Sometimes i see also this: Sep 8 15:41:01 mdb-vl-pf01 pfqueue[889860]: pfqueue(889860) WARN: [mac:b4:a9:fc:88:b0:2c] Warning: 1366: Incorrect string value: '\xCA\x06\xB8B\x02\xC7...' for column `pf`.`radius_audit_log`.`radius_reply` at row 1 (pf::dal::db_execute) Sep 8 15:41:01 mdb-vl-pf01 pfqueue[889859]: pfqueue(889859) WARN: [mac:b4:a9:fc:88:b0:2c] Unable to perform RADIUS Disconnect-Request. Disconnect-NAK received with Error-Cause: Missing-Attribute. (pf::Switch::Juniper::EX2300::radiusDisconnect)
My switch is a EX2300 with junos 21.4R3-S3.4 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] [cid:image002.png@01D9E26D.859271A0] Martijn Langendoen netwerkbeheerder mlangend...@dezb.nl<mailto:mlangend...@dezb.nl> [cid:image002.png@01D9E26D.859271A0] 0118 654307 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:image002.png@01D9E26D.859271A0] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Van: Martijn Langendoen via PacketFence-users <packetfence-users@lists.sourceforge.net> Verzonden: 07 September 2023 13:14 Aan: packetfence-users@lists.sourceforge.net CC: Martijn Langendoen <mlangend...@dezb.nl> Onderwerp: [PacketFence-users] Juniper deauthentication fails Opgelet: Deze e-mail is afkomstig van buiten de organisatie. Klik niet op links of open geen bijlagen tenzij je de afzender kent en weet dat de inhoud veilig is. Hi all, I’am testing a Juniper EX2300 switch with dot1X and mac-radius. Many things working well but if i change a node with a new role then packetfence.log reports an error: Sep 7 13:00:52 mdb-vl-pfence01 pfqueue[1690043]: pfqueue(1690043) INFO: [mac:84:2a:fd:0e:2e:53] deauthenticating 84:2a:fd:0e:2e:53 (pf::Switch::Juniper::EX2300::radiusDisconnect) Sep 7 13:00:52 mdb-vl-pfence01 pfqueue[1690043]: pfqueue(1690043) INFO: [mac:84:2a:fd:0e:2e:53] Will be using connnector local_connector to perform the deauth (pf::Switch::radius_deauth_connection_info) Sep 7 13:00:52 mdb-vl-pfence01 pfqueue[1690043]: pfqueue(1690043) WARN: [mac:84:2a:fd:0e:2e:53] Warning: 1366: Incorrect string value: '\xDA%+I\xF1\x0F...' for column `pf`.`radius_audit_log`.`radius_reply` at row 1 (pf::dal::db_execute) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] handling radius autz request: from switch_ip => (10.10.0.189), connection_type => Ethernet-NoEAP,switch_mac => (3c:08:cd:2f:3b:3b), mac => [84:2a:fd:0e:2e:53], port => ge-0/0/0.0, username => "842afd0e2e53" (pf::radius::authorize) Further radius processing goes well and the switch get the new vlan number for de node but the client (windows) does not do an renew of its ip in the new vlan. Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] Instantiate profile 802.1X (pf::Connection::ProfileFactory::_from_profile) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] Found authentication source(s) : 'ZB-LDAP' for realm 'null' (pf::config::util::filter_authentication_sources) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) WARN: [mac:84:2a:fd:0e:2e:53] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] Found authentication source(s) : 'ZB-LDAP' for realm 'null' (pf::config::util::filter_authentication_sources) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] Username was defined "842afd0e2e53" - returning role 'ZBM-Personeel' (pf::role::getRegisteredRole) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] PID: "default", Status: reg Returned VLAN: (undefined), Role: ZBM-Personeel (pf::role::fetchRoleForNode) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] (10.10.0.189) Added VLAN 101 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] security_event 1300003 force-closed for 84:2a:fd:0e:2e:53 (pf::security_event::security_event_force_close) Sep 7 13:00:55 mdb-vl-pfence01 httpd.aaa-docker-wrapper[1680237]: httpd.aaa(8) INFO: [mac:84:2a:fd:0e:2e:53] Instantiate profile 802.1X (pf::Connection::ProfileFactory::_from_profile) First I tested on my production packetfence version 11.2 with this switch also on my test packetfence version 13. Same result So what can I do that the client get a trigger for renewing its ip? [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] [cid:image002.png@01D9E26D.859271A0] Martijn Langendoen netwerkbeheerder mlangend...@dezb.nl<mailto:mlangend...@dezb.nl> [cid:image002.png@01D9E26D.859271A0] 0118 654307 [http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/linkedin.jpg]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/content/dam/zeeland/zeeuwse/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl>/dezbnl www.dezb.nl<http://www.dezb.nl/> [cid:image002.png@01D9E26D.859271A0] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
