Re: [PacketFence-users] Still a problem with registration process

[Morris, Andi]

Hi Andrew,
I'm also seeing the exact same issue. Users choose to register by email, then 
click the email validation link and get a message to say they must use the same 
device to validate.

My packetfence.log looks just like yours but I also noticed in mine that I see 
my reverse proxy appliance IP address in the log, which is where I think 
packetfence is failing to match the mac address:
Jun 06 14:55:50 httpd.portal(14014) WARN: [mac:unknown] Unable to match MAC 
address to IP '192.168.219.234' (pf::iplog::ip2mac)
Jun 06 14:55:50 httpd.portal(14014) INFO: [mac:unknown] Instantiate profile 
default (pf::Portal::ProfileFactory::_from_profile)
Jun 06 14:55:50 httpd.portal(14014) WARN: [mac:unknown] Unable to match MAC 
address to IP '192.168.219.234' (pf::iplog::ip2mac)
Jun 06 14:55:50 httpd.portal(14014) WARN: [mac:0] Unable to match MAC address 
to IP '192.168.219.234' (pf::iplog::ip2mac)
Jun 06 14:55:50 httpd.portal(14014) INFO: [mac:0] Instantiate profile default 
(pf::Portal::ProfileFactory::_from_profile)
Jun 06 14:55:50 httpd.portal(14014) WARN: [mac:0] Unable to match MAC address 
to IP '192.168.219.234' (pf::iplog::ip2mac)
Jun 06 14:55:50 httpd.portal(14014) INFO: [mac:0] Instantiate profile default 
(pf::Portal::ProfileFactory::_from_profile)

I don't know whether this is a similar situation with your setup or not.

I'm just playing with the transparency settings on the reverse proxy to see if 
that will help.

Cheers,
Andi


From: Torry, Andrew [mailto:andrew.to...@fxplus.ac.uk]
Sent: 06 May 2016 11:21
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Still a problem with registration process

Running PacketFence 6.0.1 on Centos 6.7

May 06 10:56:27 httpd.portal(13055) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:unknown] Instantiate profile 
Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:00:26:c7:3b:b2:6e] Updating node 
user_agent with useragent: 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) 
Gecko/20100101 Firefox/45.0' 
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:unknown] Instantiate profile 
Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:32 httpd.portal(11422) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:50 httpd.portal(11583) INFO: [mac:unknown] Instantiate profile 
Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:50 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:50 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:50 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] person 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> added (pf::person::person_add)
May 06 10:56:50 httpd.portal(11583) WARN: [mac:00:26:c7:3b:b2:6e] modify of 
non-existent person a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> attempted 
- person added (pf::person::person_modify)
May 06 10:56:50 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] new 
activation code successfully generated (pf::activation::create)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Email sent to 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> (fxplus.ac.uk: Email 
activation required) (pf::activation::__ANON__)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] User 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> has authenticated on the 
portal. (Class::MOP::Class:::after)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] User 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> has authenticated on the 
portal. (Class::MOP::Class:::after)
May 06 10:56:51 httpd.portal(11583) WARN: [mac:00:26:c7:3b:b2:6e] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Using sources 
email for matching (pf::authentication::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Matched rule 
(CreateEduroamUser) in source email, returning actions. 
(pf::Authentication::Source::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] User 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> has authenticated on the 
portal. (Class::MOP::Class:::after)
May 06 10:56:51 httpd.portal(11583) WARN: [mac:00:26:c7:3b:b2:6e] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Using sources 
email for matching (pf::authentication::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Matched rule 
(CreateEduroamUser) in source email, returning actions. 
(pf::Authentication::Source::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] User 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> has authenticated on the 
portal. (Class::MOP::Class:::after)
May 06 10:56:51 httpd.portal(11583) WARN: [mac:00:26:c7:3b:b2:6e] Calling match 
with empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Using sources 
email for matching (pf::authentication::match)
May 06 10:56:51 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Matched rule 
(CreateEduroamUser) in source email, returning actions. 
(pf::Authentication::Source::match)
May 06 10:56:52 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] new temporary 
account successfully generated (pf::password::generate)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Local account 
for external source email created with PID 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> 
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::create_local_account)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] User 
a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> has authenticated on the 
portal. (Class::MOP::Class:::after)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] re-evaluating 
access (manage_register called) (pf::enforcement::reevaluate_access)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] is currentlog 
connected at (10.6.249.5) ifIndex 13 registration 
(pf::enforcement::_should_we_reassign_vlan)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Connection 
type is WIRELESS_MAC_AUTH. Getting role from node_info 
(pf::role::getRegisteredRole)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] Username was 
defined "0026c73bb26e" - returning role 'Eduroam-user' 
(pf::role::getRegisteredRole)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] PID: 
"a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk>", Status: reg Returned VLAN: 
(undefined), Role: Eduroam-user (pf::role::fetchRoleForNode)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] VLAN 
reassignment required (current VLAN = 820 but should be in VLAN 10) 
(pf::enforcement::_should_we_reassign_vlan)
May 06 10:56:53 httpd.portal(11583) INFO: [mac:00:26:c7:3b:b2:6e] switch port 
is (10.6.249.5) ifIndex 13 connection type: WiFi MAC Auth 
(pf::enforcement::_vlan_reevaluation)
May 06 10:57:14 httpd.aaa(3331) INFO: [mac:00:26:c7:3b:b2:6e] handling radius 
autz request: from switch_ip => (10.6.249.5), connection_type => 
Wireless-802.11-NoEAP,switch_mac => (1c:6a:7a:b6:a0:f0), mac => 
[00:26:c7:3b:b2:6e], port => 13, username => "0026c73bb26e", ssid => Guest 
(pf::radius::authorize)
May 06 10:57:14 httpd.aaa(3331) INFO: [mac:00:26:c7:3b:b2:6e] Instantiate 
profile Guest (pf::Portal::ProfileFactory::_from_profile)
May 06 10:57:14 httpd.aaa(3331) INFO: [mac:00:26:c7:3b:b2:6e] Memory 
configuration is not valid anymore for key resource::authentication_sources in 
local cached_hash (pfconfig::cached::is_valid)
May 06 10:57:14 httpd.aaa(3331) INFO: [mac:00:26:c7:3b:b2:6e] Connection type 
is WIRELESS_MAC_AUTH. Getting role from node_info (pf::role::getRegisteredRole)
May 06 10:57:14 httpd.aaa(3331) INFO: [mac:00:26:c7:3b:b2:6e] Username was 
defined "0026c73bb26e" - returning role 'Eduroam-user' 
(pf::role::getRegisteredRole)
May 06 10:57:14 httpd.aaa(3331) INFO: [mac:00:26:c7:3b:b2:6e] PID: 
"a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk>", Status: reg Returned VLAN: 
(undefined), Role: Eduroam-user (pf::role::fetchRoleForNode)
May 06 10:57:14 httpd.aaa(3331) INFO: [mac:00:26:c7:3b:b2:6e] (10.6.249.5) 
Added VLAN 10 to the returned RADIUS Access-Accept 
(pf::Switch::returnRadiusAccessAccept)

After clicking the 'activation link' I the e-mail sent

May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] Updating node user_agent with 
useragent: 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 
Firefox/45.0' 
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] database query failed with: 
Duplicate entry '0' for key 'PRIMARY' (errno: 1062) (pf::db::db_query_execute)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] violation not added, MAC 0 is 
invalid! trigger useragent::3 (pf::violation::violation_trigger)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] violation not added, MAC 0 is 
invalid! trigger useragent::1400 (pf::violation::violation_trigger)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] violation not added, MAC 0 is 
invalid! trigger useragent::507 (pf::violation::violation_trigger)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] violation not added, MAC 0 is 
invalid! trigger useragent::512 (pf::violation::violation_trigger)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] violation not added, MAC 0 is 
invalid! trigger useragent::400 (pf::violation::violation_trigger)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] violation not added, MAC 0 is 
invalid! trigger useragent::505 (pf::violation::violation_trigger)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] [00:26:c7:3b:b2:6e] 
Activation code sent to email a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> 
from a.p.k.to...@ex.ac.uk<mailto:a.p.k.to...@ex.ac.uk> successfully verified.  
for activation type: guest (pf::activation::validate_code)
May 06 10:59:43 httpd.portal(11422) WARN: [mac:0] Use of uninitialized value 
$unregdate in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
 line 93.
(captiveportal::PacketFence::Controller::Activate::Email::code)
May 06 10:59:43 httpd.portal(11422) INFO: [mac:0] Extending duration to  
(captiveportal::PacketFence::Controller::Activate::Email::code)
May 06 10:59:43 httpd.portal(11422) WARN: [mac:0] Use of uninitialized value 
$unregdate in concatenation (.) or string at 
/usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
 line 96.
(captiveportal::PacketFence::Controller::Activate::Email::code)

The guest account is successfully registered but will still time out in 10 
minutes.

Any ideas on when this will be fixed.

Andrew Torry
Network Infrastructure & Security Manager

Falmouth Exeter Plus
Penryn Campus, Penryn, Cornwall TR10 9FE

Direct Line: 01326 370760
Email: andrew.to...@fxplus.ac.uk<mailto:andrew.to...@fxplus.ac.uk>
Web:  www.fxplus.ac.uk<http://www.fxplus.ac.uk/>
[Description: Description: Description: 
cid:96145AF1-BADB-420E-99CB-36E729C912FD]

________________________________

[Cardiff Metropolitan University - Queens Anniversary Prizes 
2015]<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users