Re: [PacketFence-users] Bug PacketFence 8
Hello Fabrice, thank you so much. Why with version 7.4, did the same setup work? Even so, thank you. May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] handling radius autz request: from switch_ip => (10.190.90.24), connection_type => Ethernet-EAP,switch_mac => (00:16:47:53:3e:09), mac => [00:0c:29:39:76:21], port => 09, username => "nacad...@samba.nac" (pf::radius::authorize) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) WARN: [mac:00:0c:29:39:76:21] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC, returning actions. (pf::Authentication::Source::match_rule) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC, returning actions. (pf::Authentication::Source::match) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 3 12:37:56 PacketFence-ZEN pfqueue: pfqueue(8540) INFO: [mac:unknown] Already did a person lookup for nacad...@samba.nac (pf::lookup::person::lookup_person) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC, returning actions. (pf::Authentication::Source::match_rule) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMBA.NAC, returning actions. (pf::Authentication::Source::match) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Username was defined "nacad...@samba.nac" - returning role 'Normal' (pf::role::getRegisteredRole) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] PID: "nacad...@samba.nac", Status: reg Returned VLAN: (undefined), Role: Normal (pf::role::fetchRoleForNode) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Switch doesn't support Dynamic VLAN assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 09 to 20 (pf::radius::authorize) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] (10.190.90.24) Added VLAN 20 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] violation 133 force-closed for 00:0c:29:39:76:21 (pf::violation::violation_force_close) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] handling radius autz request: from switch_ip => (10.190.90.24), connection_type => Ethernet-EAP,switch_mac => (00:16:47:53:3e:09), mac => [00:0c:29:39:76:21], port => 09, username => "nacad...@samba.nac" (pf::radius::authorize) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) WARN: [mac:00:0c:29:39:76:21] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 3 12:37:56 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2251) INFO: [mac:00:0c:29:39:76:21] Matched rule (Test) in source SAMB
Re: [PacketFence-users] Bug PacketFence 8
Hello Jeimerson, can you try that: [SAMBA.NAC] cache_match=0 read_timeout=10 realms= password=Zaq!2wsx scope=sub binddn=nacad...@samba.nac port=389 description=Teste de Autenticacao write_timeout=5 type=AD basedn=DC=SAMBA,DC=NAC monitor=1 set_access_level_action= email_attribute=mail usernameattribute=sAMAccountName connection_timeout=5 encryption=none host=10.161.16.23 Regards Fabrice Le 2018-05-03 à 04:32, Jeimerson C. Chaves via PacketFence-users a écrit : Hi, authentication.conf [SAMBA.NAC] cache_match=0 read_timeout=10 realms= password=Zaq!2wsx scope=base binddn=nacad...@samba.nac port=389 description=Teste de Autenticacao write_timeout=5 type=AD basedn=DC=SAMBA,DC=NAC monitor=1 set_access_level_action= email_attribute=mail usernameattribute=sAMAccountName connection_timeout=5 encryption=none host=10.161.16.23 [SAMBA.NAC rule Test] action0=set_role=Normal match=all class=authentication action1=set_access_duration=12h description=Teste [SAMBA.NAC rule VoIP] action0=set_role=voice match=all class=authentication action1=set_access_duration=5D description=VoIP ## switches.conf [10.190.90.24] description=Cisco 2950 group=Cisco_2950 VoIPEnabled=N [10.190.90.25] description=Cisco 2960 group=Cisco_2960 [group Cisco_2950] deauthMethod=SNMP description=Switches Cisco 2950 type=Cisco::Catalyst_2950 VoIPEnabled=Y NormalVlan=20 SNMPPrivPasswordTrap=zaq12wsx SNMPVersionTrap=2c macDetectionVlan=80 isolationVlan=60 radiusSecret=zaq12wsx SNMPVersion=2c SNMPPrivPasswordRead=zaq12wsx SNMPPrivPasswordWrite=zaq12wsx SNMPAuthPasswordWrite=zaq12wsx SNMPAuthPasswordRead=zaq12wsx registrationVlan=70 voiceVlan=100 SNMPAuthPasswordTrap=zaq12wsx [group Cisco_2960] NormalVlan=20 SNMPPrivPasswordTrap=zaq12wsx deauthMethod=SNMP description=Switches Cisco 2956 SNMPVersionTrap=2c type=Cisco::Catalyst_2960 macDetectionVlan=80 VoIPEnabled=Y isolationVlan=60 radiusSecret=zaq12wsx SNMPVersion=2c SNMPPrivPasswordRead=zaq12wsx SNMPPrivPasswordWrite=zaq12wsx SNMPAuthPasswordWrite=zaq12wsx SNMPAuthPasswordRead=zaq12wsx registrationVlan=70 voiceVlan=100 SNMPAuthPasswordTrap=zaq12wsx ## ~ Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-02 17:58 GMT+01:00 Fabrice Durand via PacketFence-users : Can you share authentication.conf (remove sensible information) Le 2018-05-02 à 12:52, Jeimerson C. Chaves via PacketFence-users a écrit : Hello, I installed PackerFence 8 on my lab, and I can not access the vlans. As the logs and prints follow. Thank you. May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.24), connection_type => Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac => [00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac" (pf::radius::authorize) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/role.pm line 731. (pf::role::_check_bypass) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c
Re: [PacketFence-users] Bug PacketFence 8
With version 7.4 is Okay. pf/Switch.pm line 771. (pf::Switch::getVlanByName) May 3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in conf/switches.conf for the switch 10.190.90.24 (pf::Switch::getVlanByName) May 3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Switch doesn't support Dynamic VLAN assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 12 to 0 (pf::radius::authorize) May 3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 3 08:26:12 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 3 08:26:33 PacketFence-ZEN pfqueue: pfqueue(8689) ERROR: [mac:unknown] Couldn't update Upstream database, code : 500, msg : An error occured while updating file '/usr/local/fingerbank/db/fingerbank_Upstream.db' (pf::fingerbank::_update_fingerbank_component) May 3 08:26:52 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] CLI Access is not permit on this switch 10.190.90.25 (pf::radius::switch_access) May 3 08:27:04 PacketFence-ZEN pfipset[2121]: t=2018-05-03T08:27:04+ lvl=info msg="Reloading ipsets" pid=2121 May 3 08:29:45 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] CLI Access is not permit on this switch 10.190.90.25 (pf::radius::switch_access) May 3 08:31:59 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.24), connection_type => Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac => [00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac" (pf::radius::authorize) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/role.pm line 731. (pf::role::_check_bypass) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478. (pf::role::getRegisteredRole) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 768. (pf::Switch::getVlanByName) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 771. (pf::Switch::getVlanByName) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in conf/switches.conf for the switch 10.190.90.24 (pf::Switch::getVlanByName) May 3 08:32:00 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Switch doesn't support Dynamic VLAN assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 12 to 0 (pf::radius::authorize) May 3 08:32:00 PacketFence-ZEN pfqueue: pfqueue(8538) INFO: [mac:unknown] undefined source id provided
Re: [PacketFence-users] Bug PacketFence 8
Hi, authentication.conf [SAMBA.NAC] cache_match=0 read_timeout=10 realms= password=Zaq!2wsx scope=base binddn=nacad...@samba.nac port=389 description=Teste de Autenticacao write_timeout=5 type=AD basedn=DC=SAMBA,DC=NAC monitor=1 set_access_level_action= email_attribute=mail usernameattribute=sAMAccountName connection_timeout=5 encryption=none host=10.161.16.23 [SAMBA.NAC rule Test] action0=set_role=Normal match=all class=authentication action1=set_access_duration=12h description=Teste [SAMBA.NAC rule VoIP] action0=set_role=voice match=all class=authentication action1=set_access_duration=5D description=VoIP ## switches.conf [10.190.90.24] description=Cisco 2950 group=Cisco_2950 VoIPEnabled=N [10.190.90.25] description=Cisco 2960 group=Cisco_2960 [group Cisco_2950] deauthMethod=SNMP description=Switches Cisco 2950 type=Cisco::Catalyst_2950 VoIPEnabled=Y NormalVlan=20 SNMPPrivPasswordTrap=zaq12wsx SNMPVersionTrap=2c macDetectionVlan=80 isolationVlan=60 radiusSecret=zaq12wsx SNMPVersion=2c SNMPPrivPasswordRead=zaq12wsx SNMPPrivPasswordWrite=zaq12wsx SNMPAuthPasswordWrite=zaq12wsx SNMPAuthPasswordRead=zaq12wsx registrationVlan=70 voiceVlan=100 SNMPAuthPasswordTrap=zaq12wsx [group Cisco_2960] NormalVlan=20 SNMPPrivPasswordTrap=zaq12wsx deauthMethod=SNMP description=Switches Cisco 2956 SNMPVersionTrap=2c type=Cisco::Catalyst_2960 macDetectionVlan=80 VoIPEnabled=Y isolationVlan=60 radiusSecret=zaq12wsx SNMPVersion=2c SNMPPrivPasswordRead=zaq12wsx SNMPPrivPasswordWrite=zaq12wsx SNMPAuthPasswordWrite=zaq12wsx SNMPAuthPasswordRead=zaq12wsx registrationVlan=70 voiceVlan=100 SNMPAuthPasswordTrap=zaq12wsx ## ~ Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. 2018-05-02 17:58 GMT+01:00 Fabrice Durand via PacketFence-users : > Can you share authentication.conf (remove sensible information) > > > Le 2018-05-02 à 12:52, Jeimerson C. Chaves via PacketFence-users a écrit : > > Hello, > > I installed PackerFence 8 on my lab, and I can not access the vlans. > As the logs and prints follow. > > Thank you. > > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from > switch_ip => (10.190.90.24), connection_type => > Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac => > [00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac" > (pf::radius::authorize) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : > 'SAMBA.NAC' for realm 'samba.nac' > (pf::config::util::filter_authentication_sources) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule > class. Defaulting to 'authentication' (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching > (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq > at /usr/local/pf/lib/pf/role.pm line 731. > (pf::role::_check_bypass) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : > 'SAMBA.NAC' for realm 'samba.nac' > (pf::config::util::filter_authentication_sources) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching > (pf::authentication::match2) > May 2 16:40:43 PacketFence-ZEN pfqueue: pfqueue(6064) INFO: > [mac:unknown] undefined source id provided > (pf::lookup::person::lookup_person) > May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) > WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in > concatenation (.) or stri
Re: [PacketFence-users] Bug PacketFence 8
Can you share authentication.conf (remove sensible information) Le 2018-05-02 à 12:52, Jeimerson C. Chaves via PacketFence-users a écrit : Hello, I installed PackerFence 8 on my lab, and I can not access the vlans. As the logs and prints follow. Thank you. May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.24), connection_type => Ethernet-EAP,switch_mac => (00:16:47:53:3e:0c), mac => [00:0c:29:75:9d:61], port => 12, username => "administra...@samba.nac" (pf::radius::authorize) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/role.pm line 731. (pf::role::_check_bypass) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 16:40:43 PacketFence-ZEN pfqueue: pfqueue(6064) INFO: [mac:unknown] undefined source id provided (pf::lookup::person::lookup_person) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478. (pf::role::getRegisteredRole) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 768. (pf::Switch::getVlanByName) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 771. (pf::Switch::getVlanByName) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in conf/switches.conf for the switch 10.190.90.24 (pf::Switch::getVlanByName) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Switch doesn't support Dynamic VLAN assignment. Setting VLAN with SNMP on (10.190.90.24) ifIndex 12 to 0 (pf::radius::authorize) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 2 16:40:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Com os melhores cumprimentos. Jeimerson Chaves Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros informáticos com ele transmitidos são confidenciais, podem conter informação privilegiada e destinam-se ao conhecimento e uso exclusivo da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos mesmos ser alterado. Caso tenha recebido este e-mail indevidamente, queira informar de imediato o remetente e proceder à destruição da mensagem e de eventuais cópias. Confidentiality Warning: This e-mail and any files transmitted with it are confidential and may be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Their contents may not be altered. lf you are not the intended recipient of this communication please notify the sender and delete and destroy all copies immediately. -- Check out the