>>>
>>>>>>> Regards
>>>>>>> Fabrice
>>>>>>>
>>>>>>>
>>>>>>> Le mer. 25 août 2021 à 05:54, Arun Kangle via PacketFence-users <
>>>>>>> packetfence-users@lists.sourceforge.net> a écrit :
>>>>>>>
>>>>>>>> Hello All,
>>>>>>>> I went through the install guide and this list but I did not find
>>>>>>>> information on how to configure a customer security event.
>>>>>>>> Basically I wanted to trigger a custom security event when " max
>>>>>>>> nodes per pid met or exceeded" and move the node to the isolation vlan 
>>>>>>>> so
>>>>>>>> that the user can deregister one of the nodes to proceed.
>>>>>>>>
>>>>>>>> Thanks on advance,
>>>>>>>> - Arun
>>>>>>>> ___
>>>>>>>> PacketFence-users mailing list
>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>
>>>>>>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issue I noticed upgrading to v11

[Arun Kangle via PacketFence-users]

Hi Nicolas,
I copied the fingerbank key manually to the new installation, after that
it's working fine.
Are you going to provide a patch for issue [2]? If yes then with v11.0 do i
need to use "pf-main.pl" or follow a different procedure once patch is
ready.

Thanks,
- Arun

On Wed, Sep 15, 2021 at 6:53 PM Quiniou-Briand, Nicolas via
PacketFence-users  wrote:

> Hello Arun and Cristian,
>
>
>
> Thanks for your feedback.
>
> I opened following issue [1]
>
> @Arun,
>
>
>
> > On GUI I see many services are not running (pid 0) but they are
> showing as running (green tick). Please see attached screenshot.
>
>
>
> Certainly this issue [2]
>
>
>
> Regarding fingerbank-collector state, it is certainly not starting because
> Fingerbank API key has not been imported due to [2].
>
>
>
> [1] https://github.com/inverse-inc/packetfence/issues/6579
>
> [2] https://github.com/inverse-inc/packetfence/issues/4817
>
>
>
> *Nicolas Quiniou-Briand*
> *Product Support Engineer*
>
> *Office:* +33156696210
>
> Akamai Technologies
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
>   
>   
>   
> 
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Custom Security Event

[Arun Kangle via PacketFence-users]

Thanks a lot for your help Fabrice. I patched my server. Will do some
testing and let you know.

Regards,
- Arun

On Mon, Sep 13, 2021 at 5:56 AM Fabrice Durand  wrote:

> Hello Arun,
>
> try that.
> cd /usr/local/pf
> patch -p1 --dry-run < max_node.diff
> if there is no error:
> patch -p1 < max_node.diff
>
> Then restart packetfence.
>
> Regards
> Fabrice
>
> Le sam. 11 sept. 2021 à 10:40, Arun Kangle  a écrit :
>
>> Hi Fabrice,
>> Thanks for your reply. I will need help on this.
>>
>> Thanks again,
>> - Arun
>>
>> On Sat, Sep 11, 2021 at 7:25 AM Fabrice Durand 
>> wrote:
>>
>>> Hello Arun,
>>>
>>> there is no security event that trigger that but it´s not something
>>> really complicate to add in packetfence.
>>>
>>> If you look at is_max_reg_nodes_reached in node.pm, you can trigger a
>>> security event from there.
>>>
>>> Let me know if you need help on that, it won´t take me so much time to
>>> code it.
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le mer. 25 août 2021 à 05:54, Arun Kangle via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> a écrit :
>>>
>>>> Hello All,
>>>> I went through the install guide and this list but I did not find
>>>> information on how to configure a customer security event.
>>>> Basically I wanted to trigger a custom security event when " max nodes
>>>> per pid met or exceeded" and move the node to the isolation vlan so that
>>>> the user can deregister one of the nodes to proceed.
>>>>
>>>> Thanks on advance,
>>>> - Arun
>>>> ___
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Custom Security Event

[Arun Kangle via PacketFence-users]

Hi Fabrice,
Thanks for your reply. I will need help on this.

Thanks again,
- Arun

On Sat, Sep 11, 2021 at 7:25 AM Fabrice Durand  wrote:

> Hello Arun,
>
> there is no security event that trigger that but it´s not something really
> complicate to add in packetfence.
>
> If you look at is_max_reg_nodes_reached in node.pm, you can trigger a
> security event from there.
>
> Let me know if you need help on that, it won´t take me so much time to
> code it.
>
> Regards
> Fabrice
>
>
> Le mer. 25 août 2021 à 05:54, Arun Kangle via PacketFence-users <
> packetfence-users@lists.sourceforge.net> a écrit :
>
>> Hello All,
>> I went through the install guide and this list but I did not find
>> information on how to configure a customer security event.
>> Basically I wanted to trigger a custom security event when " max nodes
>> per pid met or exceeded" and move the node to the isolation vlan so that
>> the user can deregister one of the nodes to proceed.
>>
>> Thanks on advance,
>> - Arun
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Custom Security Event

[Arun Kangle via PacketFence-users]

Hello All,
I went through the install guide and this list but I did not find
information on how to configure a customer security event.
Basically I wanted to trigger a custom security event when " max nodes per
pid met or exceeded" and move the node to the isolation vlan so that the
user can deregister one of the nodes to proceed.

Thanks on advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Backup failed when MariaDB-Backup application is used

[Arun Kangle via PacketFence-users]

Thanks a lot. Will update once i verify it.

On Wed, Jul 7, 2021 at 3:10 PM Quiniou-Briand, Nicolas 
wrote:

> Hello,
>
>
>
> I opened following issue [1] and fixed it in [2].
>
>
>
> Fix will be available through maintenance patches when following pipeline
> finished [3].
>
>
>
> You will also have to apply manually new privileges manually to ‘pf’ user
> using following instructions [4].
>
>
>
> Good luck!
>
>
>
> [1] https://github.com/inverse-inc/packetfence/issues/6424
>
> [2] https://github.com/inverse-inc/packetfence/pull/6425
>
> [3] https://gitlab.com/inverse-inc/packetfence/-/pipelines/333081831
>
> [4]
> https://github.com/inverse-inc/packetfence/blob/668c4c65ab29fc75c69c2e506fa7eacca5548dc6/docs/installation/performance_optimizations.asciidoc#using-mariadb-backup
>
>
>
> *Nicolas Quiniou-Briand*
> *Product Support Engineer*
>
> *Office:* +33156696210
>
> Akamai Technologies
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
>   
>   
>   
> 
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Backup failed when MariaDB-Backup application is used

[Arun Kangle via PacketFence-users]

Hi Nicolas,
Thanks for your reply.

As explained above, I installed the MariaDB-backup application following
the documentation as per install guide:

# yum install MariaDB-backup --enablerepo=packetfence

Given permission to the user 'pf' as per install guide:

[root@nac ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 17462
Server version: 10.2.37-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

MariaDB [(none)]> GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO
'pf'@'localhost';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye
[root@nac ~]#

And after that ran the maintenance script
"/usr/local/pf/addons/backup-and-maintenance.sh" to start the backup.

Here is the o/p from console and log:

[root@nac ~]# /usr/local/pf/addons/backup-and-maintenance.sh
/root/backup/ , folder already created.

tar: Removing leading `/' from member names
tar: Removing leading `/' from hard link targets
packetfence-files-dump have been created in  /root/backup/

packetfence-files-dump older than 7 days have been removed.

Database backup will start
Mariabackup is available. Will proceed using it for DB backup to avoid
locking tables and easier recovery process.

Not a Galera cluster, nothing to stop
task bandwidth_maintenance_session finished
mariabackup was not successful.
Not a Galera cluster, nothing to reenable
[root@nac ~]#
[root@nac ~]#
[root@nac ~]# cat /usr/local/pf/logs/innobackup.log
[00] 2021-07-05 19:53:30 Connecting to MySQL server host: localhost, user:
, password: set, port: not set, socket: not set
[00] 2021-07-05 19:53:30 Failed to connect to MySQL server: Access denied
for user ''@'localhost' (using password: NO).
- Backup started on 2021-07-06_00h30 -
[00] 2021-07-06 00:30:30 Connecting to MySQL server host: localhost, user:
, password: set, port: not set, socket: not set
[00] 2021-07-06 00:30:30 Failed to connect to MySQL server: Access denied
for user ''@'localhost' (using password: NO).
- Backup started on 2021-07-06_14h18 -
[00] 2021-07-06 14:18:35 Connecting to MySQL server host: localhost, user:
, password: set, port: not set, socket: not set
[00] 2021-07-06 14:18:35 Failed to connect to MySQL server: Access denied
for user ''@'localhost' (using password: NO).
[root@nac ~]#

Thanks,
- Arun

On Tue, Jul 6, 2021 at 11:10 AM Quiniou-Briand, Nicolas 
wrote:

> Hello Arun,
>
>
>
> How are you doing your backup with MariaDB-backup ?
>
> Please provide a Minimal, Complete and Verifiable example [1]
>
>
>
> [1] https://stackoverflow.com/help/minimal-reproducible-example
>
>
>
> *Nicolas Quiniou-Briand*
> *Product Support Engineer*
>
> *Office:* +33156696210
>
> Akamai Technologies
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
>   
>   
>   
> 
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Backup failed when MariaDB-Backup application is used

[Arun Kangle via PacketFence-users]

Hello All,
I followed the procedure as per installation guide below:

yum install MariaDB-backup --enablerepo=packetfence

mysql -u root -p
MariaDB> GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'pf'@
'localhost';
MariaDB> FLUSH PRIVILEGES;

but backup fails with below reason [o/p of innobackup.log]:

- Backup started on 2021-07-05_19h53 -
[00] 2021-07-05 19:53:30 Connecting to MySQL server host: localhost, user:
, password: set, port: not set, socket: not set
[00] 2021-07-05 19:53:30 Failed to connect to MySQL server: Access denied
for user ''@'localhost' (using password: NO).

What else am I missing?

mysqldump works fine using the default script to take backup.

Thanks in advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Sponsor bases role setting for a guest

[Arun Kangle via PacketFence-users]

Thanks Nicolas for the options. I think I will have to announce multiple
SSID and map a portal moulde to it.

On Mon, Jun 28, 2021 at 5:28 PM Quiniou-Briand, Nicolas 
wrote:

> Hello Arun,
>
>
>
> I don’t think we support this use case.
>
>
>
> > Any alternate solution is welcome.
>
>
>
> What you can do is to define several rules on your sponsor source OR
> define several sources which are used by specific portal modules depending
> on guests.
>
>
>
> *Nicolas Quiniou-Briand*
> *Product Support Engineer*
>
> *Office:* +33156696210
>
> Akamai Technologies
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
>   
>   
>   
> 
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Sponsor bases role setting for a guest

[Arun Kangle via PacketFence-users]

Hi All,
Is there a way to set a role, in addition to set duration by a sponsor? I
need it for following reason:

Problem definition :
We are a NGO with limited internet bandwidth, so we apply policies using FW
to limit guests on what applications they can use. For example, the guest1
category  can use only Gmail but not youtube or Facebook, but the guest2
category can access youtube and all social media apps.

Expected solution:
Guests will fill up the same form online. Sponsor will be able to set the
duration and category (the guest1 category to be say Role-25(VLAN 25) and
the guest2 category to be say Role-26(VLAN 26)), so that I can apply subnet
based policies in FW.

Any alternate solution is welcome.

Thanks in advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to set switch-port filer in connection profile

[Arun Kangle via PacketFence-users]

Let me double check and get back to you as I think that options didn't work
for me earlier.

Thanks and regards,
- Arun

On Mon, Jun 14, 2021 at 7:35 PM Quiniou-Briand, Nicolas 
wrote:

> > So I wanted to know which option should be used in 10.3.0?
>
>
>
> It should be “Port”.
>
>
>
> *Nicolas Quiniou-Briand*
> *Product Support Engineer*
>
> *Office:* +33156696210
>
> Akamai Technologies
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
>   
>   
>   
> 
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] How to set switch-port filer in connection profile

[Arun Kangle via PacketFence-users]

Hello All,
I am using packetfence version 10.3.0

According to documentation I could set a filter in connection profile to
match on a specific switch pot: -. Which "match" criteria
should be selected for this?

Thanks in advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Firewall SSO failure

[Arun Kangle via PacketFence-users]

Thanks for quick response Nicolas,
I deleted the FW definition and created a new one, it worked after that.
Could be one of the issue as you mentioned.

Thanks,
- Arun

On Thu, Jun 10, 2021 at 5:55 PM Quiniou-Briand, Nicolas via
PacketFence-users  wrote:

> Hello,
>
>
>
> You can try to:
>
> * remove any networks defined: all networks will match
>
> * add a network which matched DHCP subnet of UoC-Guest users
>
>
>
> If you specify something and it doesn’t match, PacketFence will not send
> SSO update.
>
>
>
> Could you also to try to switch log level from INFO to DEBUG in
> /usr/local/pf/conf/caddy-services/pfsso.conf ? Once done, restart
> packetfence-pfsso service.
>
>
>
>
>
> *Nicolas Quiniou-Briand*
> *Product Support Engineer*
>
> *Office:* +33156696210
>
> Akamai Technologies
> 145 Broadway
> Cambridge, MA 02142
>
> Connect with Us:
>
>   
>   
>   
> 
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Captive portal issue

[Arun Kangle via PacketFence-users]

Thanks for quick response Ludovic,

It was my mistake, management and registration interfaces were part of
different VRF. Sorry to take your time.

Thanks and regards,
- Arun

On Thu, Jun 10, 2021 at 5:51 PM Zammit, Ludovic  wrote:

> Hello,
>
> Are you using web auth or lan enforcement for the registration ?
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com>
> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
> <http://www.linkedin.com/company/akamai-technologies>
> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>
> On Jun 10, 2021, at 1:06 AM, Arun Kangle via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Hello All,
> I am facing 2 issues below:
> 1) I am unable to access the captive portal using the FQDN but I am able
> to access the Captive Portal by using IP address of the Registration
> Interface, and
>
> 2) Redirection isn't happig as well.
>
> Could you please let me know what config I am missing?
>
> Thanks in advance,
> - Arun
>
> pf.conf file:
> [root@packetfence conf]# more pf.conf
> # Copyright (C) Inverse inc.
> [general]
> #
> # general.domain
> #
> # Domain name of PacketFence system.
> domain=AOLIC.NET
> <https://urldefense.com/v3/__http://AOLIC.NET__;!!GjvTz_vk!FsSCHr-3OnxvKwBYTYQcj3JcDFJFsAy1xyxtBHwXu-MBfJPLf_aw2wlRzmOkWAx0$>
> #
> # general.hostname
> #
> # Hostname of PacketFence system.  This is concatenated with the domain in
> Apache rewriting rules and therefore must be resolvable by clie
> nts.
> hostname=PACKETFENCE
> #
> # general.timezone
> #
> # System's timezone in string format. List generated from Perl library
> DateTime::TimeZone
> # When left empty, it will use the timezone of the server
> timezone=Asia/Kolkata
>
> [database]
> #
> # database.pass
> #
> # Password for the mysql database used by PacketFence. Changing this
> parameter after the initial configuration will *not* change it in the
>  database it self, only in the configuration.
> pass=x
>
> [captive_portal]
> #
> # captive_portal.network_redirect_delay
> #
> # How long to display the progress bar during trap release. Default value
> is
> # based on VLAN enforcement techniques. Inline enforcement only users could
> # lower the value.
> network_redirect_delay=10s
>
> [advanced]
> #
> # advanced.sso_on_access_reevaluation
> #
> # Trigger Single-Sign-On (Firewall SSO) on access reevaluation
> sso_on_access_reevaluation=enabled
> #
> # advanced.sso_on_accounting
> #
> # Trigger Single-Sign-On (Firewall SSO) on accounting
> sso_on_accounting=enabled
> # advanced.configurator
> #
> # Enable the Configurator and the Configurator API
> configurator=disabled
>
> [interface eth0.150]
> ip=172.16.31.53
> type=management,portal
> mask=255.255.255.0
>
> [interface eth0.25]
> enforcement=vlan
> ip=10.0.105.2
> type=internal
> mask=255.255.255.0
> [root@packetfence conf]#
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
>
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!FsSCHr-3OnxvKwBYTYQcj3JcDFJFsAy1xyxtBHwXu-MBfJPLf_aw2wlRzrO27D6a$
>
>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Error while sending SSO to context deadline exceeded:

[Arun Kangle via PacketFence-users]

Hello All,
I see the following error message when doing SSO with the Firewall. Could
someone please help.


Jun 10 14:56:57 packetfence packetfence: pfperl-api(10751) INFO: getting
security_events triggers for accounting cleanup
(pf::accounting::acct_maintenance)
Jun 10 14:56:57 packetfence packetfence: pfperl-api(10753) INFO: Using 300
resolution threshold (pf::pfcron::task::cluster_check::run)
Jun 10 14:56:57 packetfence packetfence: pfperl-api(10753) INFO: All
cluster members are running the same configuration version
(pf::pfcron::task::cluster_check::run)
Jun 10 14:56:57 packetfence packetfence: pfperl-api(10754) INFO: processed
0 security_events during security_event maintenance (1623317217.13024
1623317217.1369)  (pf::security_event::security_event_maintenance)
Jun 10 14:56:57 packetfence packetfence: pfperl-api(10754) INFO: processed
0 security_events during security_event maintenance (1623317217.13824
1623317217.14037)  (pf::security_event::security_event_maintenance)
Jun 10 14:57:00 packetfence packetfence_httpd.portal: httpd.portal(18445)
WARN: [mac:unknown] Unable to match MAC address to IP '10.0.2.161'
(pf::ip4log::ip2mac)
Jun 10 14:57:00 packetfence packetfence_httpd.portal: httpd.portal(18445)
WARN: [mac:00:11:22:33:44:55] Unable to match MAC address to IP
'10.0.2.161' (pf::ip4log::ip2mac)
Jun 10 14:57:01 packetfence packetfence_httpd.portal: httpd.portal(18445)
INFO: [mac:00:11:22:33:44:55] Allowing user through portal even though he
is registered as the release bypass is set and the connection profile is
configured to let registered users use the registration module of the
portal.
(captiveportal::PacketFence::DynamicRouting::Module::Root::execute_child)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] handling radius autz request: from switch_ip =>
(192.168.2.12), connection_type => Ethernet-EAP,switch_mac =>
(c0:62:6b:68:f4:0b), mac => [94:c6:91:a8:d3:1c], port => 10009, username =>
"regulartest" (pf::radius::authorize)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Instantiate profile dot1x-per-port
(pf::Connection::ProfileFactory::_from_profile)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Found authentication source(s) :
'set-group-based-role' for realm 'null'
(pf::config::util::filter_authentication_sources)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Using sources set-group-based-role for matching
(pf::authentication::match2)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN:
[mac:94:c6:91:a8:d3:1c] [set-group-based-role set-role-full-access]
Searching for
(&(sAMAccountName=regulartest)(memberOf=CN=Bypassed,OU=AOL-Group,DC=AOLIC,DC=NET)),
from DC=aolic,DC=net, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] LDAP testing connection (pf::LDAP::expire_if)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN:
[mac:94:c6:91:a8:d3:1c] [set-group-based-role set-role-hod] Searching for
(&(sAMAccountName=regulartest)(memberOf=CN=HOD,OU=AOL-Group,DC=AOLIC,DC=NET)),
from DC=aolic,DC=net, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) WARN:
[mac:94:c6:91:a8:d3:1c] [set-group-based-role set-role-regular] Searching
for
(&(sAMAccountName=regulartest)(memberOf=CN=Regular,OU=AOL-Group,DC=AOLIC,DC=NET)),
from DC=aolic,DC=net, with scope sub
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Matched rule (set-role-regular) in source
set-group-based-role, returning actions.
(pf::Authentication::Source::match_rule)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Matched rule (set-role-regular) in source
set-group-based-role, returning actions. (pf::Authentication::Source::match)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Found authentication source(s) :
'set-group-based-role' for realm 'null'
(pf::config::util::filter_authentication_sources)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Role has already been computed and we don't want to
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] Username was defined "regulartest" - returning role
'Regular' (pf::role::getRegisteredRole)
Jun 10 14:57:07 packetfence packetfence_httpd.aaa: httpd.aaa(10456) INFO:
[mac:94:c6:91:a8:d3:1c] PID: "regulartest", Status: reg Returned VLAN:
(undefined), Role: Regular 

[PacketFence-users] Captive portal issue

[Arun Kangle via PacketFence-users]

Hello All,
I am facing 2 issues below:
1) I am unable to access the captive portal using the FQDN but I am able to
access the Captive Portal by using IP address of the Registration
Interface, and

2) Redirection isn't happig as well.

Could you please let me know what config I am missing?

Thanks in advance,
- Arun

pf.conf file:
[root@packetfence conf]# more pf.conf
# Copyright (C) Inverse inc.
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=AOLIC.NET
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clie
nts.
hostname=PACKETFENCE
#
# general.timezone
#
# System's timezone in string format. List generated from Perl library
DateTime::TimeZone
# When left empty, it will use the timezone of the server
timezone=Asia/Kolkata

[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence. Changing this
parameter after the initial configuration will *not* change it in the
 database it self, only in the configuration.
pass=x

[captive_portal]
#
# captive_portal.network_redirect_delay
#
# How long to display the progress bar during trap release. Default value is
# based on VLAN enforcement techniques. Inline enforcement only users could
# lower the value.
network_redirect_delay=10s

[advanced]
#
# advanced.sso_on_access_reevaluation
#
# Trigger Single-Sign-On (Firewall SSO) on access reevaluation
sso_on_access_reevaluation=enabled
#
# advanced.sso_on_accounting
#
# Trigger Single-Sign-On (Firewall SSO) on accounting
sso_on_accounting=enabled
# advanced.configurator
#
# Enable the Configurator and the Configurator API
configurator=disabled

[interface eth0.150]
ip=172.16.31.53
type=management,portal
mask=255.255.255.0

[interface eth0.25]
enforcement=vlan
ip=10.0.105.2
type=internal
mask=255.255.255.0
[root@packetfence conf]#
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Help on setting switch-port filter in connection profile

[Arun Kangle via PacketFence-users]

Hello All,
Could someone please help on this?

Thanks in advance,
- Arun

On Thu, Jan 21, 2021 at 10:26 PM Arun Kangle  wrote:

> Hello All,
> Could someone please let me know the format for the switch-port filter in
> the connection profile?
>
> According to the installation guide it's -, when I
> tried using the IP address as switchportid it's not accepted. for example
> 10.0.2.1-10006
>
> Thanks in advance,
> - Arun
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Help on setting switch-port filter in connection profile

[Arun Kangle via PacketFence-users]

Hello All,
Could someone please let me know the format for the switch-port filter in
the connection profile?

According to the installation guide it's -, when I
tried using the IP address as switchportid and port Ifindex, for example
10.0.2.1-10006, it's not accepting.

Thanks in advance,
- Arun
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users