Re: [PacketFence-users] "default" user not pushing device to login portal

Thu, 06 Jul 2017 14:04:51 -0700 

Hi Jason,
At first glance, the logs below seem to indicate something is wrong when it 
comes to assigning a role to the device.

Can we see your authentication.conf, profiles.conf and switches.conf at the 
very least?
It's hard to say what goes wrong without knowing what role should be assigned.


> On Jul 6, 2017, at 14:50, Jason 'XenoPhage' Frisvold via PacketFence-users 
> <[email protected]> wrote:
> 
> Greetings,
> 
>       I seem to be missing something in my config and I wonder if you can
> help.  Simply put, plugging in a random device does not push that
> devices port into the captive portal vlan, it simply leaves it in vlan 1
> (which is the default on the switches) and the device has no access.
> 
>       I have 802.1x and VoIP detection working.  This piece is, I think, the
> last piece I need before I start working on the wireless side of things.
> 
>       Is there something obvious I'm missing?  What information can I provide
> to help debug this?
> 
> Here are the packetfence and radius log entries that seem to relate :
> 
> ==> logs/packetfence.log <==
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> INFO: [mac:yy:yy:yy:yy:yy:yy] handling radius autz request: from
> switch_ip => (10.10.10.1), connection_type => WIRED_MAC_AUTH,switch_mac
> => (xx:xx:xx:xx:xx:xx), mac => [yy:yy:yy:yy:yy:yy], port => 10105,
> username => "yyyyyyyyyyyy" (pf::radius::authorize)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> INFO: [mac:yy:yy:yy:yy:yy:yy] Unable to lookup LLDP port from IfIndex.
> LLDP VoIP detection will not work. Is LLDP enabled?
> (pf::Switch::Cisco::Catalyst_2950::getPhonesLLDPAtIfIndex)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> INFO: [mac:yy:yy:yy:yy:yy:yy] Could not find any IP phones through
> discovery protocols for ifIndex 10105 (pf::Switch::getPhonesDPAtIfIndex)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> INFO: [mac:yy:yy:yy:yy:yy:yy] Instantiate profile default
> (pf::Connection::ProfileFactory::_from_profile)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value in string eq at
> /usr/local/pf/lib/pf/role.pm line 726.
> (pf::role::_check_bypass)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> INFO: [mac:yy:yy:yy:yy:yy:yy] Connection type is WIRED_MAC_AUTH. Getting
> role from node_info (pf::role::getRegisteredRole)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $role in
> concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 475.
> (pf::role::getRegisteredRole)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> INFO: [mac:yy:yy:yy:yy:yy:yy] Username was NOT defined or unable to
> match a role - returning node based role '' (pf::role::getRegisteredRole)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> INFO: [mac:yy:yy:yy:yy:yy:yy] PID: "default", Status: reg Returned VLAN:
> (undefined), Role: (undefined) (pf::role::fetchRoleForNode)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $vlanName in
> hash element at /usr/local/pf/lib/pf/Switch.pm line 766.
> (pf::Switch::getVlanByName)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $vlanName in
> concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 769.
> (pf::Switch::getVlanByName)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] No parameter Vlan found in
> conf/switches.conf for the switch 10.10.10.1 (pf::Switch::getVlanByName)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $roleName in
> hash element at /usr/local/pf/lib/pf/Switch.pm line 749.
> (pf::Switch::getRoleByName)
> Jul  6 18:44:55 packetfence0 packetfence_httpd.aaa: httpd.aaa(2641)
> WARN: [mac:yy:yy:yy:yy:yy:yy] Use of uninitialized value $roleName in
> concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 752.
> (pf::Switch::getRoleByName)
> 

Regards,
--
Louis Munro
[email protected] <mailto:[email protected]>  ::  www.inverse.ca 
<http://www.inverse.ca/> 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and 
PacketFence (www.packetfence.org <http://www.packetfence.org/>)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
  • [PacketFence-users] "... Jason 'XenoPhage' Frisvold via PacketFence-users
    • Re: [PacketFence-use... Louis Munro via PacketFence-users
      • Re: [PacketFence... Jason 'XenoPhage' Frisvold via PacketFence-users
        • Re: [PacketF... Louis Munro via PacketFence-users
          • Re: [Pac... Jason 'XenoPhage' Frisvold via PacketFence-users
        • Re: [PacketF... Jason 'XenoPhage' Frisvold via PacketFence-users
          • Re: [Pac... Louis Munro via PacketFence-users
            • Re:... Jason 'XenoPhage' Frisvold via PacketFence-users
              • ... Louis Munro via PacketFence-users
                • ... Jason 'XenoPhage' Frisvold via PacketFence-users
                • ... Jason 'XenoPhage' Frisvold via PacketFence-users

Reply via email to