Re: [PacketFence-users] CoA on EX2200

2018-03-07 Thread Sergio Rizzi via PacketFence-users 

Hi Fabrice,

On 07/03/2018 03:41, Durand fabrice via PacketFence-users wrote:

    if(my $entry = pf::accounting->cache->get($mac)){
    +if (!$cluster_enabled){
   return $entry->{'Acct-Session-Id'};
    +}

Do a : bin/pfcmd cache accounting dump @mac
to see if the cache is correct for the mac address.


I didn't check, btw tcpdump shows that pf is always sending the same 
session id, even if i clear dot1x session on switch.




    +my $sburomac = $mac;
    +$sburomac =~ tr/:/-/;

$mac =~ tr/:/-/; is enough.


I'm afraid $mac is used along somewhere in the code, compromising some 
other funcions.




btw if you can do a Pull request on github it will be really appreciated.


Ok, i'll do.

Sergio.

--
Sergio Rizzi
Network Management and Security
Senior Account

Laboratori Guglielmo Marconi
Via Porrettana 123
40037 Pontecchio Marconi (BO) - Italy
Phone +39 051 6781944
Mobile +39 349 8073882

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] CoA on EX2200

2018-03-06 Thread Sergio Rizzi via PacketFence-users 

Hi,
 i'm using PF 7.3.0 with active cluster and i have some trouble using 
CoA deauth.


These are the code changes to make it works (sorry for a non patch-like 
code):




lib/pf/accounting.pm: on clusters, cache seems not to work

[...]
+use pf::cluster;
[...]
sub node_accounting_current_sessionid {
my ($mac) = @_;
if(my $entry = pf::accounting->cache->get($mac)){
+if (!$cluster_enabled){
   return $entry->{'Acct-Session-Id'};
+}
}
my $query = db_query_execute(ACCOUNTING, $accounting_statements, 
'acct_current_sessionid_sql', $mac) || return (0);

my ($val) = $query->fetchrow_array();
$query->finish();
return ($val);
}
[...]




lib/pf/Switch/Juniper/EX2200.pm: Juniper (and RFC) wants mac addresses 
delimited by "-", not by ":"


[...]
my $acctsessionid = node_accounting_current_sessionid($mac);

+my $sburomac = $mac;
+$sburomac =~ tr/:/-/;
+$logger->warn("Using mac $sburomac to perform 
Disconnect-Request for Acct-Session-Id $acctsessionid to NAS-IP-Address 
$send_disconnect_to");


# Standard Attributes
my $attributes_ref = {
-'Calling-Station-Id' => $mac,
+'Calling-Station-Id' => $sburomac,
'Acct-Session-Id' => $acctsessionid,
'NAS-IP-Address' => $send_disconnect_to,
};
[...]



Sergio.


--
Sergio Rizzi
Network Management and Security
Senior Account

Laboratori Guglielmo Marconi
Via Porrettana 123
40037 Pontecchio Marconi (BO) - Italy
Phone +39 051 6781944
Mobile +39 349 8073882

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users