Hello Adrian,
try:
radsniff -i any -f "port 3799" -x
and paste the debug.
Regards
Fabrice
Le 20-12-08 à 16 h 19, Adrian D'Atri-Guiran a écrit :
Hi Fabrice,
When I use RADIUS instead of SSH for deauthentication method, I
receive the following errors in my packetfence log:
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) INFO: [mac:5c:e0:c5:c1:d6:fd]
[5c:e0:c5:c1:d6:fd] DesAssociating mac on switch (10.2.2.60)
(pf::api::desAssociate)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) INFO: [mac:5c:e0:c5:c1:d6:fd] deauthenticating
5c:e0:c5:c1:d6:fd (pf::Switch::Mikrotik::radiusDisconnect)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) INFO: [mac:5c:e0:c5:c1:d6:fd] controllerIp is
set, we will use controller 10.2.2.60 to perform deauth
(pf::Switch::Mikrotik::radiusDisconnect)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) ERROR: [mac:5c:e0:c5:c1:d6:fd] Trying to save
a NULL value in a non nullable field radius_audit_log.mac
(pf::dal::validate_field)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) ERROR: [mac:5c:e0:c5:c1:d6:fd] Skipping
invalid value (NULL) in when inserting field radius_audit_log.mac
(pf::dal::_insert_data)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) WARN: [mac:5c:e0:c5:c1:d6:fd] Warning: 1364:
Field 'mac' doesn't have a default value (pf::dal::db_execute)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) INFO: [mac:5c:e0:c5:c1:d6:fd]
[5c:e0:c5:c1:d6:fd] DesAssociating mac on switch (10.2.2.60)
(pf::api::desAssociate)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) INFO: [mac:5c:e0:c5:c1:d6:fd] deauthenticating
5c:e0:c5:c1:d6:fd (pf::Switch::Mikrotik::radiusDisconnect)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) INFO: [mac:5c:e0:c5:c1:d6:fd] controllerIp is
set, we will use controller 10.2.2.60 to perform deauth
(pf::Switch::Mikrotik::radiusDisconnect)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) ERROR: [mac:5c:e0:c5:c1:d6:fd] Trying to save
a NULL value in a non nullable field radius_audit_log.mac
(pf::dal::validate_field)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) ERROR: [mac:5c:e0:c5:c1:d6:fd] Skipping
invalid value (NULL) in when inserting field radius_audit_log.mac
(pf::dal::_insert_data)
Dec 8 16:13:42 radius packetfence_httpd.webservices:
httpd.webservices(4423) WARN: [mac:5c:e0:c5:c1:d6:fd] Warning: 1364:
Field 'mac' doesn't have a default value (pf::dal::db_execute)
And on the mikrotik side, I receive this error in the log:
Radius disconnect with no ip provided
Thanks!
On Mon, Dec 7, 2020 at 6:12 PM Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Try that instead:
$logger->info("SSH connection to mikrotik access point with
credentials: username ".$self->{_cliUser}." password ",
$self->{_cliPwd}");
Also why you don't use the RADIUS disconnect method ?
Le 20-12-07 à 19 h 10, Adrian D'Atri-Guiran via PacketFence-users
a écrit :
Hello,
I have followed the guide as per:
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_command_line_interface_telnet_and_ssh
and I cannot find the place in Configuration → Policies and
Access Control → Switches
to add the credentials, so I have added them to my switches.conf
file
grep '10.2.2.60' /usr/local/pf/conf/switches.conf -A 9
[10.2.2.60]
deauthMethod=SSH
description=CAP AC
controllerIp=10.2.2.60
type=Mikrotik
cliTransport=SSH
cliUser=admin
cliPwd=<redacted>
ExternalPortalEnforcement=Y
radiusSecret=<redacted>
registrationVlan=102
isolationVlan=103
But when I try to de-associate a node I receive an error:
ERROR: [mac:12:e1:f9:6d:95:4a] Can't call method "exec" on an
undefined value at /usr/local/pf/lib/pf/Switch/Mikrotik.pm line 343.
I did a bit of digging and added a line of debugging here:
https://github.com/inverse-inc/packetfence/blob/1369b3819f3b1986d11da2bd75925187d7a62b00/lib/pf/Switch/Mikrotik.pm#L337
I added:
$logger->info("SSH connection to mikrotik access point with
credentials:$self->{_cliUser}, $self->{_cliPwd}");
then retarted. I see the line printing in my logs, but the login
and password are blank. Somehow my settings from switches.conf
is not making it to the deauthenticateMacSSH subroutine.
Dec 7 18:39:24 radius packetfence_httpd.webservices:
httpd.webservices(4423) INFO: [mac:12:e1:f9:6d:95:4a] SSH
connection to mikrotik access point with credentials:,
(pf::Switch::Mikrotik::deauthenticateMacSSH)
Thank you for your help,
Adrian
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users