[PacketFence-users] "default" user not pushing device to login portal

Jason 'XenoPhage' Frisvold via PacketFence-users Thu, 06 Jul 2017 11:54:05 -0700

Greetings,

        I seem to be missing something in my config and I wonder if you can
help.  Simply put, plugging in a random device does not push that
devices port into the captive portal vlan, it simply leaves it in vlan 1
(which is the default on the switches) and the device has no access.


        I have 802.1x and VoIP detection working.  This piece is, I think, the
last piece I need before I start working on the wireless side of things.

        Is there something obvious I'm missing?  What information can I provide
to help debug this?

Here are the packetfence and radius log entries that seem to relate :

==> logs/packetfence.log <==
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] handling radius autz request: from
switch_ip => (10.10.10.1), connection_type => WIRED_MAC_AUTH,switch_mac
=> (xx:xx:xx:xx:xx:xx), mac => [yy:yy:yy:yy:yy:yy], port => 10105,
username => "yyyyyyyyyyyy" (pf::radius::authorize)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] Unable to lookup LLDP port from IfIndex.
LLDP VoIP detection will not work. Is LLDP enabled?
(pf::Switch::Cisco::Catalyst_2950::getPhonesLLDPAtIfIndex)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] Could not find any IP phones through
discovery protocols for ifIndex 10105 (pf::Switch::getPhonesDPAtIfIndex)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value in string eq at
/usr/local/pf/lib/pf/role.pm line 726.
 (pf::role::_check_bypass)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] Connection type is WIRED_MAC_AUTH. Getting
role from node_info (pf::role::getRegisteredRole)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 475.
 (pf::role::getRegisteredRole)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] Username was NOT defined or unable to
match a role - returning node based role '' (pf::role::getRegisteredRole)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] PID: "default", Status: reg Returned VLAN:
(undefined), Role: (undefined) (pf::role::fetchRoleForNode)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 766.
 (pf::Switch::getVlanByName)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 769.
 (pf::Switch::getVlanByName)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
WARN: [mac:yy:yy:yy:yy:yy:yy] No parameter Vlan found in
conf/switches.conf for the switch 10.10.10.1 (pf::Switch::getVlanByName)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $roleName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 749.
 (pf::Switch::getRoleByName)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $roleName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 752.
 (pf::Switch::getRoleByName)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] violation 1300003 force-closed for
b8:27:eb:19:ed:3e (pf::violation::violation_force_close)
Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
INFO: [mac:yy:yy:yy:yy:yy:yy] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)

==> logs/radius.log <==
Jul  6 18:44:55 packetfence0 auth[29171]: Need 4 more connections to
reach 10 spares
Jul  6 18:44:55 packetfence0 auth[29171]: rlm_rest (rest): Opening
additional connection (127), 1 of 58 pending slots used
Jul  6 18:44:55 packetfence0 auth[29171]: rlm_sql (sql): Closing
connection (10): Hit idle_timeout, was idle for 630 seconds
Jul  6 18:44:55 packetfence0 auth[29171]: rlm_sql (sql): Closing
connection (11): Hit idle_timeout, was idle for 630 seconds
Jul  6 18:44:55 packetfence0 auth[29171]: rlm_sql (sql): Opening
additional connection (12), 1 of 64 pending slots used
Jul  6 18:44:55 packetfence0 auth[29171]: Need 2 more connections to
reach min connections (3)
Jul  6 18:44:55 packetfence0 auth[29171]: rlm_sql (sql): Opening
additional connection (13), 1 of 63 pending slots used
Jul  6 18:44:55 packetfence0 auth[29171]: (159) Login OK: [yyyyyyyyyyyy]
(from client 10.10.10.1 port 50105 cli yy:yy:yy:yy:yy:yy)


Thanks!

-- 
---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
---------------------------

"A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools."
- The Hitchhikers Guide to the Galaxy

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] "default" user not pushing device to login portal

Reply via email to