Re: [PacketFence-users] CoA on EX2200
Hi Fabrice, On 07/03/2018 03:41, Durand fabrice via PacketFence-users wrote: if(my $entry = pf::accounting->cache->get($mac)){ +if (!$cluster_enabled){ return $entry->{'Acct-Session-Id'}; +} Do a : bin/pfcmd cache accounting dump @mac to see if the cache is correct for the mac address. I didn't check, btw tcpdump shows that pf is always sending the same session id, even if i clear dot1x session on switch. +my $sburomac = $mac; +$sburomac =~ tr/:/-/; $mac =~ tr/:/-/; is enough. I'm afraid $mac is used along somewhere in the code, compromising some other funcions. btw if you can do a Pull request on github it will be really appreciated. Ok, i'll do. Sergio. -- Sergio Rizzi Network Management and Security Senior Account Laboratori Guglielmo Marconi Via Porrettana 123 40037 Pontecchio Marconi (BO) - Italy Phone +39 051 6781944 Mobile +39 349 8073882 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] CoA on EX2200
Hello Sergio, Le 2018-03-06 à 11:54, Sergio Rizzi via PacketFence-users a écrit : Hi, i'm using PF 7.3.0 with active cluster and i have some trouble using CoA deauth. These are the code changes to make it works (sorry for a non patch-like code): lib/pf/accounting.pm: on clusters, cache seems not to work [...] +use pf::cluster; [...] sub node_accounting_current_sessionid { my ($mac) = @_; if(my $entry = pf::accounting->cache->get($mac)){ +if (!$cluster_enabled){ return $entry->{'Acct-Session-Id'}; +} Do a : bin/pfcmd cache accounting dump @mac to see if the cache is correct for the mac address. } my $query = db_query_execute(ACCOUNTING, $accounting_statements, 'acct_current_sessionid_sql', $mac) || return (0); my ($val) = $query->fetchrow_array(); $query->finish(); return ($val); } [...] lib/pf/Switch/Juniper/EX2200.pm: Juniper (and RFC) wants mac addresses delimited by "-", not by ":" [...] my $acctsessionid = node_accounting_current_sessionid($mac); +my $sburomac = $mac; +$sburomac =~ tr/:/-/; $mac =~ tr/:/-/; is enough. btw if you can do a Pull request on github it will be really appreciated. +$logger->warn("Using mac $sburomac to perform Disconnect-Request for Acct-Session-Id $acctsessionid to NAS-IP-Address $send_disconnect_to"); # Standard Attributes my $attributes_ref = { -'Calling-Station-Id' => $mac, +'Calling-Station-Id' => $sburomac, 'Acct-Session-Id' => $acctsessionid, 'NAS-IP-Address' => $send_disconnect_to, }; [...] Sergio. Regards Fabrice -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] CoA on EX2200
Hi, i'm using PF 7.3.0 with active cluster and i have some trouble using CoA deauth. These are the code changes to make it works (sorry for a non patch-like code): lib/pf/accounting.pm: on clusters, cache seems not to work [...] +use pf::cluster; [...] sub node_accounting_current_sessionid { my ($mac) = @_; if(my $entry = pf::accounting->cache->get($mac)){ +if (!$cluster_enabled){ return $entry->{'Acct-Session-Id'}; +} } my $query = db_query_execute(ACCOUNTING, $accounting_statements, 'acct_current_sessionid_sql', $mac) || return (0); my ($val) = $query->fetchrow_array(); $query->finish(); return ($val); } [...] lib/pf/Switch/Juniper/EX2200.pm: Juniper (and RFC) wants mac addresses delimited by "-", not by ":" [...] my $acctsessionid = node_accounting_current_sessionid($mac); +my $sburomac = $mac; +$sburomac =~ tr/:/-/; +$logger->warn("Using mac $sburomac to perform Disconnect-Request for Acct-Session-Id $acctsessionid to NAS-IP-Address $send_disconnect_to"); # Standard Attributes my $attributes_ref = { -'Calling-Station-Id' => $mac, +'Calling-Station-Id' => $sburomac, 'Acct-Session-Id' => $acctsessionid, 'NAS-IP-Address' => $send_disconnect_to, }; [...] Sergio. -- Sergio Rizzi Network Management and Security Senior Account Laboratori Guglielmo Marconi Via Porrettana 123 40037 Pontecchio Marconi (BO) - Italy Phone +39 051 6781944 Mobile +39 349 8073882 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users