Hello Arun, The SSO acts on Accounting packets (Start,Interim and Stop) so if you have to much of those here a couple thing you could check.
First, it does not cause much issue for the registration but can fill your accounting data table pretty quick. Make sure your network equipments that send the accounting send it with a good interim period > 30 mins. Then make sure your devices does not roam too much between APs. When APs signal overlay each other, it will make the users bounce from one AP to another and thus create a lot of RADIUS traffic. You can also check if the equipments offer a feature where it caches the accounting when roaming. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Feb 15, 2022, at 5:32 AM, Arun Kangle via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello All, > I am facing this issue very specific to the iPhone users (MACOS, Windows and > Android devices are working fine) that suddenly their iPhone will pop a > message that Wi-Fi doesn't have connectivity to the internet and if they > would like to connect to the Mobile Data network. > > From the packetfence Log I see that lot's of accounting updates related to > location and thus 'SSO Stop' is sent to the Firewall. > > Has anyone seen this before? Could someone please help. > > Thank you in advance, > - Arun > > Feb 15 14:23:03 aolicnac packetfence_httpd.aaa[3164630]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request > (pf::api::handle_accounting_metadata) > Feb 15 14:23:03 aolicnac packetfence_httpd.aaa[3164630]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:23:03 aolicnac packetfence_httpd.aaa[3164630]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request > (pf::api::handle_accounting_metadata) > Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:23:21 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request > (pf::api::handle_accounting_metadata) > Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:25:09 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request > (pf::api::handle_accounting_metadata) > Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:25:21 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:27:28 aolicnac packetfence_httpd.aaa[3163584]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:27:28 aolicnac packetfence_httpd.aaa[3163584]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] handling radius autz request: from switch_ip => > (192.168.2.133), connection_type => Wireless-802.11-EAP,switch_mac => > (44:48:c1:ce:c3:92), mac => [b4:85:e1:30:27:2f], port => 0, username => > "adm.nishant", ssid => aolicnet (pf::radius::authorize) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Instantiate profile Bypassed-Multi-Role > (pf::Connection::ProfileFactory::_from_profile) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Found authentication source(s) : > 'Set-role-bypassed-multi' for realm 'null' > (pf::config::util::filter_authentication_sources) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Using sources Set-role-bypassed-multi for > matching (pf::authentication::match2) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] [Set-role-bypassed-multi > Set-role-bypassed-multi] Searching for > (&(sAMAccountName=adm.nishant)(memberOf=CN=Bypassed,OU=AOL-Group,DC=AOLIC,DC=NET)), > from DC=AOLIC,DC=NET, with scope sub > (pf::Authentication::Source::LDAPSource::match_in_subclass) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Matched rule (Set-role-bypassed-multi) in > source Set-role-bypassed-multi, returning actions. > (pf::Authentication::Source::match_rule) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Matched rule (Set-role-bypassed-multi) in > source Set-role-bypassed-multi, returning actions. > (pf::Authentication::Source::match) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Found authentication source(s) : > 'Set-role-bypassed-multi' for realm 'null' > (pf::config::util::filter_authentication_sources) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Role has already been computed and we don't > want to recompute it. Getting role from node_info > (pf::role::getRegisteredRole) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Username was defined "adm.nishant" - returning > role 'Bypassed-Multi' (pf::role::getRegisteredRole) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] PID: "adm.nis", Status: reg Returned VLAN: > (undefined), Role: Bypassed-Multi (pf::role::fetchRoleForNode) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] (192.168.2.133) Added VLAN 22 to the returned > RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] No parameter Bypassed-MultiRole found in > conf/switches.conf for the switch 192.168.2.133 (pf::Switch::getRoleByName) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] security_event 1300003 force-closed for > b4:85:e1:30:27:2f (pf::security_event::security_event_force_close) > Feb 15 14:41:01 aolicnac packetfence_httpd.aaa[3157307]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Instantiate profile Bypassed-Multi-Role > (pf::Connection::ProfileFactory::_from_profile) > Feb 15 14:41:02 aolicnac packetfence_httpd.aaa[3114109]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Updating locationlog from accounting request > (pf::api::handle_accounting_metadata) > Feb 15 14:41:02 aolicnac packetfence_httpd.aaa[3114109]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:41:02 aolicnac packetfence_httpd.aaa[3114109]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:42:30 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:42:30 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:42:33 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:42:33 aolicnac packetfence_httpd.aaa[3163583]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:52:29 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:52:29 aolicnac packetfence_httpd.aaa[3164616]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Update' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > Feb 15 14:59:23 aolicnac packetfence_httpd.aaa[3163584]: httpd.aaa(2972710) > WARN: [mac:b4:85:e1:30:27:2f] Firewall SSO Notify > (pf::api::firewallsso_accounting) > Feb 15 14:59:23 aolicnac packetfence_httpd.aaa[3163584]: httpd.aaa(2972710) > INFO: [mac:b4:85:e1:30:27:2f] Sending a firewall SSO 'Stop' request for MAC > 'b4:85:e1:30:27:2f' and IP '10.0.122.14' (pf::firewallsso::do_sso) > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!C8CAzZbmv1JDlMLprnKuVIgFQo16Sakt9jKBXKGEW__MJr9vP_OaK6uhFrThIhMx$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
