Re: [PacketFence-users] Can't link PacketFence with AD Server.

Tue, 12 Feb 2019 02:44:47 -0800 

Hello Fabrice, 

Initially, my PacketFence projet where for a client with Fiberstore switchs ( 
S3900-48TS and S5850-32SQ ). For my sketch, I use a cisco 2950 but seems to be 
buggy. I've got a new switch, a cisco SG500 but I don't find it in the list of 
"Type" when adding a new switch. By using the SG300 type, I've got the error 
"Switch is not managed by PacketFence". Is there any default type I can use so 
the SG500 work ? By the way, if I got this error message, deploying it on a 
network with Fiberstore switch, wich is not in the type list, do PF will work ? 
Is there any default type wich work for every switch ? 

Best regards 

Adrian. 


De: "packetfence-users" <packetfence-users@lists.sourceforge.net> 
À: "packetfence-users" <packetfence-users@lists.sourceforge.net> 
Cc: "ADE" <adrian.dessai...@novasys.coop>, "GUYOT-NOVASYS" <p...@novasys.coop> 
Envoyé: Lundi 11 Février 2019 16:17:47 
Objet: Re: [PacketFence-users] Can't link PacketFence with AD Server. 

Hello Fabrice, 

Thanks for the patch, it applied well on my system: 

[root@pfcen7 pf]# patch -p1 --dry-run < ./multiples_attributes.diff 
(Stripping trailing CRs from patch; use --binary to disable.) 
checking file lib/pf/Switch.pm 
(Stripping trailing CRs from patch; use --binary to disable.) 
checking file lib/pf/api.pm 
(Stripping trailing CRs from patch; use --binary to disable.) 
checking file lib/pf/radius/rest.pm 

[root@pfcen7 pf]# patch -p1 < ./multiples_attributes.diff 
(Stripping trailing CRs from patch; use --binary to disable.) 
patching file lib/pf/Switch.pm 
(Stripping trailing CRs from patch; use --binary to disable.) 
patching file lib/pf/api.pm 
(Stripping trailing CRs from patch; use --binary to disable.) 
patching file lib/pf/radius/rest.pm 

I then, restarted my system. 

########################################################## 

However, the patch have a side effect on the web server 
There is a loop on the start of the webservice: 

Feb 11 16:14:54 pfcen7 packetfence_httpd.aaa: httpd.aaa(8869) WARN: 
[mac:[undef]] "my" variable %remapped_radius_request masks earlier declaration 
in same scope at /usr/local/pf/lib/pf/api.pm line 1301. 
(pf::WebAPI::BEGIN) 
Feb 11 16:14:56 pfcen7 pfqueue: pfqueue(8876) WARN: [mac:[undef]] "my" variable 
%remapped_radius_request masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/api.pm line 1301. 
(main::BEGIN) 
Feb 11 16:14:56 pfcen7 pfqueue: "my" variable %remapped_radius_request masks 
earlier declaration in same scope at /usr/local/pf/lib/pf/api.pm line 1301. 
Feb 11 16:14:56 pfcen7 pfqueue: BEGIN not safe after errors--compilation 
aborted at /usr/local/pf/lib/pf/api.pm line 1301. 
Feb 11 16:14:56 pfcen7 pfqueue: Compilation failed in require at 
/usr/local/pf/sbin/pfqueue line 47. 
Feb 11 16:14:56 pfcen7 pfqueue: BEGIN failed--compilation aborted at 
/usr/local/pf/sbin/pfqueue line 47. 
Feb 11 16:14:56 pfcen7 packetfence: INFO -e(8886): generating 
/usr/local/pf/var/conf/ssl-certificates.conf 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:14:56 pfcen7 packetfence: INFO -e(8886): generating 
/usr/local/pf/var/conf/captive-portal-common 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:14:57 pfcen7 packetfence: INFO -e(8894): generating 
/usr/local/pf/var/conf/ssl-certificates.conf 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:14:57 pfcen7 packetfence: INFO -e(8894): generating 
/usr/local/pf/var/conf/captive-portal-common 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:14:57 pfcen7 packetfence: INFO -e(8902): generating 
/usr/local/pf/var/conf/ssl-certificates.conf 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:14:57 pfcen7 packetfence: INFO -e(8902): generating 
/usr/local/pf/var/conf/captive-portal-common 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:15:01 pfcen7 packetfence_httpd.webservices: httpd.webservices(8909) 
WARN: [mac:[undef]] "my" variable %remapped_radius_request masks earlier 
declaration in same scope at /usr/local/pf/lib/pf/api.pm line 1301. 
(pf::WebAPI::BEGIN) 
Feb 11 16:15:03 pfcen7 pfqueue: pfqueue(8917) WARN: [mac:[undef]] "my" variable 
%remapped_radius_request masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/api.pm line 1301. 
(main::BEGIN) 
Feb 11 16:15:03 pfcen7 pfqueue: "my" variable %remapped_radius_request masks 
earlier declaration in same scope at /usr/local/pf/lib/pf/api.pm line 1301. 
Feb 11 16:15:03 pfcen7 pfqueue: BEGIN not safe after errors--compilation 
aborted at /usr/local/pf/lib/pf/api.pm line 1301. 
Feb 11 16:15:03 pfcen7 pfqueue: Compilation failed in require at 
/usr/local/pf/sbin/pfqueue line 47. 
Feb 11 16:15:03 pfcen7 pfqueue: BEGIN failed--compilation aborted at 
/usr/local/pf/sbin/pfqueue line 47. 
Feb 11 16:15:03 pfcen7 packetfence_httpd.aaa: httpd.aaa(8926) WARN: 
[mac:[undef]] "my" variable %remapped_radius_request masks earlier declaration 
in same scope at /usr/local/pf/lib/pf/api.pm line 1301. 
(pf::WebAPI::BEGIN) 
Feb 11 16:15:04 pfcen7 packetfence: INFO -e(8936): generating 
/usr/local/pf/var/conf/ssl-certificates.conf 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:15:04 pfcen7 packetfence: INFO -e(8936): generating 
/usr/local/pf/var/conf/captive-portal-common 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:15:07 pfcen7 packetfence: INFO -e(8948): generating 
/usr/local/pf/var/conf/ssl-certificates.conf 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:15:07 pfcen7 packetfence: INFO -e(8948): generating 
/usr/local/pf/var/conf/captive-portal-common 
(pf::services::manager::httpd::generateCommonConfig) 
Feb 11 16:15:09 pfcen7 pfqueue: pfqueue(8952) WARN: [mac:[undef]] "my" variable 
%remapped_radius_request masks earlier declaration in same scope at 
/usr/local/pf/lib/pf/api.pm line 1301. 
(main::BEGIN) 
Feb 11 16:15:09 pfcen7 pfqueue: "my" variable %remapped_radius_request masks 
earlier declaration in same scope at /usr/local/pf/lib/pf/api.pm line 1301. 
Feb 11 16:15:09 pfcen7 pfqueue: BEGIN not safe after errors--compilation 
aborted at /usr/local/pf/lib/pf/api.pm line 1301. 
Feb 11 16:15:09 pfcen7 pfqueue: Compilation failed in require at 
/usr/local/pf/sbin/pfqueue line 47. 
Feb 11 16:15:09 pfcen7 pfqueue: BEGIN failed--compilation aborted at 
/usr/local/pf/sbin/pfqueue line 47. 
Feb 11 16:15:10 pfcen7 packetfence_httpd.webservices: httpd.webservices(8953) 
WARN: [mac:[undef]] "my" variable %remapped_radius_request masks earlier 
declaration in same scope at /usr/local/pf/lib/pf/api.pm line 1301. 
(pf::WebAPI::BEGIN) 

Has a result, the web administration page is not available. 

Thanks in advance for your help, 

Best Regards, 

Adrian 


De: "packetfence-users" <packetfence-users@lists.sourceforge.net> 
À: "packetfence-users" <packetfence-users@lists.sourceforge.net> 
Cc: "Durand fabrice" <fdur...@inverse.ca> 
Envoyé: Samedi 9 Février 2019 02:17:51 
Objet: Re: [PacketFence-users] Can't link PacketFence with AD Server. 

Hello Adrian, 

i did the patch based on the devel branch. 

Here a new one based on packetfence 8.3. 

Regards 

Fabrice 


Le 19-02-08 à 04 h 13, Adrian Dessaigne via PacketFence-users a écrit : 
> Hi, I've done the patch and I got one error for Switch.pm 
> 
> ############################################################################ 
> 
> Below is the result of my patch command: 
> 
> [root@pfcen7 pf]# patch -p1 --dry-run < ./multiples_attributes.diff 
> (Stripping trailing CRs from patch; use --binary to disable.) 
> checking file lib/pf/Switch.pm 
> Hunk #1 FAILED at 3035. 
> 1 out of 1 hunk FAILED 
> (Stripping trailing CRs from patch; use --binary to disable.) 
> checking file lib/pf/api.pm 
> Hunk #1 succeeded at 1297 (offset 3 lines). 
> (Stripping trailing CRs from patch; use --binary to disable.) 
> checking file lib/pf/radius/rest.pm 
> 
> ############################################################################# 
> 
> The second commande is returning my this: 
> 
> [root@pfcen7 pf]# patch -p1 < ./multiples_attributes.diff 
> (Stripping trailing CRs from patch; use --binary to disable.) 
> patching file lib/pf/Switch.pm 
> Hunk #1 FAILED at 3035. 
> 1 out of 1 hunk FAILED -- saving rejects to file lib/pf/Switch.pm.rej 
> (Stripping trailing CRs from patch; use --binary to disable.) 
> patching file lib/pf/api.pm 
> Hunk #1 succeeded at 1297 (offset 3 lines). 
> (Stripping trailing CRs from patch; use --binary to disable.) 
> patching file lib/pf/radius/rest.pm 
> 
> ############################################################################# 
> 
> Here is the content of " lib/pf/Switch.pm.rej ": 
> --- lib/pf/Switch.pm 
> +++ lib/pf/Switch.pm 
> @@ -3035,9 +3035,16 @@ 
> sub parseRequest { 
> my ( $self, $radius_request ) = @_; 
> 
> - my $client_mac = ref($radius_request->{'Calling-Station-Id'}) eq 'ARRAY' 
> - ? clean_mac($radius_request->{'Calling-Station-Id'}[0]) 
> - : clean_mac($radius_request->{'Calling-Station-Id'}); 
> + my $client_mac; 
> + if (ref($radius_request->{'Calling-Station-Id'}) eq 'ARRAY') { 
> + foreach my $callingStationId (@{$radius_request->{'Calling-Station-Id'}}) { 
> + if (valid_mac($callingStationId)) { 
> + $client_mac = clean_mac($callingStationId); 
> + } 
> + } 
> + } else { 
> + $client_mac = clean_mac($radius_request->{'Calling-Station-Id'}); 
> + } 
> my $user_name = $radius_request->{'TLS-Client-Cert-Subject-Alt-Name-Upn'} || 
> $radius_request->{'TLS-Client-Cert-Common-Name'} || 
> $radius_request->{'User-Name'}; 
> my $nas_port_type = ( defined($radius_request->{'NAS-Port-Type'}) ? 
> $radius_request->{'NAS-Port-Type'} : ( 
> defined($radius_request->{'Called-Station-SSID'}) ? "Wireless-802.11" : undef 
> ) ); 
> my $port = $radius_request->{'NAS-Port'}; 
> 
> Is there any other information you need ? 
> 
> Regards, 
> 
> Adrian 
> 
> ----- Mail original ----- 
> De: "packetfence-users" <packetfence-users@lists.sourceforge.net> 
> À: "packetfence-users" <packetfence-users@lists.sourceforge.net> 
> Cc: "Durand fabrice" <fdur...@inverse.ca> 
> Envoyé: Vendredi 8 Février 2019 02:54:11 
> Objet: Re: [PacketFence-users] Can't link PacketFence with AD Server. 
> 
> Hello Adrian, 
> 
> if the switch send two Calling-Station-Id then it's a bug on the switch 
> side. 
> 
> But i made a patch in order to test if there is multiple attributes and 
> test if one of them is a mac address. 
> 
> So go in /usr/local/pf 
> 
> patch -p1 --dry-run < ./mulpiples_attributes.diff 
> 
> if there is no error: 
> 
> patch -p1 < ./mulpiples_attributes.diff 
> 
> Let me know if it helps. 
> 
> Regards 
> 
> Fabrice 
> 
> 
> _______________________________________________ 
> PacketFence-users mailing list 
> PacketFence-users@lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 


_______________________________________________ 
PacketFence-users mailing list 
PacketFence-users@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/packetfence-users 


_______________________________________________ 
PacketFence-users mailing list 
PacketFence-users@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/packetfence-users 

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users





























					Reply via email to