Hello, Security event are only working and trigger based on DHCP traffic.
If you want to auto registrer a Mac address just register It manually. If you want to register node based on the MAC OUI, use a VLAN filter it would be more appropriate. We have plenty of default example /usr/local/pf/conf/vlan_filters.conf.defaults Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jul 31, 2024, at 4:20 AM, Ahmed Ossama via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello Community, > Any reply please… > > Regards, > Ahmed Ossama > Network Engineer > CCIE#26611 > > > From: Ahmed Ossama <ahmed-oss...@hotmail.com > <mailto:ahmed-oss...@hotmail.com>> > Date: Tuesday, 30 July 2024 at 4:10 PM > To: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > <packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net>> > Subject: Security Events not Working > > Hello, > I hope I can get an answer this time. > Am creating a very simple security event: > ---------- > [3000009] > access_duration=12h > desc=osostest > target_category=User > priority=1 > actions=autoreg,role > trigger=mac::00:11:22:33:44:55 > enabled=Y > ---------- > I restarted the security event module using the command > “/usr/local/pf/bin/pfcmd reload security_events”. > Am receiving the below logs on packetfence.log: > ---------- > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Found authentication source(s) : 'testldap' for > realm 'null' (pf::config::util::filter_authentication_sources) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] MFA Pre Authentication > (pf::radius::mfa_pre_auth) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Found authentication source(s) : 'testldap' for > realm 'null' (pf::config::util::filter_authentication_sources) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Using sources testldap for matching > (pf::authentication::match2) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Matched rule (ahmed) in source testldap, > returning actions. (pf::Authentication::Source::match) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] [testldap] Authentication successful for alex > (pf::Authentication::Source::LDAPSource::authenticate) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Authentication successful for alex in source > testldap (LDAP) (pf::authentication::authenticate) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] MFA Post Authentication > (pf::radius::mfa_post_auth) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Using sources testldap for matching > (pf::authentication::match2) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Matched rule (ahmed) in source testldap, > returning actions. (pf::Authentication::Source::match) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Using sources testldap for matching > (pf::authentication::match2) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Matched rule (ahmed) in source testldap, > returning actions. (pf::Authentication::Source::match) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Using sources testldap for matching > (pf::authentication::match2) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] Matched rule (ah) in source testldap, returning > actions. (pf::Authentication::Source::match) > Jul 30 08:04:13 packetfence httpd.aaa-docker-wrapper[2019]: httpd.aaa(8) > INFO: [mac:00:11:22:33:44:55] User alex logged in 10.254.0.15 for probe test > (pf::Switch::returnAuthorizeProbe) > Jul 30 08:04:17 packetfence httpd.portal-docker-wrapper[4403]: > httpd.portal(24) INFO: [mac:00:11:22:33:44:55] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > Jul 30 08:04:27 packetfence httpd.portal-docker-wrapper[4403]: > httpd.portal(25) INFO: [mac:00:11:22:33:44:55] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > Jul 30 08:04:37 packetfence httpd.portal-docker-wrapper[4403]: > httpd.portal(23) INFO: [mac:00:11:22:33:44:55] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > Jul 30 08:04:47 packetfence httpd.portal-docker-wrapper[4403]: > httpd.portal(24) INFO: [mac:00:11:22:33:44:55] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > Jul 30 08:04:57 packetfence httpd.portal-docker-wrapper[4403]: > httpd.portal(25) INFO: [mac:00:11:22:33:44:55] Instantiate profile default > (pf::Connection::ProfileFactory::_from_profile) > ---------- > The security event never gets energized. > Am I missing something or anything wrong, any help on that please . > > Regards, > Ahmed Ossama > Network Engineer > CCIE#26611 > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!QYodE4cmng3TcS5zqVgQiqhwzTy0gRNv4_0Opp1Zb6xLSqFniYKRkKsEmnMqffLLUrFfnKLEJ2Du7DO52YiaL-V_Yexm6GLfs42PeQ$
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
