Re: [PacketFence-users] PF 14.1 DHPCD Listener .. bug or wrong setup ?!?!

[Enrico Becchetti via PacketFence-users]

 Dear Farbod,
inside Almalinix 8 network settings I see these value:
*"ifcfg-ens4"*
DEVICE=ens4
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.16.0.1
NETMASK=255.255.255.0
DEFROUTE=no
IPV6INIT=no
IPV6ADDR=/

/
*"ifcfg-ens4.25"*
/DEVICE=ens4.25
VLAN=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.25.0.1
NETMASK=255.255.0.0
DEFROUTE=no
IPV6INIT=no
IPV6ADDR=/

*PF profiles.conf:*
/[INFN-WIRED]
scans=Openvas-wired
locale=
filter_match_style=all
advanced_filter=
filter=connection_type:Ethernet-EAP
autoregister=enabled
sources=RADIUS-AAI/

*PF pf.conf*
# Comma-delimited list of DHCP servers.  Passthroughs are created to 
allow DHCP transactions from even "trapped" nodes.
dhcpservers=127.0.0.1,10.25.0.254
... omissis ...
[interface ens4.25]
ip=10.25.0.1
type=dhcp-listener
mask=255.255.0.0

[interface ens4]
mask=255.255.255.0
type=dhcp-listener
ip=172.16.0.1

DHCP PF process:

  4911 ?        Ss     0:05 pfdhcplistener
   5050 ?        S      0:00  \_ pfdhcplistener - ens4.27
   5051 ?        S      0:00  \_ pfdhcplistener - ens4.28
   5052 ?        S      0:00  \_ pfdhcplistener - ens4.29
   5053 ?        S      0:00  \_ pfdhcplistener - ens4.30
   5054 ?        S      0:00  \_ pfdhcplistener - ens3
   5055 ?        S      0:00  \_ pfdhcplistener - ens4.25
   5056 ?        S      0:00  \_ pfdhcplistener - ens4.26
   5057 ?        S      0:00  \_ pfdhcplistener - ens4


What do you think about these settings ?
Thanks again

Bye
Enrico

Il 14/03/2025 21:14, jafarsalehi.far...@outlook.de ha scritto:


        Hi,
        i was reading the installation
        
<https://www.packetfence.org/doc/PacketFence_Installation_Guide.html>Guide
        to find a solution for you, maybe this section below is the
        key to solve your problem.
        27.2.3. Interface in every VLAN
        
<https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_interface_in_every_vlan>

        maybe can you check this please?



best Regards
Farbod







On Friday, March 14, 2025 at 07:41:21 PM GMT+1, Enrico Becchetti 
<enrico.becche...@pg.infn.it> wrote:


Dear Farbood dear all,

I've checked service daemon and udp port. As you can see the service 
was started ,
the daemons is running but I don't 'see any udp port listening on 67 
for my vlans.
Can DHCP listener work with vlans ?
Thank you
Enrico


1)

root@pfsrv:/home/enrico# systemctl status 
packetfence-pfdhcplistener.service
● packetfence-pfdhcplistener.service - PacketFence DHCP Listener Service
     Loaded: loaded 
(/lib/systemd/system/packetfence-pfdhcplistener.service; enabled; 
preset: enabled)
     Active: active (running) since Fri 2025-03-14 10:32:54 CET; 9h ago
   Main PID: 3058 (pfdhcplistener)
     Status: "Ready"
      Tasks: 9 (limit: 19134)
     Memory: 198.3M
        CPU: 7.455s
     CGroup: /packetfence.slice/packetfence-pfdhcplistener.service
             ├─3058 pfdhcplistener
             ├─3161 "pfdhcplistener - eth1.27"
             ├─3162 "pfdhcplistener - eth1.28"
             ├─3163 "pfdhcplistener - eth1.29"
             ├─3164 "pfdhcplistener - eth1.30"
             ├─3165 "pfdhcplistener - eth0"
             ├─3166 "pfdhcplistener - eth1.25"
             ├─3167 "pfdhcplistener - eth1.26"
             └─3168 "pfdhcplistener - eth1"

2)

root@pfsrv:/home/enrico# ps -axf | grep dhcp
 257357 pts/3    S+     0:00                          \_ grep dhcp
   3072 ?        S      0:00  \_ pfqueue - Queue:pfdhcplistener
   3076 ?        S      0:00  \_ pfqueue - Queue:pfdhcplistener_external
   3058 ?        Ss     0:05 pfdhcplistener
   3161 ?        S      0:00  \_ pfdhcplistener - eth1.27
   3162 ?        S      0:00  \_ pfdhcplistener - eth1.28
   3163 ?        S      0:00  \_ pfdhcplistener - eth1.29
   3164 ?        S      0:00  \_ pfdhcplistener - eth1.30
   3165 ?        S      0:01  \_ pfdhcplistener - eth0
   3166 ?        S      0:00  \_ pfdhcplistener - eth1.25
   3167 ?        S      0:00  \_ pfdhcplistener - eth1.26
   3168 ?        S      0:00  \_ pfdhcplistener - eth1


3)

root@pfsrv:/home/enrico# netstat -apn | grep 67
tcp        0      0 127.0.0.1:7070 0.0.0.0:*               LISTEN      
2467/docker-proxy
tcp        0      0 0.0.0.0:1443 0.0.0.0:*               LISTEN      
3673/docker-proxy
tcp6       0      0 :::1443 :::*                    LISTEN      
3679/docker-proxy
udp        0      0 127.0.0.1:35334 127.0.0.1:8125          
ESTABLISHED 3167/pfdhcplistener

4)

root@pfsrv:/home/enrico# netstat -apn | grep dhcp
tcp        0      0 100.64.0.1:48482 100.64.0.1:6380         
ESTABLISHED 3166/pfdhcplistener
udp        0      0 127.0.0.1:54116 127.0.0.1:8125          
ESTABLISHED 3168/pfdhcplistener
udp        0      0 127.0.0.1:39095 127.0.0.1:8125          
ESTABLISHED 3163/pfdhcplistener
udp        0      0 127.0.0.1:55657 127.0.0.1:8125          
ESTABLISHED 3162/pfdhcplistener
udp        0      0 127.0.0.1:56824 127.0.0.1:8125          
ESTABLISHED 3164/pfdhcplistener
udp        0      0 127.0.0.1:49297 127.0.0.1:8125          
ESTABLISHED 3058/pfdhcplistener
udp        0      0 127.0.0.1:57578 127.0.0.1:8125          
ESTABLISHED 3165/pfdhcplistener
udp        0      0 127.0.0.1:35334 127.0.0.1:8125          
ESTABLISHED 3167/pfdhcplistener
udp        0      0 127.0.0.1:52514 127.0.0.1:8125          
ESTABLISHED 3161/pfdhcplistener
udp        0      0 127.0.0.1:52561 127.0.0.1:8125          
ESTABLISHED 3166/pfdhcplistener



Il 14/03/25 18:22, jafarsalehi.far...@outlook.de 
<mailto:jafarsalehi.far...@outlook.de> ha scritto:
Hi Enrico,
i see, i saw via tcpdump you get also the dhcp traffic.
if the packetfence is listening on the interface :
netstat -anu | grep :67
and similar output comes out:
udp  0  0 10.25.0.1:67   0.0.0.0:*  LISTEN

then you might be facing a bug. sorry i cant think of something else 
and cant help further. hope someone in the community comes up with a 
solution.


Best Regards
Farbod



On Friday, March 14, 2025 at 08:17:42 AM GMT+1, Enrico Becchetti 
<enrico.becche...@pg.infn.it> <mailto:enrico.becche...@pg.infn.it> 
wrote:


  Hi Farbod,
no because my network profile is enforcement and PF server and DHCP 
Server
are on the same vlan.

/[INFN-WIRED]
filter_match_style=all
sources=RADIUS-AAI
locale=
advanced_filter=
autoregister=enabled
filter=connection_type:Ethernet-EAP
scans=OpenVAS-WIRED
/
So PF would see all dhcp sessions. Is it true ?

Best Regards
Enrico

Il 14/03/2025 01:42, jafarsalehi.far...@outlook.de 
<mailto:jafarsalehi.far...@outlook.de> ha scritto:
> Hi Enrico,
> Have you configured DHCP relay to forward the DHCP messages to packet
> fence too ?
>
>
> Best regards
> Farbod
> Yahoo Mail - E-Mail vereinfacht
> 
<https://mail.onelink.me/107872968?pid=nativeplacement&c=US_Acquisition_YMktg_315_EmailSimplified_EmailSignature⁡_sub1=Acquisition⁡_sub2=US_YMktg⁡_sub3=⁡_sub4=100002040⁡_sub5=T01_Email_Static_⁡_ios_store_cpp=80931d61-93be-4737-af43-90b13f374168⁡_android_url=https://play.google.com/store/apps/details?id=com.yahoo.mobile.client.android.mail&listing=email_simplified 
<https://mail.onelink.me/107872968?pid=nativeplacement&c=US_Acquisition_YMktg_315_EmailSimplified_EmailSignature&af_sub1=Acquisition&af_sub2=US_YMktg&af_sub3=&af_sub4=100002040&af_sub5=T01_Email_Static_&af_ios_store_cpp=80931d61-93be-4737-af43-90b13f374168&af_android_url=https://play.google.com/store/apps/details?id=com.yahoo.mobile.client.android.mail&listing=email_simplified>> 


>
>    Am Do., März 13, 2025 at 21:43 schrieb Enrico Becchetti via
>    PacketFence-users
>    <packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net>>:
>       Dear all,
>    my new Network Access Control project based on Packetfence has
>    started
>    really badly.
>
>    First I installed PF 14.1 in an Almalinux 8 and now I am using the
>    ZEN
>    version as a last attempt.
>
>    In both cases I made a very simple configuration; the most important
>    details are as follows:
>
>    I have two network cards, eth0 (management) and eth1 with some 
vlans:
>    registration, isolation, production etc;
>
>    I defined a Radius authentication backend, I configured a switch
>    and a
>    network profile.
>    This network profile is “other” type because PF only performs
>    authentication, gateway (nat) and dhcp server
>    functions are performed by another server (10.25.0.254).
>
>    With this setup I'd like to manage access to the wired network via
>    802.1x. While the client connects, PF is unable
>    to read the IP Address assigned by the DHCP server. This is a big
>    problem that I have to solve, otherwise I can't
>    follow up with this project.
>
>    If you have some time for me I'll send you the following 
information:
>    The Packetfence configuration file, the active
>    dhcp processes, the configuration of the network cards, the tcpdump
>    session with which you can see that the
>    server receives information via vlan 25 on DHCP sessions, and 
finally
>    the packetfence.log file.
>
>    Do you think there is a bug in PF 14.1 or is it a mistake in my
>    configuration ?
>
>    Thanks for your attention.
>
>    Enrico
>
>    .—————————————————————————————————
>
>
>    1) pf.conf
>
>    # general.dhcpservers
>    #
>    # Comma-delimited list of DHCP servers. Passthroughs are created to
>    allow DHCP transactions from even "trapped" no
>    des.
>    dhcpservers=127.0.0.1,10.25.0.254
>
>    [interface eth1.25]
>    type=dhcp-listener,portal
>    ip=10.25.0.1
>    mask=255.255.0.0
>
>
>    # ps axf | grep -i dhc
>      11044 pts/0    S+ 0:00                      \_ grep -i dhc
>       3057 ?        S      0:00  \_ pfqueue -
>    Queue:pfdhcplistener_external
>       3088 ?        S      0:00  \_ pfqueue - Queue:pfdhcplistener
>
>    # ip link
>
>    5: eth1.25@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>    noqueue state UP mode DEFAULT group default qlen 1000
>        link/ether 52:54:00:ad:60:dc brd ff:ff:ff:ff:ff:ff
>    6: eth1.26@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>    noqueue state UP mode DEFAULT group default qlen 1000
>
>    5: eth1.25@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>    noqueue state UP group default qlen 1000
>        link/ether 52:54:00:ad:60:dc brd ff:ff:ff:ff:ff:ff
>        inet 10.25.0.1/16 brd 10.25.255.255 scope global eth1.25
>           valid_lft forever preferred_lft forever
>        inet6 fe80::5054:ff:fead:60dc/64 scope link
>           valid_lft forever preferred_lft forever
>
>    # tcpdump -i eth1.25 -n -vv port 67 or port 68
>    tcpdump: listening on eth1.25, link-type EN10MB (Ethernet), snapshot
>    length 262144 bytes
>    15:27:26.576206 IP (tos 0x0, ttl 255, id 10108, offset 0, flags
>    [none],
>    proto UDP (17), length 328)
>        0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, 
Request
>    from ac:87:a3:12:81:47, length 300, xid 0x9370cc2
>    c, secs 4, Flags [none] (0x0000)
>              Client-Ethernet-Address ac:87:a3:12:81:47
>              Vendor-rfc1048 Extensions
>                Magic Cookie 0x63825363
>                DHCP-Message (53), length 1: Request
>                Parameter-Request (55), length 12:
>                  Subnet-Mask (1), Classless-Static-Route (121),
>    Default-Gateway (3), Domain-Name-Server (6)
>                  Domain-Name (15), Unknown (108), URL (114), Unknown
>    (119)
>                  Unknown (252), LDAP (95), Netbios-Name-Server (44),
>    Netbios-Node (46)
>                MSZ (57), length 2: 1500
>                Client-ID (61), length 7: ether ac:87:a3:12:81:47
>                Requested-IP (50), length 4: 10.25.1.1
>                Lease-Time (51), length 4: 7776000
>                Hostname (12), length 12: "becchetti-nb"
>
>    1 packet captured
>    1 packet received by filter
>    0 packets dropped by kernel
>
>    # tail packetfence.log
>
>    2025-03-13T15:27:22.145042+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] handl
>    ing radius autz request: from switch_ip => (10.0.0.111),
>    connection_type
>    => Ethernet-EAP, switch_mac => (6c:c2:17:af:31
>    :20), mac => [ac:87:a3:12:81:47], port => 3, username =>
> "becch...@pg.infn.it" <mailto:becch...@pg.infn.it> 
(pf::radius::authorize)
>    2025-03-13T15:27:22.214895+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Insta
>    ntiate profile INFN-WIRED
> (pf::Connection::ProfileFactory::_from_profile)
>    2025-03-13T15:27:22.299418+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Found
>     authentication source(s) : 'RADIUS-AAI' for realm 'default'
> (pf::config::util::filter_authentication_sources)
>    2025-03-13T15:27:22.336171+01:00 pfsrv pfqueue-backend[3072]:
>    pfqueue(2158) INFO: [mac:[undef]] Running task person_loo
>    kup (main::process_data)
>    2025-03-13T15:27:22.305635+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Using
>     sources RADIUS-AAI for matching (pf::authentication::match2)
>    2025-03-13T15:27:22.310250+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Match
>    ed rule (catchall) in source RADIUS-AAI, returning actions.
> (pf::Authentication::Source::match_rule)
>    2025-03-13T15:27:22.310250+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Match
>    ed rule (catchall) in source RADIUS-AAI, returning actions.
>    (pf::Authentication::Source::match)
>    2025-03-13T15:27:22.355955+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Found
>     authentication source(s) : 'RADIUS-AAI' for realm 'default'
> (pf::config::util::filter_authentication_sources)
>    2025-03-13T15:27:22.355955+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Role
>    has already been computed and we don't want to recompute it. Getting
>    role from node_info (pf::role::getRegisteredRole)
>    2025-03-13T15:27:22.355955+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Usern
>    ame was defined "becch...@pg.infn.it" 
<mailto:becch...@pg.infn.it> - returning role 'default'
>    (pf::role::getRegisteredRole)
>    2025-03-13T15:27:22.355955+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] PID:
> "becch...@pg.infn.it" <mailto:becch...@pg.infn.it>, Status: reg 
Returned VLAN: (undefined), Role:
>    default (pf::role::fetchRoleForNode)
>    2025-03-13T15:27:22.370303+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] (10.0
>    .0.111) Added VLAN 25 to the returned RADIUS Access-Accept
> (pf::Switch::returnRadiusAccessAccept)
>    2025-03-13T15:27:22.384950+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] secur
>    ity_event 1300003 force-closed for ac:87:a3:12:81:47
> (pf::security_event::security_event_force_close)
>    2025-03-13T15:27:22.385595+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] Insta
>    ntiate profile INFN-WIRED
> (pf::Connection::ProfileFactory::_from_profile)
>    2025-03-13T15:27:22.401686+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) INFO: [mac:ac:87:a3:12:81:47] grace
>     expired on security event 1200004 for node ac:87:a3:12:81:47
> (pf::security_event::security_event_add)
>    2025-03-13T15:27:22.409662+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) ERROR: [mac:ac:87:a3:12:81:47] Data
>    base query failed with non retryable error: Cannot add or update a
>    child
>    row: a foreign key constraint fails (`pf`.`sec
>    urity_event`, CONSTRAINT `security_event_id_fkey_class` FOREIGN KEY
>    (`security_event_id`) REFERENCES `class` (`security
>    _event_id`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452)
>    [INSERT
>    INTO `security_event` ( `mac`, `notes`, `release
>    _date`, `security_event_id`, `start_date`, `status`, `ticket_ref`)
>    VALUES ( ?, ?, ?, ?, ?, ?, ? )]{ac:87:a3:12:81:47, ,
>     0000-00-00 00:00:00, 1200004, 2025-03-13 15:27:22, open, }
>    (pf::dal::db_execute)
>    2025-03-13T15:27:22.410532+01:00 pfsrv
>    httpd.aaa-docker-wrapper[2255]:
>    httpd.aaa(6) ERROR: [mac:ac:87:a3:12:81:47] unkn
>    own error adding security event 1200004 for ac:87:a3:12:81:47
> (pf::security_event::security_event_add)
>
>
>
>
>
>
>    Enrico
>
>
> _______________________________________________
>    PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
<mailto:PacketFence-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
<https://lists.sourceforge.net/lists/listinfo/packetfence-users>

>

--
__________________________________________________________________________

Enrico Becchetti Servizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777             Mobile: +39 075 9696225
FAX: +39 075 5847296 Microsoft Teams: becch...@infn.it 
<mailto:becch...@infn.it>
Mail: Enrico.Becchetti<at>pg.infn.it Skype:enrico_becchetti 
<Skype:enrico_becchetti>
Pagina web personale: https://www.pg.infn.it/home/enrico-becchetti 
<https://www.pg.infn.it/home/enrico-becchetti>

_________________________________________________________________________


--
__________________________________________________________________________

Enrico Becchetti                        Servizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777                   Mobile: +39 075 9696225
FAX: +39 075 5847296                    Microsoft Teams:becch...@infn.it 
<mailto:becch...@infn.it>
Mail: Enrico.Becchetti<at>pg.infn.it      Skype:enrico_becchetti 
<Skype:enrico_becchetti>
Pagina web personale:https://www.pg.infn.it/home/enrico-becchetti <https://www.pg.infn.it/home/enrico-becchetti> 
_________________________________________________________________________

--
__________________________________________________________________________

Enrico Becchetti                        Servizio di Calcolo e Reti

Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica  06123 Perugia (ITALY)
Phone:+39 075 5852777                   Mobile: +39 075 9696225
FAX: +39 075 5847296                    Microsoft Teams: becch...@infn.it
Mail: Enrico.Becchetti<at>pg.infn.it      Skype:enrico_becchetti
Pagina web personale: https://www.pg.infn.it/home/enrico-becchetti
_________________________________________________________________________
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) INFO: 
[mac:44:f0:9e:a9:e8:8e] Searching for 'User_Agent' entries in schema(s) 
returned an empty set (fingerbank::Base::CRUD::search)
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) WARN: 
[mac:44:f0:9e:a9:e8:8e] Cannot find any ID for 'User_Agent' with value '' 
(fingerbank::Source::LocalDB::__ANON__)
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) INFO: 
[mac:44:f0:9e:a9:e8:8e] Searching for 'DHCP6_Fingerprint' entries in schema(s) 
returned an empty set (fingerbank::Base::CRUD::search)
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) WARN: 
[mac:44:f0:9e:a9:e8:8e] Cannot find any ID for 'DHCP6_Fingerprint' with value 
'' (fingerbank::Source::LocalDB::__ANON__)
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) INFO: 
[mac:44:f0:9e:a9:e8:8e] Searching for 'DHCP6_Enterprise' entries in schema(s) 
returned an empty set (fingerbank::Base::CRUD::search)
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) WARN: 
[mac:44:f0:9e:a9:e8:8e] Cannot find any ID for 'DHCP6_Enterprise' with value '' 
(fingerbank::Source::LocalDB::__ANON__)
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) WARN: 
[mac:44:f0:9e:a9:e8:8e] Cannot find any combination ID in any schemas 
(fingerbank::Source::LocalDB::_getCombinationID)
Mar 17 10:24:31 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) INFO: 
[mac:44:f0:9e:a9:e8:8e] Upstream is configured and unable to fullfil an exact 
match locally. Will ignore result from local database 
(fingerbank::Source::LocalDB::match)
Mar 17 10:24:32 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) INFO: 
[mac:44:f0:9e:a9:e8:8e] Successfully interrogate upstream Fingerbank project 
for matching. Got device : 33449 (fingerbank::Source::Collector::match)
Mar 17 10:24:33 pfsrv pfperl-api-docker-wrapper[2389]: pfperl-api(12) INFO: 
[mac:[undef]] getting security_events triggers for accounting cleanup 
(pf::accounting::acct_maintenance)
Mar 17 10:24:33 pfsrv pfperl-api-docker-wrapper[2389]: pfperl-api(17) INFO: 
[mac:[undef]] processed 0 security_events during security_event maintenance 
(1742203473.17498 1742203473.20574)  
(pf::security_event::security_event_maintenance)
Mar 17 10:24:34 pfsrv pfperl-api-docker-wrapper[2389]: pfperl-api(11) INFO: 
[mac:[undef]] Using 300 resolution threshold 
(pf::pfcron::task::cluster_check::run)
Mar 17 10:24:34 pfsrv pfperl-api-docker-wrapper[2389]: pfperl-api(11) INFO: 
[mac:[undef]] All cluster members are running the same configuration version 
(pf::pfcron::task::cluster_check::run)
Mar 17 10:24:36 pfsrv pfqueue-backend[4914]: pfqueue(3262) INFO: [mac:[undef]] 
Running task api (main::process_data)
Mar 17 10:24:36 pfsrv pfqueue-backend[4914]: pfqueue(3262) INFO: [mac:[undef]] 
Calling api task process_dhcpv4 (pf::task::api::doTask)
Mar 17 10:24:36 pfsrv pfqueue-backend[4914]: pfqueue(3262) INFO: [mac:unknown] 
DHCPREQUEST from 44:f0:9e:a9:e8:8e (10.25.128.33) 
(pf::dhcp::processor_v4::parse_dhcp_request)
Mar 17 10:24:36 pfsrv pfqueue-backend[4914]: pfqueue(3262) INFO: [mac:unknown] 
The listener process is NOT on the same server as the DHCP server. 
(pf::dhcp::processor_v4::pf_is_dhcp)
Mar 17 10:24:36 pfsrv pfqueue-backend[4914]: pfqueue(3262) ERROR: [mac:unknown] 
An error occured while sending a JSONRPC request: 35 SSL connect error OpenSSL 
SSL_connect: SSL_ERROR_SYSCALL in connection to 
containers-gateway.internal:9090  (pf::api::jsonrpcclient::notify)
Mar 17 10:24:37 pfsrv pfqueue-backend[4914]: pfqueue(3262) ERROR: [mac:unknown] 
An error occured while sending a JSONRPC request: 35 SSL connect error OpenSSL 
SSL_connect: SSL_ERROR_SYSCALL in connection to 
containers-gateway.internal:9090  (pf::api::jsonrpcclient::notify)
Mar 17 10:24:37 pfsrv pfqueue-backend[4914]: pfqueue(3262) ERROR: [mac:unknown] 
An error occured while sending a JSONRPC request: 35 SSL connect error OpenSSL 
SSL_connect: SSL_ERROR_SYSCALL in connection to 
containers-gateway.internal:9090  (pf::api::jsonrpcclient::notify)
Mar 17 10:24:38 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) INFO: 
[mac:44:f0:9e:a9:e8:8e] Searching for 'DHCP6_Fingerprint' entries in schema(s) 
returned an empty set (fingerbank::Base::CRUD::search)
Mar 17 10:24:38 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) INFO: 
[mac:44:f0:9e:a9:e8:8e] Searching for 'DHCP6_Enterprise' entries in schema(s) 
returned an empty set (fingerbank::Base::CRUD::search)
Mar 17 10:24:38 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) WARN: 
[mac:44:f0:9e:a9:e8:8e] Unable to pull accounting history for device 
44:f0:9e:a9:e8:8e. The history set doesn't exist yet. 
(pf::accounting_events_history::latest_mac_history)
Mar 17 10:24:39 pfsrv httpd.aaa-docker-wrapper[3608]: httpd.aaa(7) WARN: 
[mac:44:f0:9e:a9:e8:8e] Unable to pull accounting history for device 
44:f0:9e:a9:e8:8e. The history set doesn't exist yet. 
(pf::accounting_events_history::latest_mac_history)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users