Hi All, I just installed packetfence v9.0.1 on Azure VM and use web-auth mode for all the Wi-Fi guest access. However, when the laptop connects to the Wi-Fi signal, the captive portal will show "an error occurred. Your computer was not found in the packetfence database. Please reboot to solve this issue. " We have the same setup Packetfence server v6 on production. When I point my Cisco WLC2504 to the production server, the captive portal redirect fine. However, it's just not working with v9.0.1. Would you please share some thoughts on what may cause the issue?
Here are some logs & configuration for your references: Pf.conf: # general.domain # # Domain name of PacketFence system. domain=resourcepro0.resourcepro.com # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=PFence # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=10.20.20.Z,127.0.0.1 # # general.timezone # # System's timezone in string format. List generated from Perl library DateTime::TimeZone # When left empty, it will use the timezone of the server timezone=America/Chicago [network] # # network.dhcp_process_ipv6 # # Enable/disable ipv6 dhcp packets processing by pfdhcplistener. dhcp_process_ipv6=disabled [fencing] # # fencing.range # # Comma-delimited list of address ranges/CIDR blocks that Snort/Suricata will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=172.25.0.0/16 # # fencing.passthrough # # When enabled, pfdns will resolve the real IP addresses of passthroughs and add them in the ipset session to give access # to trapped devices. DonĀ“t forget to enable ip_forward on your server. passthrough=disabled [guests_admin_registration] # # guests_admin_registration.default_access_duration # # This is the default access duration value selected in the dropdown on the # guest management interface. default_access_duration=5D [alerting] # # alerting.emailaddr # # Comma-delimited list of email addresses to which notifications of rogue DHCP servers, security_events with an action of "email", or any other # PacketFence-related message goes to. emailaddr=hele...@x.com<mailto:emailaddr=hele...@x.com> # # alerting.smtpserver # # Server through which to send messages to the above emailaddr. The default is localhost - be sure you're running an SMTP # host locally if you don't change it! smtpserver=mail.x.com [database] # # database.pass # # Password for the mysql database used by PacketFence. Changing this parameter after the initial configuration will *not* change it in the database it self, only in the configuration. pass=password [services] # # services.pfdhcp # # Should pfdhcp be managed by PacketFence? pfdhcp=disabled # # services.routes # # Should routes be managed by PacketFence? routes=disabled # services.tc # # Should tc be managed by PacketFence? tc=disabled [snmp_traps] # # snmp_traps.trap_limit_action # # Action that PacketFence will take if the snmp_traps.trap_limit_threshold is reached. # Defaults to none. email will send an email every hour if the limit's still reached. # shut will shut the port on the switch and will also send an email even if email is not # specified. trap_limit_action=email [captive_portal] # # captive_portal.network_detection_ip # # This IP is used as the webserver who hosts the common/network-access-detection.gif which is used to detect if network # access was enabled. # It cannot be a domain name since it is used in registration or quarantine where DNS is blackholed. # It is recommended that you allow your users to reach your packetfence server and put your LAN's PacketFence IP. # By default we will make this reach PacketFence's website as an easy solution. # network_detection_ip=40.118.248.211 # # captive_portal.secure_redirect # # If secure_redirect is enabled, the captive portal uses HTTPS when redirecting # captured clients. This is the default behavior. secure_redirect=disabled # # captive_portal.rate_limiting # # Temporarily deny access to a user that performs too many requests on the captive portal on invalid URLs rate_limiting=disabled [advanced] # # advanced.portal_csp_security_headers # # Enforce Content-Security-Policy (CSP) HTTP response header in the captive portal interface # portal_csp_security_headers=disabled # advanced.sso_on_dhcp # # Trigger Single-Sign-On (Firewall SSO) on dhcp sso_on_dhcp=disabled # # advanced.hash_passwords # # The algorithm to use to hash the passwords in the local database. hash_passwords=plaintext [interface eth0] ip=172.16.101.25 type=management,portal mask=255.255.255.240 Packetfence. Log: \\204.237.167.X<file://204.237.167.X> is the guest mapped IP address. Jul 16 14:29:49 PFence pfhttpd: 16/Jul/2019:14:29:49 +0000 [ERROR 502 /api/v1/dhcp/stats] dial tcp 127.0.0.1:22222: getsockopt: connection refused Jul 16 14:30:06 PFence pfhttpd: 16/Jul/2019:14:30:06 +0000 [ERROR 502 /api/v1/dhcp/stats] dial tcp 127.0.0.1:22222: getsockopt: connection refused Jul 16 14:30:11 PFence packetfence_httpd.aaa: httpd.aaa(5213) INFO: [mac:ac:ed:5c:39:03:c3] handling radius autz request: from switch_ip => (10.20.5.40), connection_type => Wireless-802.11-NoEAP,switch_mac => (18:8b:9d:d2:f0:90), mac => [ac:ed:5c:39:03:c3], port => 1, username => "aced5c3903c3", ssid => RSP (pf::radius::authorize) Jul 16 14:30:11 PFence packetfence_httpd.aaa: httpd.aaa(5213) INFO: [mac:ac:ed:5c:39:03:c3] Instantiate profile RSP-Employee (pf::Connection::ProfileFactory::_from_profile) Jul 16 14:30:11 PFence packetfence_httpd.aaa: httpd.aaa(5213) INFO: [mac:ac:ed:5c:39:03:c3] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Jul 16 14:30:11 PFence packetfence_httpd.aaa: httpd.aaa(5213) INFO: [mac:ac:ed:5c:39:03:c3] (10.20.5.40) Added VLAN 51 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jul 16 14:30:11 PFence packetfence_httpd.aaa: httpd.aaa(5213) INFO: [mac:ac:ed:5c:39:03:c3] (10.20.5.40) Added role Pre-Auth-for-External-Web-Server to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jul 16 14:30:11 PFence packetfence_httpd.aaa: httpd.aaa(5213) INFO: [mac:ac:ed:5c:39:03:c3] Adding web authentication redirection to reply using role: 'Pre-Auth-for-External-Web-Server' and URL: 'http://40.118.248.211/Cisco::WLC/sida60cc2?' (pf::Switch::Cisco::WLC::returnRadiusAccessAccept) Jul 16 14:30:11 PFence packetfence_httpd.aaa: httpd.aaa(5213) INFO: [mac:e0:ac:cb:96:a7:5a] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:unknown] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:unknown] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:0] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:0] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) INFO: [mac:0] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) ERROR: [mac:0] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:0] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Jul 16 14:30:16 PFence packetfence_httpd.portal: httpd.portal(1637) ERROR: [mac:0] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:unknown] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:unknown] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:0] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:0] Unable to match MAC address to IP '204.237.167.X' (pf::ip4log::ip2mac) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) INFO: [mac:0] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) ERROR: [mac:0] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::endpoint_attributes) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) WARN: [mac:0] Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) Jul 16 14:30:17 PFence packetfence_httpd.portal: httpd.portal(1637) ERROR: [mac:0] Error while communicating with the Fingerbank collector. 500 Can't connect to 127.0.0.1:4723 (pf::fingerbank::update_collector_endpoint_data) Jul 16 14:30:27 PFence pfhttpd: 16/Jul/2019:14:30:27 +0000 [ERROR 502 /api/v1/dhcp/stats] dial tcp 127.0.0.1:22222: getsockopt: connection refused httpd:portal.access: \\ 40.118.248.211 is the captive portal we configured on PF Jul 16 14:00:28 PFence httpd_portal: 204.237.167.X - - [16/Jul/2019:14:00:27 +0000] "GET /captive-portal?destination_url=http://40.118.248.211/Cisco::WLC/sidcfc55c? HTTP/1.1" 200 4151 576 197048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" Jul 16 14:00:28 PFence httpd_portal: 204.237.167.X - - [16/Jul/2019:14:00:28 +0000] "POST /record_destination_url HTTP/1.1" 200 445 833 141034 "http://pfence.resourcepro0.resourcepro.com/captive-portal?destination_url=http://40.118.248.211/Cisco::WLC/sidcfc55c?"; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" Jul 16 14:02:48 PFence httpd_portal: 204.237.167.X - - [16/Jul/2019:14:02:48 +0000] "GET /captive-portal?destination_url=http://40.118.248.211/Cisco::WLC/sid55c6f2? HTTP/1.1" 200 4151 576 79548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" Jul 16 14:02:49 PFence httpd_portal: 204.237.167.X - - [16/Jul/2019:14:02:49 +0000] "POST /record_destination_url HTTP/1.1" 200 445 833 76381 "http://pfence.resourcepro0.resourcepro.com/captive-portal?destination_url=http://40.118.248.211/Cisco::WLC/sid55c6f2?"; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" Jul 16 14:30:16 PFence httpd_portal: 204.237.167.X - - [16/Jul/2019:14:30:16 +0000] "GET /captive-portal?destination_url=http://40.118.248.211/Cisco::WLC/sida60cc2? HTTP/1.1" 200 4151 576 141580 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" Jul 16 14:30:17 PFence httpd_portal: 204.237.167.X - - [16/Jul/2019:14:30:17 +0000] "POST /record_destination_url HTTP/1.1" 200 445 833 62044 "http://pfence.resourcepro0.resourcepro.com/captive-portal?destination_url=http://40.118.248.211/Cisco::WLC/sida60cc2?"; "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134" Httpd.portal. error: ul 16 14:00:28 PFence httpd_portal_err: Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. Jul 16 14:00:28 PFence httpd_portal_err: Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. Jul 16 14:02:48 PFence httpd_portal_err: Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. Jul 16 14:02:49 PFence httpd_portal_err: Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. Jul 16 14:30:16 PFence httpd_portal_err: Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. Jul 16 14:30:17 PFence httpd_portal_err: Use of uninitialized value in string ne at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm line 138. Please let me know if you need anything else. Thank you very much for your help, Helen This email (including any attachments) contains confidential information intended for a specific individual and purpose. If you have received this email in error please notify the sender immediately and delete this e-mail. If you are not the intended recipient any disclosing, distributing, copying, or taking any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 60 E 42nd Street, Suite 1500 New York, NY 10165 www.resourcepro.com
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
