Hello, I am running Packetfence 13.1 ZEN. I have configured the server as a captive portal using social media as external sources, Windows, Facebook and Google. I am using a Cisco WLC as a test box, running 8.5.x code.
I have the server and the WLC configured as the documentation recommended but I am having a slight issue after authentication. I have the 2 ACL for Pre-Registration and authorized-all and in the logs I can see the pre-registration ACL being applied as well as the registration vlan. But after a successful authentication to the social media external source I am not getting the guest role I configured in my catchall action applies, as well I am not getting the vlan or authorized-all ACL which I have configured on my WLC under switches under switch role. I attached the packetfence.log section during an authentication attempt and I am guessing the issue is with this error in the log: Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] person usern...@telusplanet.net added (pf::person::person_add) Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] OAuth2 successfull for username usern...@telusplanet.net (captiveportal::PacketFence::DynamicRouting::Module::Authentication::OAuth::handle_callback) Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: httpd.portal(15) WARN: [mac:10:02:b5:3a:bd:21] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Mar 19 18:00:51 guestauthpf httpd.portal-docker-wrapper[5391]: httpd.portal(15) INFO: [mac:10:02:b5:3a:bd:21] Using sources Windows_Live for matching (pf::authentication::match) I did find if I quickly bump wireless, disconnect and reconnect, it will assign the guest roles and assign the guest vlan. I have attached a few log files, one is during the authentication attempt and the other is when I bumped my wireless connection. I hope someone can help. -- _______________________________________________________________ Giovanni Trapasso University of Alberta _______________________________________________________________
Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] handling radius autz request: from switch_ip => (xxx.xxx.252.242), connection_type => Wireless-802.11-NoEAP,switch_mac => (88:1d:fc:c5:fb:60), mac => [10:02:b5:3a:bd:21], port => 1, username => "1002b53abd21", ssid => pf-test (pf::radius::authorize) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] Instantiate profile Guest_Captive_Portal (pf::Connection::ProfileFactory::_from_profile) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] Found authentication source(s) : '' for realm 'null' (pf::config::util::filter_authentication_sources) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] Username was defined "1002b53abd21" - returning role 'guest' (pf::role::getRegisteredRole) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] PID: "usern...@telusplanet.net", Status: reg Returned VLAN: (undefined), Role: guest (pf::role::fetchRoleForNode) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] (xxx.xxx.252.242) Added VLAN 2053 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] (xxx.xxx.252.242) Added role Authorize-any to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Mar 19 17:59:43 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] Adding web authentication redirection to reply using role: 'Authorize-any' and URL: 'https://www.ualberta.ca/sid9b54ca?' (pf::Switch::Cisco::WLC::returnRadiusAccessAccept) Mar 19 17:59:44 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(14) INFO: [mac:[undef]] getting security_events triggers for accounting cleanup (pf::accounting::acct_maintenance) Mar 19 17:59:44 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(13) INFO: [mac:[undef]] processed 0 security_events during security_event maintenance (1710892784.09122 1710892784.10074) (pf::security_event::security_event_maintenance) Mar 19 17:59:45 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(14) INFO: [mac:[undef]] Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Mar 19 17:59:45 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(14) INFO: [mac:[undef]] All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Mar 19 17:59:45 guestauthpf httpd.webservices-docker-wrapper[3323]: httpd.webservices(6186) INFO: [mac:10:02:b5:3a:bd:21] Database /usr/local/fingerbank/db/fingerbank_Local.db was changed or handles weren't initialized. Creating handle. (fingerbank::DB::SQLite::build_handle) Mar 19 17:59:45 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(13) INFO: [mac:[undef]] Instantiate profile Guest_Captive_Portal (pf::Connection::ProfileFactory::_from_profile) Mar 19 17:59:45 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(13) INFO: [mac:[undef]] Request to /api/v1/dhcp/mac/10:02:b5:3a:bd:21 is unauthorized, will perform a login (pf::api::unifiedapiclient::call) Mar 19 17:59:45 guestauthpf httpd.webservices-docker-wrapper[3323]: httpd.webservices(6186) INFO: [mac:10:02:b5:3a:bd:21] Database /usr/local/fingerbank/db/fingerbank_Upstream.db was changed or handles weren't initialized. Creating handle. (fingerbank::DB::SQLite::build_handle) Mar 19 17:59:45 guestauthpf httpd.webservices-docker-wrapper[3323]: httpd.webservices(6186) INFO: [mac:10:02:b5:3a:bd:21] Searching for 'Device' entries in schema(s) returned an empty set (fingerbank::Base::CRUD::search) Mar 19 17:59:45 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(13) INFO: [mac:[undef]] re-evaluating access (manage_deregister called) (pf::enforcement::reevaluate_access) Mar 19 17:59:45 guestauthpf httpd.webservices-docker-wrapper[3323]: httpd.webservices(6186) WARN: [mac:10:02:b5:3a:bd:21] Unable to pull accounting history for device 10:02:b5:3a:bd:21. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) Mar 19 17:59:45 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(13) WARN: [mac:[undef]] previous location log entry not found for and 10:02:b5:3a:bd:21 xxx.xxx.252.242 (pf::enforcement::_vlan_reevaluation) Mar 19 17:59:45 guestauthpf pfperl-api-docker-wrapper[1552]: pfperl-api(13) INFO: [mac:[undef]] modified 10:02:b5:3a:bd:21 from status 'reg' to 'unreg' based on unregdate colum (pf::node::nodes_maintenance) Mar 19 17:59:48 guestauthpf httpd.aaa-docker-wrapper[3354]: httpd.aaa(8) INFO: [mac:10:02:b5:3a:bd:21] Updating locationlog from accounting request (pf::api::handle_accounting_metadata)
packetfence.log
Description: Binary data
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users