View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1870	[PacketFence] web admin	minor	always	2015-03-03 13:44	2015-03-04 15:05
Reporter:	ae3	Platform:	Linux
Assigned To:	lmunro	OS:	RHEL / CentOS
Priority:	low	OS Version:	6
Status:	confirmed	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Web admin page for switches has phantom second page
Description:	(This applies to PF 4.6.1, which isn't in the picklist yet.) When PF has exactly 25 switches defined, the web admin switches page adds footer links for a second page of switches. Advancing to page 2 displays a blank space where switches should be listed, along with a button to add another switch. Deleting a switch (switch count 24) properly displays only one page again.
Steps To Reproduce:	Create exactly 25 switches in PF 4.6.1, look at bottom of screen for link to second page.
Additional Information:	I realize that this is mostly cosmetic, but figured that I should report it since I just spotted the problem.
System Description
Attached Files:

Notes
(0003978) lmunro    2015-03-04 15:05	Bug reproduced. We'll see to it that it gets fixed.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1826	[PacketFence] IDS	crash	sometimes	2014-09-26 02:30	2015-03-04 12:11
Reporter:	irish.cadague	Platform:	Linux
Assigned To:	lmunro	OS:	RHEL / CentOS
Priority:	high	OS Version:	6
Status:	resolved	Product Version:	4.2.2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Snort suddenly not starting but after a variable spelling change, it works.
Description:	Snort suddenly not working after a packetfence service restart. On /var/log/messages, it shows that it has a problem on a variable $DNS_SERVERS and When I run the cat /var/log/messages and got FATAL Error on snort as shown below:      Sep 25 13:00:05 spfcn01 snort[26763]: FATAL ERROR: /usr/local/pf/conf/snort/emerging-trojan.rules(143) Undefined variable in the string: $DNS_SERVERS.   and the I run cat /usr/local/pf/conf/snort.conf and edit the:       var DNS_SERVERS [%%dnsservers%%]   and changed to:      var DNS_SERVERS [%%dns_servers%%]   and then restarted again the packetfence and the result, snort service is now running.
Steps To Reproduce:	I think a constant restart of PAcketfence service.
Additional Information:
System Description
Attached Files:	for PF.JPG (96,434) 2014-09-26 02:30 https://www.packetfence.org/bugs/file_download.php?file_id=217&type=bug

Notes
(0003972) lmunro    2015-03-04 12:11	Issue has been fixed in later releases.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1829	[PacketFence] doc	minor	always	2014-10-08 09:51	2015-03-04 12:10
Reporter:	ae3	Platform:	All
Assigned To:	lmunro	OS:	All
Priority:	normal	OS Version:	All
Status:	acknowledged	Product Version:	4.4.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Admin Guide 4.4.0 clarification on paper pages 31-32
Description:	On paper pages 31-32 (PDF pages 35-36), there seems to be confusion in the sample command line text boxes: For Centos/RHEL: (box) # usermod -a -G wbpriv pf (/box) Finally, start winbind, and test the setup using ntlm_auth and radtest: (box) # service winbind start # chkconfig --level 345 winbind on (/box) For Debian and Ubuntu: (box) # usermod -a -G winbindd_priv pf # ntlm_auth --username myDomainUser # radtest -t mschap -x myDomainUser myDomainPassword localhost:18120 12  testing123  Sending Access-Request of id 108 to 127.0.0.1 port 18120  User-Name = "myDomainUser"  NAS-IP-Address = 10.0.0.1  NAS-Port = 12  Message-Authenticator = 0x00000000000000000000000000000000  MS-CHAP-Challenge = 0x79d62c9da4e55104  MS-CHAP-Response =  0x000100000000000000000000000000000000000000000000000091c843b420f0dec4228ed2f26bff07d5e49ad9a2974229e5  rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108,  length=20 (/box) When following this through for CentOS/RHEL, you do not do the ntlm_auth or radtest tests...since it is only in the Debian/Ubuntu textbox!!! ASSuming that the service and chkconfig work the same under Debian/Ubuntu (which I have personally never used), this order seems to make sense to me: For Centos/RHEL: (box) # usermod -a -G wbpriv pf (/box) For Debian and Ubuntu: (box) # usermod -a -G winbindd_priv pf (/box) Start winbind: (box) # service winbind start # chkconfig --level 345 winbind on (/box) Finally, test the setup using ntlm_auth and radtest: (box) # ntlm_auth --username myDomainUser # radtest -t mschap -x myDomainUser myDomainPassword localhost:18120 12  testing123  Sending Access-Request of id 108 to 127.0.0.1 port 18120  User-Name = "myDomainUser"  NAS-IP-Address = 10.0.0.1  NAS-Port = 12  Message-Authenticator = 0x00000000000000000000000000000000  MS-CHAP-Challenge = 0x79d62c9da4e55104  MS-CHAP-Response =  0x000100000000000000000000000000000000000000000000000091c843b420f0dec4228ed2f26bff07d5e49ad9a2974229e5  rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108,  length=20 (/box)
Steps To Reproduce:	Open manual, bang head against wall. :-)
Additional Information:	Maybe I'm mis-reading the page, but the suggested order above seems proper at least from the CentOS/RHEL perspective.
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1841	[PacketFence] upstream	minor	have not tried	2014-10-30 09:37	2015-03-04 12:05
Reporter:	dwuelfrath	Platform:
Assigned To:	dwuelfrath	OS:
Priority:	normal	OS Version:
Status:	assigned	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Issue with Nessus and Net::Nessus::XMLRPC
Description:	Some issues with Net::Nessus::XMLRPC upstream module may prevent Nessus scan succeed. Impacts: - Issue with SSL communication when a self-signed certificate is being used between PacketFence and the Nessus server (https) - Issue when trying to export the report Patch have been submitted but never merged.
Steps To Reproduce:
Additional Information:	See the following bug: https://rt.cpan.org/Public/Bug/Display.html?id=78274 [^] Hi, i am using Net-Nessus-XMLRPC in the PacketFence project and i need nbe export. So i write the function to export in nbe format and in csv format too. For SSL i just add ssl_opts => { verify_hostname => 0 } to remove the SSL problem. Regards Fabrice Durand diff -ruN Net-Nessus-XMLRPC-0.30.ori/lib/Net/Nessus/XMLRPC.pm Net-Nessus-XMLRPC-0.30/lib/Net/Nessus/XMLRPC.pm --- Net-Nessus-XMLRPC-0.30.ori/lib/Net/Nessus/XMLRPC.pm 2010-05-21 12:16:45.000000000 -0400 +++ Net-Nessus-XMLRPC-0.30/lib/Net/Nessus/XMLRPC.pm 2012-07-09 10:09:53.795285182 -0400 @@ -126,10 +126,16 @@  =cut  sub nessus_http_request {      my ( $self, $uri, $post_data ) = @_; - my $ua = $self->{_ua}; - # my $ua = LWP::UserAgent->new; + #my $ua = $self->{_ua}; + my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });      my $furl = $self->nurl.$uri; - my $r = POST $furl, $post_data; + my $r =''; + if (not defined($post_data)) { + $r = GET $furl; + } + else { + $r = POST $furl, $post_data; + }      my $result = $ua->request($r);      # my $filename="n-".time; open (FILE,">$filename");      # print FILE $result->as_string; close (FILE); @@ -941,6 +947,50 @@      return $file;  }   +=head2 report_filenbe_download ($report_id) + +returns NBE report identified by $report_id (Nessus NBE) +=cut +sub report_filenbe_download { + my ( $self, $uuid ) = @_; + + my $post=[ + "token" => $self->token, + "report" => $uuid, + ]; + + my $get = $self->nessus_http_request("file/xslt/?report=".$uuid."&xslt=nbe.xsl&token=".$self->token); + sleep 10; + if($get =~ /<meta http-equiv="refresh" content="5;url=\/(.*)"/) { + my $file = $self->nessus_http_request($1."&token=".$self->token."&step=2"); + return $file; + } + + return $get; +} + +=head2 report_filecsv_download ($report_id) + +returns CSV report identified by $report_id (Nessus CSV) +=cut +sub report_filecsv_download { + my ( $self, $uuid ) = @_; + + my $post=[ + "token" => $self->token, + "report" => $uuid, + ]; + + my $get = $self->nessus_http_request("file/xslt/?report=".$uuid."&xslt=csv.xsl&token=".$self->token); + sleep 10; + if($get =~ /<meta http-equiv="refresh" content="5;url=\/(.*)"/) { + my $file = $self->nessus_http_request($1."&token=".$self->token."&step=2"); + return $file; + } + + return $get; +} +  =head2 report_delete ($report_id)    delete report identified by $report_id
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1851	[PacketFence] web admin	feature	always	2015-01-13 10:05	2015-03-04 12:04
Reporter:	tristanrhodes	Platform:	All
Assigned To:	lmunro	OS:	All
Priority:	low	OS Version:	All
Status:	acknowledged	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	When creating "Routed Networks" provide default values for DHCP leases
Description:	When creating a routed network, users are forced to specify DHCP lease times: Default Lease Time: Max Lease Time: Most people will have no idea what values are good for this, so please provide default values. If someone wants a different value, it is very simple to change.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003631) tristanrhodes    2015-01-13 10:12	While you are working on this, please also display the type of unit for lease times. I am pretty sure this is expecting "seconds", but that needs to be obvious to the users. Thanks!

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1857	[PacketFence] web admin	feature	always	2015-01-13 12:16	2015-03-04 11:30
Reporter:	tristanrhodes	Platform:	All
Assigned To:	lmunro	OS:	All
Priority:	normal	OS Version:	All
Status:	acknowledged	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Add the ability to detect the switch type using SNMP
Description:	Admins want a simple way to deploy Packetfence, with the least tweaking necessary to make it work. One way to accomplish this is to auto-detect the type of switch, based on SNMP response. (I believe this is similar to how "Uplink" and "VOIP" detection works.) Packetfence should send an snmpget of 1.3.6.1.2.1.1.2.0 to the switch. This will return the sysOID of the switch. This number can then be looked up in a table that maps sysOID to device type. (There are several open source tools like (www.nedi.ch) and Observium.org that already have this table.) Now Packetfence knows what kind of switch it is talking to, without required the admin to specify the type. http://www.alvestrand.no/objectid/1.3.6.1.2.1.1.2.html [^]
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003632) tristanrhodes    2015-01-13 18:22	Here is one public table of these values: http://discovery.bmc.com/confluence/display/Configipedia/List+of+discoverable+network+devices [^]
(0003968) lmunro    2015-03-04 11:30	Interesting point. We'll consider it in a future release.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1842	[PacketFence] hardware modules	minor	always	2014-11-04 11:47	2015-03-04 11:28
Reporter:	ae3	Platform:	All
Assigned To:	lmunro	OS:	All
Priority:	normal	OS Version:	All
Status:	acknowledged	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Implement RADIUS de-authentication for Meru Wireless Controllers
Description:	Per a post to the PF-users list by Tim DeNike on 6 March 2014, Meru has added RADIUS de-auth to their firmware starting with System Director 5.3.x. He even posted sample code to use the feature, which I can't use since the directory structure appears to have changed with PF 4.5. Long story short, the existing module keeps telling us to pressure the vendor to implement RADUIS de-auth. We have done our part. Tag, you're it... :-)
Steps To Reproduce:
Additional Information:	Tim's email to packetfence-users: Date: March 6, 2014 at 10:20:46 AM EST From: Tim DeNike <tim.denike@mcc.edu> To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] Per SSID VLAN - Meru Networks Reply-To: <packetfence-users@lists.sourceforge.net> Actually, looking through the code, no patch will be required for MAC-based SSID evaluation, its already there and should work (It already does with 802.1x) We are on SD 5.3.xyz right now and RADIUS deauth does work. Drop this in a file called /usr/local/pf/lib/pf/SNMP/Meru/MC_MCC.pm Minus the cut lines obviously. In switch config, you'll have the option for Meru MC_MCC. It will do radius de-auths instead of the Telnet/SSH method. Much faster, much lighter weight. ^^^^^^^^^^^^^CUT^^^^^^^^^^^ package pf::SNMP::Meru::MC_MCC; =head1 NAME pf::SNMP::Meru::MC_MCC - Object oriented module to access MC series controllers =head1 SYNOPSIS Known to work with RADIUS deauth on System Director 5.3 =head1 STATUS =cut use strict; use warnings; use Log::Log4perl; use base ('pf::SNMP::Meru'); sub description { 'Meru MC_MCC' } sub deauthTechniques {     my ($this, $method) = @_;     my $logger = Log::Log4perl::get_logger( ref($this) );     my $default = $SNMP::RADIUS;     my %tech = (         $SNMP::RADIUS => \&deauthenticateMacRadius,     );     if (!defined($method) || !defined($tech{$method})) {         $method = $default;     }     return $method,$tech{$method}; } sub deauthenticateMacRadius {     my ( $self, $mac, $is_dot1x ) = @_;     my $logger = Log::Log4perl::get_logger( ref($self) );     if ( !$self->isProductionMode() ) {         $logger->info("not in production mode... we won't perform deauthentication");         return 1;     }     $logger->debug("deauthenticate $mac using RADIUS Disconnect-Request deauth method");     return $self->radiusDisconnect($mac); } =head1 AUTHOR Tim DeNike <tim.denike@mcc.edu> =cut 1; ^^^^^^^^^^^^^CUT^^^^^^^^^^^
System Description
Attached Files:

Notes
(0003967) lmunro    2015-03-04 11:28	Will look into it. There may now be an even easier way to do this than Tim's code.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1853	[PacketFence] web admin	feature	always	2015-01-13 10:25	2015-03-04 11:24
Reporter:	tristanrhodes	Platform:
Assigned To:	lmunro	OS:
Priority:	normal	OS Version:
Status:	feedback	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Provide the ability to view logs from the web interface
Description:	Packetfence has some very useful log files, including "packetfence.log", "radius.log", and others. These files are very helpful in understanding what is happening with Packetfence. It would be very useful for users to be able to view these logs in the web interface. A static view of the file will provide this function. However, a real-time scrolling interface could really help admins understand exactly what happens when they plug in a port.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003966) lmunro    2015-03-04 11:24	We will consider it, but admins might be better served by a dedicated logs interface à la splunk or kibana. Scrolling logs are useless unless you can filter what scrolls. That functionality could quickly balloon into it's own product and we may be better off focusing on making logs easily exportable/forwardable.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1858	[PacketFence] web admin	feature	always	2015-01-13 18:16	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:	All
Assigned To:		OS:	All
Priority:	low	OS Version:	All
Status:	acknowledged	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Display description when adding Triggers to a Violation
Description:	"Configuration > Violations > Add > Triggers" and "Configuration > Violations > Edit > Triggers" If the user clicks on the white-space, they currently get a pull-down list of all violations listed solely by violation ID. For example = Detect::2001664 For example = OS::6 Please add the description to this pull-down list. For example = Detect::2001664 "P2P (Gnutella)" For example = OS::6 "Gaming Consoles" These same descriptions should also be displayed when viewing configured "Triggers". I think it would make sense to have only one entry per line, and to use a scroll-bar if more lines are needed. Current = [OS::4] [OS::10] [Detect::1100006] [Detect::1100005] Proposed = [OS::4 "Routers and APs"] [OS::10 "Storage Devices] [Detect::1100006 "P2P Isolation (snort example)"] [Detect::1100005 "Browser isolation example"] Thanks!
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1856	[PacketFence] web admin	feature	always	2015-01-13 11:45	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	acknowledged	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Add the ability to test switch credentials (SNMP/CLI/HTTP) from web interface
Description:	When adding a switch ("Configuration > Switch") the admin wants to know if Packetfence can talk to the switch. Add the ability to test the credentials entered: SNMP CLI (SSH/TELNET) HTTP/HTTPS Provide this type of feedback to the admin: "Fail: No response from device" "Fail: Wrong username or password" "Success"
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1855	[PacketFence] web admin	feature	always	2015-01-13 11:29	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:
Assigned To:		OS:
Priority:	low	OS Version:
Status:	acknowledged	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	When creating a new user, require the password be typed twice to prevent errors
Description:	"Users > Create" is used to create new users. There is a password field, but the admin is not required to type the password twice. This can cause issues when the user tries the password and the admin made a typo in this field. Please add a second password field to confirm the entry. (Note: This is already being done on the "Reset Password" function, when editing a user.)
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1854	[PacketFence] web admin	feature	always	2015-01-13 10:32	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:
Assigned To:		OS:
Priority:	low	OS Version:
Status:	acknowledged	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Add the ability to manage SSL cert from web interface
Description:	Packetfence can use HTTPS for web admin and for captive portals. For production systems, admins need to provide a real SSL certificate. For non-Linux admins, this can be a difficult process. Please add the ability to manage SSL cert from web interface. This can involve generating keys and CSR, and then allowing SSL certs to be upload or pasted.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1852	[PacketFence] web admin	feature	always	2015-01-13 10:16	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	acknowledged	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Add the ability to send a "Test" email from the web interface
Description:	"Configuration > Alerting" is where users configure the email settings for alerts. However, there is no way to know if they set things up right. Please provide a "Send Test Email" button that will do this. (There is a similar function already provided under "Sources" for testing LDAP.)
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1850	[PacketFence] web admin	feature	always	2015-01-12 18:34	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:
Assigned To:		OS:
Priority:	low	OS Version:
Status:	acknowledged	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Show MAC addresses of Packetfence interfaces in web interface
Description:	When Packetfence is deployed in VMware (or other virtualized environment) the interfaces are given arbitrary names "Network Adapter 1". These names may or may not line up with Operating system names like "eth0". It would be helpful if the web-interface displayed the MAC address of the interfaces of Packetfence in the "Configuration > Network > Interfaces" page.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1849	[PacketFence] web admin	feature	always	2015-01-12 16:16	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:
Assigned To:		OS:
Priority:	low	OS Version:
Status:	acknowledged	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	The web interface needs to add a "confirm" step in many areas
Description:	In many places in the web interface you can delete items with a single click; there is no confirmation. This means than a mistaken click can easily delete something you did not want to delete. This is even worse when the delete button is right next to another button, like the "Clone" button. This problem exists in many areas, including: Nodes > Delete Switches > Delete Status > Services > Restart (not deleting, but still needs confirmation) Admin Roles > Delete Floating devices > Delete Firewall SSO > Delete User Provisioners > Delete Areas that do this correctly: Portal Profiles User Roles User Sources Violations Please add a pop-up "Confirm" step to the problem areas listed above (and anything similar).
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1848	[PacketFence] doc	feature	always	2015-01-12 16:00	2015-03-04 11:20
Reporter:	tristanrhodes	Platform:	All
Assigned To:		OS:	All
Priority:	low	OS Version:	All
Status:	acknowledged	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Change docs to recommend using "spanning-tree portfast" or similar technology
Description:	I set up my first Packetfence install on a lab switch following the Packetfence documentation: http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-4.5.1.pdf [^] "On each interface: switchport mode access authentication order mab authentication port-control auto mab dot1x pae authenticator" I was using mac address bypass only, and my MacBook would give up on DHCP and self-assign 169.254.x.x address. In order to prevent this, we need to add one more command to each interface: "spanning-tree portfast" I recommend adding this to all your port configs, including the corresponding command for other switch vendors.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1145	[PacketFence] core	feature	N/A	2010-12-21 15:27	2015-03-04 11:18
Reporter:	fgaudreault	Platform:
Assigned To:	lmunro	OS:
Priority:	low	OS Version:
Status:	acknowledged	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	long-term
fixed in git revision:
fixed in mtn revision:
Summary:	IPv6 Support
Description:	Since we all know that it's inevitable IPv6 will come into real production soon (well in 2 to 5 years), I guess it would be a wise idea to start looking at it, just to be ahead of the wave.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0002475) obilodeau    2011-12-21 13:52	places needing fixing: pf::config's _fetch_virtual_ip()
(0002486) chiwawa_42    2011-12-29 08:32	required IPv6 feature set : - Implement NDP / RA filtering on switches supporting PACL but not RA-Guard (RFC 6105) - Use NDPMon (similar to ARPWatch) for monitoring - Enforce loose (counter-RA) or strict (+port shutdown) policy on rogue-RA detection - Implement DHCPv6 snooping and/or stateless option server (coupled to 802.1x auth process) - OS validation for IPv6 capabilities to eventually disable IPv6 trafic for incapable hosts (DHCPv6 only on 7 and Lion, RA-flood bug on XP...)
(0003344) Xen0Phage    2013-07-22 21:01	Adding a ping here. IPv6 is a reality for some of us and our NAC solution needs to be v6 aware. Is there a roadmap for v6 support?
(0003493) neptuneIS    2014-01-24 11:33	+1 We are now in active R&D phase for our new network control infrastructure, and pf is our 1st candidate. However, the lack of ipv6 support is a serious issue for us. We would be glad to contribute, if there is any ongoing tasks on the subject.
(0003844) swittst    2015-02-16 18:29	Adding my 2cents. Packetfence is our NAC of the future... depending on an IPv6 solution. We've been monitoring and testing Packetfence since Dec. '09, the regular feature development work has been impressive. The lack of IPv6 information though is a head scratcher. IPv6 is gaining serous momentum in North America, now that the IPv4 space has been exhausted.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1704	[PacketFence] guests	major	always	2013-09-03 07:32	2015-02-18 11:27
Reporter:	maikel	Platform:
Assigned To:	jrouzier	OS:
Priority:	normal	OS Version:
Status:	assigned	Product Version:	4.0.5
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Guest expiration is not set using the temporary_password method
Description:	The default 31D expatiation of the password is never set in 4.0.5 code. It defaults to 0000-00-00 00:00:00 This makes the guest authentication per email fail, since it requires the expatriation date. commenting the function in temporary_password.pm at line 309     _update_field_for_action(         $data,$actions,'expiration',         'expiration',"0000-00-00 00:00:00"     ); in temporary password.pm fixxes this issue and sets the default of 31 days
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003437) francis    2013-09-04 15:06	How do you create your users? When you use the Web admin interface, the hardcoded default expiration of 31 days will never be used simply because the expiration must be specified when submitting the form. Notice that what is called the "expiration" is the end date of the registration window.
(0003438) maikel    2013-09-05 11:33	Users are created using the self registration method. Thats using a custom code block though to set the userid to the swich alias command. So the user is actually succesfully added using the /activate/email cgi code There indeed this is not set in the field thus not send. Noticed the only way to get the hardcoded 31D in there to remove the update_field_for_action code. Else the experation is not set

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1868	[PacketFence] configuration	feature	always	2015-02-17 22:47	2015-02-18 10:24
Reporter:	ah27	Platform:	Linux
Assigned To:	jsemaan.inverse	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	assigned	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Netgear M Series module does not handle up/down SNMP traps
Description:	There is no handling of up/down traps on the Netgear M Series module. When it receives the trap, the following is written to the log: Feb 17 19:33:29 pfsetvlan(12) WARN: SNMP trap handling not implemented for this type of switch. (pf::Switch::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 670.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string ne at /usr/local/pf/sbin/pfsetvlan line 678.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 689.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 698.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 709.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 713.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 716.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 719.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $switch_port in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.  (main::parseTrap) Feb 17 19:33:29 pfsetvlan(1) WARN: unable to parse trapLine.. here's the line: 10.100.6.30||||||||| (main::startTrapHandlers) Feb 17 19:33:29 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Feb 17 19:33:29 pfsetvlan(1) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.  (pf::vlan::doWeActOnThisTrap) Feb 17 19:33:29 pfsetvlan(1) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.  (pf::vlan::doWeActOnThisTrap) Feb 17 19:33:29 pfsetvlan(1) INFO: trap received on (10.100.6.30) ifindex which is not ethernetCsmacd (pf::vlan::doWeActOnThisTrap) Feb 17 19:33:29 pfsetvlan(1) INFO: doWeActOnThisTrap returns false. Stop handling (main::handleTrap) Feb 17 19:33:29 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Feb 17 19:33:39 pfsetvlan(13) WARN: SNMP trap handling not implemented for this type of switch. (pf::Switch::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 670.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string ne at /usr/local/pf/sbin/pfsetvlan line 678.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 689.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 698.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 709.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 713.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 716.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 719.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $switch_port in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.  (main::parseTrap) Feb 17 19:33:39 pfsetvlan(3) WARN: unable to parse trapLine.. here's the line: 10.100.6.30||||||||| (main::startTrapHandlers) Feb 17 19:33:39 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Feb 17 19:33:39 pfsetvlan(3) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.  (pf::vlan::doWeActOnThisTrap) Feb 17 19:33:39 pfsetvlan(3) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.  (pf::vlan::doWeActOnThisTrap) Feb 17 19:33:39 pfsetvlan(3) INFO: trap received on (10.100.6.30) ifindex which is not ethernetCsmacd (pf::vlan::doWeActOnThisTrap) Feb 17 19:33:39 pfsetvlan(3) INFO: doWeActOnThisTrap returns false. Stop handling (main::handleTrap) Feb 17 19:33:39 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) For reference, here is the up trap it received: 2015-02-17|03:41:46|UDP: [10.100.6.30]:33669->[10.100.16.108]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (661683) 1:50:16.83|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1|.1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1) END VARIABLEBINDINGS and the down trap: 2015-02-17|03:42:30|UDP: [10.100.6.30]:33669->[10.100.16.108]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (666103) 1:51:01.03|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.3|.1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1|.1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: down(2) END VARIABLEBINDINGS These were both when working on port 1
Steps To Reproduce:	-Enable link up/down traps on switch -Plug/unplug device from port
Additional Information:	This is also affecting the ability to use the location log and delete old devices on M-Series devices never close out the line for locations and show offline. I've attached an image of what the location log looks like for this in the web interface.
System Description
Attached Files:	locationlog.jpg (62,948) 2015-02-17 22:47 https://www.packetfence.org/bugs/file_download.php?file_id=221&type=bug

Notes
(0003845) fdurand    2015-02-18 10:24    (edited on: 2015-02-18 10:24)	Hello, can you add: =item parseTrap =cut sub parseTrap {     my ( $this, $trapString ) = @_;     my $logger = Log::Log4perl::get_logger(__PACKAGE__);     my $trapHashRef;     # link up/down traps     if ( $trapString =~             /BEGIN\ VARIABLEBINDINGS\ [^|]+[|]\.             1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 # SNMP notification             \ =\ OID:\ \.             1\.3\.6\.1\.6\.3\.1\.1\.5\.([34]) # link UP(4) DOWN(3) trap             \|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) # ifIndex             /x ) {         $trapHashRef->{'trapType'} = ( ( $1 == 3 ) ? "down" : "up" );         $trapHashRef->{'trapIfIndex'} = $2;     }     # unhandled traps     else {         $logger->debug("trap currently not handled");         $trapHashRef->{'trapType'} = 'unknown';     }     return $trapHashRef; } in /usr/local/pf/lib/pf/Switch/Netgear/MSeries.pm and restart pfsetvlan ? Regards Fabrice

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1864	[PacketFence] hardware modules	minor	have not tried	2015-02-08 18:06	2015-02-17 11:14
Reporter:	bwd_helpdesk	Platform:	All
Assigned To:	fdurand	OS:	All
Priority:	normal	OS Version:	All
Status:	resolved	Product Version:	4.5.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Compatibility of HP Access Points
Description:	Hi Packetfence, I ned to confirm what AP's are supported for HP Procurve. On the product support page it only states HP procurve, nothing else. DOes this mean all models are supported? At present we are looking at: HP 425 Wireless Dual Radio 802.11n (WW)
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003650) fdurand    2015-02-09 09:14	Hello, with HP Access Point you need a controller like a MSM760 to be able to deauth a device. Regards Fabrice
(0003651) bwd_helpdesk    2015-02-09 17:59	Thanks for that confirmation, on the supported devices webpage it mentions there are 2 ways in which to use packetfence: One where a controller handles the Access Points (AP) and one where AP act individually. "HP Procurve" is listed on the access point support section. Could you please confirm what AP's you support directly without a controller? Additionally can you confirm if there needs to be switch support as well - or only AP support for WIFI control?
(0003652) fdurand    2015-02-09 20:44	I can´t confirm exactly a list of access point that are supported without controller, we don´t have all the HP AP available at work. In out of band mode we need to have a way to reevaluate the device access (per example after the registration on the portal) by disassociating the device to have a new radius request. The HP controller offer that with snmpwrite , xml api or ssh. Standalone AP allow to disassociate the device with cli (sometimes) so to verify if the AP is supported by PacketFence then try to connect with ssh and try to launch 'disassociate wireless client @mac' if it works then the AP is supported. Regards Fabrice

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1863	[PacketFence] web admin	minor	always	2015-02-02 16:58	2015-02-03 16:01
Reporter:	tristanrhodes	Platform:
Assigned To:	jsemaan.inverse	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.5.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Trying to "Share unknown fingerprints" and got "Error! An error condition has occured. See server side logs for details."
Description:	httpd.admin.log shows this: Feb 02 16:57:21 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui) Feb 02 16:57:23 httpd.admin(12447) ERROR: Caught exception in pfappserver::Controller::Configuration::Fingerprints->upload "Undefined subroutine &pfappserver::Controller::Configuration::Fingerprints::uri_escape called at /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm line 80." (pfappserver::Controller::Root::end)
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003643) ludovic    2015-02-02 19:55	If it's an easy fix, let's include it in 4.6.
(0003644) jsemaan.inverse    2015-02-02 20:03	Yes I'll also push it to the maintenance. Should be done tomorrow.
(0003645) jsemaan.inverse    2015-02-03 08:46	Has been fixed in both maintenance/4.5 and devel maintenance/4.5 : c66335e05543b0849f9ebb8ee14102ab5873fdba devel : 9b4b827d9b30792532cad5ebf3a18d9db547e4a9 You can have this patch on 4.5 by running /usr/local/pf/addons/pf-maint.pl Thanks!
(0003646) tristanrhodes    2015-02-03 13:45	I got an error (see below). Did I update correctly? [root@PacketFence-ZEN-4-5 pf]# /usr/local/pf/addons/pf-maint.pl Currently at 566d2e3094e0c4375b53700ce47b67e5087de93f ** GET https://api.github.com/repos/inverse-inc/packetfence/branches/maintenance/4.5 [^] ==> 200 OK Latest maintenance version is c66335e05543b0849f9ebb8ee14102ab5873fdba ** GET https://api.github.com/repos/inverse-inc/packetfence/compare/566d2e3094e0c4375b53700ce47b67e5087de93f...c66335e05543b0849f9ebb8ee14102ab5873fdba [^] ==> 200 OK (1s) The following are going to be patched   conf/chi.conf.example   conf/radiusd/sql.conf.example   html/captive-portal/lib/captiveportal.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm   html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm   html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm   html/captive-portal/lib/captiveportal/PacketFence/View/HTML.pm   html/captive-portal/lib/captiveportal/Role/Request.pm   html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm   html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm   html/pfappserver/lib/pfappserver/Model/Node.pm   html/pfappserver/lib/pfappserver/Model/Search/Node.pm   html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm   lib/pf/Authentication/Source.pm   lib/pf/Authentication/Source/LDAPSource.pm   lib/pf/CHI.pm   lib/pf/Switch/Cisco/Catalyst_2950.pm   lib/pf/activation.pm   lib/pf/api.pm   lib/pf/config.pm   lib/pf/radius.pm   lib/pf/services/manager/httpd.pm   lib/pf/services/manager/pfdhcplistener.pm   lib/pf/vlan.pm   lib/pf/web/externalportal.pm   sbin/pfdhcplistener   sbin/pfsetvlan   t/data/authentication.conf   t/ldap-auth-cache.t Continue y/n [y]: y Downloading the patch........ ** GET https://github.com/inverse-inc/packetfence/compare/566d2e3094e0c4375b53700ce47b67e5087de93f...c66335e05543b0849f9ebb8ee14102ab5873fdba.diff [^] ==> 200 OK (1s) Applying the patch........ patching file conf/chi.conf.example patching file conf/radiusd/sql.conf.example patching file html/captive-portal/lib/captiveportal.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm patching file html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm patching file html/captive-portal/lib/captiveportal/PacketFence/View/HTML.pm patching file html/captive-portal/lib/captiveportal/Role/Request.pm patching file html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm patching file html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm patching file html/pfappserver/lib/pfappserver/Model/Node.pm patching file html/pfappserver/lib/pfappserver/Model/Search/Node.pm patching file html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm patching file lib/pf/Authentication/Source.pm patching file lib/pf/Authentication/Source/LDAPSource.pm patching file lib/pf/CHI.pm patching file lib/pf/Switch/Cisco/Catalyst_2950.pm patching file lib/pf/activation.pm patching file lib/pf/api.pm patching file lib/pf/config.pm patching file lib/pf/radius.pm patching file lib/pf/services/manager/httpd.pm patching file lib/pf/services/manager/pfdhcplistener.pm patching file lib/pf/vlan.pm patching file lib/pf/web/externalportal.pm patching file sbin/pfdhcplistener patching file sbin/pfsetvlan can't find file to patch at input line 990 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- |diff --git a/t/data/authentication.conf b/t/data/authentication.conf |index 22bf634..5c83364 100644 |--- a/t/data/authentication.conf |+++ b/t/data/authentication.conf -------------------------- File to patch:
(0003647) jsemaan.inverse    2015-02-03 13:52	That's because someone made a mistake of adding a unit test to the maintenance branch. Just press enter twice and it will auto select the best approach (to ignore the file in this case)
(0003648) tristanrhodes    2015-02-03 15:41	After updating and restarting all services, I have success! Thanks! "Success! Thank you for submitting your fingerprints"
(0003649) jsemaan.inverse    2015-02-03 16:01	You're welcome. We got them so the whole process works. Closing

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1844	[PacketFence] configuration	block	have not tried	2014-11-27 15:15	2015-01-27 20:07
Reporter:	Eduardo Pereira	Platform:	PacketFence-ZEN-4_5_1
Assigned To:	jsemaan.inverse	OS:	CentOS
Priority:	high	OS Version:	6.6
Status:	assigned	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Config CISCO SF300 / SG 300
Description:	Hello ... Installed and configured the server but now I'm having trouble with the models of Switches that have the doubt is there any configuration standard for CISCO equipment - Model SF300, SG300 Small Bussiness? Read the guide but it only appears routers and switches I have are management. Thank you ...
Steps To Reproduce:
Additional Information:
System Description
Attached Files:	SG300.pm (2,110) 2014-11-28 09:42 https://www.packetfence.org/bugs/file_download.php?file_id=220&type=bug

Notes
(0003610) ccaaajf    2014-11-28 05:54	We've got Packetfence running on Cisco SG300's.
(0003611) Eduardo Pereira    2014-11-28 06:10	Hmmm cool ... but doing a quick survey, across the company more than 90% of switches are SF300 ... and this time looking at the PacketFense settings "Switches" I find the model specific and mainly how to make the PKF -ZEN do the reading, exchange and recording of MIB in this model SF300 therefore questioned whether there is a default setting?
(0003612) ccaaajf    2014-11-28 07:24	we use the type "Cisco Catalyst 2950" if that's what you mean?
(0003613) jsemaan    2014-11-28 09:41    (edited on: 2014-11-28 09:43)	We have an experimental module for the SG300. I attached it to this ticket. Place it in /usr/local/pf/lib/pf/Switch/Cisco/ and restart PacketFence There is no official documentation for the moment but it's only a matter of enabling mac authentication and/or 802.1x and setup the RADIUS server to be PacketFence.
(0003629) fdurand    2014-12-22 20:03	any feedback ?
(0003641) jsemaan.inverse    2015-01-27 20:07	Unless there is a reply in the next week, I'll close this

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1860	[PacketFence] captive portal	minor	always	2015-01-19 08:51	2015-01-27 10:09
Reporter:	repitah	Platform:	All
Assigned To:	jsemaan.inverse	OS:	All
Priority:	normal	OS Version:	All
Status:	assigned	Product Version:	4.5.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Oauth2 methods do not populate User account fields
Description:	When registering with Facebook/Google/MicrosoftLive (others untested) account, the user details (names, email, etc) are not captured.
Steps To Reproduce:	Log in to the captive portal with a Facebook/Google/Microsoft account that has not previously been used. Check the newly created user account for the registered device.
Additional Information:	Example JSON information received, from /html/captive-portal/lib/captiveportal/PacketFence/ControllerOauth2.pm :: oauth2Result, that can be populated: Facebook:{"id":"101XXXX5391XXXX17","email":"repXXXX\u0040XXXXil.com","first_name":"myFirstname","gender":"male","last_name":"myLastname","link":"https:\/\/www.facebook.com\/app_scoped_user_id\/101XXXX5391XXXX17\/","locale":"en_GB","name":"myFirstname myLastname","timezone":2,"updated_time":"2014-04-01T14:29:08+0000","verified":true} Google: {"id": "1104XXXX82237XXXX2302","email": "repXXXX@XXXXil.com", "verified_email": true,"name": "myFirstname myLastname","given_name": "myFirstname", "family_name": "myLastname", "link": "https://plus.google.com/1104XXXX82237XXXX2302", [^] "picture": "https://lh3.googleusercontent.com/URL/to/photo.jpg", [^] "gender": "male"} Microsoft: {"id": "fa87XXXX16e7XXXX", "name": "myFirstname myLastname", "first_name": "myFirstname", "last_name": "myLastname", "link":"https://profile.live.com/","birth_day": [^] null,"birth_month": null,"birth_year": null,"gender": null,"emails": {"preferred": "repXXXX@XXXXil.com","account": "repXXXX@XXXXil.com","personal": null,"business": null},"phones": {"personal": null,"business": null,"mobile": null},"locale": "en_ZA","updated_time": "2015-01-17T14:00:59+0000"}
System Description
Attached Files:

Notes
(0003636) jsemaan.inverse    2015-01-19 09:07	I'll also do it for LinkedIn + Github. We'll need to design it properly though. Will add a link to the Github Pull request once done.
(0003637) jsemaan.inverse    2015-01-19 09:09	I'll extend on the work done in https://github.com/inverse-inc/packetfence/pull/282 [^]
(0003640) jsemaan.inverse    2015-01-27 10:09	Development work done See : https://github.com/inverse-inc/packetfence/pull/319 [^]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1830	[PacketFence] upgrade	crash	always	2014-10-08 13:13	2014-12-22 20:06
Reporter:	pfbug	Platform:	Linux
Assigned To:	lmunro	OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	resolved	Product Version:	4.4.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Packetfence does not start after upgrade
Description:	After upgrading from packetfence 4.3 to 4.4 via the inverse repository, the following error message appears when   /usr/local/pf/bin/pfcmd anyparameter is executed: Fatal error preventing configuration to load. Please review your configuration. Error: Sereal: Error in srl_decoder.c line 657 and char 1 of input: Bad Sereal header: Not a valid Sereal document. at /usr/share/perl5/Data/Serializer/Sereal.pm line 51. at /usr/local/pf/lib/pf/config.pm line 394 Compilation failed in require at /usr/local/pf/bin/pfcmd.pl line 84. BEGIN failed--compilation aborted at /usr/local/pf/bin/pfcmd.pl line 84. An   apt-get --reinstall install packetfence has been tried without success. Additionally,   rm -fr /usr/local/pf/var/cache/* has been executed as described in UPGRADE.asciidoc. The sereal Packages are installed: # dpkg -l | grep sereal ii libdata-serializer-sereal-perl 1.05-1 all Creates bridge between Data::Serializer and Sereal ii libsereal-decoder-perl 3.001.003-1 amd64 fast, compact, powerful binary deserialization module ii libsereal-encoder-perl 3.001.003-1 amd64 fast, compact, powerful binary serializationa module
Steps To Reproduce:	Execute   /etc/init.d/packetfence restart after the upgrade from Packetfence 4.3.0.
Additional Information:
System Description
Attached Files:

Notes
(0003585) lmunro    2014-10-08 13:18	pkill memcached and restart packetfence.
(0003586) pfbug    2014-10-08 16:43	Thanks a lot, that solved the problem. Perhaps this should be added to the postinstall script?
(0003630) fdurand    2014-12-22 20:06	Cache issue

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1678	[PacketFence] captive portal	minor	always	2013-08-02 09:13	2014-12-22 20:02
Reporter:	KimHagen	Platform:
Assigned To:	fdurand	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Google oauth redirects back to captive portal before you can select yes/no to allow your site.
Description:	On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal. (or first it will let you do your second-step authentication and then send you back to the captive portal page.) If you then select the Google oauth again you will get on the page where you can accept your site to have access and if you select yes the network access progress-bar appears and you have access. So you get 2 times the captive portal before you have access. For the facebook oauth it is as you expect. (portal, login and then access)
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003375) KimHagen    2013-08-02 09:15	This was on an iphone 5 and samsung Galaxy S3
(0003376) fdurand    2013-08-02 09:25	Hello, it mean that one of the domain your device try to reach is forwarded to packetfence. So sniff dns traffic between packetfence and your device and add the missing domains in the list of Authorized domains in your google authentication source. Regards Fabrice
(0003380) KimHagen    2013-08-02 11:42    (edited on: 2013-08-02 11:46)	Hello, I did sniff the dns traffic and i see what happens, i do not know if this is suppose to happen. On iphone i select my wifi profile for packetfence and it opens a captive portal window (which i think always goes to www.apple.com) I login with the google option, it goes to the google login, then it tries to go to www.apple.com instead of the google "accept this site" site. 10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com 8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254 10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom 8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254 10.0.0.59 8.8.8.8 DNS 79 Standard query A accounts.google.com 8.8.8.8 10.0.0.59 DNS 95 Standard query response A 173.194.66.84 10.0.0.59 8.8.8.8 DNS 75 Standard query A ssl.gstatic.com 8.8.8.8 10.0.0.59 DNS 91 Standard query response A 173.194.66.120 10.0.0.59 8.8.8.8 DNS 78 Standard query A accounts.google.nl 8.8.8.8 10.0.0.59 DNS 94 Standard query response A 173.194.66.94 10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com 8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254 10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom 8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254 10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com 8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84 10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom 8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254 10.0.0.59 8.8.8.8 DNS 79 Standard query A www.packetfence.org 8.8.8.8 10.0.0.59 DNS 95 Standard query response A 67.205.85.245 From an android device you select the wifi, and then go to an url, in my case www.tweakers.net and you get the captive portal, i then use google auth and enter username and password. Then the portal tries to go to www.tweakers.net before it goes to the google acceptance page. 10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom 8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254 10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com 8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84 10.0.0.67 8.8.8.8 DNS 79 Standard query A www.packetfence.org 8.8.8.8 10.0.0.67 DNS 95 Standard query response A 67.205.85.245 10.0.0.67 8.8.8.8 DNS 84 Standard query A www.google-analytics.com 8.8.8.8 10.0.0.67 DNS 304 Standard query response CNAME www-google-analytics.l.google.com A 173.194.34.71 A 173.194.34.70 A 173.194.34.66 A 173.194.34.78 A 173.194.34.72 A 173.194.34.73 A 173.194.34.64 A 173.194.34.69 A 173.194.34.68 A 173.194.34.67 A 173.194.34.65 10.0.0.67 8.8.8.8 DNS 76 Standard query A mtalk.google.com 8.8.8.8 10.0.0.67 DNS 121 Standard query response CNAME mobile-gtalk.l.google.com A 173.194.78.188 10.0.0.67 8.8.8.8 DNS 74 Standard query A www.google.com 8.8.8.8 10.0.0.67 DNS 170 Standard query response A 173.194.66.99 A 173.194.66.104 A 173.194.66.147 A 173.194.66.103 A 173.194.66.105 A 173.194.66.106 10.0.0.67 8.8.8.8 DNS 79 Standard query A clients1.google.com 8.8.8.8 10.0.0.67 DNS 279 Standard query response CNAME clients.l.google.com A 173.194.34.78 A 173.194.34.69 A 173.194.34.68 A 173.194.34.71 A 173.194.34.65 A 173.194.34.64 A 173.194.34.67 A 173.194.34.73 A 173.194.34.66 A 173.194.34.70 A 173.194.34.72 10.0.0.67 8.8.8.8 DNS 84 Standard query A productforums.google.com 8.8.8.8 10.0.0.67 DNS 203 Standard query response CNAME groups.l.google.com A 173.194.66.100 A 173.194.66.113 A 173.194.66.139 A 173.194.66.102 A 173.194.66.138 A 173.194.66.101 10.0.0.67 8.8.8.8 DNS 75 Standard query A csi.gstatic.com 8.8.8.8 10.0.0.67 DNS 91 Standard query response A 173.194.32.175 10.0.0.67 8.8.8.8 DNS 73 Standard query A www.google.nl 8.8.8.8 10.0.0.67 DNS 89 Standard query response A 173.194.66.94 10.0.0.67 8.8.8.8 DNS 78 Standard query A accounts.google.nl 8.8.8.8 10.0.0.67 DNS 135 Standard query response CNAME accounts-cctld.l.google.com A 173.194.66.94 10.0.0.67 8.8.8.8 DNS 75 Standard query A www.tweakers.nl 8.8.8.8 10.0.0.67 DNS 91 Standard query response A 10.0.3.254 10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom 8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254 10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com 8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84 10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom 8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254 10.0.0.67 10.0.3.254 HTTP 686 GET /access?destination_url=http%3A%2F%2Fwww.packetfence.org%2F HTTP/1.1 It looks like it redirects to the requested url before google acceptance page. Regards, Kim
(0003390) KimHagen    2013-08-12 06:04	The problem i had is gone, i think it was because i used inline interface in dns instead of management interface. Regards, Kim
(0003616) delta    2014-11-29 08:28	On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal
(0003617) delta    2014-11-29 08:28	can help
(0003628) fdurand    2014-12-22 20:02	Configuration issue

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1845	[PacketFence] captive portal	minor	always	2014-12-02 12:12	2014-12-17 13:15
Reporter:	delta	Platform:	All
Assigned To:	fdurand	OS:	All
Priority:	normal	OS Version:	All
Status:	resolved	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	packetfence
Description:	I'm testing packetfence and get the following error message in /usr/local/pf/logs/error_log RSA server certificate CommonName (CN) '127.0.0.1' does not match server name thanks
Steps To Reproduce:	I'm testing packetfence and get the following error message in /usr/local/pf/logs/error_log RSA server certificate CommonName (CN) '127.0.0.1' does not match server name thanks
Additional Information:	I'm testing packetfence and get the following error message in /usr/local/pf/logs/error_log RSA server certificate CommonName (CN) '127.0.0.1' does not match server name thanks
System Description
Attached Files:

Notes
(0003618) delta    2014-12-02 12:13	can help
(0003624) fdurand    2014-12-17 13:14	It´s not really an error, it just mean that the selsign certificate doesn´t match the apache fqdn. Btw apache will run.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1839	[PacketFence] core	major	always	2014-10-28 08:14	2014-12-17 08:48
Reporter:	caralo	Platform:	Linux
Assigned To:	fdurand	OS:	Debian
Priority:	high	OS Version:	7 (Wheezy)
Status:	resolved	Product Version:	4.4.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:	364882d0d75b0191ab3e935db9d9592c11b03721
fixed in mtn revision:
Summary:	Re-evaluate access fails with undefined subroutine
Description:	After registration in portal, vlan _reevaluation fails when it calls subroutine &pf::api::locationlog_view_open_switchport_no_VoIP Debian 7 and PF 4.4/4.5 These are the logs: Oct 27 19:11:42 httpd.portal(21155) INFO: [00:44:54:85:f7:0c] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) Oct 27 19:11:42 httpd.portal(21155) INFO: [00:44:54:85:f7:0c] switch port is (10.0.1.4) ifIndex 10040 connection type: Wired SNMP (pf::enforcement::_vlan_reevaluation) Oct 27 19:11:44 httpd.webservices(3662) ERROR: Undefined subroutine &pf::api::locationlog_view_open_switchport_no_VoIP call ed at /usr/local/pf/lib/pf/api.pm line 251.  (pf::WebAPI::JSONRPC::__ANON__) Oct 27 19:12:21 httpd.portal(3622) INFO: [00:44:54:85:f7:0c] shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (captiveportal::PacketFence::Controller::CaptivePortal::unknownState)
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003602) fdurand    2014-10-28 08:29	Hello, can you change the line 251 of /usr/local/pf/lib/pf/api.pm to that: my @locationlog = pf::locationlog::locationlog_view_open_switchport_no_VoIP( $switch->{_id}, $ifIndex ); and also add this function in api.pm: sub node_determine_and_set_into_VLAN {     my ( $mac, $switch, $ifIndex, $connection_type ) = @_;     my $logger = Log::Log4perl->get_logger('pfsetvlan::handling');     Log::Log4perl::MDC->put( 'tid', threads->self->tid() );     my $vlan_obj = new pf::vlan::custom();     my ($vlan,$wasInline) = $vlan_obj->fetchVlanForNode($mac, $switch, $ifIndex, $connection_type);     $switch->setVlan(         $ifIndex,         $vlan,         undef,         $mac     ); } And retry. Regards Fabrice
(0003603) caralo    2014-10-28 10:50	Good job !!! I retried and it is working now with your patch. There is a new error but i suppose it is not that important. It is another undefined subroutine &pf::api::violation_view_open_desc These are the logs: Oct 28 15:39:39 httpd.webservices(0) INFO: [55:d0:2b:55:e1:84] PID: "carcalo", Status: reg. Returned VLAN: 710 (pf::vlan::fetchVlanForNode) Oct 28 15:39:40 httpd.webservices(0) INFO: setting VLAN at 10.0.1.67 ifIndex 10009 from 719 to 710 (pf::Switch::setVlan) Oct 28 15:39:41 httpd.webservices(0) ERROR: Undefined subroutine &pf::api::violation_view_open_desc called at /usr/local/pf/lib/pf/api.pm line 269.  (pf::WebAPI::JSONRPC::__ANON__)
(0003604) fdurand    2014-10-28 10:54	Ok so try this in the api.pm file: my @violations = pf::violation::violation_view_open_desc($mac);  at line 269
(0003605) caralo    2014-10-28 11:04	Excellent!!! No more errors in the logs. You can close the bug.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1840	[PacketFence] web admin	minor	always	2014-10-28 11:26	2014-11-26 09:17
Reporter:	caralo	Platform:	Linux
Assigned To:	jrouzier	OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	resolved	Product Version:	4.4.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	+1
		Target Version:
fixed in git revision:	4c51dbc36909407dc2d604086ebd9b833f09e857
fixed in mtn revision:
Summary:	Error applying role to multiple nodes
Description:	when you select multiple nodes and try to apply a role it does not work and you get "Success. Roles applied to 0 nodes" You can only apply the role if you click the mac address link individually. These are the logs from httpd.admin.log: Oct 28 16:24:48 httpd.admin(8148) INFO: Redirecting to admin interface https://localhost:1443/admin [^] (pfappserver::Controller::Root::index) Oct 28 16:24:48 httpd.admin(8148) ERROR: Argument "\x{37}\x{34}..." isn't numeric in numeric ne (!=) at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Node.pm line 768.  (pfappserver::__ANON__) Oct 28 16:24:48 httpd.admin(8148) ERROR: Unable to modify node because specified category doesn't exist (pf::node::node_modify) Oct 28 16:24:49 httpd.admin(8148) ERROR: Use of uninitialized value $all_or_any in string eq at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm line 73.  (pfappserver::__ANON__)
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003606) jmplumley    2014-10-28 13:18	Have same issue on version 4.5.0 on CentOS. I don't get all the above errors from log file, just this one "ERROR: Use of uninitialized value $all_or_any in string eq at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm line 73.  (pfappserver::__ANON__)"
(0003607) jmplumley    2014-11-10 14:17	Just an update. Upgraded my system to 4.5.1 on CentOS but still have same issue with applying roles to multiple nodes.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1838	[PacketFence] configuration	minor	have not tried	2014-10-25 18:23	2014-10-26 13:10
Reporter:	deco	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	new	Product Version:	4.4.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	New firefox version blocks PF 4.5 Configurator
Description:	NOTE: *Not a bug with PF but how Firefox interacts with the install process* Just did a fresh install of CentOS 6.5 and did a yum update && yum upgrade. This updated the Firefox Browser to 31.1.0. With this version of Firefox, it would not allow the configurator page to display. After some Googling I found this forum post on Firefox's support page: https://support.mozilla.org/en-US/questions/1012765 [^] Going into about:config and doing the following solved this issue: setting "security.use_mozillapkix_verification" to 'true' P.S. I couldn't select PF 4.5.0 As a product version in the drop down. -Deco
Steps To Reproduce:	Fresh install of CentOS & update and attempt to install PF.
Additional Information:
System Description
Attached Files:

Notes
(0003600) erSitzt    2014-10-26 12:49	This is a general problem with firefox and self signed certificates. In FF 33.0 "security.use_mozillapkix_verification" isnt't even available anymore.
(0003601) deco    2014-10-26 13:10	I think the documentation should just put a !Note next to the configurator section that if you see this error to make the change in FF's config to enable seeing the page.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1834	[PacketFence] upgrade	minor	always	2014-10-23 08:24	2014-10-24 09:27
Reporter:	erSitzt	Platform:	Linux x86_64
Assigned To:	fdurand	OS:	Ubuntu
Priority:	normal	OS Version:	12.04
Status:	resolved	Product Version:	4.4.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	packetfence upgrade held back because of missing libdatetime-format-rfc3339-perl
Description:	When upgrading from 4.4 to 4.5 via apt packetfence-pfcmd-suid updates but packetfence fails: buehring@srv-pf2:~$ sudo apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done The following packages have been kept back:   packetfence 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. buehring@srv-pf2:~$ sudo apt-get install packetfence Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies:  packetfence : Depends: libdatetime-format-rfc3339-perl but it is not installable E: Unable to correct problems, you have held broken packages. buehring@srv-pf2:~$ dpkg -l | grep packetfence ii packetfence 4.4.0 PacketFence network registration / worm mitigation system ii packetfence-pfcmd-suid 4.5.0 C wrapper that replace perl-suid dependence buehring@srv-pf2:~$
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003590) fdurand    2014-10-23 11:32	Hi, i have just updated the repo, are you able to retry ? Thanks Fabrice
(0003591) erSitzt    2014-10-23 11:58	Thanks, it's working now !

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1828	[PacketFence] doc	minor	always	2014-10-07 09:46	2014-10-07 09:54
Reporter:	ae3	Platform:	All
Assigned To:	francis	OS:	All
Priority:	normal	OS Version:	All
Status:	resolved	Product Version:	4.2.2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.5.0
		Target Version:
fixed in git revision:	f25ea483236c8aaac557313a02b842ef892910cf
fixed in mtn revision:
Summary:	PF 4.4.0 ZEN manual URL error
Description:	On PDF page 10 (paper page 7), the following paragraph contains a URL that needs to be httpS: Configuring your PacketFence environment Before booting your VM, make sure the network cable coming from the TRUNK port for the demonstration PC is correctly plugged in the switch and the PC and that the link is up. Once powered, open a browser and point it to the configuration URL as stated by the VM login prompt (ie. http://PF_IP:1443/configurator [^]). The configuration process is a five steps process at the end of which, the VM will be a persistent working PacketFence environment.
Steps To Reproduce:	Open PDF file, scroll down 10 pages. :-)
Additional Information:	The product version picklist in this bug reporter ends at 4.2.2.
System Description
Attached Files:

Notes
(0003584) francis    2014-10-07 09:54	Fixed.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1824	[PacketFence] refactoring	minor	always	2014-09-12 09:12	2014-09-12 09:12
Reporter:	juanvalencia	Platform:	Linux
Assigned To:		OS:	CentOS
Priority:	normal	OS Version:	6.5
Status:	new	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	VoiP phones don't get complete information when they are autoreg for a different method than dhcp.
Description:	When you connect a VoIP phone and this is autoregister for a method like radius attributes, PF doesn't update OS info because when it detects that is a VoIP base on dhcp it is already register and PF rejects to do something. The same thing happens when is an autoregister violation created.
Steps To Reproduce:	* Configure a switch to use MAB. * Connect a Phone capable to send Radius attributes of VoIP. * The VoIP is immediately autor-egistered because the Radius Attributes. * The VoIP ask for DHCP, and PF detects that is form the category of VoIP Phones/Adapters. * PF says the device is already auto-register do nothing.
Additional Information:	PF should update the info of the node in every step that obtains info from the device, even if there is no action to do whit it. In this case the portion of the code, I think in pfsetvlan.pm that rejects to auto-register the device should obtain all the info and pushed into the node_info in the DB.
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1655	[PacketFence] inline	major	always	2013-06-25 11:47	2014-09-11 04:29
Reporter:	JasonFell	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.1
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Inline Mode not forwarding after registration
Description:	After creating a user and using these credential for logging in, no forwarding occurs. The screen states that I should check the network settings and try again. But nothing I do will alow it through except for restarting all the services. After looking into the packetfence logs I have found the following entries. Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:38:52 redir.cgi(0) INFO: Updating node 00:1c:7e:d6:50:25 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0' (pf::web::web_node_record_user_agent) Jun 25 09:38:52 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init) Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 redirected to authentication page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 redirected to authentication page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:06 register.cgi(0) INFO: 192.168.250.100 - 00:1c:7e:d6:50:25 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Jun 25 09:39:06 register.cgi(0) INFO: performing node registration MAC: 00:1c:7e:d6:50:25 pid: guest10 (pf::web::_sanitize_and_register) Jun 25 09:39:06 register.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (manage_register called) (pf::enforcement::reevaluate_access) Jun 25 09:39:06 register.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access) Jun 25 09:39:06 register.cgi(0) INFO: 192.168.250.100 - 00:1c:7e:d6:50:25 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Jun 25 09:39:16 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:16 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:16 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access) Jun 25 09:39:16 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access) Jun 25 09:39:29 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:29 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:29 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access) Jun 25 09:39:29 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access) Jun 25 09:39:29 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:29 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:29 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access) Jun 25 09:39:29 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access) Jun 25 09:39:56 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:56 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:56 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access) Jun 25 09:39:56 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access) Jun 25 09:39:56 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:56 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Jun 25 09:39:56 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access) Jun 25 09:39:56 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access). I have tried this on a number of occasions and get the same issue. I have tried leaving packetfence (for more than an hour, to see if it is an issue with time), I have disconnected the workstation requiring acccess (for more than an hour), and finally I have tried rebooting the workstation (requiring access). None of this gave internet access. As previously noted the only way access is given is by restarting all the packetfence services.
Steps To Reproduce:
Additional Information:	Current setup is as follows; Inline enforcement Packetfence d-link unmanaged 4 port switch
Attached Files:	Packetfence Output after secure redirect disable.txt (5,026) 2013-07-03 04:32 https://www.packetfence.org/bugs/file_download.php?file_id=178&type=bug Packetfence-successful_activation.log (3,401) 2013-07-18 03:49 https://www.packetfence.org/bugs/file_download.php?file_id=180&type=bug

Notes
(0003330) rivan    2013-06-26 05:06	I'm experiencing the same problem. try to reboot the registered node. but of course this is not a permanent solution.
(0003331) JasonFell    2013-07-02 06:15	Forgot to add a couple of details: Centos 6.4 minimal install. clients tested with the same fault; Win7 WinXP Android 4.1.2 can you also let me know when there might be some movement on this issue?
(0003332) rivan    2013-07-02 22:28    (edited on: 2013-07-02 22:29)	did you remove the secure redirect?
(0003333) JasonFell    2013-07-03 04:31	Hi Rivan, Removed the secure redirect, but still no joy. Why would this make a difference to the forwarding of packets? it seems more likely that the method for allowing access through packetfence does not update correctly (if I restart the services I get access)
(0003334) rivan    2013-07-04 23:01    (edited on: 2013-07-04 23:01)	you have to restart the services after you reboot packetfence. It's a bug.
(0003335) JasonFell    2013-07-09 05:47    (edited on: 2013-07-15 07:26)	That seemed like a silly run-a-round. I have just re-installed pf and found that the secure redirect did not help me at all. I still cannot get access from a workstation (or any other device) to the internet unless I restart the pf services (after the user has registered)! This is a major stumbling block as this would stop others from using the internet for the 60-120 seconds that the service is unavailable.....for every person who wants to register!!
(0003342) JasonFell    2013-07-18 03:48	After waiting for some help with fixing this bug I can now inform you that I have made some progress, but it seems that the 'inline' functionality does not work the same as 'out-of-band' enforcement. I made a leap of faith and installed both type of enforcement, even though I did not require both, and then 'created' 2 further (un-required) interfaces within the configurator for the 2 vlans (isolation & registration). I then proceeded to test further and found that all is working as it should be without issue. I have taken a note of the packetfence.log file and will attached to this bug report. on a side note I do find it amazing that the product is purported to support 'inline' enforcement (without implementing features that are not required), but it seems from my initial findings that this is not the case, and the support, or even advice, as been almost non-existent.
(0003360) fdurand    2013-07-31 20:13	Hello, is the captive portal you hit is on a inline interface ? Can you paste me the result of ipset -L ? Regards Fabrice
(0003362) jvlien    2013-08-01 03:39	Dear All, I experience the same issue. I have not tested rebooting the server but the client as suggested in the pf message to the client. The ipsec -L before rebooting the client (IP 192.168.64.92 - MAC: 00:50:56:B5:8B:33): Name: pfsession_Reg_192.168.64.0 Type: bitmap:ip,mac Header: range 192.168.64.0-192.168.64.255 Size in memory: 4208 References: 1 Members: 192.168.64.83,54:26:96:A0:B9:F7 192.168.64.89,B8:F6:B1:AC:1B:56 The ipsec -L after rebooting the client (IP 192.168.64.92 - MAC: 00:50:56:B5:8B:33): Name: pfsession_Reg_192.168.64.0 Type: bitmap:ip,mac Header: range 192.168.64.0-192.168.64.255 Size in memory: 4208 References: 1 Members: 192.168.64.83,54:26:96:A0:B9:F7 192.168.64.89,B8:F6:B1:AC:1B:56 192.168.64.92,00:50:56:B5:8B:33 Before rebooting the client, packetfence.log shows: Aug 01 10:25:03 redir.cgi(0) ERROR: Error while setting locale to en_US.utf8. (pf::Portal::Session::_initializeI18n) Aug 01 10:25:03 redir.cgi(0) INFO: 00:50:56:b5:8b:33 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Aug 01 10:25:03 redir.cgi(0) INFO: Updating node 00:50:56:b5:8b:33 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0' (pf::web::web_node_record_user_agent) Aug 01 10:25:03 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init) Aug 01 10:25:03 redir.cgi(0) INFO: MAC 00:50:56:b5:8b:33 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Aug 01 10:25:03 redir.cgi(0) INFO: re-evaluating access for node 00:50:56:b5:8b:33 (redir.cgi called) (pf::enforcement::reevaluate_access) Aug 01 10:25:03 redir.cgi(0) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique) After rebooting the client: ug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPREQUEST from 00:50:56:b5:8b:33 (192.168.64.92) (main::parse_dhcp_request) Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement) Aug 01 10:28:08 pfdhcplistener(3356) INFO: 00:50:56:b5:8b:33 requested an IP. DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp = 2013-08-01 10:28:08,computername = pos03,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp) Aug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPACK from 192.168.64.5 (00:50:56:b5:9b:ba) to host 00:50:56:b5:8b:33 (192.168.64.92) for 86400 seconds (main::parse_dhcp_ack) Note: 192.168.64.5 is the pf server Inline interface IP.
(0003365) fdurand    2013-08-01 08:12	Ok so ipset is working, is ip_forward enabled ? Can you paste the iptables -L -n -v and iptables -L -n -v -t nat ? Fabrice
(0003367) jvlien    2013-08-01 08:40	#iptables -L -n -v Chain INPUT (policy DROP 8842 packets, 866K bytes)  pkts bytes target prot opt in out source destination   587 1313K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 53092 70M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED     0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8  1620 79639 input-internal-inline-if all -- eth2 * 0.0.0.0/0 192.168.64.5   605 175K input-internal-inline-if all -- eth2 * 0.0.0.0/0 255.255.255.255     0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 192.168.65.211 tcp dpt:443     9 476 input-management-if all -- eth1 * 0.0.0.0/0 0.0.0.0/0     5 260 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy DROP 1593 packets, 88109 bytes)  pkts bytes target prot opt in out source destination  2370 166K forward-internal-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0   639 317K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT 35265 packets, 7414K bytes)  pkts bytes target prot opt in out source destination Chain forward-internal-inline-if (1 references)  pkts bytes target prot opt in out source destination     0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x3 match-set pfsession_passthrough dst,dst   777 77790 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1 Chain forward-internal-vlan-if (0 references)  pkts bytes target prot opt in out source destination     0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough dst,dst     0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough src,src Chain input-highavailability-if (0 references)  pkts bytes target prot opt in out source destination     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5405     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5407     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7788 Chain input-internal-inline-if (2 references)  pkts bytes target prot opt in out source destination     5 1717 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x3   146 8491 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x3     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x2     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x2     0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x1     0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x1     3 144 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x1     0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x1    19 912 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80    19 896 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 Chain input-internal-vlan-if (0 references)  pkts bytes target prot opt in out source destination     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 Chain input-management-if (1 references)  pkts bytes target prot opt in out source destination     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22     8 420 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1443     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1812     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1813     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1813     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:162     0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9392     0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8834      # iptables -L -n -v -t nat Chain PREROUTING (policy ACCEPT 11776 packets, 1115K bytes)  pkts bytes target prot opt in out source destination  4767 457K prerouting-int-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT 196 packets, 12121 bytes)  pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 90 packets, 5600 bytes)  pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 113 packets, 8001 bytes)  pkts bytes target prot opt in out source destination   142 9836 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0     0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x3     0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x1     0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x2 Chain postrouting-inline-routed (0 references)  pkts bytes target prot opt in out source destination     0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain postrouting-int-inline-if (3 references)  pkts bytes target prot opt in out source destination     0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 Chain prerouting-int-inline-if (1 references)  pkts bytes target prot opt in out source destination   146 8479 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x3     0 0 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x2     0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough dst,dst mark match 0x3    19 912 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x3     0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x2    17 816 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x3     0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x2 #ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:b5:b6:e0           inet addr:192.168.60.13 Bcast:192.168.60.255 Mask:255.255.255.0           inet6 addr: fe80::250:56ff:feb5:b6e0/64 Scope:Link           UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1           RX packets:63498 errors:0 dropped:0 overruns:0 frame:0           TX packets:3566 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:4206524 (4.0 MiB) TX bytes:4622467 (4.4 MiB) eth1 Link encap:Ethernet HWaddr 00:50:56:b5:3a:4c <--           inet addr:192.168.65.211 Bcast:192.168.65.255 Mask:255.255.255.0           inet6 addr: fe80::250:56ff:feb5:3a4c/64 Scope:Link           UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1           RX packets:49955 errors:0 dropped:0 overruns:0 frame:0           TX packets:34783 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:70775434 (67.4 MiB) TX bytes:3166477 (3.0 MiB) eth2 Link encap:Ethernet HWaddr 00:50:56:b5:9b:ba           inet addr:192.168.64.5 Bcast:192.168.64.255 Mask:255.255.255.0           inet6 addr: fe80::250:56ff:feb5:9bba/64 Scope:Link           UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1           RX packets:6999 errors:0 dropped:0 overruns:0 frame:0           TX packets:2347 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:756693 (738.9 KiB) TX bytes:749056 (731.5 KiB) lo Link encap:Local Loopback           inet addr:127.0.0.1 Mask:255.0.0.0           inet6 addr: ::1/128 Scope:Host           UP LOOPBACK RUNNING MTU:16436 Metric:1           RX packets:871 errors:0 dropped:0 overruns:0 frame:0           TX packets:871 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:0           RX bytes:2183212 (2.0 MiB) TX bytes:2183212 (2.0 MiB) Interfaces:  * eth0 - Type: (None) - Comment: Interface on other LAN to allow remote access for management (I have added -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT in iptables.conf for this one)  * eth1 - Type: Management  - eth2 - Type: Inline
(0003368) jvlien    2013-08-01 08:41    (edited on: 2013-08-01 10:04)	Note: no need to reboot the client computer after all. On Windows an "ipconfig /renew" does the trick. For Wifi a disconnect then reconnect from the Wi-Fi network also works (Access Point directly connected to Inline net)
(0003369) fdurand    2013-08-01 09:14	And the iptables -L -n -v -t mangle too.
(0003370) jvlien    2013-08-01 10:03	# iptables -L -n -v -t mangle Chain PREROUTING (policy ACCEPT 18149 packets, 4722K bytes)  pkts bytes target prot opt in out source destination  9936 993K prerouting-int-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT 9734 packets, 2183K bytes)  pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 7840 packets, 2440K bytes)  pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 3694 packets, 3250K bytes)  pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 10479 packets, 5632K bytes)  pkts bytes target prot opt in out source destination Chain prerouting-int-inline-if (1 references)  pkts bytes target prot opt in out source destination  9936 993K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x3     0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Unreg_192.168.64.0 src,src MARK set 0x3  3959 415K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Reg_192.168.64.0 src,src MARK set 0x1     0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Isol_192.168.64.0 src,src MARK set 0x2
(0003371) fdurand    2013-08-01 15:40	Hum it look good because : 3959 415K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Reg_192.168.64.0 src,src MARK set 0x1 have you checked /proc/sys/net/ipv4/ip_forward is equal to 1 ? Fabrice
(0003374) jvlien    2013-08-02 02:57	Yes, and once ipset -L shows the MAC/IP in the list the computer has access so it can't be this: # cat /proc/sys/net/ipv4/ip_forward 1 It looks like something is not set when the client is logged in (auth is done via AD) and this same something is then triggered with the DHCP refresh: Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement) Would there be a way to trigger this event on the pf server to test if this is what is missing after login in but defore dhcp refresh?
(0003377) fdurand    2013-08-02 09:31	Your setup look good, can you paste the routing table ? Fabrice
(0003378) jvlien    2013-08-02 09:41	# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.65.210 0.0.0.0 UG 0 0 0 eth1 192.168.60.0 * 255.255.255.0 U 0 0 0 eth0 192.168.64.0 * 255.255.255.0 U 0 0 0 eth2 192.168.65.0 * 255.255.255.0 U 0 0 0 eth1
(0003384) fdurand    2013-08-05 11:16	Your configuration looks correct, are you able to ping 192.168.65.210 from your device when your device is reg ?
(0003385) jvlien    2013-08-05 13:05	When the computer is in the pfsession_Reg_192.168.64.0, yes I can ping 192.168.65.210. As I said when I reboot/renew DHCPlease/disconnect & reconnect to Wireless network it shows this in the log: Aug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPREQUEST from 00:50:56:b5:8b:33 (192.168.64.92) (main::parse_dhcp_request) Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement) And this seems to trigger the event that makes the computer to go from the pfsession_UnReg_192.168.64.0 to the pfsession_Reg_192.168.64.0 list but until this DHCPREQUEST the client stays in the Unreg list.
(0003386) fdurand    2013-08-05 13:56	Ok so try this: su - pf and launch sudo ipset -L If it doesn´t work it mean that there is a problem with sudoers file.
(0003387) jvlien    2013-08-06 03:11	It looks like you're right! # su - pf $ /usr/sbin/ipset -L ipset v6.12.1: Kernel error received: Operation not permitted I have looked at the doc and unless I am mistaken I have not seen how to setup sudo (it is taken care of by the installation script?).
(0003434) dranix    2013-09-03 05:20	I am having the same issue highlighted by JasonFell. So after reading this bug, i realize that the issue revolves around ipset. My setup is as follows: -CentOS 6.4 -PacketFence 4.0.5-2 A "discovery" of the bug: Scenario when new user authenticates: 1. When a new user successfully authenticates and registers, the wireless device would be stuck at the webpage that states, "Your network should be enabled within a minute or two. If it is not reboot your computer.". 2. The wireless client will never be able to access the Internet even though in the PacketFence portal, the device is registered correctly. 3. Upon checking the ipset, this device is not reflected in the pfsession_Reg_x.x.x.x ipset. 4. After performing "service packetfence restart", then only will the client be able to access the Internet. 5. Upon checking the ipset now, the device's IP and MAC is present in the pfsession_Reg_x.x.x.x ipset. Scenario when a node is deregistered and deleted. 1. When a node is successfully registered it is able to access the Internet. 2. In the PacketFence portal, when the node is deregistered and removed, the node is still present in the pfsession_Reg_x.x.x.x ipset. 3. This means that a "non-registered" device would still be able to access the Internet. 4. After performing "service packetfence restart", then only will the client not be able to access the Internet. 5. Upon checking the ipset now, the device's IP and MAC is not in the pfsession_Reg_x.x.x.x ipset. To add on the jvlien observation. Executing "ipset -L" from user pf would give the Kernel error. But executing the command "sudo ipset -L" works fine. So it has something to do with ipset not being executed by the pf user when wireless clients are added or removed. Hope this information helps. Thanks.
(0003442) dranix    2013-09-11 23:14	Updates to this bug. Have tested with PacketFence 4.0.6. Same problem still exists. Newly registered wireless clients would not be able to access the Internet until PacketFence is restarted which "renews" the ipset list. Thanks.
(0003451) dranix    2013-09-17 02:57	Updates to this bug Have updated to PacketFence 4.0.6-2. Same problem still exists. Have included the logs from packetfence.log. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ##New Registration with bad password Sep 17 14:33:46 register.cgi(0) INFO: 172.31.200.10 - aa:bb:cc:dd:ee:ff on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Sep 17 14:33:51 register.cgi(0) WARN: User cannot cn=test-staff,ou=people,dc=company,dc=com cannot bind from dc=company,dc=com on ldap-master.company.com:389 for source Staff (pf::Authentication::Source::LDAPSource::authenticate) Sep 17 14:33:56 register.cgi(0) WARN: No entries found (0) with filter (cn=test-staff) from dc=intern,dc=company,dc=com on intern.company.com:389 for source Intern (pf::Authentication::Source::LDAPSource::authenticate) ##New Registration with good password Sep 17 14:34:25 register.cgi(0) INFO: 172.31.200.10 - aa:bb:cc:dd:ee:ff on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Sep 17 14:34:30 register.cgi(0) INFO: Authentication successful for test-staff in source Staff (LDAP) (pf::authentication::authenticate) Sep 17 14:34:35 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass) Sep 17 14:34:35 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match) Sep 17 14:34:41 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass) Sep 17 14:34:41 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match) Sep 17 14:34:46 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass) Sep 17 14:34:46 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match) Sep 17 14:34:46 register.cgi(0) INFO: performing node registration MAC: aa:bb:cc:dd:ee:ff pid: test-staff (pf::web::_sanitize_and_register) Sep 17 14:34:46 register.cgi(0) INFO: creating person test-staff because it doesn't exist (pf::node::node_register) Sep 17 14:34:46 register.cgi(0) INFO: person test-staff added (pf::person::person_add) Sep 17 14:34:46 register.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (manage_register called) (pf::enforcement::reevaluate_access) Sep 17 14:34:46 register.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access) Sep 17 14:34:55 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 17 14:34:55 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 17 14:34:55 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access) Sep 17 14:34:55 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access) ##Unable to access after rebooting wireless client Sep 17 14:35:44 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 17 14:35:44 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 17 14:35:44 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access) Sep 17 14:35:44 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access) Sep 17 14:35:51 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 17 14:35:51 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 17 14:35:51 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access) Sep 17 14:35:51 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access) ##check ipset before restarting packetfence [root@packetfence logs]# ipset -L Name: pfsession_Unreg_172.31.200.0 Type: bitmap:ip,mac Header: range 172.31.200.0-172.31.203.255 Size in memory: 16496 References: 1 Members: Name: pfsession_Reg_172.31.200.0 Type: bitmap:ip,mac Header: range 172.31.200.0-172.31.203.255 Size in memory: 16496 References: 1 Members: Name: pfsession_Isol_172.31.200.0 Type: bitmap:ip,mac Header: range 172.31.200.0-172.31.203.255 Size in memory: 16496 References: 1 Members: ##Executed packetfence restart service packetfence restart ##check ipset after restarting packetfence [root@packetfence logs]# ipset -L Name: pfsession_Unreg_172.31.200.0 Type: bitmap:ip,mac Header: range 172.31.200.0-172.31.203.255 Size in memory: 16496 References: 1 Members: Name: pfsession_Reg_172.31.200.0 Type: bitmap:ip,mac Header: range 172.31.200.0-172.31.203.255 Size in memory: 16496 References: 1 Members: 172.31.200.10,aa:bb:cc:dd:ee:ff Name: pfsession_Isol_172.31.200.0 Type: bitmap:ip,mac Header: range 172.31.200.0-172.31.203.255 Size in memory: 16496 References: 1 Members: ##wireless client can surf the Internet without any issues Hope the added information helps in the bug resolution. Thanks.
(0003479) showy    2013-12-08 03:30	Hi, I'm new to packetfence and I've just ran into this problem with a minimal installation of debian wheezy. Have installed packetfence 4.0.6-2 via aptitude and configured for inline mode. A quick fix of the problem is to replace in the reevaluate_access function of the enforcement.pm file the block after the call to isInlineEnforcementRequired: if ($inline->isInlineEnforcementRequired($mac)) {                 # TODO avoidable load?                 my $trapSender = pf::SwitchFactory->getInstance()->instantiate('127.0.0.1');                 if ($trapSender) {                     $logger->debug("sending a local firewallRequest trap to force firewall change");                     $trapSender->sendLocalFirewallRequestTrap('127.0.0.1', $mac);                 } else {                      TO: if ($inline->isInlineEnforcementRequired($mac)) { $inline->performInlineEnforcement($mac); } else { PATCH << diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm index ebd975f..4cb863c 100644 --- a/lib/pf/enforcement.pm +++ b/lib/pf/enforcement.pm @@ -82,14 +82,7 @@ sub reevaluate_access {              my $inline = new pf::inline::custom();              if ($inline->isInlineEnforcementRequired($mac)) {   - # TODO avoidable load? - my $trapSender = pf::SwitchFactory->getInstance()->instantiate('127.0.0.1'); - if ($trapSender) { - $logger->debug("sending a local firewallRequest trap to force firewall change"); - $trapSender->sendLocalFirewallRequestTrap('127.0.0.1', $mac); - } else { - $logger->error("Can't instantiate switch 127.0.0.1! It's critical for internal messages!"); - } + $inline->performInlineEnforcement($mac);                } else {                  $logger->debug("MAC: $mac is already properly enforced in firewall, no change required");
(0003580) jvlien    2014-09-11 04:29	Dear All, It's been a while but I had the same issue again recently and finally found out that the issue was due to lack of RAM. The pfsetvlan service took all the available RAM leaving no free memory for all the other services. pfdhcplistener would not start and ipset would throw a Out of memory error. With 4GB of RAM for the pf machine I don't run into this issue any more (pfsetvlan takes 1GB alone). This was not an easy find, despite the obvious errors at some point, as runing ipset as pf user lead to an other error (Kernel: operation not permitted) making me think of an sudoers/access right issue and also with a DHCP renew/reboot of the client it would trigger something that would make pf to work and give access at the end (which was a workaround used since then). I did not came across such memory issue with "modern" OS since a while and that's also probably why I did not think of it at first.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1823	[PacketFence] web admin	minor	always	2014-09-05 10:22	2014-09-05 10:22
Reporter:	jsemaan.inverse	Platform:	All
Assigned To:		OS:	All
Priority:	normal	OS Version:	All
Status:	new	Product Version:	devel
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	The external script trigger for violations is broken in the admin ui
Description:	The creation of external script triggers in the admin ui creates invalid configuration. It adds the trigger 'external' when the configuration expects 'external<some user defined id>' Then the path to the script must be configured in pf.conf in [paths.external<the decided id>] It must also be added to documentation.conf or pf won't checkup. We need to review the way we create these triggers or adapt the admin interface to the current way of doing it. The feature still works when creating the configuration manually
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1819	[PacketFence] radius	minor	always	2014-08-19 17:43	2014-08-19 18:50
Reporter:	cpross90	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	new	Product Version:	4.2.2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Cisco Aironet 1042N periods in MAC
Description:	When accounting data is sent to the pf server there are periods in the MAC. Packetfence does not parse them properly causing bandwidth monitoring to not work correctly.
Steps To Reproduce:	Use pf with Aironet 1042N.
Additional Information:
System Description
Attached Files:

Notes
(0003572) fdurand    2014-08-19 18:31	Hi, what do you mean by periods in the MAC ? Fabrice
(0003573) cpross90    2014-08-19 18:47	Aug 19 17:39:13 httpd.webservices(1699) INFO: [172.16.0.23] Returning ACCEPT with VLAN 2 and role (pf::Switch::returnRadiusAccessAccept) Aug 19 17:41:14 httpd.webservices(1699) INFO: Unable to extract MAC from Called-Station-Id: 8875.56da.bf20 (pf::radius::extractApMacFromRadiusRequest) Aug 19 17:41:14 httpd.webservices(1699) INFO: handling radius autz request: from switch_ip => 172.16.0.22, connection_type => Wireless-802.11-NoEAP,switch_mac => , mac => 38:aa:3c:22:ae:cf, port => 1496, username => 38aa3c22aecf (pf::radius::authorize) Aug 19 17:41:14 httpd.webservices(1699) INFO: MAC: 38:aa:3c:22:ae:cf is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
(0003574) cpross90    2014-08-19 18:50	It looks like the from /lib/pf/radius.pm sub extractApMacFromRadiusRequest only strips :'s or -'s.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1766	[PacketFence] hardware modules	minor	always	2014-02-05 20:25	2014-07-25 10:53
Reporter:	aj14	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	normal	OS Version:	5
Status:	resolved	Product Version:	4.0.3
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	PacketFence cannot receive SNMP traps from D-link DES3526 Switch
Description:	Before deploying PF to our network, we are testing its functionality with the switches that we have. So far so good, but when it comes to the D-Link DES3526, we have had no luck. When I look into the module itself, it is basically a container for the main Dlink.pm. Basically, nothing happens on the switch when we connect a host authorized or unauthorized to it. When looking at the packetfence log, it seems as if PF is not understanding the trap coming from the switch ("trap currently not hadled"). I have attached an excerpt of packetfence.log. You can see that the trap contains the MAC address of the machine that is being connected to the switch. I have also attached the switch configuration. Firmware is 5.00-B27.
Steps To Reproduce:	Connect a machine to a port in the switch configured to send traps.
Additional Information:	packetfence.log entries: Feb 04 16:56:08 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:08 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-04|00:56:06|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1248956) 3:28:09.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:08 pfmon(1) INFO: running expire check (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: checking violations for expiration (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: checking accounting data for potential bandwidth abuse (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: getting violations triggers for accounting cleanup (pf::accounting::acct_maintenance) Feb 04 16:56:08 pfmon(1) INFO: Calling node acct maintenance total with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance) Feb 04 16:56:08 pfsetvlan(23) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:08 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-04|00:56:07|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249056) 3:28:10.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:08 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:08 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-04|00:56:08|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249157) 3:28:11.57|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:11 pfsetvlan(22) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:11 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-04|00:56:09|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249256) 3:28:12.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:11 pfsetvlan(21) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Switch entry in switches.conf: [10.100.6.32] mode=production SNMPCommunityRead=frydmwrt SNMPCommunityWrite=frydmwrt SNMPVersionTrap=2c type=Dlink::DES_3526 VoIPEnabled=N SNMPVersion=2c uplink=26 SNMPCommunityTrap=frydmwrt SNMPEngineID=800000ab03001cf09d649a
System Description
Attached Files:	des-3526-config (8,410) 2014-02-05 20:25 https://www.packetfence.org/bugs/file_download.php?file_id=198&type=bug Dlink-aj14.pm (7,895) 2014-02-28 11:13 https://www.packetfence.org/bugs/file_download.php?file_id=201&type=bug Dlink.pm (7,879) 2014-04-23 14:34 https://www.packetfence.org/bugs/file_download.php?file_id=206&type=bug

Notes
(0003500) fdurand    2014-02-06 09:49	Hello, let check in the Dlink.pm module, it look like the format of the trap has changed. Change that to match your trap: /BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.0\.3\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/ Fabrice
(0003501) aj14    2014-02-06 15:56	Fabrice, I am not sure what is that I need to change. Is it Dlink.pm or something in the switch? That statement that you wrote in your comment is already on Dlink.pm, line 57 Can you please clarify? Thanks Adrian
(0003502) fdurand    2014-02-06 16:10	Adrian, what i have posted is a regexp that parse the trap your switch send. So your trap look like: .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 So you have to rewrite the regexp in packetfence to match your trap and get the ifindex of the port and the mac address. Regards Fabrice
(0003508) aj14    2014-02-19 23:13	Fabrice, I am not an expert in RegExp. Please verify that the change is correct.  =~ /BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.2\.0\.2\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.14\.1\.1\.1\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/ Why do I have to do this in the first place? Is there a specific firmware supported for the DES-3526? There is not mention of it in the documentation. Regards Adrian
(0003509) aj14    2014-02-20 21:03	After making that change and restarting the packetfence service (do I need to do that when I change a module?), it still does not work. I get pretty much the same results: --- Feb 20 17:56:55 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852616) 16 days, 4:28:46.16|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 20 17:56:56 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 20 17:56:56 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852659) 16 days, 4:28:46.59|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 20 17:56:56 pfsetvlan(21) WARN: We have received a trap from switch 10.128.240.44. This switch is UNREGISTERED. Flush the trap (main::parseTrap) Feb 20 17:56:56 pfsetvlan(22) WARN: We have received a trap from switch 10.128.208.38. This switch is UNREGISTERED. Flush the trap (main::parseTrap) Feb 20 17:56:57 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 20 17:56:57 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-20|01:56:56|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852763) 16 days, 4:28:47.63|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 20 17:56:59 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Feb 20 17:56:59 pfsetvlan(3) DEBUG: opening SNMP v2c read connection to 10.100.6.32 (pf::SNMP::connectRead) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0 (pf::SNMP::connectRead) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for ifType: 1.3.6.1.2.1.2.2.1.3.1 (pf::SNMP::getIfType) Feb 20 17:56:59 pfsetvlan(3) INFO: down trap received on 10.100.6.32 ifIndex 1 (main::handleTrap) Feb 20 17:56:59 pfsetvlan(3) INFO: setting 10.100.6.32 port 1 to MAC detection VLAN (main::handleTrap) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2 (pf::SNMP::getDot1dBasePortForThisIfIndex) Feb 20 17:56:59 pfsetvlan(3) DEBUG: dot1dBasePort corresponding to ifIndex 1 is 1 (pf::SNMP::getDot1dBasePortForThisIfIndex) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qPvid: 1.3.6.1.2.1.17.7.1.4.5.1.1.1 (pf::SNMP::getVlan) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qVlanStaticName: 1.3.6.1.2.1.17.7.1.4.3.1.1.4 (pf::SNMP::isDefinedVlan) Feb 20 17:56:59 pfsetvlan(3) WARN: MAC detection VLAN 4 is not defined on switch 10.100.6.32 -> Do nothing (pf::SNMP::setVlan) Feb 20 17:56:59 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Feb 20 17:56:59 pfsetvlan(3) DEBUG: closing SNMP v2c read connection to 10.100.6.32 (pf::SNMP::disconnectRead) --- The last entries seem to indicate that some traps do work, but not the one for the MAC address violation. Regards Adrian
(0003510) aj14    2014-02-28 10:33	No word on this? After analyzing the trap closely, this is what is missing from it: = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 Will re-write the regexp accordingly, but the question remains the same, why is it that I need to (so drastically) modify the module. Regards Adrian
(0003511) aj14    2014-02-28 11:11	This also was preventing a match: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) I changed it to this: ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) Now the trap is a match, but I get the following error: Feb 28 07:55:48 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-28|15:55:44|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (205364994) 23 days, 18:27:29.94|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62. Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64. Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73. Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74. I will upload the current Dlink.pm that I have. I now need help from you guys.
(0003530) ah27    2014-04-23 14:34	I have reapplied the changes that you originally told Adrian to apply after upgrading our server to 4.1.0 With your version of the fix I get: Apr 23 11:20:41 pfsetvlan(24) INFO: ignoring unknown trap: 2014-04-23|18:20:38|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6144888) 17:04:08.88|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap) With Adrian's I get: Apr 23 11:27:43 pfsetvlan(21) INFO: ignoring unknown trap: 2014-04-23|18:27:41|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6187149) 17:11:11.49|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap) Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62. Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64. Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73. Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74 I will also attach the version of the Dlink.pm we now have.
(0003531) lmunro    2014-04-25 13:53	It looks like the format for the dlink traps has changed significantly. You are probably running a newer version of the firmware than what we tested with. I can't really fix this without knowing more. It will take a rewrite of the parseTrap function to support the new trap format. I will need to know what type of traps we are receiving and run a few live tests with someone on your end.
(0003571) lmunro    2014-07-25 10:52	Fixed by new DES_3526 module.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1814	[PacketFence] web admin	minor	always	2014-07-14 19:36	2014-07-15 12:58
Reporter:	hagenbucher	Platform:	i686
Assigned To:		OS:	Ubuntu Server
Priority:	normal	OS Version:	12.04.4 LTS
Status:	new	Product Version:	devel
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Uplinks only allowed to be numeric
Description:	You untick the usage of dynamic uplinks (how does it work?) The field "Uplink" is editable now but does not allow ports like: A1, A2, A3 or Trk1, Trk2 issue 1 a) Trk1, Trk2 ... are trunks (static) or link aggretaions (lacp) created manually on the switch CLI (do not confuse cisco usage of the word trunk) for 5400zl and 2910al series. issue 1 b) A1 is the first port on modul A on HP ProCurve 5400zl series. issue 2) If there is only one uplink port - which is perfectly fine with an lacp created link connected to a distributed trunk/multi chassis lag or if you don't care about redundancy - there should be the possibility of configuring one port only as uplink.
Steps To Reproduce:	Menu Configuration - Switches: - Click 'Add Switch' - Fill any non-numerical value to the file "Uplink" - The field and caption gets framed/written in red and you cannot save your edit.
Additional Information:	Tested with 4.3.0-201407140016 and 4.3.0 You can workaround issue number two by filling in "1, 1" if your only uplink port is port number 1.
System Description	Running in VirtualBOX
Attached Files:

Notes
(0003564) fdurand    2014-07-15 07:18	Hello, when you define an uplink port it mean that it´s the ifIndex which is an integer. Regards Fabrice
(0003565) hagenbucher    2014-07-15 12:58	Hello Fabrice, thank you very much for clarifying this issue. It did help me a lot. for future reference: ifIndices for HP5400zl (max. of 288 ports as 5412zl) Trk1 is ifIndex 290 Trk2 is ifIndex 291 Trk3 is IfIndex 292 ifIndices for HP2910al (fixed port switch with 44 1000baseTX and 4 fiber ports) Trk1 is ifIndex 54 Trk2 is ifIndex 55 Kind regards, David

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1806	[PacketFence] captive portal	block	always	2014-06-05 09:21	2014-07-09 01:03
Reporter:	hudsonfas	Platform:	Linux
Assigned To:		OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	new	Product Version:	4.2.2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Your network should be enabled within a minute or two
Description:	In captive portal, after I put USERNAME and PASSWORD, and received the message: "Your network should be enabled within a minute or two. If it is not reboot your computer" ... and nothing happens .... In /usr/local/pf/logs/portal_error: [Thu Jun 5 08:33:34 2014] -e: Use of uninitialized value $2 in uc at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm line 186
Steps To Reproduce:
Additional Information:	Debian GNU/Linux 7 (wheezy) packetfence:   Installed: 4.2.2   Candidate: 4.2.2   Version table:  *** 4.2.2 0         500 http://inverse.ca/downloads/PacketFence/debian/ [^] wheezy/wheezy amd64 Packages
System Description
Attached Files:

Notes
(0003553) fdurand    2014-06-05 09:23	What we need also is the packetfence.log when you reg your device.
(0003562) rivanstudents    2014-07-06 03:27	it is actually happening if you use inline mode. I also have this kind of problem in the past. I forgot how to fix it.
(0003563) rivanstudents    2014-07-09 01:03    (edited on: 2014-07-09 01:04)	I remember make sure that ip forward is enabled vi /etc/sysctl.conf look for net.ipv4.ip_forward = 0 make sure you make it 1 net.ipv4.ip_forward = 1 then exit sysctl -p /etc/sysctl.conf this is for Rhel/Centos I don't know where is sysctl.conf in debian

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1813	[PacketFence] captive portal	minor	have not tried	2014-06-25 05:14	2014-07-07 12:36
Reporter:	sisu	Platform:	Linux
Assigned To:		OS:	Ubuntu
Priority:	normal	OS Version:	12.04
Status:	new	Product Version:	4.2.2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Phone number check with regex
Description:	On Packetfence 4.1 In the File /pf/lib/pf/web/util.pm i changee the text form : sub validate_phone_number {     my ($phone_number) = @_;     # north american regular expression     if ($phone_number =~ /         ^(?:\+?(1)[-.\s]?)? # optional 1 in front with -, ., space or nothing seperator         \(?([2-9]\d{2})\)? # captures first 3 digits allows optional parenthesis         [-.\s]? # separator -, ., space or nothing         (\d{3}) # captures 3 digits         [-.\s]? # separator -, ., space or nothing         (\d{4})$ # captures last 4 digits         /x) {         return "$1$2$3$4" if defined($1);         return "$2$3$4";     }     # rest of world regular expression     if ($phone_number =~ /         ^\+?\s? # optional + on front with optional space         ((?:[0-9]\s?){6,14} # between 6 and 14 groups of digits seperated by spaces or not         [0-9])$ # end with a digit         /x) {         # trim spaces         my $return = $1;         $return =~ s/\s+//g;         return $return;     }     return; } to sub validate_phone_number {     my ($phone_number) = @_;     $phone_number =~ s/\s+//g; # Leerzeichen rausnehmen     $phone_number =~ s/\s-//g; # Minuszeichen rausnehmen     $phone_number =~ s/^\+/00/; # + mit 00 ersetzen     $phone_number =~ s/^0041/0/; # 0041 mit 0 ersetzen     # Schweiz: ^07[5-9]\d{7}$     #Frankreich ^00336(0(7|8)|3[0-2]|54|[6-8]\d{1})\d{6}$     #Oesterreich ^00436(50|6(0|3|4)|7(6|8)|8(0|1|8)|99)\d{7}$     #Deutschland ^00491(5(1|2|5|7|9)|6(0|2|3)|7)\d{8,9}$     #Italien ^00393([2-4]\d{1}|6[0-8]|8\d{1}|9[0-3])\d{7}$     #England ^00447(4|5|[7-9]|7624)\d{6,8}$     if ($phone_number =~ /^07[5-9]\d{7}$|^00336(0(7|8)|3[0-2]|54|[6-8]\d{1})\d{6}$|^00491(5(1|2|5|7|9)|6(0|2|3)|7)\d{8,9}$|^00393([2-4]\d{1}|6[0-8]|8\d{1}|9[0-3])\d{7}$|^00447(4|5|[7-9]|7624)\d{6,8}$/) {         return $phone_number;     }     return; } if I sign up with the number +49... the system sending sms to 0049.... On Packetfence 4.2 who i do the same if not send to 0049.... it sends to 49... Thanks for help Best Regards Sisu
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1811	[PacketFence] configuration	major	always	2014-06-13 15:14	2014-06-13 15:14
Reporter:	lmunro	Platform:	All
Assigned To:		OS:	All
Priority:	normal	OS Version:	All
Status:	new	Product Version:	4.2.2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	fake_mac_enabled by default
Description:	The configurator always set fake_mac_enabled=enabled when doing VLAN enforcement. This setting should only apply to inline enforcement.
Steps To Reproduce:	Install PF, run the configurator and select VLAN enforcement.
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1810	[PacketFence] web admin	major	always	2014-06-11 10:37	2014-06-11 15:14
Reporter:	pfbug	Platform:	Linux
Assigned To:		OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	resolved	Product Version:	devel
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:	ec3d6588084a5be371120aac4da9f4054357bf7e
fixed in mtn revision:
Summary:	IP Address saved as MAC Address in Switch configuration
Description:	When entering an IP address for a switch, e.g. 192.168.201.101 it is saved as MAC address 19:21:68:20:11:01 which renders the configuration unusable (the switch is not accessed from packetfence). The bug was reproducible with Packetfence 4.2.2 and 4.3.0 (10062014). The same configuration was successful with Packetfence 4.2.0.
Steps To Reproduce:	Add a switch via web interface, enter IP of the switch.
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1809	[PacketFence] core	minor	always	2014-06-10 16:02	2014-06-10 16:03
Reporter:	dwuelfrath	Platform:
Assigned To:	dwuelfrath	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.2.2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.3.0
		Target Version:	4.2.3
fixed in git revision:	b43eb94de55b0e452d8fadb8c233eb1cd3d2ab9d
fixed in mtn revision:
Summary:	allowed_device_types.txt file is not population the dropdown
Description:	On the device registration page, even if we have stuff in the allowed_device_types.txt file, there is no dropdown to select the type of the device.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003557) dwuelfrath    2014-06-10 16:03	Fixed in devel (Will be available in next release) Also available in 4.2 maintenance branch

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1805	[PacketFence] captive portal	minor	have not tried	2014-06-04 11:38	2014-06-10 15:49
Reporter:	francis	Platform:
Assigned To:	dwuelfrath	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.2.2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.3.0
		Target Version:	4.2.3
fixed in git revision:	d1794798429942203277dd6ba41fbecf6adcc807
fixed in mtn revision:
Summary:	Device Registration: unreg date/access duration not used
Description:	When registering a device (aka gaming registration), neither the unreg date nor the access duration of the user is used.
Steps To Reproduce:
Additional Information:	https://github.com/inverse-inc/packetfence/blob/stable/html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm#L128 [^]
Attached Files:

Notes
(0003556) dwuelfrath    2014-06-10 15:46	Fixed in devel as of now Available in 4.2 maintenance branch too.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1807	[PacketFence] captive portal	minor	sometimes	2014-06-05 15:35	2014-06-05 15:35
Reporter:	jwesleyb	Platform:	LINUX
Assigned To:		OS:	CENT OS
Priority:	normal	OS Version:	6.3
Status:	new	Product Version:	4.2.2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	error registering device
Description:	Hi, i'm with the following problem. When I log on the network, packetfence registers the wrong mac address. Example: 00:00: BC: 62:00:0 A With the correct MAC address: BF: F8: 48:0 D: 45: FA How do I fix this error? Thank you!
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1804	[PacketFence] web admin	feature	have not tried	2014-06-03 09:51	2014-06-03 09:51
Reporter:	francis	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.2.2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Allow to reorder SMS carriers
Description:	When defining a SMS authentication source, it would useful to easily reorder the list of carriers.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1603	[PacketFence] configuration	tweak	always	2012-11-13 09:37	2014-06-03 03:17
Reporter:	maikel	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	3.6.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Bandwith violations edit doesnt reload pfmon
Description:	When altering violations, in special as tested the bandwidth violations. These violations will not reload pfmon. Pfmon still listens to the old violations.conf. After restart of packetfence, the new violation rules are loaded and it works perfect. This minor tweak would be nice
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1267	[PacketFence] captive portal	trivial	random	2011-09-14 16:31	2014-06-02 08:15
Reporter:	obilodeau	Platform:
Assigned To:	fdurand	OS:
Priority:	high	OS Version:
Status:	resolved	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	general
fixed in git revision:
fixed in mtn revision:
Summary:	add template toolkit error reporting on all ->process calls
Description:	Just like I did here at revno: 49438888fdbade2110cb70324e34381245c1bf25 --- pf/lib/pf/web/guest.pm 0a9d7807c131a50376d474012b92a1a629d5e85c +++ pf/lib/pf/web/guest.pm 44fa683d2c052e22eac0e0f12b25250469c5a1e3 @@ -228,7 +228,7 @@ sub generate_registration_page { #} my $template = Template->new({ INCLUDE_PATH => [$CAPTIVE_PORTAL{'TEMPLATE_DIR'}], }); - $template->process($pf::web::guest::REGISTRATION_TEMPLATE, $vars); + $template->process($pf::web::guest::REGISTRATION_TEMPLATE, $vars) || $logger->error($template->error()); exit; } It helped out identify a nasty bug. It should be done by default on all the $template->process() calls.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0002696) obilodeau    2012-05-03 13:45	Something good to learn for you fdurand.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1786	[PacketFence] upgrade	minor	always	2014-04-05 11:52	2014-06-02 08:15
Reporter:	huxiufei	Platform:	VMware
Assigned To:	fdurand	OS:	RHEL i386
Priority:	normal	OS Version:	6.4
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	software installation error
Description:	i followed "PacketFence_Administration_Guide-4.1.0" guild to install the packetfence. At the last step, when i execute the command "yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete" there are some errors occur: --> Finished Dependency Resolution Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: dhcp Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: perl(Net::DNS::Nameserver) = 749 Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: ipset Error: Package: perl-HTML-Tidy-1.08-5.el6.i686 (epel)            Requires: libtidy-0.99.so.0 Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: rrdtool Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: memcached Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: perl-rrdtool Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(Image::Magick) Error: Package: perl-Email-Valid-0.184-1.of.el6.noarch (of)            Requires: perl(Net::DNS) Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(GD) Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: perl(Net::DNS) = 0.65-4  You could try using --skip-broken to work around the problem  You could try running: rpm -Va --nofiles --nodigest Could you tell me how to deal with this? Thanks!
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003525) huxiufei    2014-04-06 05:21	i have found there are 23 steps to install the PL on RHEL 6.4, but when i come to step 2,  'yum install perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite' it shows: no packet aviliable: Loaded plugins: product-id, refresh-packagekit, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Setting up Install Process No package perl-Net-Telnet available. No package perl-XML-Simple available. No package perl-SOAP-Lite available. Error: Nothing to do what's wrong with this?
(0003526) huxiufei    2014-04-06 15:52	i have loaded the rpm packet manaully, and almost of the errors are solved. but there is still an error i can solve, can anybody help me? Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(Image::Magick)  You could try using --skip-broken to work around the problem  You could try running: rpm -Va --nofiles --nodigest
(0003527) huxiufei    2014-04-07 04:52	i have loaded the rpm packet manaully, and almost of the errors are solved. but there is still an error i can't solve, can anybody help me? Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(Image::Magick)  You could try using --skip-broken to work around the problem  You could try running: rpm -Va --nofiles --nodigest
(0003528) huxiufei    2014-04-08 05:28	Anyone can help me?
(0003550) fdurand    2014-06-02 08:15	It has been written in the doc: https://github.com/inverse-inc/packetfence/blob/stable/docs/PacketFence_Administration_Guide.asciidoc#rhel-6x [^]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1798	[PacketFence] captive portal	minor	have not tried	2014-05-25 08:07	2014-06-02 08:10
Reporter:	hbongers	Platform:	Linux
Assigned To:	fdurand	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	resolved	Product Version:	4.2.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Captive Portal Exception in version 4.2.1
Description:	The Captive Portal Exception as reported in issue 0001794 still exists in 4.2.1 after upgrading from 4.1 in an inline setup
Steps To Reproduce:	Upgrade from 4.1 to 4.2.1 in an inline setup. Open captive portal
Additional Information:
System Description
Attached Files:	captiveportal on Catalyst 5_90011.htm (16,922) 2014-05-27 06:01 https://www.packetfence.org/bugs/file_download.php?file_id=209&type=bug

Notes
(0003543) hbongers    2014-05-27 06:03	The error in 0001794 is not completely the same. The error I'm getting is: Caught exception in captiveportal::View::HTML->process "Can't use string ("0") as a HASH ref while "strict refs" in use at /usr/local/pf/lib/pf/Portal/ProfileFactory.pm line 52." I've attached the complete html error page.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1802	[PacketFence] hardware modules	feature	have not tried	2014-05-31 20:38	2014-06-02 08:08
Reporter:	jsuddarth	Platform:	TPLink
Assigned To:		OS:	OpenWRT firmware
Priority:	high	OS Version:	any
Status:	new	Product Version:	4.2.2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Add TPLink Access Point hardware/firmware support
Description:	Add support for TPLink AP's (running OpenWRT firmware) for ease of integration and low-cost option for medium-large scale deployments. The customizability and features that come with OpenWRT make this a great option for hobbyists and people who want to deploy a solution on a budget.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003548) fdurand    2014-06-02 08:08	Did you try hostapd module and this http://www.packetfence.org/news/2013/article/packetfence-now-supports-hostapd.html [^] ? Regards Fabrice

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1800	[PacketFence] captive portal	minor	always	2014-05-28 09:10	2014-06-02 08:07
Reporter:	jwesleyb	Platform:	64bits
Assigned To:	fdurand	OS:	CentOS
Priority:	normal	OS Version:	6.5
Status:	resolved	Product Version:	4.2.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Packetfence does not redirect to register
Description:	Hi, I'm having trouble with my PF because it is not redirecting to the captive portal. I have a network in inline mode with two interfaces (eth0 - inline / eth1 - management)
Steps To Reproduce:
Additional Information:	#vim /usr/local/pf/conf/pf.conf [general] domain=localhost hostname = localhost dnsservers = 10.1.1.1 dhcpservers = 10.1.1.1 [alerting] emailaddr=j.wesley7@yahoo.com.br [database] pass=mypass [captive_portal] secure_redirect=disabled [interface eth0] enforcement=inline type=internal ip=192.168.1.1 mask=255.255.255.0 [interface eth1] ip=10.1.1.58 gateway=10.1.1.1 type=management mask=255.255.255.0 #vim /usr/local/pf/conf/networks.conf [192.168.1.0] netmask=255.255.255.0 gateway=192.168.1.1 next_hop= domain-name=inline.localdomain dns=8.8.8.8 dhcp_start=192.168.1.10 dhcp_end=192.168.1.120 dhcp_default_lease_time=300 dhcp_max_lease_time=600 type=inline named=disabled dhcpd=enabled #vim /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.1 NETMASK=255.255.255.0 VLAN=yes #vim /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=dhcp NETWORK=10.1.1.0 ONBOOT=yes TYPE=Ethernet
System Description
Attached Files:

Notes
(0003544) jwesleyb    2014-05-29 13:51	I managed to solve, thank you!

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1801	[PacketFence] captive portal	minor	have not tried	2014-05-30 08:14	2014-06-01 16:22
Reporter:	sisu	Platform:	All
Assigned To:	fdurand	OS:	Ubuntu
Priority:	normal	OS Version:	12.4.4 LTS
Status:	resolved	Product Version:	4.2.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.2
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Packetfence captive portal not function correct Product Version 4.2.2
Description:	With the new Packetfence release 4.2.2 I get the following error message (See Upload File) on Captive Portal landing page
Steps To Reproduce:
Additional Information:
System Description
Attached Files:	Unbenannt.PNG (31,102) 2014-05-30 08:14 https://www.packetfence.org/bugs/file_download.php?file_id=211&type=bug Error.txt (7,291) 2014-05-30 08:40 https://www.packetfence.org/bugs/file_download.php?file_id=212&type=bug

Notes
(0003545) fdurand    2014-05-30 11:44	Hi Sisu, i am be able to reproduce this error. It´s a catalyst issue and you have to install libcatalyst-perl 5.90015-1. Update /etc/apt/sources.list.d/PacketFence.list like that #deb http://inverse.ca/downloads/PacketFence/debian [^] precise precise deb http://inverse.ca/downloads/PacketFence/debian-devel [^] precise precise and apt-get update apt-get install libcatalyst-perl bin/pfcmd configreload hard and restart packetfence. Let me know if it works for you. Regards Fabrice
(0003546) sisu    2014-05-31 06:05	Thank you very much! it works! Best Reagrds Sisu
(0003547) fdurand    2014-06-01 16:22	Packaging fixed (Catalyst version)

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1700	[PacketFence] security	minor	always	2013-08-23 05:20	2014-05-29 11:45
Reporter:	olive35	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Mysql password and user passwords
Description:	Hi, Here is my problem ... I see all password in clear text on my server. In PF configuration : /usr/local/pf/conf/pf.conf We can find the password of the MySQL database (ie pass=p@...). I connect to the DB with this password. Now i can see all the tables used in PF. And i can see all user passwords in table 'temporary_password'. Next i try to change the admin password in the DB and it works ! This is a security issue ? How to remedy this problem and replace passwords by hashes ? Regards, Olive PS : I already talk about this issue on the user mailing list
Steps To Reproduce:
Additional Information:	Here commands i used (non root) : * grep -E '(pass(word)?=).*' -nR --color /usr/local/pf/conf/ mysql -u pf -pp@... pf SHOW TABLES; SELECT * from temporary_password; UPDATE temporary_password SET password='123456' WHERE pid='admin';* and connect to the admin web interface.
Attached Files:	1.html (410) 2014-05-29 11:45 https://www.packetfence.org/bugs/file_download.php?file_id=210&type=bug

Notes
(0003428) olive35    2013-08-23 05:24	http://sourceforge.net/mailarchive/forum.php?thread_name=D60720A8-6946-416F-8A16-BEA039DC82CD%40inverse.ca&forum_name=packetfence-users [^]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1799	[PacketFence] web admin	minor	have not tried	2014-05-26 17:20	2014-05-26 17:20
Reporter:	lpelet	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.2.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	bulk removing nodes/users
Description:	that could be great if we can remove nodes or users by bulk
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1794	[PacketFence] captive portal	minor	always	2014-05-08 11:15	2014-05-25 22:13
Reporter:	shikasensei	Platform:	Linux
Assigned To:	jrouzier	OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	resolved	Product Version:	4.2.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.1
		Target Version:
fixed in git revision:	e10dfba5d840460df5858eb0ece4ee4cfc66e9f8
fixed in mtn revision:
Summary:	caught exeption on node registaration page, captive portal
Description:	When I want to register an a new device through captive portal I get a node registration page with messages (I provided them in Additional Information field) above normal page content (login/pass fields and etc.). Also after login attempt I get page, which is attached to the report.
Steps To Reproduce:
Additional Information:	Caught exception in captiveportal::Controller::Root->setupCommonStash "Undefined subroutine &captiveportal::PacketFence::Model::Portal::Session::enabled called at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm line 138." Caught exception in captiveportal::Controller::Root->getLanguages "Undefined subroutine &captiveportal::PacketFence::Model::Portal::Session::enabled called at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm line 138." Caught exception in captiveportal::Controller::Root->setupLanguage "Can't use string ("0") as an ARRAY ref while "strict refs" in use at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm line 111."
System Description
Attached Files:	captiveportal on Catalyst 5.90015.html (20,687) 2014-05-08 11:15 https://www.packetfence.org/bugs/file_download.php?file_id=208&type=bug

Notes
(0003540) fdurand    2014-05-08 11:36	Hello, can you run addons/pf-maint.pl, a patch has been made. https://github.com/inverse-inc/packetfence/commit/decae56b420a275006e73a067f5c1c9c92534bdc [^] Regards Fabrice

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1793	[PacketFence] web admin	minor	always	2014-05-07 23:30	2014-05-15 23:06
Reporter:	shikasensei	Platform:	Linux
Assigned To:	fdurand	OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	resolved	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.1
		Target Version:
fixed in git revision:	d335f587db373e4cc63d3711cffd47d3f6fb419d
fixed in mtn revision:
Summary:	web admin interface doesn't start after install
Description:	After install Packetfence admin web interface doesn't start.So I can't get access to configurator. Few days before all worked well.
Steps To Reproduce:
Additional Information:	* Please fire up your Web browser and go to https://@ip_packetfence:1443/configurator [^] to complete your PacketFence configuration. * Please stop your iptables service if you don't have access to configurator. service|command memcached|start httpd.admin|not started Checking configuration sanity... FATAL - please define exactly one management interface FATAL - internal network(s) not defined! FATAL - Unable to connect to your database. Please verify your connection settings in conf/pf.conf and make sure that it is started. FATAL - networks.conf cannot be empty when services.dhcpd is enabled WARNING - We have been unable to load your configuration. Are you sure you ran configurator ?   If needed here is httpd.admin.log May 08 08:58:52 httpd.admin(5018) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup) May 08 08:58:52 httpd.admin(5018) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before) May 08 09:01:21 httpd.admin(5224) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup) May 08 09:01:21 httpd.admin(5224) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before) May 08 09:09:09 httpd.admin(5434) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup) May 08 09:09:09 httpd.admin(5434) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before)
System Description
Attached Files:

Notes
(0003538) fdurand    2014-05-08 07:53	Hello, Are you using debian wheezy ? If it´s the case then remove libdata-alias-perl package. Fabrice
(0003539) shikasensei    2014-05-08 10:00	Thanks, this solved the issue.
(0003541) fdurand    2014-05-08 15:54	Fixed in devel

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1797	[PacketFence] configuration	minor	have not tried	2014-05-14 16:12	2014-05-14 16:15
Reporter:	lpelet	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.2.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Renaming portal profile won't move files.
Description:	When we rename a portal profile in admin GUI, it does not move the files. we should make the field for the name of the portal profile unwritable. And log a message when we don't find the file in the portal profile and we fall-back to the default file.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1796	[PacketFence] security	minor	always	2014-05-12 06:00	2014-05-12 08:19
Reporter:	jochen	Platform:	Linux
Assigned To:	jrouzier	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	assigned	Product Version:	4.2.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	4.2.1
fixed in git revision:
fixed in mtn revision:
Summary:	snort not started
Description:	Snort is no longer started by packetfence. Reverting this change in pf/services/manager/roles/pf_conf_trapping_engine.pm fixed the issue for me: # return $monitor_int && isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $self->name && $self->$orig(@_) ? 1 : 0;     return $monitor_int && isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $self->name;
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1795	[PacketFence] upgrade	minor	always	2014-05-12 05:12	2014-05-12 06:33
Reporter:	jochen	Platform:	Linux
Assigned To:	francis	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	resolved	Product Version:	4.2.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.1
		Target Version:
fixed in git revision:	4695a0b37d6ce49e5594f4edc4739eebfef33497
fixed in mtn revision:
Summary:	SQL Upgrade fails due to extra dashes in SQL script
Description:	db/upgrade-4.1.0-4.2.0.sql has some extra dashes causing syntax errors in the SQL script FIX: s/---/--/g
Steps To Reproduce:	Run upgrade script
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1776	[PacketFence] web admin	minor	have not tried	2014-03-14 14:03	2014-05-08 06:31
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.0
		Target Version:	4.2.0
fixed in git revision:	40136b458f756920b81a353948a60fb1220d21c8
fixed in mtn revision:
Summary:	Default value of Access duration choices
Description:	Under "Admin registration" of the configuration page, the default value of the access duration choices should *not* be displayed as a placeholder since it becomes painful to modify it.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1789	[PacketFence] radius	minor	always	2014-04-28 18:26	2014-05-07 08:30
Reporter:	victor	Platform:	All
Assigned To:	fdurand	OS:	All
Priority:	normal	OS Version:	All
Status:	resolved	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Unable extract SSID on Cisco 1142
Description:	Cisco 1142 apparently sends multiple Cisco-AVPair records back to the radius server and trips over extractSsid sub. tail -f logs/packetfence.log Apr 28 08:13:46 pf::WebAPI(4307) INFO: Unable to extract SSID of Cisco-AVPair: ARRAY(0xbaf6fcc8) (pf::SNMP::Cisco::Aironet::extractSsid) Output from /usr/sbin/radiusd -X -d /usr/local/pf/raddb/         Cisco-AVPair = "ssid=TEST"         Service-Type = Login-User         Cisco-AVPair = "service-type=Login" As a quick workaround I changed $radius_request->{'Cisco-AVPair'} into $radius_request->{'Cisco-AVPair'}[0] but a permanent fix should be better than that.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:	extractSsid.patch (978) 2014-05-05 14:49 https://www.packetfence.org/bugs/file_download.php?file_id=207&type=bug

Notes
(0003532) victor    2014-05-05 14:42	Take a look at the patch below. extractSsid should be able to go through multiple Cisco-AVPair records to find the ssid. --- packetfence-4.1.0/lib/pf/SNMP/Cisco/Aironet.pm 2013-12-11 12:40:14.000000000 -0700 +++ ../lib/pf/SNMP/Cisco/Aironet.pm 2014-05-05 06:27:44.115673527 -0600 @@ -203,11 +203,14 @@      my $logger = Log::Log4perl::get_logger(ref($this));      if (defined($radius_request->{'Cisco-AVPair'})) { - - if ($radius_request->{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = "ssid=PacketFence-Secure" - return $1; - } else { - $logger->info("Unable to extract SSID of Cisco-AVPair: ".$radius_request->{'Cisco-AVPair'}); + foreach my $ciscoAVPair (@{$radius_request->{'Cisco-AVPair'}}) { + $logger->trace("Cisco-AVPair: ".$ciscoAVPair); + + if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = "ssid=PacketFence-Secure" + return $1; + } else { + $logger->info("Unable to extract SSID of Cisco-AVPair: ".$ciscoAVPair); + }          }      }
(0003533) victor    2014-05-05 14:49	Copy-paste seems to wrecked formatting. The patch file is attached.
(0003535) fdurand    2014-05-06 08:18	Hello Victor, your patch has been included in the devel version so it will be available for the incoming 4.2 version. https://github.com/inverse-inc/packetfence/commit/60a7e01bd0d20d0873e253b018ec19f260eeceab [^] Fabrice
(0003537) fdurand    2014-05-07 08:30	Available in pf 4.2 release

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1758	[PacketFence] core	minor	always	2014-01-15 12:06	2014-05-07 08:30
Reporter:	jochen	Platform:	Linux
Assigned To:	fdurand	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	perl-Moose-2.1200-1.of.el6 complains Class::MOP::load_class is deprecated at /usr/lib64/perl5/vendor_perl/Class/MOP.pm line 76.
Description:	Many components of packentfence complain about deprecated Class::MOP::load_class as soon as perl-Moose-2.1200-1.of.el6.x86_64.rpm is installed. Older version perl-Moose-2.1005-1.of.el6.x86_64.rpm works OK.
Steps To Reproduce:	Install perl-Moose-2.1005-1.of.el6.x86_64.rpm Execute /usr/local/pf/bin/pfcmd service pf watch
Additional Information:
System Description
Attached Files:

Notes
(0003534) fdurand    2014-05-06 07:54	Hello, it´s why we defined this in the spec file: https://github.com/inverse-inc/packetfence/blob/devel/addons/packages/packetfence.spec#L226 [^] Fabrice
(0003536) fdurand    2014-05-07 08:30	In pf 4.2 we use only packetfence repo with the correct perl lib so you will never meet this issue again.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1790	[PacketFence] web admin	feature	have not tried	2014-05-01 10:43	2014-05-01 12:33
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.0
		Target Version:
fixed in git revision:	207ea2a94c1fbf9ec26ce76c8ffdb9c0e9cd4d95
fixed in mtn revision:
Summary:	Nodes - search by OS
Description:	The simple and advanced search form should allow to search nodes by OS (DHCP).
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1792	[PacketFence] web admin	minor	have not tried	2014-05-01 11:57	2014-05-01 11:58
Reporter:	francis	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Export search results to CSV
Description:	The results of a simple or advanced search on the Nodes or Users page should be exportable as a CSV file.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1791	[PacketFence] web admin	feature	have not tried	2014-05-01 11:48	2014-05-01 11:48
Reporter:	francis	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Searches: customizable number of results per page
Description:	We should allow the user to change the number of results per page, at least on the Nodes and Users pages.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1780	[PacketFence] web admin	minor	always	2014-03-27 15:52	2014-04-24 12:21
Reporter:	lzammit	Platform:	All
Assigned To:	francis	OS:	All
Priority:	normal	OS Version:	All
Status:	resolved	Product Version:	4.1.1
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.0
		Target Version:
fixed in git revision:	99acc5e52d13a1f45c123136cb079221ab35b1ef
fixed in mtn revision:
Summary:	does not direct after a second authentication on the web admin
Description:	if you are on the node page like /admin/nodes and you will need to be authenticate again, after a successful authentication you will be redirected to /configuration and not /admin/nodes
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1210	[PacketFence] error-handling	minor	always	2011-04-21 08:42	2014-04-24 11:58
Reporter:	jamest	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	confirmed	Product Version:	2.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	3.6.1
fixed in git revision:
fixed in mtn revision:
Summary:	Can't add/edit person with pfcmd if firstname or lastname have spaces in them
Description:	If you try and add a person with pfcmd person add pid and have an assignment of firstname or surname with the add, this will fail with grammar test failed if the name has a space in it. The same thing happens with edit. There's nothing I could see in the admin guide saying that names with spaces in are invalid, they can be added directly into the database with no apparent ill effect. I would suggest that either pfcmd is fixed to allow these names (as people do have them in real life), or the restriction is documented and pfcmd gives a more meaningful error message.
Steps To Reproduce:
Additional Information:	Some example output: ./pfcmd person add test5 firstname="space in the middle" Command not understood. (pfcmd grammar test failed at line 223.) Usage: pfcmd person <add|view|edit|delete> pid [assignments] manipulate person entries examples:   pfcmd person view all   pfcmd person add bjenkins notes="Bob Jenkins"   pfcmd person delete bjenkins ./pfcmd person add test5 surname="space in the middle" Command not understood. (pfcmd grammar test failed at line 223.) Usage: pfcmd person <add|view|edit|delete> pid [assignments] manipulate person entries examples:   pfcmd person view all   pfcmd person add bjenkins notes="Bob Jenkins"   pfcmd person delete bjenkins ./pfcmd person add test5 firstname="underscore_in_the_middle"
Attached Files:

Notes
(0003000) obilodeau    2012-08-31 10:34	This should be fixed now. I'll try to reproduce later in the lab and let you know.
(0003002) obilodeau    2012-08-31 10:48	In stable this isn't fixed now but 0001523 should fix it. Let me check that.
(0003003) obilodeau    2012-08-31 10:58	No it's not :(
(0003007) obilodeau    2012-08-31 15:13	Debugging the parser, I don't really understand what's going on here.. I was able to make it work with: pfcmd 'person add bjenkins notes="Bob Jenkins"' I'll have to compare the parser debug results but this implies that it works from the Web Admin since it always single quotes all arguments together.
(0003175) fgaudreault    2012-10-19 13:48	Need to see if it's fixed or not.
(0003237) fgaudreault    2012-10-24 10:04	Still an issue. Tested on 3.6.0-devel. [root@pf-3-centos6 pf]# ./bin/pfcmd person add test5 firstname="space in the middle" Command not understood. (pfcmd grammar test failed at line 210.) Usage: pfcmd person <add|view|edit|delete> pid [assignments]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1775	[PacketFence] configuration	block	always	2014-03-13 10:08	2014-04-17 14:07
Reporter:	DanCreed	Platform:	Latest Packetfence Zen
Assigned To:	dwuelfrath	OS:	N/A
Priority:	urgent	OS Version:	N/A
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.2.0
		Target Version:	4.2.0
fixed in git revision:	90cc0a1796a84fce5155284b49129bdc87efe3ff
fixed in mtn revision:
Summary:	Thread 1 terminated abnormally: Undefined subroutine &pf::SNMP::Cisco::Catalyst_2960::handleReAssignVlanTrapForWiredMacAuth call
Description:	Won't change VLAN's with PacketFence Zen (latest version) Thread 1 terminated abnormally: Undefined subroutine &pf::SNMP::Cisco::Catalyst_2960::handleReAssignVlanTrapForWiredMacAuth called at /usr/local/pf/sbin/pfsetvlan line 1618 (switch is a Cisco 3750)
Steps To Reproduce:	Problem changing VLAN's for any switch using the Catalyst_2960.pm as a base.
Additional Information:
System Description
Attached Files:	1775-temp_patch.diff (1,201) 2014-03-14 11:10 https://www.packetfence.org/bugs/file_download.php?file_id=205&type=bug

Notes
(0003520) dwuelfrath    2014-03-14 09:42	Confirmed. Will provide a "patch" for the moment to make it work but need some investigation on why it is happening.
(0003521) dwuelfrath    2014-03-14 11:11	Please view attached file. Like I mentioned, this is a temp patch and code should be reviewed to fix the issue. But for the moment, that should allow you to work your way out. Cheers
(0003529) dwuelfrath    2014-04-17 14:06	Will be fixed in 4.2

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1787	[PacketFence] configuration	minor	always	2014-04-16 14:23	2014-04-16 16:08
Reporter:	lpelet	Platform:	Linux
Assigned To:	dwuelfrath	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	assigned	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	configurator breaks system network configuration
Description:	NETWORKING=yes HOSTNAME=pf.localdomain GATEWAY=172.21.2.1 instead of NETWORKING=yes HOSTNAME=pf.localdomain GATEWAY=172.21.2.1
Steps To Reproduce:	if your gateway is set in /etc/sysconfig/network-scripts/ifcfg-ethx PacketFence configurator will rearrange your system network configuration
Additional Information:	maybe we should keep the gateway in the /etc/sysconfig/network-scripts/ifcfg-ethx, if it has been already manually configured.
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1785	[PacketFence] core	major	always	2014-04-04 08:04	2014-04-04 08:04
Reporter:	canepan	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	When database is stoped, pfmon ends in an inconsistent state
Description:	To perform backup, we stop the database of PacketFence every night. If pfmon tries to access the DB during the backup, it logs: Apr 02 18:00:23 pfmon(0) INFO: running expire check (main::cleanup) Apr 02 18:00:23 pfmon(0) INFO: checking registered nodes for expiration (main::cleanup) Apr 02 18:00:23 pfmon(0) WARN: database query failed with: MySQL server has gone away. (errno: 2006), will try again (pf::db::db_query_execute) Apr 02 18:00:23 pfmon(0) FATAL: unable to connect to database: Can't connect to MySQL server on '127.0.0.1' (111) at /usr/local/pf/lib/pf/node.pm line 888.  (pf::db::db_connect) Apr 02 18:00:23 pfmon(0) ERROR: Error restarting pfmon: unable to connect to database: Can't connect to MySQL server on '127.0.0.1' (111) at /usr/local/pf/lib/pf/node.pm line 888.  (main::cleanup) Also, pfmon results running with "ps", but "pfcmd service pfmon status" doesn't agree: /usr/local/pf # ./bin/pfcmd service pfmon status service|shouldBeStarted|pid pfmon|1|0 so it's not possible to restart it without doing kill to the running process. Nodes expired after this happening are not requested login again (they are registered forever), and so they do not expire
Steps To Reproduce:	1) start PacketFence 2) stop database 3) wait a minute
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1688	[PacketFence] captive portal	minor	always	2013-08-14 12:17	2014-04-03 14:01
Reporter:	KimHagen	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Captive portal access to common/network-access-detection.gif use lan ip.
Description:	In the Captive portal option to enter an ip for access to common/network-access-detection.gif it states that you can use your LAN ip here. This is however fire-walled (in inline mode).
Steps To Reproduce:
Additional Information:	I made a patch to iptables.pm so it works. is it safe to put this patch? --- /usr/src/iptables.pm 2013-08-14 18:01:53.000000000 +0200 +++ /usr/local/pf/lib/pf/iptables.pm 2013-08-14 18:02:26.256478576 +0200 @@ -187,6 +187,7 @@              $rules .= "-A INPUT --in-interface $dev -d $ip --jump $FW_FILTER_INPUT_INT_INLINE\n";              $rules .= "-A INPUT --in-interface $dev -d 255.255.255.255 --jump $FW_FILTER_INPUT_INT_INLINE\n";              $rules .= "-A INPUT --in-interface $dev -d $mgmt_ip --protocol tcp --match tcp --dport 443 --jump ACCEPT\n"; + $rules .= "-A INPUT --in-interface $dev -d $mgmt_ip --protocol tcp --match tcp --dport 80 --jump ACCEPT\n";              $rules .= "-A FORWARD --in-interface $dev --jump $FW_FILTER_FORWARD_INT_INLINE\n";            # nothing? something is wrong regards, Kim
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1784	[PacketFence] guests	minor	have not tried	2014-04-03 10:29	2014-04-03 10:30
Reporter:	francis	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Extend list of email-to-SMS gateways
Description:	We are missing a lot of carriers from Europe. We must find a reliable source. Current list comes from http://gitorious.org/statusnet/mainline/blobs/raw/master/db/sms_carrier.sql [^]
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1783	[PacketFence] dhcp	minor	have not tried	2014-04-02 18:37	2014-04-02 23:07
Reporter:	lpelet	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	dhcpd no lease free
Description:	I had a mask mismatching between the centos configuration and the pf.conf and the network. it could be interesting to have a error message telling us there is a mismatch. thanks
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003524) francis    2014-04-02 23:07	Please provide an example. Thanks :)

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1782	[PacketFence] web admin	minor	always	2014-04-02 15:39	2014-04-02 17:16
Reporter:	bclaiborne	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	feedback	Product Version:	4.1.0
Product Build:		Resolution:	reopened
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	7fa605f91765e9bdf7371dd87a3e07851219b19a
fixed in mtn revision:
Summary:	IP address column not populating
Description:	The IP address column on the 'Nodes' tab of Web Admin does not show an IP address for some nodes.
Steps To Reproduce:
Additional Information:	It looks like nodes with an end date, even when the end date is a future date, do not show the IP address of that node in the IP Address column. Therefore, nodes cannot be sorted effectively by IP address.
Attached Files:

Notes
(0003522) francis    2014-04-02 15:41	Already fixed earlier today. https://github.com/inverse-inc/packetfence/commit/7fa605f91765e9bdf7371dd87a3e07851219b19a [^] https://github.com/inverse-inc/packetfence/commit/d3d977f2a824d767f0e9e39564a22a786b907702 [^]
(0003523) bclaiborne    2014-04-02 17:16	Made the edits posted in the notes. IP addresses do display but results that should show multiple pages do not show beyond the first page.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1781	[PacketFence] core	minor	have not tried	2014-04-01 16:01	2014-04-01 16:02
Reporter:	dwuelfrath	Platform:
Assigned To:	dwuelfrath	OS:
Priority:	normal	OS Version:
Status:	assigned	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Wrong workflow when trapping.registration is disabled
Description:	- Evaluation on whether registration feature is enabled or not (trapping.registration in pf.conf) is made in getRegistrationVlan and that is kind of wrong. That evaluation should be done (at this point) in fetchVlanForNode rather than going in getRegistrationVlan and exiting saying "we do not use registration" and then going in getNormalVlan. - When we are not using registration feature (trapping.registration in pf.conf) and a new node is connecting on the network, no category/role is being assigned to that node so getNormalVlan is unable to successfully assign a VLAN based on that "no role".
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1779	[PacketFence] core	major	always	2014-03-26 07:00	2014-03-26 08:56
Reporter:	lpelet	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	5a788205a47ee54116eca01eeb8c06971647ad8c
fixed in mtn revision:
Summary:	pfmon unable to do maintenance if mac is without delimiter
Description:	If you are using network equipment like HP controller that sends to PacketFence a mac formatted without delimiter like d20019e59060. Pfmon by pfcmd will be unable to process the mac address and it will be unable to do the maintenance (unregistration) on it. It's fixed in commit 5a788205a47ee54116eca01eeb8c06971647ad8c, by adding a simple clean_mac before sending the mac address to Pfmon.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1772	[PacketFence] addons	minor	always	2014-03-03 14:41	2014-03-20 21:13
Reporter:	mrobbert	Platform:	All
Assigned To:	francis	OS:	All
Priority:	normal	OS Version:	All
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	8255430c40643b8f059f01c37f8acc00063c6db5
fixed in mtn revision:
Summary:	logrotate doesn't properly rotate logs due to syntax error
Description:	There is a duplicate file entry in the packetfence logrotate configuration file that is apparently causing it to not read the rest of the file, therefore it doesn't do the copytruncate. The logs get moved instead of copied and since there is no restart they continue to log to the old log files. I have sent a pull request (0000125) on Github with a fix.
Steps To Reproduce:	1. run logrotate 2. Observe that logs are getting written to old log files or use lsof/fuser to see that running processes still have old files open.
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1665	[PacketFence] web admin	feature	always	2013-07-09 20:46	2014-03-20 21:08
Reporter:	Xen0Phage	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.1
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	No way to add a node via the GUI
Description:	With our current NAC system we can manually add new devices via the GUI. We're able to add the MAC of the device, the role it should be in, and a description. The description is incredibly useful for identifying devices quickly.     This doesn't appear to be possible in PF 4.0.1, though there is the CLI method for adding a node, albeit without a description.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003519) Xen0Phage    2014-03-12 14:37	This was fixed in 4.1 and can probably be closed now.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1778	[PacketFence] security	major	always	2014-03-20 12:25	2014-03-20 21:07
Reporter:	lpelet	Platform:	All
Assigned To:	francis	OS:	All
Priority:	high	OS Version:	All
Status:	resolved	Product Version:	4.0.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	27bd6016b8a13638b2c6c06061f4ad4ecf9588c1
fixed in mtn revision:
Summary:	admin user gain role default
Description:	In the database schema >= 4.0.0, we define the user admin with the category = 1. It lets the user admin to gain the role default if authenticated on the captive portal. Verify that your admin password is strong else users can guess it and register devices with role default. If you don't use the user admin on the captive portal, remove this capability on the user tab in users properties for admin.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1777	[PacketFence] web admin	feature	N/A	2014-03-14 14:09	2014-03-14 14:09
Reporter:	lpelet	Platform:	All
Assigned To:		OS:	All
Priority:	normal	OS Version:	All
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	verify fingerbank version before share unknow fingerprints
Description:	We should warn the Administrator trying to share unknown fingerprints by saying that the fingerprint database currently installed is outdated and propose him to download the new one.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1774	[PacketFence] core	feature	always	2014-03-12 14:43	2014-03-12 14:43
Reporter:	Xen0Phage	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	CLI should allow multiple formats for node identification
Description:	4.1 added the ability, in the web UI, to use multiple formats to identify a node. For instance, the standard colon notation, dotted notation, dashed notation, etc. The command line version of this (pfcmd lookup) doesn't seem to allow anything other than colon notation.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1773	[PacketFence] i18n	minor	always	2014-03-04 04:48	2014-03-06 09:09
Reporter:	liqiang	Platform:	i386
Assigned To:		OS:	CentOS
Priority:	high	OS Version:	6.5
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Why multi-language translation fails
Description:	I have translated some strings of file that I18N/en.po to Chinese, and change the file type to utf-8. Part Content: ============= "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" ============= AND: ============= # html/pfappserver/root/user/create.tt msgid "Create Users" msgstr "????" # html/pfappserver/root/user/create.tt msgid "Create local users that trigger specific actions." msgstr "????????????" # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm # html/pfappserver/lib/pfappserver/Form/User.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm # html/pfappserver/root/admin/login.tt # html/pfappserver/root/configurator/admin.tt # html/pfappserver/root/configurator/database.tt # html/pfappserver/root/user/list_password.tt # html/pfappserver/root/user/print.tt msgid "Username" msgstr "???" # html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm # html/pfappserver/root/admin/login.tt # html/pfappserver/root/authentication/source/type/AD.tt # html/pfappserver/root/authentication/source/type/LDAP.tt # html/pfappserver/root/configurator/admin.tt # html/pfappserver/root/configurator/database.tt # html/pfappserver/root/user/list_password.tt # html/pfappserver/root/user/print.tt # html/pfappserver/root/user/view.tt msgid "Password" msgstr "??" # html/pfappserver/root/node/create.tt # html/pfappserver/root/user/create.tt msgid "Single" msgstr "??" ============= But after the restart the service, WEB pages is not displayed correctly. COMMAND: /usr/local/pf/bin/pfcmd service httpd.admin restart The WEB page have not button of submit. WHY? thanks,
Steps To Reproduce:
Additional Information:
System Description
Attached Files:	Source Error.jpg (294,000) 2014-03-04 04:48 https://www.packetfence.org/bugs/file_download.php?file_id=202&type=bug WEB Error..jpg (57,185) 2014-03-04 04:48 https://www.packetfence.org/bugs/file_download.php?file_id=203&type=bug en.po (135,304) 2014-03-04 04:50 https://www.packetfence.org/bugs/file_download.php?file_id=204&type=bug

Notes
(0003513) liqiang    2014-03-04 04:51	I have uploaded en.po and some pictures. Please help me, thanks,
(0003515) francis    2014-03-04 08:56    (edited on: 2014-03-04 08:56)	Have you generated the .mo file? We generate those files when we create the packages. See the .spec file: https://github.com/inverse-inc/packetfence/blob/stable/addons/packages/packetfence.spec#L306 [^]
(0003516) liqiang    2014-03-04 20:38	I have not created the *.mo file. I modified the en.po in lib/pfappserver/I18N/en.po. I find not relationship between conf/locale/$TRANSLATION/LC_MESSAGES/packetfence.po and WEB UI of admin. Right? thanks francis.
(0003517) liqiang    2014-03-06 09:09	I have fixed the problem. Because the catalyst encoding is not currect,and URL: http://lists.scsys.co.uk/pipermail/catalyst/2007-August/014822.html [^] http://wiki.catalystframework.org/wiki/tutorialsandhowtos/using_unicode.view#View:_TT_Templates [^] pfaddserver.pm: use Catalyst qw/ -Debug ConfigLoader Unicode::Encoding /; View: TT Templates: __PACKAGE__->config( {     ENCODING => 'utf-8', } ); OK, thanks,
(0003518) liqiang    2014-03-06 09:09	PLEASE close this bug, thanks.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1762	[PacketFence] configuration	major	always	2014-01-25 08:26	2014-03-03 14:54
Reporter:	rishabh0510	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	epel error
Description:	unable to fix this error while installation [root@localhost yum.repos.d]# yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of PacketFence-complete Loaded plugins: fastestmirror, refresh-packagekit, security Loading mirror speeds from cached hostfile Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again help to fix this issue
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003512) mrobbert    2014-03-03 14:54	It looks like your host may be having problems connecting to the internet. Can you try running these commands and send the output: yum --enablerepo=epel clean all yum --enablerepo=epel check-update

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1771	[PacketFence] web admin	feature	always	2014-02-27 14:58	2014-02-27 14:58
Reporter:	Leonel Bonito	Platform:	All
Assigned To:		OS:	All
Priority:	normal	OS Version:	All
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Nodes - Add options to search
Description:	It would be nice if there was an option in the Advanced Search, to search for Status (registered/unregistered) and for Role. Also, when I try to make a search to get all persons, I choose "Person name" / "is not" and leave the next field empty, and nothing returns to me.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1770	[PacketFence] hardware modules	minor	always	2014-02-26 12:58	2014-02-26 12:58
Reporter:	Jean-Noel Martineau	Platform:	HP Procurve 2530-24G
Assigned To:		OS:	All
Priority:	normal	OS Version:	YA.15.12.0007
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	pfsetvlan INFO: ignoring unknown trap
Description:	Hello, a plug/unplug on HP 2530-24G port generate this snmp trap which seem to be ignored by pfsetvlan, debug trace here : Feb 26 18:40:55 pfsetvlan(21) INFO: ignoring unknown trap: 2014-02-26|17:40:52|UDP: [10.200.201.135]:161->[10.50.76.113]|10.200.201.135|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.76 = STRING: I 02/26/14 18:40:54 00076 ports: port 7 is now on-line END VARIABLEBINDINGS (main::parseTrap) Feb 26 18:40:55 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-26|17:40:52|UDP: [10.200.201.135]:161->[10.50.76.113]|10.200.201.135|BEGIN TYPE 3 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7|.1.3.6.1.2.1.2.2.1.7.7 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.7 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.2.7 = STRING: 7|.1.3.6.1.2.1.31.1.1.1.18.7 = STRING: END VARIABLEBINDINGS (main::parseTrap) Can we customize packetfence to accept them ? Thanks. Jean-Noel
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1769	[PacketFence] captive portal	minor	always	2014-02-11 07:31	2014-02-14 11:14
Reporter:	erSitzt	Platform:	Linux
Assigned To:	fdurand	OS:	Ubuntu
Priority:	normal	OS Version:	12.04.3 LTS
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	+1
		Target Version:
fixed in git revision:	https://github.com/inverse-inc/packetfence/commit/57122f4dc4bdf4d73e64335f66519a1f0a889ce2 [^]
fixed in mtn revision:
Summary:	Proxy Interception : 503 Service Unavailable
Description:	I've enabled proxy interception for the default ports 8080 and 3128 and seems to work with regard to the log entries and the url changing to the packetfence fqdn. But instead of the captive portal i get a 503 Service Unavailable Error /etc/hosts has 127.0.0.1 for the fqdn of packetfence
Steps To Reproduce:
Additional Information:
Attached Files:	reverse_reproxy_error_log (681,741) 2014-02-11 07:49 https://www.packetfence.org/bugs/file_download.php?file_id=199&type=bug proxy_error_log (2,432) 2014-02-11 07:49 https://www.packetfence.org/bugs/file_download.php?file_id=200&type=bug

Notes
(0003504) erSitzt    2014-02-11 07:45	Just noticed that there are new logfiles: proxy_error_log: [Mon Feb 10 16:38:56 2014] [warn] proxy: No protocol handler was valid for the URL 127.0.0.1:444. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. I've attached the error-logs as well
(0003505) erSitzt    2014-02-11 07:50	In reverse_reproxy_error_log it looks like packetfence is trying to connect to 127.0.0.1:443 but nobody is listening there... netstat -anp | grep 127.0.0.1 tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1368/mysqld tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1162/memcached tcp 0 0 127.0.0.1:444 0.0.0.0:* LISTEN 23968/apache2 tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN 23931/apache2 tcp 0 0 127.0.0.1:48460 127.0.0.1:11211 ESTABLISHED 24007/pfsetvlan tcp 0 0 127.0.0.1:48448 127.0.0.1:11211 ESTABLISHED 23931/apache2 tcp 0 0 127.0.0.1:11211 127.0.0.1:48450 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:48462 127.0.0.1:11211 ESTABLISHED 24049/pfdhcplistene tcp 0 0 127.0.0.1:11211 127.0.0.1:48463 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:48463 127.0.0.1:11211 ESTABLISHED 24048/pfdhcplistene tcp 0 0 127.0.0.1:48535 127.0.0.1:11211 ESTABLISHED 23918/apache2 tcp 0 0 127.0.0.1:48457 127.0.0.1:11211 ESTABLISHED 23988/pfdns tcp 0 0 127.0.0.1:11211 127.0.0.1:48454 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:11211 127.0.0.1:48480 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:11211 127.0.0.1:48448 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:48450 127.0.0.1:11211 ESTABLISHED 23948/apache2 tcp 0 0 127.0.0.1:48461 127.0.0.1:11211 ESTABLISHED 24050/pfdhcplistene tcp 0 0 127.0.0.1:48444 127.0.0.1:11211 ESTABLISHED 23909/apache2 tcp 0 0 127.0.0.1:48454 127.0.0.1:11211 ESTABLISHED 23968/apache2 tcp 0 0 127.0.0.1:11211 127.0.0.1:48460 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:11211 127.0.0.1:48461 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:11211 127.0.0.1:48536 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:11211 127.0.0.1:48444 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:48536 127.0.0.1:11211 ESTABLISHED 23924/apache2 tcp 0 0 127.0.0.1:11211 127.0.0.1:48457 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:11211 127.0.0.1:48462 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:11211 127.0.0.1:48535 ESTABLISHED 1162/memcached tcp 0 0 127.0.0.1:48480 127.0.0.1:11211 ESTABLISHED 24084/perl udp 0 0 127.0.0.1:18120 0.0.0.0:* 23996/freeradius udp 0 0 127.0.0.1:11211 0.0.0.0:* 1162/memcached udp 0 0 127.0.0.1:161 0.0.0.0:* 1447/snmpd
(0003506) fdurand    2014-02-11 11:47	Hello, i have just tested and in fact you have to change in /etc/hosts file to resolv on the ip address where the portal is listening and not 127.0.0.1. I will change the documentation. Regards Fabrice
(0003507) erSitzt    2014-02-14 04:34	Changed the fqdn in /etc/hosts to the ip of packetfence in the registration network and it works just fine now. Thanks

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1768	[PacketFence] web admin	feature	unable to reproduce	2014-02-11 05:29	2014-02-11 05:29
Reporter:	wvalkering	Platform:	All
Assigned To:		OS:	All
Priority:	normal	OS Version:	All
Status:	new	Product Version:	4.0.5-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Can't delete nodes whilst 'active'
Description:	When you want to delete a user which has a node with an old location log open you can't remove the node and so you can not remove the user. An option to close the location log of a node would be nice so you won't have to close it manually on the server. Would save time and would be more user-friendly.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1750	[PacketFence] captive portal	minor	have not tried	2013-12-03 10:41	2014-02-10 13:39
Reporter:	tech	Platform:	All
Assigned To:		OS:	win
Priority:	high	OS Version:	sevem
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Guest registration page doesn't show any submit button
Description:	V 4.0.6-2 Hello all, i am setting up a guest registration page using Packet fence. However i have what seems to be a common problem, the guest registration page doesn't show any submit button. i was wondering if anyone has fixed it yet, any help on this would be great. many thanks ian
Steps To Reproduce:
Additional Information:
System Description
Attached Files:	s1.png (30,620) 2013-12-03 11:08 https://www.packetfence.org/bugs/file_download.php?file_id=191&type=bug Screenshot.png (182,872) 2013-12-04 05:48 https://www.packetfence.org/bugs/file_download.php?file_id=193&type=bug Screenshot-1.png (187,978) 2013-12-04 05:48 https://www.packetfence.org/bugs/file_download.php?file_id=194&type=bug login page.png (48,886) 2013-12-09 05:31 https://www.packetfence.org/bugs/file_download.php?file_id=195&type=bug

Notes
(0003474) francis    2013-12-03 13:20	Can you show the content of conf/profiles.conf?
(0003475) tech    2013-12-04 05:49	are these the right files?
(0003477) francis    2013-12-05 08:48	On the login page (not the self-registration page), do you have a "Sign up" button?
(0003480) tech    2013-12-09 05:31	that's a screen shot of the login in page, I could not find a sign up button.
(0003503) francis    2014-02-10 13:39	Would you be able to test the latest stable release (4.1.0)?

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1759	[PacketFence] web admin	minor	always	2014-01-16 05:39	2014-02-07 11:13
Reporter:	erSitzt	Platform:	Linux
Assigned To:	francis	OS:	Ubuntu
Priority:	normal	OS Version:	12.04.3
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	f1e234847617a17665e70670e3c7b215ad983e8c
fixed in mtn revision:
Summary:	Can't set webadmin access level when creating a new user
Description:	When creating a new user and adding the action "Set access level of web admin" no field to select the access level is displayed. If a user is edited this works.
Steps To Reproduce:
Additional Information:
Attached Files:	create_user_webadmin_accesslevel.PNG (33,310) 2014-01-16 05:39 https://www.packetfence.org/bugs/file_download.php?file_id=197&type=bug

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1729	[PacketFence] web admin	minor	have not tried	2013-10-10 10:09	2014-02-03 08:32
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:	f0660655caeb7205555bc22c9dd88b8aadbc8910
fixed in mtn revision:
Summary:	Can't add rules to a freshly created authentication source
Description:	After having created an authentication source, it's impossible to add rules to it.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1763	[PacketFence] web admin	trivial	always	2014-01-31 13:00	2014-02-03 05:33
Reporter:	maikel	Platform:	All
Assigned To:		OS:	All
Priority:	normal	OS Version:	All
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	3.6 web based status and reports are missing from pf 4
Description:	All the stats are still there with the old way of pfcmd, though missing Still from the web the reports and status should get back as also reported on the mail list today. Most needed is a list of all open violations. I can make a feature request also of all missing 3.6 reports in differant bug ids.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

Notes
(0003497) francis    2014-01-31 13:24	Please list in the this ticket the reports you would like to have back in PF4. Thanks!
(0003498) maikel    2014-02-03 05:33	Will do. Need to compare it good. What i found sofar in 3.6: Reports IP - MAC History Location History (switch) Location History (MAC) Accounting (switch) Accouting (MAC) Accouting (User) Active Inactive Registered Unregistered OS OS Class Unknown Fingerprints Unknown User-Agents Open Violations Probable Static IPs Connection-Type (All) Connection-Type (Registered) SSID graphs: Unregistered Nodes Violations Total Nodes Accounting (Switch) Accounting (MAC) Accounting (User) SNMP Traps Most needed is the old violation tab in the UI Always did pcmd violation view all Now you always have to go trough a node to find an open violation or do it command line. Will update this ticket also if some stuff is infact already in 4.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1764	[PacketFence] addons	minor	N/A	2014-02-02 14:30	2014-02-02 14:30
Reporter:	mmcgrath	Platform:	All
Assigned To:		OS:	All
Priority:	low	OS Version:	All
Status:	new	Product Version:	+0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Audit log for registrations
Description:	We have 60+ student workers working the help desk. Every now and then when one of them manually registers a device, they do it wrong. They don't put an unreg date, they don't put a role, etc, etc, etc... Would it be possible to keep some kind of audit log, that is viewable via the web interface, of who registered a node (either the user themselves via the portal or secure connection or a helpdesk worker via the admin interface)?
Steps To Reproduce:
Additional Information:	I'm not sure if this is the proper place for enhancement requests...or if I've filled the form out properly. Please let me know.
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1745	[PacketFence] error-handling	major	always	2013-11-04 02:31	2014-01-30 12:03
Reporter:	rnaveed	Platform:	x86
Assigned To:		OS:	RHEL
Priority:	high	OS Version:	6.2
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	unable to install
Description:	we are trying to install the PacketFence for testing purpose, we follow the Administration guide, but unable to install & receive following error. An early response to resolve this issue will be highly appreciated. ---> Package perl-Net-DNS.x86_64 0:0.66-1.of.el6 will be installed --> Processing Dependency: perl(Net::IP) >= 1.2 for package: perl-Net-DNS-0.66-1.of.el6.x86_64 ---> Package perl-PadWalker.x86_64 0:1.93-1.of.el6 will be installed ---> Package perl-Thread-Serialize.noarch 0:0.11-1.el6.rf will be installed --> Finished Dependency Resolution Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: rrdtool Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Net::DNS::Nameserver) = 749            Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)                perl(Net::DNS::Nameserver) = 835 Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Net::DNS::Nameserver) = 749            Installing: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)                perl(Net::DNS::Nameserver) = 835 Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: memcached Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: dhcp Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl-rrdtool Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Net::DNS) = 0.65-4            Installing: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)                perl(Net::DNS) = 0.66 Error: Package: perl-HTML-Tidy-1.08-5.el6.x86_64 (epel)            Requires: libtidy-0.99.so.0()(64bit) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Net::DNS) = 0.65-4            Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)                perl(Net::DNS) = 0.66 Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(Image::Magick) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: ipset Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(GD) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: zlib-devel Error: Package: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)            Requires: perl(Net::IP) >= 1.2  You could try using --skip-broken to work around the problem  You could try running: rpm -Va --nofiles --nodigest [root@PF ~]#
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003478) evargas    2013-12-05 20:15	I'm running into the same issue. 2.6.32-220.23.1.el6.x86_64 0000001 SMP Mon Jun 18 18:58:52 BST 2012 x86_64 x86_64 x86_64 GNU/Linux --> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch ---> Package xorg-x11-font-utils.x86_64 1:7.2-11.el6 will be installed --> Processing Dependency: libfontenc.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.2-11.el6.x86_64 --> Processing Dependency: libXfont.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.2-11.el6.x86_64 --> Running transaction check ---> Package ORBit2.x86_64 0:2.14.17-3.1.el6 will be installed --> Processing Dependency: libIDL-2.so.0()(64bit) for package: ORBit2-2.14.17-3.1.el6.x86_64 ---> Package libXfont.x86_64 0:1.4.1-2.el6_1 will be installed ---> Package libfontenc.x86_64 0:1.0.5-2.el6 will be installed ---> Package packetfence.noarch 0:4.0.6-2.el6 will be installed --> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch ---> Package sgml-common.noarch 0:0.6.3-32.el6 will be installed --> Running transaction check ---> Package libIDL.x86_64 0:0.8.13-2.1.el6 will be installed ---> Package packetfence.noarch 0:4.0.6-2.el6 will be installed --> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch --> Finished Dependency Resolution Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: ipset
(0003494) ccaaajf    2014-01-30 08:50	Dito --> Finished Dependency Resolution Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(GD) Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)            Requires: perl(Net::DNS::Nameserver) = 749            Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)                perl(Net::DNS::Nameserver) = 835            Installed: perl-Net-DNS-0.65-4.el6.x86_64 (@rhel-6-server-rpms)                Not found            Available: perl-Net-DNS-0.65-2.el6.x86_64 (rhel-6-server-rpms)                Not found            Available: perl-Net-DNS-0.65-5.el6.x86_64 (rhel-6-server-rpms)                Not found Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)            Requires: perl(Image::Magick)
(0003495) ccaaajf    2014-01-30 11:53	yum install --enablerepo=* perl-GD Enabling all the RHEL repo's gets me down to one error.... having an issue with perl-Net-DNS...
(0003496) ccaaajf    2014-01-30 12:03	yum erase perl-Net-DNS yum install perl-Net-DNS-0.65-4.el6.x86_64 yum install --enablerepo=* perl-Net-DNS-Nameserver & yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete WORKED!

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1761	[PacketFence] captive portal	minor	always	2014-01-20 11:16	2014-01-20 11:16
Reporter:	caralo	Platform:	Linux
Assigned To:		OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	new	Product Version:	4.1.0
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Captive Portal needs packetfence restart to show locale characters right
Description:	All the special locale characters (accented vowels,..) are shown as "?" unless you restart packetfence. It seems that the init.d script needs to source the locale LANG variable. It works if you add something like this to /etc/init.d/packetfence: if [ -f /etc/default/locale ]; then     . /etc/default/locale     export LANG fi Or you could add a locale LANG variable in /etc/default/packetfence.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1760	[PacketFence] web admin	trivial	always	2014-01-18 17:05	2014-01-20 09:14
Reporter:	mmcgrath	Platform:	Linux
Assigned To:	francis	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	c5a95038199edcb0e7640104ce2987a8487df053
fixed in mtn revision:
Summary:	Unable to save searches under Nodes
Description:	Unable to save custom searches under Nodes (both Simple and Advanced searches). The Save Search box appears, I fill in a name and click Save -- nothing happens. I can click Save as many times as I want. The Close button properly closes the save box.
Steps To Reproduce:	Go to Nodes and try to save a search.
Additional Information:	I have tried Chrome 32, Firefox 26 and IE 10.
System Description
Attached Files:

Notes
(0003492) francis    2014-01-20 09:14	This has been fixed two weeks ago.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1757	[PacketFence] web admin	minor	always	2014-01-13 10:24	2014-01-14 10:27
Reporter:	caralo	Platform:	Linux
Assigned To:	francis	OS:	Debian
Priority:	normal	OS Version:	7 (Wheezy)
Status:	resolved	Product Version:	4.1.0
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	dff8c1fbc9ff850cd50f7d705af36eb97f3e29c9
fixed in mtn revision:
Summary:	httpd.admin Error when applied role in nodes action menu
Description:	When you select a node in the Nodes tab and try to apply a new role in the action menu, the node role gets changed but it doesnt evaluate the new role. So it doesnt change the vlan if it has to.  If you examine packetfence.log, you can see:  httpd.admin(0) ERROR: Odd number of elements in hash assignment at /usr/local/pf/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm line 30.  (pfappserver::__ANON__) If you change the node role directly pressing in the mac, everything works as expected.
Steps To Reproduce:	Web gui -> Nodes Tab -> select one or more nodes Action menu -> Apply role -> Select any Role
Additional Information:
System Description
Attached Files:

Notes
(0003486) dbsanch    2014-01-13 19:01	Resolved: the my.conf file had been changed to force a recovery and never changed back to the default value ('0'). [mysqld] innodb_force_recovery = 4 As a safety measure, InnoDB prevents users from performing INSERT, UPDATE, or DELETE operations when innodb_force_recovery is greater than 0. -------------------------------------------------------------------------------- Resolution: [mysqld] innodb_force_recovery = 0
(0003487) caralo    2014-01-14 03:50	I have connected to mysql database and the system variable innodb_force_recovery was 0. Just in case it was not right, I have forced "innodb_force_recovery = 0" in my.cnf but I still get the same error.
(0003488) fdurand    2014-01-14 07:57	Hello, if you want to be able to reévaluate the vlan after changing the role then you can apply this patch: https://github.com/inverse-inc/packetfence/pull/117/files [^] Fabrice
(0003489) caralo    2014-01-14 08:54	I have applied the patch and but it doesnt work. I think that the problem is previous to reevaluation. It has to do with:  httpd.admin(0) ERROR: Odd number of elements in hash assignment at /usr/local/pf/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm line 30.  (pfappserver::__ANON__) The role change (and reevaluation) works perfectly if you change the role in the menu that opens when you press the mac of a node. But in this case you have to change the role one by one. If you want to change the role of many nodes at the same time, you should use the action menu but it doesnt work (changes the role but not the vlan)

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1756	[PacketFence] error-handling	block	always	2014-01-07 09:37	2014-01-08 12:44
Reporter:	dbsanch	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	high	OS Version:	6
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Configuration Wizard: Unable to proceed past Administration Tab
Description:	Cannot proceed past Administration Tab in Configuration Wizard. Will not allow modification of password or use of current password to Continue. Did not work with admin / admin either.
Steps To Reproduce:	1. Fill out tabs in Configuration Wizard 2. Get to Administration Tab 3. Use default admin / admin 4. Try to enter new password - example pfuseradmiN and press modify 5. Press 'Continue'
Additional Information:	error: Verify configuration - cannot proceed with install. Would like to know if there is a work-around to the GUI interface.
System Description
Attached Files:	steps.docx (1,123,596) 2014-01-08 12:44 https://www.packetfence.org/bugs/file_download.php?file_id=196&type=bug

Notes
(0003484) lmunro    2014-01-07 09:47	Hi David, Can you confirm that the database is running? Usually issues like that are related to DB access.
(0003485) dbsanch    2014-01-07 10:17	Yes - MySql has been up for awhile. Uptime: 2321437 Threads: 1 Questions: 406 Slow queries: 0 Opens: 75 Flush tables: 1 Open tables: 33 Queries per second avg: 0.0

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1685	[PacketFence] web admin	minor	always	2013-08-14 06:17	2013-12-17 09:32
Reporter:	muhlig	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.4
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.1
		Target Version:
fixed in git revision:	66139bb516f17c579ae06aadb0a4b445e90aa7e3
fixed in mtn revision:
Summary:	connections number wrong on Connections Types report page
Description:	After quite not heavy use of PacketFence Wired 802.1x connections number shown on web page is 12728 (Wired MAC Auth connections number is also too high - 1166). However, database queries show accordingly 158 and 17 connections which are real numbers (see below). So looks like connections number is wrong on Connections Types report page.
Steps To Reproduce:
Additional Information:	mysql> select count(*) from locationlog where connection_type = "Ethernet-EAP"; +----------+ | count(*) | +----------+ | 158 | +----------+ 1 row in set (0.00 sec) mysql> select count(*) from locationlog where connection_type = "WIRED_MAC_AUTH"; +----------+ | count(*) | +----------+ | 17 | +----------+ 1 row in set (0.00 sec) mysql>
Attached Files:	PF_connection_types.png (27,105) 2013-08-14 09:06 https://www.packetfence.org/bugs/file_download.php?file_id=185&type=bug

Notes
(0003406) francis    2013-08-14 08:35	The SQL queries to extract the number of wired and wireless connections for the past week look like this :         SELECT count(*) AS nb FROM (           SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day           FROM locationlog           WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type NOT LIKE 'Wireless%' GROUP BY start_day, mac         ) AS wired_count         SELECT count(*) AS nb FROM (           SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day           FROM locationlog           WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type LIKE 'Wireless%' GROUP BY start_day, mac         ) AS wireless_count
(0003407) muhlig    2013-08-14 09:06	So we have 5 and 0 (see below). Why the page displays thousands wired connections then (see attached file)? mysql> use pf Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> SELECT count(*) AS nb FROM (     -> SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day     -> FROM locationlog     -> WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type NOT LIKE 'Wireless%' GROUP BY start_day, mac     -> ) AS wired_count; +----+ | nb | +----+ | 5 | +----+ 1 row in set (0.00 sec) mysql> SELECT count(*) AS nb FROM (     -> SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day     -> FROM locationlog     -> WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type LIKE 'Wireless%' GROUP BY start_day, mac     -> ) AS wireless_count ; +----+ | nb | +----+ | 0 | +----+ 1 row in set (0.00 sec) mysql>
(0003409) francis    2013-08-14 09:44	The queries I posted were for the dashboard. I'll have a look at the queries for the connection types report.
(0003481) francis    2013-12-17 09:30	Fixed by counting distinct MAC addresses. BEFORE: mysql> SELECT connection_type, COUNT(*) AS connections, -> ROUND(COUNT(*)/ -> (SELECT COUNT(*) -> FROM locationlog -> WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31' -> )*100,1 -> ) AS percent -> FROM locationlog -> WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31' -> GROUP BY connection_type -> ; +-----------------------+-------------+---------+ | connection_type | connections | percent | +-----------------------+-------------+---------+ | Ethernet-NoEAP | 1215 | 1.6 | | Inline | 35377 | 47.7 | | Wireless-802.11-EAP | 5851 | 7.9 | | Wireless-802.11-NoEAP | 31670 | 42.7 | +-----------------------+-------------+---------+ AFTER: mysql> SELECT connection_type, COUNT(DISTINCT mac) AS connections, -> ROUND(COUNT(DISTINCT mac)/ -> (SELECT COUNT(DISTINCT mac) -> FROM locationlog -> WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31' -> )*100,1 -> ) AS percent -> FROM locationlog -> WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31' -> GROUP BY connection_type -> ; +-----------------------+-------------+---------+ | connection_type | connections | percent | +-----------------------+-------------+---------+ | Ethernet-NoEAP | 350 | 6.8 | | Inline | 3155 | 61.2 | | Wireless-802.11-EAP | 737 | 14.3 | | Wireless-802.11-NoEAP | 3866 | 75.0 | +-----------------------+-------------+---------+

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1753	[PacketFence] hardware modules	feature	N/A	2013-12-12 09:59	2013-12-12 10:01
Reporter:	chami	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	compatibility of switch
Description:	I have a request about of the compatibility of switch and PacketFance. This switch is not in your list of "supported network devices". Us is the following equipment for disposal ProSafe 24-PORT GIGABIT SMART SWITCH GS724T-300 best regards
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1752	[PacketFence] scanning	minor	always	2013-12-04 14:18	2013-12-04 14:25
Reporter:	thedeco	Platform:	Linux
Assigned To:	francis	OS:	RHEL / CentOS
Priority:	low	OS Version:	6
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:	7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1
fixed in mtn revision:
Summary:	Fresh Snort install fails to start after rules update script is run
Description:	After a fresh install of Snort and running the update_rules.pl script, Snort cannot start up by default. Checking /var/log/messages show the following error: FATAL ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-virus.rules": No such file or directory. It appears the update_rules script failed to install this one rule set in conf/snort directory even though it is present in the violations.conf file by default.
Steps To Reproduce:	Fresh install of PacketFence 4.0.6-2 service packetfence stop yum install snort run the rules update located /usr/local/pf/addons/snort/update_rules.pl service packetfence start service snortd status
Additional Information:	I was able to start Snort after removing the emerging-virus.rules from the list of Snort rules in violations.conf file
System Description
Attached Files:

Notes
(0003476) francis    2013-12-04 14:25	Fixed two months ago. https://github.com/inverse-inc/packetfence/commit/7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1 [^] https://github.com/inverse-inc/packetfence/commit/02160bac4ee9dddc928b85279bb70707e2daef9c [^]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1749	[PacketFence] web admin	minor	have not tried	2013-12-02 22:27	2013-12-02 22:29
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:	4.1.0
fixed in git revision:	7e8eea8cd15b3b0a687036c5b4938195340ae7f9
fixed in mtn revision:
Summary:	Can't assign rules to an authentication source
Description:	When assigning rules to an authentication source whose name matches the beginning of another source's name, the rules are never saved to the configuration file authentication.conf even though there's no error message.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1155	[PacketFence] web admin	feature	N/A	2011-01-18 14:52	2013-11-27 08:10
Reporter:	obilodeau	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	long-term
fixed in git revision:
fixed in mtn revision:
Summary:	Roles should be fetchable from LDAP in Web Admin
Description:	When using access control in the web admin (conf/admin.perm), what user is using what role should be fetched from LDAP. ex: users in pfTech are assigned the helpdesk role, users in pfAdmin are assigned the admin role
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1747	[PacketFence] web admin	feature	always	2013-11-19 10:48	2013-11-19 10:48
Reporter:	francis	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Dynamic attributes in LDAP authentication source
Description:	The current list of LDAP attributes available when defining a condition in a rule is limited to the list defined in the method "available_attributes" of pf::Authentication::Source::LDAPSource. It would be nice to be able to configure additional attributes in the current LDAP source.
Steps To Reproduce:
Additional Information:	This happens as soon as the LDAP directory is extended with custom schemas.
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1744	[PacketFence] configuration	minor	always	2013-10-30 16:02	2013-11-15 15:47
Reporter:	Xen0Phage	Platform:	Linux
Assigned To:	francis	OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:
fixed in mtn revision:	f0660655caeb7205555bc22c9dd88b8aadbc8910
Summary:	Unable to add new rule to existing authentication source via the GUI
Description:	After adding a new rule to an existing authentication source, the new rule is apparently not saved. Add the new rule and then go back into the authentication source. Rule is not there. This occurs whether you save just the new rule, or if you also save the authentication source itself. I am unable to find any errors in the logs indicating a problem. On the contrary, I see this : Oct 30 15:56:12 httpd.admin(0) DEBUG: Database statements not prepared, preparing... (pf::db::db_query_execute) Oct 30 15:56:12 httpd.admin(0) DEBUG: Preparing pf::nodecategory database queries (pf::nodecategory::nodecategory_db_prepare) Oct 30 15:56:12 httpd.admin(0) DEBUG: function pf::db::get_db_handle is calling db_connect (pf::db::db_connect) Oct 30 15:56:12 httpd.admin(0) DEBUG: checking handle (pf::db::db_connect) Oct 30 15:56:12 httpd.admin(0) DEBUG: (Re)Connecting to MySQL (thread id: 0) (pf::db::db_connect) Oct 30 15:56:12 httpd.admin(0) DEBUG: connected (pf::db::db_connect) Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source local (pf::Authentication::Source::SQLSource) (pf::authentication::writeAuthenticationConfigFile) Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source set_role (pf::Authentication::Source::LDAPSource) (pf::authentication::writeAuthenticationConfigFile) Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source file1 (pf::Authentication::Source::HtpasswdSource) (pf::authentication::writeAuthenticationConfigFile) Which seems to indicate that the write succeeded. In this example. I'm specifically making changes to the set_role source.
Steps To Reproduce:	1) Go to configuration->sources 2) Choose an existing authentication source 3) Click the "Add Rule" button 4) Enter the details for the new rule 5) Click Save
Additional Information:
System Description
Attached Files:

Notes
(0003470) Xen0Phage    2013-10-31 12:39	Louis suggested restarting memcached. Restarting that appears to have resolved this problem for the time being. I'm able to add/remove rules now.
(0003471) erSitzt    2013-11-01 10:50	Same here, restarting memcached resolved the problem temporarily.
(0003473) francis    2013-11-15 15:47	There's a patch available here for 4.0.6-2 : https://github.com/inverse-inc/packetfence/commit/5d4bfc2883e6f66bb1938a79c3e677c9c53c3854 [^]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1716	[PacketFence] error-handling	minor	always	2013-09-19 10:11	2013-11-06 07:11
Reporter:	fmts	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	4.1.0
fixed in git revision:
fixed in mtn revision:
Summary:	Insecure dependency on service start
Description:	After an upgrade from 4.0.5-2 i got the following error at service start: httpd.admin|start Checking configuration sanity... service|command config files|start iptables|start pfdns|start Insecure dependency in sprintf while running with -T switch at /usr/local/pf/lib/pf/services.pm line 398.
Steps To Reproduce:
Additional Information:	Service started again, when i added following lines to the service.pm (right before line 398): $launcher =~ /^(.*)$/; $launcher = $1; Seems to be like a simliar problem as in 0001575.
Attached Files:

Notes
(0003472) aderumier    2013-11-06 07:11	Hi, I have exactly the same bug since upgrade to upgrade from 4.0.5-2. $launcher =~ /^(.*)$/; $launcher = $1; fix the problem for me

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1746	[PacketFence] captive portal	minor	always	2013-11-04 10:51	2013-11-04 10:51
Reporter:	jochen	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	normal	OS Version:	6
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	RADIUSSource doesn't match username
Description:	match_in_subclass() doesn't process any source specific conditions. Some code like this is missing:     foreach my $condition (@{ $own_conditions }) {       if ($condition->{'attribute'} eq "username") {         if ( $condition->matches("username", $params->{'username'}) ) {           push(@{ $matching_conditions }, $condition);         }       }     }
Steps To Reproduce:	Create RADIUS Source Create condition matching username Log in using this username => The condition does not match
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1672	[PacketFence] web admin	feature	always	2013-07-12 14:13	2013-10-30 15:12
Reporter:	Xen0Phage	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.1
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Switches configuration should include an alias/name
Description:	The switch configuration should allow a name or alias to be entered. The IP is required, of course, to identify the switch. However, humans are somewhat better at remembering names, especially since we can name things based on where they're located. Can a name/alias field be added to the switch configuration?
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003469) Xen0Phage    2013-10-30 15:12	This appears to have been added at some point between the time I reported it and the current release. Thanks! This can be closed as a result. :)

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1743	[PacketFence] core	minor	always	2013-10-28 04:27	2013-10-29 06:31
Reporter:	erSitzt	Platform:	Linux
Assigned To:		OS:	Ubuntu
Priority:	normal	OS Version:	12.04
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Service watchdog not able to restart all services
Description:	"pfcmd service pf start" and the watchdog if it tries to restart services that are not running produces this error Insecure dependency in sprintf while running with -T switch at /usr/local/pf/lib/pf/services.pm Needs to be untainted : sub launchService {     my ($daemon,@launcher_args) = @_;     my $launcher = $service_launchers{$daemon};     if ($launcher) {         my $logger = Log::Log4perl::get_logger('pf::services'); ### untaint launcher ###         $launcher =~ /^(.*)$/;         $launcher = $1; ########################         my $cmd_line = sprintf($launcher, @launcher_args);         $logger->info("Starting $daemon with '$cmd_line'");         if ($cmd_line =~ /^(.+)$/) {             $cmd_line = $1;             my $t0 = Time::HiRes::time();             my $return_value = system($cmd_line);             my $elapsed = Time::HiRes::time() - $t0;             $logger->info(sprintf("Daemon %s took %.3f seconds to start.", $daemon, $elapsed));             return $return_value;         }     }     return; }
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003468) francis    2013-10-29 06:31	The upcoming pull of the "service refactor" branch will fix this problem. See https://github.com/inverse-inc/packetfence/pull/104 [^]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1742	[PacketFence] captive portal	major	always	2013-10-24 19:44	2013-10-25 14:48
Reporter:	fdurand	Platform:	All
Assigned To:	fdurand	OS:	All
Priority:	normal	OS Version:	All
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:	+1
fixed in git revision:	523f11a7f9372740e521564f1e01b933df7a42f7
fixed in mtn revision:
Summary:	Wispr doesn´t work
Description:	We fetch from the cgi object the username and password but for wispr we never use cgi. We have to use $req->param("username") and $req->param("password") in the wispr.pm file.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1740	[PacketFence] web admin	feature	always	2013-10-24 03:53	2013-10-24 03:53
Reporter:	MavLam	Platform:	All
Assigned To:		OS:	All
Priority:	normal	OS Version:	All
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Node details not populating for 802.1x clients
Description:	I am currently deploying Packetfence in a VLAN enforcement mode and the DHCP server runs on an external server. The machines auto registers with 802.1x auth against AD and automatically get a role assigned. All works great! Is it possible to make the Computer Name field editable via the UI? At the moment becuase the way I have implimented it Packetfence does not pull the node information. I am editing the name via MySQL which is not ideal when I hand over to support. And obviously if there was a way to still pull the node information this would be ideal.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1739	[PacketFence] IDS	minor	always	2013-10-22 13:50	2013-10-22 13:50
Reporter:	francis	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	4.1.0
fixed in git revision:
fixed in mtn revision:
Summary:	Move snort_rules from violations.conf to pf.conf
Description:	The snort_rules parameter is defined in the 'defaults' of violations.conf. However, it should be moved to pf.conf under a new 'IDS' section.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1738	[PacketFence] web admin	minor	have not tried	2013-10-18 12:00	2013-10-18 12:05
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:	4.1.0
fixed in git revision:	5ddb92d1cce25fc3b43c8f46644aa300532afca2
fixed in mtn revision:
Summary:	Advanced search results of users: Can't sort by telephone nor by nodes count
Description:	When performing an advanced search on users, it's impossible to sort by telephone number of nodes count.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1737	[PacketFence] captive portal	minor	have not tried	2013-10-18 11:22	2013-10-18 11:36
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:	4.1.0
fixed in git revision:	6b47384c3f273f96cabf8a8f7c78db35f03ee444
fixed in mtn revision:
Summary:	An matches/regexp condition in an LDAP source doesn't test all values
Description:	A regexp condition in an LDAP source only tests the first value of the attribute.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1735	[PacketFence] guests	feature	have not tried	2013-10-11 14:46	2013-10-11 14:46
Reporter:	dwuelfrath	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Allow localdomain for email registration should use a different value than general.domain
Description:	We offer the possibility to allow/deny the use of a localdomain address when using email guest self-registration. We check that the email is matching against the configured domain of PacketFence. Most of the time, that configured domain is not the same as the company use for their email addresses so we should probably use a new "configuration parameter" to specify the email addresses domain.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1732	[PacketFence] radius	minor	have not tried	2013-10-10 14:46	2013-10-10 14:47
Reporter:	dwuelfrath	Platform:
Assigned To:	dwuelfrath	OS:
Priority:	normal	OS Version:
Status:	assigned	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Using NAS-IP-Address for managing RADIUS equipment
Description:	We are currently validating is a network equipment is managed by PacketFence (IP is part of switches list) by using the NAS-IP-Address in the RADIUS request. We are using the incoming IP of the Access-Request to do the secret check (which is OK) but after that, we use the NAS-IP-Address to refer to that network equipment.
Steps To Reproduce:
Additional Information:	NAS-IP-Address should not be used to initiate communication with network equipment. We should base ourselves on the incoming IP address used for the Access-Request at all time. Will have to "refactor" the flow of RADIUS to make the correct distinguition between the two.
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1731	[PacketFence] web admin	minor	have not tried	2013-10-10 14:14	2013-10-10 14:14
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	assigned	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	4.1.0
fixed in git revision:
fixed in mtn revision:
Summary:	Show additional columns in nodes module
Description:	Some users have expressed the desire to see more/other columns in the nodes module. For example, the registration date and the detection date.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1730	[PacketFence] web admin	minor	have not tried	2013-10-10 10:12	2013-10-10 10:12
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:	69812df81b26649aeb4d1f46d1f779bffbe9688a
fixed in mtn revision:
Summary:	Authentication rules can't include dashes in their name
Description:	If a rule name contains a dash, only the part before the dash is considered.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1727	[PacketFence] radius	major	always	2013-10-09 12:45	2013-10-09 12:45
Reporter:	carrots	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	high	OS Version:	6
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Addition of perl module in the sites-enabled/default file causes error Failed to find "perl" in the "modules" section.
Description:	Whenever following the instructions in Appendix B of the admin guide for manual configuration of FreeRADIUS version 2 an error is given for the addition of the perl module as follows:- Error: /usr/local/pf/raddb//sites-enabled/default[200]: Failed to find "perl" in the "modules" section. Error: /usr/local/pf/raddb//sites-enabled/default[69]: Errors parsing authorize section. Error: Failed to load virtual server <default> Contents of some of the configuration files are as follows:- /usr/local/pf/conf/radiusd/radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = %%install_dir%%/var sbindir = /usr/sbin logdir = %%install_dir%%/logs raddbdir = %%install_dir%%/var/radiusd radacctdir = %%install_dir%%/logs/radacct name = radiusd confdir = ${raddbdir} run_dir = ${localstatedir}/run db_dir = ${raddbdir} libdir = /usr/lib%%arch%%/freeradius pidfile = ${run_dir}/${name}.pid user = pf group = pf max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen {         type = auth         ipaddr = %%management_ip%%         port = 0         virtual_server = packetfence } listen {         ipaddr = %%management_ip%%         port = 0         type = acct         virtual_server = packetfence } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log {         destination = files         file = ${logdir}/radius.log         syslog_facility = daemon         stripped_names = no         auth = yes         auth_badpass = yes         auth_goodpass = yes } checkrad = ${sbindir}/checkrad security {         max_attributes = 200         reject_delay = 1         status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool {         start_servers = 5         max_servers = 32         min_spare_servers = 3         max_spare_servers = 10         max_requests_per_server = 0 } modules {         $INCLUDE ${confdir}/modules/         $INCLUDE eap.conf         $INCLUDE sql.conf } instantiate {         exec         expr         expiration         logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/ authorize {         eap         files } authenticate {         eap } /usr/local/pf/raddb/sites-enabled/default - perl entry lines shown... authorize { <sic>         #         # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP         # authentication.         #         # It also sets the EAP-Type attribute in the request         # attribute list to the EAP type from the packet.         #         # As of 2.0, the EAP module returns "ok" in the authorize stage         # for TTLS and PEAP. In 1.x, it never returned "ok" here, so         # this change is compatible with older configurations.         #         # The example below uses module failover to avoid querying all         # of the following modules if the EAP module returns "ok".         # Therefore, your LDAP and/or SQL servers will not be queried         # for the many packets that go back and forth to set up TTLS         # or PEAP. The load on those servers will therefore be reduced.         #         eap {                 ok = return         } <sic>         #         # The ldap module will set Auth-Type to LDAP if it has not         # already been set # ldap         #         # Enforce daily limits on time spent logged in. # daily         #         # Use the checkval module # checkval         expiration         logintime         perl <sic> # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth {         # Get an address from the IP Pool. # main_pool         perl         #         # If you want to have a log of authentication replies,         # un-comment the following line, and the 'detail reply_log'         # section, above. # reply_log If the perl configuration is remvoed from the default file then the errors also show for inner-tunnel until they are also removed. Once there is no reference to perl then everything starts fine.
Steps To Reproduce:	Install packetfence 4.0.3 or 4.0.6 on CentOS 6.3 and make changes in Appendix B of the admin guide.
Additional Information:	I've noticed that there are double slashes in the folder path to /sites-enabled but this seems to be accepted as it works fine without the "perl" entries. I was also unsure about the {confdir} within the radius.conf as it seems to reference the var folder but there is no radiusd or modules folder in the /usr/local/pf/var directory:- raddbdir = %%install_dir%%/var/radiusd radacctdir = %%install_dir%%/logs/radacct name = radiusd confdir = ${raddbdir}
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1715	[PacketFence] scanning	minor	have not tried	2013-09-18 09:28	2013-10-09 09:46
Reporter:	maikel	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:	7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1
fixed in mtn revision:
Summary:	Snort
Description:	emerging-virus.rules is no longer available for snort. Oinkmaster also cannot grab this file. Because violations.conf still has this requirement listed (as in you cannot remove it YET from the webinterface) snort will always fail to start. ATAL ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-virus.rules": No such file or directory. remove it from violations.conf and snort worksgood again.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1725	[PacketFence] core	major	always	2013-10-08 14:44	2013-10-08 15:07
Reporter:	lpelet	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	high	OS Version:	6
Status:	new	Product Version:	4.0.5-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	4.1.0
fixed in git revision:
fixed in mtn revision:
Summary:	not using mail relay server
Description:	email and sms activation mail don't pass through the relay server specified in the menu tab Alerting
Steps To Reproduce:	ask in PacketFence to register as guest by email. then you will see the mail to activate your access is not sent using the mail relay server
Additional Information:
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1717	[PacketFence] packaging	block	always	2013-09-24 21:02	2013-10-08 14:46
Reporter:	serjao	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Dependências CentOS 6
Description:	Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Catalyst::Authentication::Credential::HTTP) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Plack) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Catalyst::Controller::HTML::FormFu) Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)            Requires: perl(MooseX::Types::LoadableClass) >= 0.006 Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)            Requires: perl(Moose) >= 2.0007            Installed: perl-Moose-1.15-1.el6.x86_64 (@epel)                perl(Moose) = 1.15 Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Catalyst::Plugin::Authentication) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Net::OAuth2) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Plack::Middleware::ReverseProxy) Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)            Requires: perl(MooseX::Types::LoadableClass) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Catalyst::Plugin::Session::Store::File) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Moo) >= 1.0 Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(Catalyst::Authentication::Store::Htpasswd) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(CHI::Driver::Memcached) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(CHI) Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)            Requires: perl(MooseX::Types::LoadableClass)  You could try using --skip-broken to work around the problem  You could try running: rpm -Va --nofiles --nodigest
Steps To Reproduce:
Additional Information:	[root@heimdall yum.repos.d]# ls CentOS-Base.repo CentOS-Media.repo epel.repo mirrors-rpmforge mirrors-rpmforge-testing PacketFence.repo CentOS-Debuginfo.repo CentOS-Vault.repo epel-testing.repo mirrors-rpmforge-extras openfusion.repo rpmforge.repo
Attached Files:

Notes
(0003458) lpelet    2013-10-08 14:46	Hello, can you post the command you have run to try to install PacketFence. Regards, Loick

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1657	[PacketFence] configuration	major	always	2013-06-27 11:22	2013-10-08 14:38
Reporter:	Raphux	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.1
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.2
		Target Version:
fixed in git revision:	51f206fe78353b3201ac3380ca1533bec68ddd31
fixed in mtn revision:
Summary:	LDAP test routine doesn't use "port" information
Description:	In the configuration page, users => Sources => Add AD source. On the page, you can configure the port you want to query. But this parameter is not used when you click the «test» button. It queries 389 (LDAP) by default, event if, for example, you set 3268 (AD Global Catalog Default port), resulting in permanent error.
Steps To Reproduce:
Additional Information:	I made a small patch, hope that it will be useful.
Attached Files:	LDAPSource.pm.patch (517) 2013-06-27 11:22 https://www.packetfence.org/bugs/file_download.php?file_id=177&type=bug

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1724	[PacketFence] web admin	minor	have not tried	2013-10-07 22:14	2013-10-07 22:24
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:	4.1.0
fixed in git revision:	da53748a78a85c527ef211ebd1cbba0fe59f74f1
fixed in mtn revision:
Summary:	Help from documentation.conf is truncated
Description:	When a parameter description extends to multiple lines, only the first line is displayed on the web interface.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1712	[PacketFence] hardware modules	block	always	2013-09-16 09:08	2013-10-06 16:53
Reporter:	alessiol	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:	https://github.com/inverse-inc/packetfence/commit/f5cfd3344bd1fd9f70c50ecb3f66230fb2bd1be5 [^]
fixed in mtn revision:
Summary:	Argument "noSuchObject" isn't numeric in numeric eq
Description:	I use an HP 4100 (J4121A) Switch but packetFence 4.0.6-2 can not get the MAC address by SNMP. This is the log: Sep 16 14:38:07 pfsetvlan(4) INFO: up trap received on 10.0.0.150 ifIndex 41 (main::handleTrap) Sep 16 14:38:07 pfsetvlan(4) INFO: setting 10.0.0.150 port 41 to MAC detection VLAN (main::handleTrap) Argument "noSuchObject" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP.pm line 985. Sep 16 14:38:07 pfsetvlan(4) WARN: old VLAN noSuchObject is not a managed VLAN -> Do nothing (pf::SNMP::setVlan) Sep 16 14:38:07 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:09 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:11 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:13 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:16 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:18 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:20 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:22 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:24 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:26 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:28 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:30 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:33 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:35 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:37 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:39 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:41 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:43 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex) Sep 16 14:38:45 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Steps To Reproduce:
Additional Information:	This is fixed. The message "Argument "noSuchObject" isn't numeric in numeric eq (==)" will no longer happen You can find the patch here. https://github.com/inverse-inc/packetfence/commit/f5cfd3344bd1fd9f70c50ecb3f66230fb2bd1be5 [^]
Attached Files:

Notes
(0003449) francis    2013-09-16 10:16	Show your configuration file switches.conf.
(0003450) alessiol    2013-09-16 10:47	# # Copyright 2006-2008 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [^] [default] description=Switches Default Values vlans=1,2,3,4,5 normalVlan=1 registrationVlan=2 isolationVlan=3 macDetectionVlan=4 voiceVlan=5 inlineVlan=6 inlineTrigger= normalRole=normal registrationRole=registration isolationRole=isolation macDetectionRole=macDetection voiceRole=voice inlineRole=inline VoIPEnabled=no mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport=Telnet cliUser= cliPwd= cliEnablePwd= # # SNMP section # # PacketFence -> Switch SNMPVersion=1 SNMPCommunityRead=public SNMPCommunityWrite=private #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite # Switch -> PacketFence SNMPVersionTrap=1 SNMPCommunityTrap=public #SNMPAuthProtocolTrap = MD5 #SNMPAuthPasswordTrap = authpwdread #SNMPPrivProtocolTrap = DES #SNMPPrivPasswordTrap = privpwdread # # Web Services Interface # # wsTransport could be: http or https wsTransport=http wsUser= wsPwd= # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret= [192.168.0.1] description=Test Switch type=Cisco::Catalyst_2900XL mode=production uplink=23,24 [10.0.0.149] mode=production description=TEST iPECS type=LG::ES4500G VoIPEnabled=N uplink=1 radiusSecret=tele ospitiVlan=1 ladelziaVlan=2 SNMPVersionTrap=2c SNMPVersion=2c macDetectionVlan=1 isolationVlan=30 voiceVlan=50 inlineVlan=60 ospitiRole=1 ladelziaRole=2 registrationVlan=1 [10.0.0.150] mode=production ospitiVlan=1 description=HP 4000 type=HP::Procurve_4100 VoIPEnabled=N ladelziaVlan=2 uplink=1 ospitiRole=1 ladelziaRole=2 radiusSecret=tele macDetectionVlan=1 isolationVlan=30 registrationVlan=1 voiceVlan=50 inlineVlan=60 SNMPVersionTrap=2c SNMPVersion=2c #SNMPVersion = 3 #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite #SNMPVersionTrap = 3 #SNMPUserNameTrap = readUser #SNMPAuthProtocolTrap = MD5 #SNMPAuthPasswordTrap = authpwdread #SNMPPrivProtocolTrap = DES #SNMPPrivPasswordTrap = privpwdread

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1723	[PacketFence] core	block	always	2013-10-03 09:03	2013-10-03 09:03
Reporter:	alessiol	Platform:	Linux
Assigned To:		OS:	RHEL / CentOS
Priority:	high	OS Version:	6
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	WARN: couldn't get MAC at ifIndex 33. This is a problem.
Description:	Apply the git patch introduced with issue 0001712 but when I connect a device to HP 4100 Switch Packetfence can not change the vlan.... please check the log
Steps To Reproduce:
Additional Information:	This is the /usr/local/pf/logs/packetfence.log : Oct 03 14:51:39 pfsetvlan(24) INFO: ignoring unknown trap: 2013-10-03|12:51:37|UDP: [10.0.0.150]:161->[10.0.0.148]|10.0.0.150|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.76 = STRING: I 10/03/13 12:51:44 ports: port E1 is now on-line END VARIABLEBINDINGS (main::parseTrap) Oct 03 14:51:39 pfsetvlan(11) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 03 14:51:39 pfsetvlan(11) INFO: up trap received on 10.0.0.150 ifIndex 33 (main::handleTrap) Oct 03 14:51:39 pfsetvlan(11) INFO: setting 10.0.0.150 port 33 to MAC detection VLAN (main::handleTrap) Use of uninitialized value $vlan in concatenation (.) or string at /usr/local/pf/lib/pf/SNMP.pm line 612. Oct 03 14:51:40 pfsetvlan(11) WARN: old VLAN is not a managed VLAN -> Do nothing (pf::SNMP::setVlan) Oct 03 14:51:40 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:42 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:42 pfdhcplistener(8860) INFO: DHCPREQUEST from 00:15:65:2b:b6:b0 (10.0.0.153) (main::parse_dhcp_request) Oct 03 14:51:42 pfdhcplistener(8860) INFO: Unknown DHCP fingerprint: 1,2,3,4,6,7,12,15,28,42,66,67,43,120 (DHCP Message Type: DHCPREQUEST) (main::process_fingerprint) Oct 03 14:51:42 pfdhcplistener(8860) INFO: 00:15:65:2b:b6:b0 requested an IP. Unknown DHCP fingerprint. Modified node with last_dhcp = 2013-10-03 14:51:42,computername = ,dhcp_fingerprint = 1,2,3,4,6,7,12,15,28,42,66,67,43,120 (main::listen_dhcp) Oct 03 14:51:45 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:47 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:49 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:52 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:54 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:57 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:51:59 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:01 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:04 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:06 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:09 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:11 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:13 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:16 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:18 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:21 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:23 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:25 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:28 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:30 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:33 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:35 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:37 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:40 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:42 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:45 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:47 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:49 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex) Oct 03 14:52:49 pfsetvlan(11) WARN: Tried to grab MAC address at ifIndex 33 on switch 10.0.0.150 30 times and failed (main::handleTrap) Oct 03 14:52:49 pfsetvlan(11) INFO: cannot find MAC (maybe we found a VoIP, but they don't count here). Do nothing (main::handleTrap) Oct 03 14:52:49 pfsetvlan(11) INFO: finished (main::cleanupAfterThread)
System Description
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1722	[PacketFence] captive portal	minor	have not tried	2013-10-02 13:47	2013-10-02 14:02
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:	4.1.0
fixed in git revision:	764f63ba5a345101a39dd35d586ff3242ecdb218
fixed in mtn revision:
Summary:	Local users can't login on expiration date
Description:	A user won't be able to register a new device on the expiration date specified in the temporary_password. We should accept registration until the last minute of the expiration date (23:59).
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1721	[PacketFence] web admin	minor	have not tried	2013-10-02 13:19	2013-10-02 13:31
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:	4.1.0
fixed in git revision:	6879e9bb2868514be4570cfa40b929635f785e64
fixed in mtn revision:
Summary:	Error when creating users with no "set role" action
Description:	From the Web admin interface, creating one or multiple users without specifying a role returns an error. The message displayed in the Web interface is "Unexpected error. See server-side logs for details.". In the log file, we have : WARN: database query failed with: Column 'category' cannot be null. (errno: 1048), will try again (pf::db::db_query_execute) ERROR: Database issue: We tried 3 times to serve query temporary_password_add_sql called from pf::db::db_data and we failed. Is the database running? (pf::db::db_query_execute) WARN: something went wrong creating a new temporary password for pouetpouet (pf::temporary_password::generate)
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003457) francis    2013-10-02 13:31	Must alter the temporary_password table. See db/upgrade-4.0.0-4.1.0.sql

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1668	[PacketFence] web admin	minor	always	2013-07-11 05:54	2013-10-02 11:37
Reporter:	roadracer96	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.1
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Unable to manually add device in web UI
Description:	Need to be able to manually add a device in the web UI instead of waiting for it to be detected.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1720	[PacketFence] captive portal	text	always	2013-10-01 14:12	2013-10-01 14:12
Reporter:	Xen0Phage	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Misleading error message
Description:	There is a misleading error message that pops up when a user is not put into a valid role. ie, there is no matching role. In that case, authentication passes, but the user is presented with a message indicating that they have too many devices registered. This appears in the node.pm file. This should be changed to indicate that there is a role issue, but a max devices issue.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1718	[PacketFence] scanning	major	always	2013-09-25 04:22	2013-09-25 08:30
Reporter:	erSitzt	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.6-2
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	OpenVAS XML-Respone can only be read if order and spaces are exactly as expectet by PacketFence
Description:	The XML response returned by omp is parsed via regex like this one : /<get_reports_response\ status="([0-9]+)" [^\<]+[\<][^\>]+[\>] ([a-zA-Z0-9\=]+)/x In my case omp returns this XML <get_reports_response status_text="OK" status="200"><report id="15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a" format_id="6c248850-1f62-11e1-b082-406186ea4fc5" extension="html" type="scan" content_type="text/html"> As you can see "status_text" and "status" are in a different order than pf expects them. I think the way the XML responses are evaluated is prone to errors and should be changed. Regex is not the way to go here. I have asked (in #openvas) if the order of elements is fixed in the xml and it is not...
Steps To Reproduce:
Additional Information:	Ubuntu 12.04 OpenVAS 5 ii libopenvas5 5.0.4-1 ii openvas-administrator 1.2.1-1ubuntu1~precise ii openvas-check-setup 2.2.0-0ubuntu1~precise ii openvas-cli 1.1.5-1ubuntu1~precise ii openvas-client 2.0.5-1ubuntu1 ii openvas-manager 3.0.6-0ubuntu1~precise ii openvas-scanner 3.3.1-1ubuntu1~precise
Attached Files:	openvas.pm (11,603) 2013-09-25 05:22 https://www.packetfence.org/bugs/file_download.php?file_id=187&type=bug

Notes
(0003454) erSitzt    2013-09-25 04:24	I've removed the Base64 encoded part of the response here to keep the post readable.
(0003455) erSitzt    2013-09-25 05:19	I suggest using XML::Simple, this returns an easy to use hash. $VAR1 = {           'report' => {                       'format_id' => '6c248850-1f62-11e1-b082-406186ea4fc5',                       'extension' => 'html',                       'content_type' => 'text/html',                       'content' => 'BASE64ENCODEDCONTENT',                       'type' => 'scan',                       'id' => '15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a'                     },           'status' => '200',           'status_text' => 'OK'         }; This is what it looks like in openvas.pm     my $xml = new XML::Simple;     my $response = $xml->XMLin($output);     my $status = $response->{'status'};     my $escalator_id = $response->{'id'};     # Fetch response status and escalator id     # Scan escalator successfully created     if ( defined($status) && $status eq $RESPONSE_RESOURCE_CREATED ) {         $logger->info("Scan escalator named $name successfully created with id: $escalator_id");         $this->{_escalatorId} = $escalator_id;         return $TRUE;     } I've renamed $response to $status, because thats what it is. I'll attach my version of the file.
(0003456) erSitzt    2013-09-25 08:30	I needed to untaint the result of the $command executed by pf_run in util.pm From line 983:     } else {         # scalar context         `$command` =~ /^(.*)$/;         $result = $1;         return $result if ($CHILD_ERROR == 0);     }

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1714	[PacketFence] captive portal	minor	have not tried	2013-09-17 11:04	2013-09-17 11:05
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6-2
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:	ff1f1cf69a5cee7b2b582a459b24370b8bb10c11
fixed in mtn revision:
Summary:	Htpasswd source doesn't respect username
Description:	A Htpasswd authentication source always matches the username.
Steps To Reproduce:
Additional Information:	The method fetchPass of the Apache::Htpasswd module returns 0 when the user is not found while the HtpasswdSource tests if the returned value is defined.
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1711	[PacketFence] web admin	minor	have not tried	2013-09-13 15:19	2013-09-13 15:19
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6-2
		Target Version:
fixed in git revision:	a761ec4998b2f34ea86e30a99a6b7a230e33ee4d
fixed in mtn revision:
Summary:	caching issue when creating an authentication source
Description:	Adding a rule to a newly created source can return an error depending on which httpd process answers the request.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1710	[PacketFence] core	minor	have not tried	2013-09-13 11:13	2013-09-13 11:14
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6-2
		Target Version:
fixed in git revision:	6d1d6a8131a05e6a1b05b14978c54180af5786b8
fixed in mtn revision:
Summary:	Unable to stop services via pfcmd
Description:	I seem to be unable to stop services via pfcmd after upgrading to 4.0.6. The command runs and I get the normal output indicating that the services should be stopping, but if I check service status, the only service that has actually stopped is pfdhcplistener.
Steps To Reproduce:
Additional Information:	Reported by Jason Frisvold <xenophage@godshell.com> on the mailing list
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1676	[PacketFence] radius	major	have not tried	2013-08-01 16:11	2013-09-13 11:10
Reporter:	dgreer	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.1
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.4
		Target Version:
fixed in git revision:	4861189ba7faf680eef257d5b1c157d7260fe0de
fixed in mtn revision:
Summary:	In 4.0.3, RADIUS stopped authenticating
Description:	Not sure what I did to trigger this, but had a problem with RADIUS authentication, specifically the following error message: "Error: rlm_perl: No or invalid reply in SOAP communication with server. Check server side logs for details." Digging down, I found this was coming from the call of pf/raddb/packetfence.pm, and in that I figured out that I could dump return contents to the radius.log, so I did that and got this: "Thu Aug 1 14:37:44 2013 : Info: rlm_perl: curl_return_code: 0 Thu Aug 1 14:37:44 2013 : Info: rlm_perl: <?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" [^] xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" [^] xmlns:xsd="http://www.w3.org/2001/XMLSchema" [^] soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" [^] xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Content-Type [^] must be 'text/xml,' 'multipart/*,' 'application/soap+xml,' 'or 'application/dime' instead of 'application/x-www-form-urlencoded'</faultstring></soap:Fault></soap:Body></soap:Envelope> " Doing some Googling brought me to this article on StackExchange: http://stackoverflow.com/questions/9062121/send-a-http-post-requestxml-data-using-wwwcurl-in-perl [^] So I plugged in the CURLOPT_HTTPHEADER() line to force it to use "text/xml" and problem is fixed. Here's the patch: ]# diff -U2 /root/backup/usr/local/pf/raddb/packetfence.pm packetfence.pm --- /root/backup/usr/local/pf/raddb/packetfence.pm 2013-07-22 14:30:34.000000000 -0500 +++ packetfence.pm 2013-08-01 15:01:57.000000000 -0500 @@ -174,4 +174,5 @@      my $response_body;      $curl->setopt(CURLOPT_HEADER, 0); + $curl->setopt(CURLOPT_HTTPHEADER(), ['Content-Type: text/xml; charset=UTF-8']);      $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' [^] . SOAP_PORT); # TODO: See note1  # $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' [^] . $Config{'ports'}{'soap'}); # TODO: See note1 @@ -184,5 +185,6 @@      # For debugging purposes - #&radiusd::radlog($RADIUS::L_INFO, "curl_return_code: $curl_return_code"); +# &radiusd::radlog($RADIUS::L_INFO, "curl_return_code: $curl_return_code"); +# &radiusd::radlog($RADIUS::L_INFO, "$response_body");      # Looking at the results...
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003373) fdurand    2013-08-01 21:12	Hello, you are right but to late ;-) https://github.com/inverse-inc/packetfence/commit/4861189ba7faf680eef257d5b1c157d7260fe0de [^] Fabrice

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1709	[PacketFence] 802.1x	minor	have not tried	2013-09-13 11:03	2013-09-13 11:03
Reporter:	francis	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.6
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6-2
		Target Version:
fixed in git revision:	92e9339121f16d7b6d328f149fcb4b4c07944d73
fixed in mtn revision:
Summary:	802.1x error in RADIUS authorize
Description:	RADIUS is authenticating fine, but the WebAPI no like... Sep 10 08:26:38 pf::WebAPI(29881) INFO: handling radius autz request: from switch_ip => 1.2.3.4, connection_type => Wireless-802.11-EAP mac => c8:6f:1d:40:96:6e, port => 4097, username => tim.denike (pf::radius::authorize) Sep 10 08:26:38 pf::WebAPI(29881) INFO: autoregister a node that is already registered, do nothing. (pf::node::node_register) Sep 10 08:26:38 pf::WebAPI(29881) INFO: Found a match (CN=Tim DeNike,ETC ETC ETC) (pf::Authentication::Source::LDAPSource::match_in_subclass) Sep 10 08:26:38 pf::WebAPI(29881) INFO: Matched rule (W_Netshare) in source Employee, returning actions. (pf::Authentication::Source::match) Sep 10 08:26:38 pf::WebAPI(29881) ERROR: radius authorize failed with error: panic: attempt to copy freed scalar 7f1471d513d8 to 7f1470e25ac8 at /usr/local/pf/lib/pf/authentication.pm line 498.  (PFAPI::radius_authorize)  (main::__ANON__)  (main::__ANON__)
Steps To Reproduce:
Additional Information:	Reported by Tim DeNike <tim.denike@mcc.edu> on the mailing list.
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1634	[PacketFence] captive portal	minor	always	2013-04-10 10:08	2013-09-13 10:58
Reporter:	lmunro	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	3.6.1
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.4
		Target Version:
fixed in git revision:	8944d5b31f898073ec393fed73da2b2d46a4c65b
fixed in mtn revision:
Summary:	Guest email self registration assumes pid is an email address
Description:	When using guest self registration using email, the pid is used as email address to send the validation email to. Yet the PacketFence administrator has the option to select which field to use as pid with guests_self_registration.guest_pid. If guests_self_registration.guest_pid is set to something else than "email" and guest self registration using email is attempted, it will fail because the "TO" address will be invalid.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003448) francis    2013-09-13 10:58	Ref: https://github.com/inverse-inc/packetfence/commit/8944d5b31f898073ec393fed73da2b2d46a4c65b#L2L122 [^]

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1705	[PacketFence] configuration	block	always	2013-09-09 11:03	2013-09-13 10:14
Reporter:	alessiol	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.5
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6-2
		Target Version:
fixed in git revision:	e88eb947b98323287dbec750d65b5ee062354314
fixed in mtn revision:
Summary:	PacketFence 4.0.6 Ubuntu 10.04.3 dependency problem
Description:	Packetfence won't install on Ubuntu 10.04.3 (fresh install) because of missing: libterm-ansicolor-perl.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003439) jraby    2013-09-09 12:59	Is that on 12.04 or 10.04 ? That dependency problem should be fixed, pf shouldn't depend on libterm-ansicolor-perl since Term::ANSIColor is a core perl module. https://github.com/inverse-inc/packetfence/commit/e88eb947b98323287dbec750d65b5ee062354314 [^]
(0003440) alessiol    2013-09-09 13:21	sorry, Ubuntu Server LTS 12.04.3
(0003441) erSitzt    2013-09-11 11:06	There is another perl package that is causing problems with Ubuntu 12.04.3 packetfence : Depends: libmoo-perl (>= 1.0) but 0.009013-1 is installed. I was not sure if it made sense to create an issue for this, as both are perl-related dependency problems.
(0003443) francis    2013-09-12 13:42	We've packaged this module some time ago: http://www.packetfence.org/downloads/PacketFence/debian/pool/precise/libm/libmoo-perl/ [^]
(0003445) erSitzt    2013-09-13 04:00	What do you mean by packaged ? Is this still correct ? http://www.packetfence.org/support/faqs/article/how-to-install-packetfence-on-ubuntu.html [^] Here this url is listed deb http://inverse.ca/downloads/PacketFence/debian [^] precise precise Install fails with Error: ( packetfence : Depends: libterm-ansicolor-perl but it is not installable ) but the administration guide lists another source deb http://inverse.ca/downloads/PacketFence/ubuntu [^] precise precise Install fails with Error: ( packetfence : Depends: libterm-ansicolor-perl but it is not installable ) With both its not possible to install packetfence on a freshly installed ubuntu 12.04.3
(0003447) francis    2013-09-13 08:27	Please read all comments carefully. In brief: - libterm-ansicolor-perl: should not be a dependancy, fixed in devel, minor release (4.0.6-2) coming soon. - libmoo-perl >= 1.0: available in our repo.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1683	[PacketFence] captive portal	major	have not tried	2013-08-13 09:27	2013-09-13 10:08
Reporter:	Sylvain	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.5
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	Self-registration page shown even if no external source exists
Description:	When updating from 4.0.1 to 4.0.5-2 there is a new feature : "Self-registration is now enabled when a profile has at least one external authentication source" introduced in 4.0.4 I have no external source, but still get the guest/self-registration page. I was feeling lucky and tried creating then removing external sources, or simply creating new internal sources, but it didn't work either. I tried to add sources to the profile but was blocked by another bug : http://www.packetfence.org/bugs/view.php?id=1682 [^] This bug is tricky as I also encouter this one : http://www.packetfence.org/bugs/view.php?id=1681 [^] Best regards, Sylvain
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003395) Sylvain    2013-08-13 09:39	Relevant lines in packetfence.log: Aug 13 15:06:33 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Aug 13 15:06:33 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff redirected to guests self registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Aug 13 15:06:33 redir.cgi(0) INFO: generate_selfregistration_page (pf::web::guest::generate_selfregistration_page) Aug 13 15:06:33 redir.cgi(0) ERROR: No source of type 'SMS' defined for profile 'default' (pf::Portal::Profile::getSourceByType) This line also seems to be linked in portal_error_log (it appears at the same time): Use of uninitialized value in subroutine entry at /usr/local/pf/lib/pf/web/dispatcher.pm line 68.
(0003417) Sylvain    2013-08-19 10:59	After solving http://www.packetfence.org/bugs/view.php?id=1682, [^] I can say it happens only when no authentication source is selected. Therefore the problem was caused by bug 1682. Here, there's no important problem (it works fine if you have selected a source), but we can think about the behaviour of the captive portal when no authentication source is selected.
(0003418) Sylvain    2013-08-19 10:59	By the way, I can't decrease severity ;)

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1706	[PacketFence] configuration	minor	always	2013-09-09 11:43	2013-09-11 16:15
Reporter:	Xen0Phage	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.5
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.1.0
		Target Version:
fixed in git revision:	3b282102bfdb6d6841e28edf032f2714e7cb21a8
fixed in mtn revision:
Summary:	Freeradius config files overwritten on RPM upgrade
Description:	Some of the Freeradius configuration files are overwritten on an upgrade, causing issues with the overall system as a result. Specifically, the config files in raddb/modules are overwritten with the default install files. This is specifically an issue with LDAP 802.1x authentication as the ldap file is defaulted, removing the needed LDAP access to validate 802.1x logins.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1365	[PacketFence] captive portal	tweak	always	2012-01-12 12:14	2013-09-04 14:42
Reporter:	maikel	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	devel
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	general
fixed in git revision:
fixed in mtn revision:
Summary:	Captive portal - email activation - Name the network by its catagorie
Description:	When using the self registration meganism, per default the category guest is used. But if in the config another category is used. It would be nicer to name the network instead off guest, the actual name. So in email_activation.cgi send the catagory to this function: pf::web::guest::generate_activation_confirmation_page then the template and i18n message can be altered automatically
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003251) fgaudreault    2012-10-26 16:24	Can you elaborate? You mean, you want to send a different template depending of the category name?
(0003436) maikel    2013-09-03 07:28	Looks like this function is now there with the portal profiles and functions there. thankx! lets close this ticket

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1702	[PacketFence] captive portal	text	always	2013-08-30 13:17	2013-09-03 08:10
Reporter:	Xen0Phage	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.5
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	1363fda9125f233c27cdb3af873441a179e21766
fixed in mtn revision:
Summary:	Text string not in locales file
Description:	I received a request to change the text string displayed when a user failed to authenticate on the captive portal. I looked through the locale file, but was unable to find it. I finally found it via a grep of the packetfence files. /usr/local/pf/lib/pf/authentication.pm line 467. This line should exist in the locale file and not be hard-coded into the library.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1630	[PacketFence] security	feature	N/A	2013-02-12 09:55	2013-09-03 05:35
Reporter:	bemosior	Platform:
Assigned To:	ludovic	OS:
Priority:	normal	OS Version:
Status:	assigned	Product Version:
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:	+1
fixed in git revision:
fixed in mtn revision:
Summary:	Username Registration Blacklist
Description:	We see value in the addition of a username blacklist feature in order to prevent certain AD/LDAP registrations from occurring. Use Case: An individual may no longer register his/her own devices on the network (due to violations), but he/she may still use public lab machines. Disabling the AD/LDAP account is not an option, as the individual must still be able to access other services using AD/LDAP for authentication. Workflow (my understanding of it, at least): User attempts internet access and is redirected to the registration page. User enters username. PF compares username against blacklist, failing the process on match (with a user-facing error). In this case, no LDAP query is made/executed.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003298) bemosior    2013-02-12 09:57	I am assuming this blacklist is maintained independently by the local PF administrators and is simply a list of disallowed usernames.
(0003299) ludovic    2013-02-13 19:27	Would be easy to do in PF v4 with a per-source blacklist of IDs.
(0003435) dranix    2013-09-03 05:35	I have made a script where wireless devices (MAC) are banned upon attempting to brute-force password guess (LocalDB or LDAP account). The script runs in the background and listens to the /usr/local/pf/log/packetfence.log and keep track of failed attempts. After 10 failed attempts, the MAC is placed in the iptables and all packets will be dropped from accessing the inline interface. Would the developers be interested in the script?

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1701	[PacketFence] web admin	feature	N/A	2013-08-28 02:22	2013-08-29 21:07
Reporter:	fmts	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.5
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	daeda0bf839735067befece306d1e6a34b600f5c, 680099611a5a39f9a2a0dfdf5e5d0d2f49dde1e6
fixed in mtn revision:
Summary:	Search through notes
Description:	It would be nice if there was an option in the advanced search, to search for notes (in Users and Nodes). So for example you could filter for auto registred devices.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1693	[PacketFence] web admin	major	always	2013-08-18 02:49	2013-08-22 14:29
Reporter:	muhlig	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.4
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	portal uses source which is undefined there
Description:	There are three External Sources defined in my PacketFence server: sms, email & sponsor. My portal profile has two sources defined: (own internal) LDAP and email. Please note it doesn't contain sms. However packetfence.log shows: Aug 16 12:52:18 pf::WebAPI(17002) INFO: Matched rule (catchall) in source sms, returning actions. (pf::Authentication::Source::match) Looks like PacketFence uses source sms which it shouldn't use. It works, because sms rule is the same as email rule, but proper source (one of these defined in portal) should be taken info account.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003423) muhlig    2013-08-21 07:14	Actually this happens also for internal sources. I defined PF_RADIUS and PF_LDAP as sources, but only PF_LDAP is defined as source in portal profile. However in packetfence.log I get: Aug 21 11:53:15 register.cgi(0) INFO: Matched rule (default) in source PF_RADIUS, returning actions. (pf::Authentication::Source::match) Aug 21 11:53:19 pf::WebAPI(30930) INFO: Matched rule (default) in source PF_RADIUS, returning actions. (pf::Authentication::Source::match)
(0003427) francis    2013-08-22 14:29	This has been fixed in subsequent versions.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1698	[PacketFence] web admin	minor	always	2013-08-21 07:20	2013-08-21 09:13
Reporter:	muhlig	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	acknowledged	Product Version:	4.0.5
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	unable to define logo in profile other than default
Description:	There is no possibility to define logo in profile other than default.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003424) francis    2013-08-21 08:12	This is by design. If you want to change the logo in a custom portal profile, simply replace the "logo" template variable of the header template by the path of the image you want to use.
(0003425) muhlig    2013-08-21 09:13	OK, understood, thx :-)

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1695	[PacketFence] configuration	major	always	2013-08-20 13:51	2013-08-20 13:54
Reporter:	muhlig	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.5
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	dcc1f6d2758e1f92329311b678d71ea79d7bdc5c
fixed in mtn revision:
Summary:	Apache error for guest: You don't have permission to access /cgi-perl/email_activation.cgi on this server.
Description:	./lib/pf/services/apache.pm line 94:     my $guest_regist_allowed = $guest_self_registration{'enabled'}; However, $guest_self_registration{'enabled'} is undefined. The effect is: line 95:     if ($guest_regist_allowed && isenabled............................. and line 102:     if ($guest_regist_allowed && ($email_enabled..................... conditions are not fulfilled and ./var/conf/captive-portal-common.conf is not properly generated and some URIs are not allowed from all, thus bringing WWW error:    “You don't have permission to access /cgi-perl/email_activation.cgi on this server.”
Steps To Reproduce:
Additional Information:	I'd advice simply get rid of $guest_regist_allowed variable and accordingly modify these two conditions. Otherwise you need to define $guest_self_registration{'enabled'} somewhere.
Attached Files:

Notes
(0003422) francis    2013-08-20 13:54	Fixed a few days ago.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1667	[PacketFence] web admin	minor	always	2013-07-11 05:53	2013-08-20 09:01
Reporter:	roadracer96	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.1
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.2
		Target Version:
fixed in git revision:	8835549747e4a0a0136e360140a33e58f83dc91b
fixed in mtn revision:
Summary:	Unable to edit notes in Web UI
Description:	Unable to edit notes for a deviec in web UI
Steps To Reproduce:
Additional Information:	Interesting one. It was possible in 3.X but removed in 4.X. Can you open a feature request : http://packetfence.org/bugs [^] Cheers! dw. -- dwuelfrath@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On 2013-06-28, at 12:42 PM, Tim DeNike <tim.denike@mcc.edu> wrote: > Agreed. U would like to make more use of notes/details as well. > Manual creation would be helpful too. > > Sent from my iPhone > > On Jun 28, 2013, at 12:41 PM, Jason Frisvold <xenophage@godshell.com> wrote: > >> Greetings, >> >> With our current NAC system we can manually add new devices via the >> GUI. We're able to add the MAC of the device, the role it should be in, >> and a description. The description is incredibly useful for identifying >> devices quickly. >> >> This doesn't appear to be possible in PF 4.0.1, though there is the CLI >> method for adding a node, albeit without a description. What would it >> take to have this functionality added to PF? >> >> Thanks, >> >> -- >> --------------------------- >> Jason 'XenoPhage' Frisvold >> xenophage@godshell.com >> --------------------------- >> >> "Any sufficiently advanced magic is indistinguishable from technology.\" >> - Niven's Inverse of Clarke's Third Law >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Windows: >> >> Build for Windows Store. >> >> http://p.sf.net/sfu/windows-dev2dev [^] >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users [^] > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev [^] > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users [^] ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev [^] _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users [^]
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1694	[PacketFence] web admin	minor	always	2013-08-19 15:22	2013-08-20 08:51
Reporter:	muhlig	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.4
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	cff7c1426c2dc8f760134afd4226b53badb5c87e
fixed in mtn revision:
Summary:	pre-registration confirmation mail - %s not replaced by domain name
Description:	There is a message in PacketFence: msgid "%s: Guest access confirmed!" which is used as a subject of confirmation mail in case of pre-registration. A guest receives this mail, but in the subject "%s" is not replaced by domain name of PacketFence system. It's worth noting all the other mails from PacketFence have "%s" correctly replaced - just this one particular mail has this issue.
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003421) muhlig    2013-08-20 02:32	Fix: /usr/local/pf/html/captive-portal/email_activation.cgi line 113 is 'subject' => i18n("%s: Guest access confirmed!", $Config{'general'}{'domain'}), should be 'subject' => i18n_format("%s: Guest access confirmed!", $Config{'general'}{'domain'}),

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1681	[PacketFence] captive portal	major	always	2013-08-13 09:13	2013-08-19 20:56
Reporter:	Sylvain	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.5
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	a0cc0dae4aaa30f4ef2247a06df0f556b32469fb
fixed in mtn revision:
Summary:	Guest registration page doesn't show any submit button
Description:	Version 4.0.5-2 That's quite simple : the guest registration page doesn't show any submit button. Tried filling fields and scroll the "use policy", but didn't help. Please find a screenshot attached. Best regards, Sylvain
Steps To Reproduce:
Additional Information:
Attached Files:	screenshot.png (198,895) 2013-08-13 09:13 https://www.packetfence.org/bugs/file_download.php?file_id=183&type=bug

Notes
(0003394) francis    2013-08-13 09:16	Is there a registration/external authentication source associated to your default portal profile?
(0003396) Sylvain    2013-08-13 09:48	No, actually I forgot to mention this page displays because of this bug : http://www.packetfence.org/bugs/view.php?id=1683 [^] And I cannot edit the sources of the portal profiles because of this one : http://www.packetfence.org/bugs/view.php?id=1682 [^]
(0003419) Sylvain    2013-08-19 11:00	After solving http://www.packetfence.org/bugs/view.php?id=1682, [^] [^] I can say it happens only when no authentication source is selected. Therefore the problem was caused by bug 1682. Here, there's no important problem (it works fine if you have selected a source), but we can think about the behaviour of the captive portal when no authentication source is selected. Severity can be decreased.
(0003420) francis    2013-08-19 11:06	I've already improved the Web page when no source is selected on the default portal profile : https://github.com/inverse-inc/packetfence/commit/131496903ad30fa19341197c4b660f07f9d2a594#L3R53 [^] (With no source specified, all internal sources will be used.) And there's already at least one internal source: the "local" SQL source.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1690	[PacketFence] web admin	major	always	2013-08-17 03:49	2013-08-17 21:47
Reporter:	muhlig	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.4
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	a08b5b63bba1504a29894617f45632dec737971d
fixed in mtn revision:
Summary:	duration missing from Guest Network Access Information mail
Description:	Mail excerpt: This username and password will be valid starting 2013-08-18. Once authenticated the access will be valid for . So, duration is missing from the line although registration window is defined for guest from 2013-08-18 to 2013-08-22.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1691	[PacketFence] web admin	major	always	2013-08-17 04:02	2013-08-17 21:02
Reporter:	muhlig	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.4
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	5a18b25f56cde34cceef32c402e78af550544275
fixed in mtn revision:
Summary:	unable to add/edit user telephone number
Description:	Display admin/users page. Click user. There is no form field for Telephone.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1692	[PacketFence] web admin	minor	sometimes	2013-08-17 04:05	2013-08-17 20:58
Reporter:	muhlig	Platform:
Assigned To:	francis	OS:
Priority:	normal	OS Version:
Status:	resolved	Product Version:	4.0.4
Product Build:		Resolution:	fixed
Projection:	none
ETA:	none	Fixed in Version:	4.0.6
		Target Version:
fixed in git revision:	8c3b78a95504bc8aac808861ed1c66c5f584c994
fixed in mtn revision:
Summary:	user display: ERROR: Use of uninitialized value in concatenation
Description:	Display admin/users page. Click user. If some fields aren't filled, packetfence.log shows: Aug 17 10:02:38 httpd.admin(0) ERROR: Use of uninitialized value in concatenation (.) or string at /usr/local/pf/html/pfappserver/lib/pfappserver/Form/Widget/Field/Span.pm line 28.
Steps To Reproduce:
Additional Information:
Attached Files:

There are no notes attached to this issue.

View Issue Details
ID:	Category:	Severity:	Reproducibility:	Date Submitted:	Last Update:
1684	[PacketFence] scanning	major	always	2013-08-13 11:02	2013-08-13 11:02
Reporter:	Sylvain	Platform:
Assigned To:		OS:
Priority:	normal	OS Version:
Status:	new	Product Version:	4.0.1
Product Build:		Resolution:	open
Projection:	none
ETA:	none	Fixed in Version:
		Target Version:
fixed in git revision:
fixed in mtn revision:
Summary:	OpenVAS - "Bogus command name" when creating escalator
Description:	It occurs under version 4.0.1, but I couldn't test under 4.0.5 because of some other bugs (which aren't related to this one). As i didn't see anything either in changelogs and in issues reported... here it is. This happen when launching a OpenVAS scan. Right after registration, the pre-configured "System Scan" violation (1200001) is triggered. The captive portal tells that scan is in progress. Once the progress bar is filled, it tells that the machine is still being scanned since a given hour. It will keep telling that (and here the problem begins). In packetfence.log can be found: There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator) The scanned machine can be sent to the default vlan, by acknowledging the "System Scan" violation (1200001), as expected. But of course bypassing scan is not the best approach ;) Here is the whole relevant output from packetfence.log: Aug 09 17:05:30 release.pm(0) INFO: scanning 192.168.1.1 by calling /usr/local/pf/bin/pfcmd schedule now 192.168.1.1 1>/dev/null 2>&1 (pf::web::release::handler) Aug 09 17:05:30 release.pm(0) INFO: violation for mac aa:bb:cc:dd:ee:ff vid 1200001 modified (pf::violation::violation_modify) Aug 09 17:05:33 pfcmd.pl(10765) INFO: New ID generated: 137606073317f486 (pf::util::generate_id) Aug 09 17:05:36 pfcmd.pl(10765) INFO: Instantiate a new vulnerability scanning engine object of type pf::scan::openvas. (pf::scan::instantiate_scan_engine) Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan target named 137606073317f486 for host 192.168.1.1 (pf::scan::openvas::createTarget) Aug 09 17:05:36 pfcmd.pl(10765) INFO: Scan target named 137606073317f486 successfully created with id: 0162c1eb-e374-4e39-8e16-faddab0d58e9 (pf::scan::openvas::createTarget) Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan escalator named 137606073317f486 (pf::scan::openvas::createEscalator) Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator) Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan task named 137606073317f486 (pf::scan::openvas::createTask) Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan task named 137606073317f486, here's the output: <create_task_response status="400" status_text="Bogus element: escalator"></create_task_response> (pf::scan::openvas::createTask) Aug 09 17:05:36 pfcmd.pl(10765) INFO: Starting scan task named 137606073317f486 (pf::scan::openvas::startTask) Aug 09 17:05:37 pfcmd.pl(10765) WARN: There was an error starting the scan task named 137606073317f486, here's the output: <start_task_response status="404" status_text="Failed to find task ''"></start_task_response> (pf::scan::openvas::startTask) Best regards, Sylvain
Steps To Reproduce:
Additional Information:
Attached Files:

Notes
(0003402) Sylvain    2013-08-13 11:02	In the report above I only wrote about SNMP linkUp/Down VLAN enforcement and "standard" registration. I was initially testing with 802.1x auto-registration and enforcement, but couldn't get any information about the problem. Actually when using 802.1x there were no log about the failed OpenVAS scan. I have gathered informations about this lack of log, should I post them here or in a separate ticket ?

View Issue Details