Good day, I upgraded PacketFence from version 9.2 to version 10 and am finding a new, odd, behavior I hope can be explained and eliminated.
The first lines below are from packetfence.log during an authentication attempt. The first line is new where there is a warning about not finding a switch configuration that is named by MAC address. All my switch definitions are by IP address (the second set of data below is a switch definition from switches.conf). After that, the switch configuration is located by IP, the authentication source is identified, the connection profile is selected, the user is validated and the role is computed and returned. But, then, there are more errors about "Unknown Switch(es)" as it is trying to be found by MAC address, not IP. There is an error reported by radius.pm and there is a message stating the "request will be failed". Despite the errors, I am successfully authenticated and provided with network access. Having the error messages in the log is confusing and I expect will make troubleshooting difficult when a device is NOT provided access. Any thoughts on why these errors occur and how to eliminate them? Thank you, Jeff Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) ERROR: [mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 (pf::SwitchFactory::instantiate) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) ERROR: [mac:11:11:11:11:11:11] Can not instantiate switch 22:22:22:22:22:22 ! (pf::radius::_handleStaticPortSecurityMovement) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] handling radius autz request: from switch_ip => (10.22.0.1), connection_type => Ethernet-EAP,switch_mac => (22:22:22:22:22:22), mac => [11:11:11:11:11:11], port => ge-1/0/32.0, username => "DOMAIN\user" (pf::radius::authorize) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Instantiate profile 802.1x_Ethernet-EAP (pf::Connection::ProfileFactory::_from_profile) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Found authentication source(s) : 'DOMAIN,DOMAIN-Machine' for realm 'domain' (pf::config::util::filter_authentication_sources) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] (10.1.1.1) Added VLAN vlan1 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Using sources DOMAIN, DOMAIN-Machine for matching (pf::authentication::match2) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] [DOMAIN catchAll] Searching for (sAMAccountName=user), from dc=jerviswebb,dc=com, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Matched rule (catchAll) in source DOMAIN, returning actions. (pf::Authentication::Source::match_rule) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Matched rule (catchAll) in source DOMAIN, returning actions. (pf::Authentication::Source::match) Oct 2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] person DOMAIN\user modified to DOMAIN\user (pf::person::person_modify) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Found authentication source(s) : DOMAIN,DOMAIN-Machine' for realm 'domain' (pf::config::util::filter_authentication_sources) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Role has already been computed and we don't want to recompute it. Getting role from node_info (pf::role::getRegisteredRole) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Username was defined "DOMAIN\user" - returning role 'default' (pf::role::getRegisteredRole) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] PID: "DOMAIN\user", Status: reg Returned VLAN: (undefined), Role: default (pf::role::fetchRoleForNode) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] (10.1.1.1) Added VLAN vlan1 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] security_event 1300003 force-closed for 11:11:11:11:11:11 (pf::security_event::security_event_force_close) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Instantiate profile 802.1x_Ethernet-EAP (pf::Connection::ProfileFactory::_from_profile) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] security_event 1300003 force-closed for 11:11:11:11:11:11 (pf::security_event::security_event_force_close) Oct 2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Instantiate profile 802.1x_Ethernet-EAP (pf::Connection::ProfileFactory::_from_profile) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: [mac:11:11:11:11:11:11] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: [mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 (pf::SwitchFactory::instantiate) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation (.) or string at /usr/local/pf/lib/pf/radius.pm line 527. (pf::radius::update_locationlog_accounting) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be failed. Are you sure your switches.conf is correct? (pf::radius::update_locationlog_accounting) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: [mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 (pf::SwitchFactory::instantiate) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation (.) or string at /usr/local/pf/lib/pf/radius.pm line 527. (pf::radius::update_locationlog_accounting) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be failed. Are you sure your switches.conf is correct? (pf::radius::update_locationlog_accounting) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: [mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 (pf::SwitchFactory::instantiate) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation (.) or string at /usr/local/pf/lib/pf/radius.pm line 527. (pf::radius::update_locationlog_accounting) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be failed. Are you sure your switches.conf is correct? (pf::radius::update_locationlog_accounting) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: [mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 (pf::SwitchFactory::instantiate) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation (.) or string at /usr/local/pf/lib/pf/radius.pm line 527. (pf::radius::update_locationlog_accounting) Oct 2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: [mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be failed. Are you sure your switches.conf is correct? (pf::radius::update_locationlog_accounting) [10.1.1.1] always_trigger=1 isolationVlan=PFIsolation guestVlan=PFGuest registrationVlan=PFRegistration description=VC1 SNMPCommunityRead=community radiusSecret=<secret> SNMPCommunityWrite=community group=group1 deauthMethod=RADIUS defaultVlan=vlan1 SNMPCommunityTrap=community inlineVlan=PFNULL voiceVlan=Voice cliUser=user cliPwd=pass gamingVlan=PFNULL cliTransport=SSH cliAccess=Y type=Juniper::EX2300 PRIVACY NOTICE: The information contained in this e-mail, including any attachments, is confidential and intended only for the named recipient(s). Unauthorized use, disclosure, forwarding, or copying is strictly prohibited and may be unlawful. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately by return e-mail.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users