View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1870 [PacketFence] web admin minor always 2015-03-03 13:44 2015-03-04 15:05
Reporter: ae3 Platform: Linux  
Assigned To: lmunro OS: RHEL / CentOS  
Priority: low OS Version: 6  
Status: confirmed Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Web admin page for switches has phantom second page
Description: (This applies to PF 4.6.1, which isn't in the picklist yet.)
When PF has exactly 25 switches defined, the web admin switches page adds footer links for a second page of switches. Advancing to page 2 displays a blank space where switches should be listed, along with a button to add another switch. Deleting a switch (switch count 24) properly displays only one page again.
Steps To Reproduce: Create exactly 25 switches in PF 4.6.1, look at bottom of screen for link to second page.
Additional Information: I realize that this is mostly cosmetic, but figured that I should report it since I just spotted the problem.
System Description
Attached Files:
Notes
(0003978)
lmunro   
2015-03-04 15:05   
Bug reproduced.
We'll see to it that it gets fixed.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1826 [PacketFence] IDS crash sometimes 2014-09-26 02:30 2015-03-04 12:11
Reporter: irish.cadague Platform: Linux  
Assigned To: lmunro OS: RHEL / CentOS  
Priority: high OS Version: 6  
Status: resolved Product Version: 4.2.2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Snort suddenly not starting but after a variable spelling change, it works.
Description: Snort suddenly not working after a packetfence service restart. On /var/log/messages, it shows that it has a problem on a variable $DNS_SERVERS and When I run the cat /var/log/messages and got FATAL Error on snort as shown below:
 
   Sep 25 13:00:05 spfcn01 snort[26763]: FATAL ERROR: /usr/local/pf/conf/snort/emerging-trojan.rules(143) Undefined variable in the string: $DNS_SERVERS.
 
and the I run cat /usr/local/pf/conf/snort.conf and edit the:
 
    var DNS_SERVERS [%%dnsservers%%]
 
and changed to:
 
   var DNS_SERVERS [%%dns_servers%%]
 
and then restarted again the packetfence and the result, snort service is now running.
Steps To Reproduce: I think a constant restart of PAcketfence service.
Additional Information:
System Description
Attached Files: for PF.JPG (96,434) 2014-09-26 02:30
https://www.packetfence.org/bugs/file_download.php?file_id=217&type=bug
jpg
Notes
(0003972)
lmunro   
2015-03-04 12:11   
Issue has been fixed in later releases.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1829 [PacketFence] doc minor always 2014-10-08 09:51 2015-03-04 12:10
Reporter: ae3 Platform: All  
Assigned To: lmunro OS: All  
Priority: normal OS Version: All  
Status: acknowledged Product Version: 4.4.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Admin Guide 4.4.0 clarification on paper pages 31-32
Description: On paper pages 31-32 (PDF pages 35-36), there seems to be confusion in the sample command line text boxes:

For Centos/RHEL:

(box)
# usermod -a -G wbpriv pf
(/box)

Finally, start winbind, and test the setup using ntlm_auth and radtest:

(box)
# service winbind start
# chkconfig --level 345 winbind on
(/box)


For Debian and Ubuntu:

(box)
# usermod -a -G winbindd_priv pf
# ntlm_auth --username myDomainUser
# radtest -t mschap -x myDomainUser myDomainPassword localhost:18120 12
 testing123
 Sending Access-Request of id 108 to 127.0.0.1 port 18120
 User-Name = "myDomainUser"
 NAS-IP-Address = 10.0.0.1
 NAS-Port = 12
 Message-Authenticator = 0x00000000000000000000000000000000
 MS-CHAP-Challenge = 0x79d62c9da4e55104
 MS-CHAP-Response =
 0x000100000000000000000000000000000000000000000000000091c843b420f0dec4228ed2f26bff07d5e49ad9a2974229e5
 rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108,
 length=20
(/box)

When following this through for CentOS/RHEL, you do not do the ntlm_auth or radtest tests...since it is only in the Debian/Ubuntu textbox!!!

ASSuming that the service and chkconfig work the same under Debian/Ubuntu (which I have personally never used), this order seems to make sense to me:

For Centos/RHEL:

(box)
# usermod -a -G wbpriv pf
(/box)

For Debian and Ubuntu:

(box)
# usermod -a -G winbindd_priv pf
(/box)

Start winbind:

(box)
# service winbind start
# chkconfig --level 345 winbind on
(/box)

Finally, test the setup using ntlm_auth and radtest:

(box)
# ntlm_auth --username myDomainUser
# radtest -t mschap -x myDomainUser myDomainPassword localhost:18120 12
 testing123
 Sending Access-Request of id 108 to 127.0.0.1 port 18120
 User-Name = "myDomainUser"
 NAS-IP-Address = 10.0.0.1
 NAS-Port = 12
 Message-Authenticator = 0x00000000000000000000000000000000
 MS-CHAP-Challenge = 0x79d62c9da4e55104
 MS-CHAP-Response =
 0x000100000000000000000000000000000000000000000000000091c843b420f0dec4228ed2f26bff07d5e49ad9a2974229e5
 rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108,
 length=20
(/box)
Steps To Reproduce: Open manual, bang head against wall. :-)
Additional Information: Maybe I'm mis-reading the page, but the suggested order above seems proper at least from the CentOS/RHEL perspective.
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1841 [PacketFence] upstream minor have not tried 2014-10-30 09:37 2015-03-04 12:05
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: assigned Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Issue with Nessus and Net::Nessus::XMLRPC
Description: Some issues with Net::Nessus::XMLRPC upstream module may prevent Nessus scan succeed.

Impacts:
- Issue with SSL communication when a self-signed certificate is being used between PacketFence and the Nessus server (https)
- Issue when trying to export the report

Patch have been submitted but never merged.
Steps To Reproduce:
Additional Information: See the following bug: https://rt.cpan.org/Public/Bug/Display.html?id=78274 [^]

Hi,
i am using Net-Nessus-XMLRPC in the PacketFence project and i need nbe
export. So i write the function to export in nbe format and in csv
format too.
For SSL i just add ssl_opts => { verify_hostname => 0 } to remove the
SSL problem.

Regards
Fabrice Durand

diff -ruN Net-Nessus-XMLRPC-0.30.ori/lib/Net/Nessus/XMLRPC.pm Net-Nessus-XMLRPC-0.30/lib/Net/Nessus/XMLRPC.pm
--- Net-Nessus-XMLRPC-0.30.ori/lib/Net/Nessus/XMLRPC.pm 2010-05-21 12:16:45.000000000 -0400
+++ Net-Nessus-XMLRPC-0.30/lib/Net/Nessus/XMLRPC.pm 2012-07-09 10:09:53.795285182 -0400
@@ -126,10 +126,16 @@
 =cut
 sub nessus_http_request {
     my ( $self, $uri, $post_data ) = @_;
- my $ua = $self->{_ua};
- # my $ua = LWP::UserAgent->new;
+ #my $ua = $self->{_ua};
+ my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
     my $furl = $self->nurl.$uri;
- my $r = POST $furl, $post_data;
+ my $r ='';
+ if (not defined($post_data)) {
+ $r = GET $furl;
+ }
+ else {
+ $r = POST $furl, $post_data;
+ }
     my $result = $ua->request($r);
     # my $filename="n-".time; open (FILE,">$filename");
     # print FILE $result->as_string; close (FILE);
@@ -941,6 +947,50 @@
     return $file;
 }
 
+=head2 report_filenbe_download ($report_id)
+
+returns NBE report identified by $report_id (Nessus NBE)
+=cut
+sub report_filenbe_download {
+ my ( $self, $uuid ) = @_;
+
+ my $post=[
+ "token" => $self->token,
+ "report" => $uuid,
+ ];
+
+ my $get = $self->nessus_http_request("file/xslt/?report=".$uuid."&xslt=nbe.xsl&token=".$self->token);
+ sleep 10;
+ if($get =~ /<meta http-equiv="refresh" content="5;url=\/(.*)"/) {
+ my $file = $self->nessus_http_request($1."&token=".$self->token."&step=2");
+ return $file;
+ }
+
+ return $get;
+}
+
+=head2 report_filecsv_download ($report_id)
+
+returns CSV report identified by $report_id (Nessus CSV)
+=cut
+sub report_filecsv_download {
+ my ( $self, $uuid ) = @_;
+
+ my $post=[
+ "token" => $self->token,
+ "report" => $uuid,
+ ];
+
+ my $get = $self->nessus_http_request("file/xslt/?report=".$uuid."&xslt=csv.xsl&token=".$self->token);
+ sleep 10;
+ if($get =~ /<meta http-equiv="refresh" content="5;url=\/(.*)"/) {
+ my $file = $self->nessus_http_request($1."&token=".$self->token."&step=2");
+ return $file;
+ }
+
+ return $get;
+}
+
 =head2 report_delete ($report_id)
 
 delete report identified by $report_id
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1851 [PacketFence] web admin feature always 2015-01-13 10:05 2015-03-04 12:04
Reporter: tristanrhodes Platform: All  
Assigned To: lmunro OS: All  
Priority: low OS Version: All  
Status: acknowledged Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: When creating "Routed Networks" provide default values for DHCP leases
Description: When creating a routed network, users are forced to specify DHCP lease times:

Default Lease Time:

Max Lease Time:

Most people will have no idea what values are good for this, so please provide default values. If someone wants a different value, it is very simple to change.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003631)
tristanrhodes   
2015-01-13 10:12   
While you are working on this, please also display the type of unit for lease times.

I am pretty sure this is expecting "seconds", but that needs to be obvious to the users.

Thanks!





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1857 [PacketFence] web admin feature always 2015-01-13 12:16 2015-03-04 11:30
Reporter: tristanrhodes Platform: All  
Assigned To: lmunro OS: All  
Priority: normal OS Version: All  
Status: acknowledged Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Add the ability to detect the switch type using SNMP
Description: Admins want a simple way to deploy Packetfence, with the least tweaking necessary to make it work. One way to accomplish this is to auto-detect the type of switch, based on SNMP response. (I believe this is similar to how "Uplink" and "VOIP" detection works.)

Packetfence should send an snmpget of 1.3.6.1.2.1.1.2.0 to the switch. This will return the sysOID of the switch. This number can then be looked up in a table that maps sysOID to device type. (There are several open source tools like (www.nedi.ch) and Observium.org that already have this table.)

Now Packetfence knows what kind of switch it is talking to, without required the admin to specify the type.

http://www.alvestrand.no/objectid/1.3.6.1.2.1.1.2.html [^]
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003632)
tristanrhodes   
2015-01-13 18:22   
Here is one public table of these values:

http://discovery.bmc.com/confluence/display/Configipedia/List+of+discoverable+network+devices [^]
(0003968)
lmunro   
2015-03-04 11:30   
Interesting point.
We'll consider it in a future release.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1842 [PacketFence] hardware modules minor always 2014-11-04 11:47 2015-03-04 11:28
Reporter: ae3 Platform: All  
Assigned To: lmunro OS: All  
Priority: normal OS Version: All  
Status: acknowledged Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Implement RADIUS de-authentication for Meru Wireless Controllers
Description: Per a post to the PF-users list by Tim DeNike on 6 March 2014, Meru has added RADIUS de-auth to their firmware starting with System Director 5.3.x. He even posted sample code to use the feature, which I can't use since the directory structure appears to have changed with PF 4.5. Long story short, the existing module keeps telling us to pressure the vendor to implement RADUIS de-auth. We have done our part. Tag, you're it... :-)
Steps To Reproduce:
Additional Information: Tim's email to packetfence-users:

Date: March 6, 2014 at 10:20:46 AM EST
From: Tim DeNike <tim.denike@mcc.edu>
To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Per SSID VLAN - Meru Networks
Reply-To: <packetfence-users@lists.sourceforge.net>

Actually, looking through the code, no patch will be required for MAC-based SSID evaluation, its already there and should work (It already does with 802.1x)

We are on SD 5.3.xyz right now and RADIUS deauth does work.

Drop this in a file called /usr/local/pf/lib/pf/SNMP/Meru/MC_MCC.pm

Minus the cut lines obviously. In switch config, you'll have the option for Meru MC_MCC. It will do radius de-auths instead of the Telnet/SSH method. Much faster, much lighter weight.


^^^^^^^^^^^^^CUT^^^^^^^^^^^

package pf::SNMP::Meru::MC_MCC;

=head1 NAME

pf::SNMP::Meru::MC_MCC - Object oriented module to access MC series controllers

=head1 SYNOPSIS

Known to work with RADIUS deauth on System Director 5.3

=head1 STATUS

=cut

use strict;
use warnings;
use Log::Log4perl;

use base ('pf::SNMP::Meru');

sub description { 'Meru MC_MCC' }

sub deauthTechniques {
    my ($this, $method) = @_;
    my $logger = Log::Log4perl::get_logger( ref($this) );
    my $default = $SNMP::RADIUS;
    my %tech = (
        $SNMP::RADIUS => \&deauthenticateMacRadius,
    );

    if (!defined($method) || !defined($tech{$method})) {
        $method = $default;
    }
    return $method,$tech{$method};
}
sub deauthenticateMacRadius {
    my ( $self, $mac, $is_dot1x ) = @_;
    my $logger = Log::Log4perl::get_logger( ref($self) );

    if ( !$self->isProductionMode() ) {
        $logger->info("not in production mode... we won't perform deauthentication");
        return 1;
    }

    $logger->debug("deauthenticate $mac using RADIUS Disconnect-Request deauth method");
    return $self->radiusDisconnect($mac);
}
=head1 AUTHOR

Tim DeNike <tim.denike@mcc.edu>

=cut

1;


^^^^^^^^^^^^^CUT^^^^^^^^^^^
System Description
Attached Files:
Notes
(0003967)
lmunro   
2015-03-04 11:28   
Will look into it.
There may now be an even easier way to do this than Tim's code.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1853 [PacketFence] web admin feature always 2015-01-13 10:25 2015-03-04 11:24
Reporter: tristanrhodes Platform:  
Assigned To: lmunro OS:  
Priority: normal OS Version:  
Status: feedback Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Provide the ability to view logs from the web interface
Description: Packetfence has some very useful log files, including "packetfence.log", "radius.log", and others. These files are very helpful in understanding what is happening with Packetfence.

It would be very useful for users to be able to view these logs in the web interface. A static view of the file will provide this function. However, a real-time scrolling interface could really help admins understand exactly what happens when they plug in a port.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003966)
lmunro   
2015-03-04 11:24   
We will consider it, but admins might be better served by a dedicated logs interface à la splunk or kibana.
Scrolling logs are useless unless you can filter what scrolls.
That functionality could quickly balloon into it's own product and we may be better off focusing on making logs easily exportable/forwardable.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1858 [PacketFence] web admin feature always 2015-01-13 18:16 2015-03-04 11:20
Reporter: tristanrhodes Platform: All  
Assigned To: OS: All  
Priority: low OS Version: All  
Status: acknowledged Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Display description when adding Triggers to a Violation
Description: "Configuration > Violations > Add > Triggers"
and
"Configuration > Violations > Edit > Triggers"

If the user clicks on the white-space, they currently get a pull-down list of all violations listed solely by violation ID.
For example = Detect::2001664
For example = OS::6

Please add the description to this pull-down list.
For example = Detect::2001664 "P2P (Gnutella)"
For example = OS::6 "Gaming Consoles"

These same descriptions should also be displayed when viewing configured "Triggers". I think it would make sense to have only one entry per line, and to use a scroll-bar if more lines are needed.

Current =
[OS::4] [OS::10] [Detect::1100006] [Detect::1100005]

Proposed =
[OS::4 "Routers and APs"]
[OS::10 "Storage Devices]
[Detect::1100006 "P2P Isolation (snort example)"]
[Detect::1100005 "Browser isolation example"]

Thanks!
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1856 [PacketFence] web admin feature always 2015-01-13 11:45 2015-03-04 11:20
Reporter: tristanrhodes Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Add the ability to test switch credentials (SNMP/CLI/HTTP) from web interface
Description: When adding a switch ("Configuration > Switch") the admin wants to know if Packetfence can talk to the switch.

Add the ability to test the credentials entered:

SNMP
CLI (SSH/TELNET)
HTTP/HTTPS

Provide this type of feedback to the admin:

"Fail: No response from device"
"Fail: Wrong username or password"
"Success"
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1855 [PacketFence] web admin feature always 2015-01-13 11:29 2015-03-04 11:20
Reporter: tristanrhodes Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: When creating a new user, require the password be typed twice to prevent errors
Description: "Users > Create" is used to create new users. There is a password field, but the admin is not required to type the password twice. This can cause issues when the user tries the password and the admin made a typo in this field.

Please add a second password field to confirm the entry.

(Note: This is already being done on the "Reset Password" function, when editing a user.)
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1854 [PacketFence] web admin feature always 2015-01-13 10:32 2015-03-04 11:20
Reporter: tristanrhodes Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Add the ability to manage SSL cert from web interface
Description: Packetfence can use HTTPS for web admin and for captive portals.

For production systems, admins need to provide a real SSL certificate. For non-Linux admins, this can be a difficult process.

Please add the ability to manage SSL cert from web interface. This can involve generating keys and CSR, and then allowing SSL certs to be upload or pasted.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1852 [PacketFence] web admin feature always 2015-01-13 10:16 2015-03-04 11:20
Reporter: tristanrhodes Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Add the ability to send a "Test" email from the web interface
Description: "Configuration > Alerting" is where users configure the email settings for alerts. However, there is no way to know if they set things up right.

Please provide a "Send Test Email" button that will do this.

(There is a similar function already provided under "Sources" for testing LDAP.)
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1850 [PacketFence] web admin feature always 2015-01-12 18:34 2015-03-04 11:20
Reporter: tristanrhodes Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: acknowledged Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Show MAC addresses of Packetfence interfaces in web interface
Description: When Packetfence is deployed in VMware (or other virtualized environment) the interfaces are given arbitrary names "Network Adapter 1". These names may or may not line up with Operating system names like "eth0".

It would be helpful if the web-interface displayed the MAC address of the interfaces of Packetfence in the "Configuration > Network > Interfaces" page.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1849 [PacketFence] web admin feature always 2015-01-12 16:16 2015-03-04 11:20
Reporter: tristanrhodes Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: acknowledged Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: The web interface needs to add a "confirm" step in many areas
Description: In many places in the web interface you can delete items with a single click; there is no confirmation. This means than a mistaken click can easily delete something you did not want to delete. This is even worse when the delete button is right next to another button, like the "Clone" button.

This problem exists in many areas, including:

Nodes > Delete
Switches > Delete
Status > Services > Restart (not deleting, but still needs confirmation)
Admin Roles > Delete
Floating devices > Delete
Firewall SSO > Delete
User Provisioners > Delete

Areas that do this correctly:

Portal Profiles
User Roles
User Sources
Violations

Please add a pop-up "Confirm" step to the problem areas listed above (and anything similar).
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1848 [PacketFence] doc feature always 2015-01-12 16:00 2015-03-04 11:20
Reporter: tristanrhodes Platform: All  
Assigned To: OS: All  
Priority: low OS Version: All  
Status: acknowledged Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Change docs to recommend using "spanning-tree portfast" or similar technology
Description: I set up my first Packetfence install on a lab switch following the Packetfence documentation:

http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-4.5.1.pdf [^]

"On each interface:

switchport mode access
authentication order mab
authentication port-control auto
mab
dot1x pae authenticator"

I was using mac address bypass only, and my MacBook would give up on DHCP and self-assign 169.254.x.x address. In order to prevent this, we need to add one more command to each interface:

"spanning-tree portfast"

I recommend adding this to all your port configs, including the corresponding command for other switch vendors.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1145 [PacketFence] core feature N/A 2010-12-21 15:27 2015-03-04 11:18
Reporter: fgaudreault Platform:  
Assigned To: lmunro OS:  
Priority: low OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: long-term  
fixed in git revision:
fixed in mtn revision:
Summary: IPv6 Support
Description: Since we all know that it's inevitable IPv6 will come into real production soon (well in 2 to 5 years), I guess it would be a wise idea to start looking at it, just to be ahead of the wave.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002475)
obilodeau   
2011-12-21 13:52   
places needing fixing:
pf::config's _fetch_virtual_ip()
(0002486)
chiwawa_42   
2011-12-29 08:32   
required IPv6 feature set :
- Implement NDP / RA filtering on switches supporting PACL but not RA-Guard (RFC 6105)
- Use NDPMon (similar to ARPWatch) for monitoring
- Enforce loose (counter-RA) or strict (+port shutdown) policy on rogue-RA detection
- Implement DHCPv6 snooping and/or stateless option server (coupled to 802.1x auth process)
- OS validation for IPv6 capabilities to eventually disable IPv6 trafic for incapable hosts (DHCPv6 only on 7 and Lion, RA-flood bug on XP...)
(0003344)
Xen0Phage   
2013-07-22 21:01   
Adding a ping here. IPv6 is a reality for some of us and our NAC solution needs to be v6 aware. Is there a roadmap for v6 support?
(0003493)
neptuneIS   
2014-01-24 11:33   
+1

We are now in active R&D phase for our new network control infrastructure, and pf is our 1st candidate.
However, the lack of ipv6 support is a serious issue for us.

We would be glad to contribute, if there is any ongoing tasks on the subject.
(0003844)
swittst   
2015-02-16 18:29   
Adding my 2cents. Packetfence is our NAC of the future... depending on an IPv6 solution. We've been monitoring and testing Packetfence since Dec. '09, the regular feature development work has been impressive. The lack of IPv6 information though is a head scratcher. IPv6 is gaining serous momentum in North America, now that the IPv4 space has been exhausted.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1704 [PacketFence] guests major always 2013-09-03 07:32 2015-02-18 11:27
Reporter: maikel Platform:  
Assigned To: jrouzier OS:  
Priority: normal OS Version:  
Status: assigned Product Version: 4.0.5  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Guest expiration is not set using the temporary_password method
Description: The default 31D expatiation of the password is never set in 4.0.5 code. It defaults to 0000-00-00 00:00:00

This makes the guest authentication per email fail, since it requires the expatriation date.

commenting the function in temporary_password.pm at line 309
    _update_field_for_action(
        $data,$actions,'expiration',
        'expiration',"0000-00-00 00:00:00"
    );

in temporary password.pm fixxes this issue and sets the default of 31 days
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003437)
francis   
2013-09-04 15:06   
How do you create your users?

When you use the Web admin interface, the hardcoded default expiration of 31 days will never be used simply because the expiration must be specified when submitting the form.

Notice that what is called the "expiration" is the end date of the registration window.
(0003438)
maikel   
2013-09-05 11:33   
Users are created using the self registration method. Thats using a custom code block though to set the userid to the swich alias command.

So the user is actually succesfully added using the /activate/email cgi code

There indeed this is not set in the field thus not send. Noticed the only way to get the hardcoded 31D in there to remove the update_field_for_action code. Else the experation is not set





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1868 [PacketFence] configuration feature always 2015-02-17 22:47 2015-02-18 10:24
Reporter: ah27 Platform: Linux  
Assigned To: jsemaan.inverse OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: assigned Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Netgear M Series module does not handle up/down SNMP traps
Description: There is no handling of up/down traps on the Netgear M Series module.

When it receives the trap, the following is written to the log:

Feb 17 19:33:29 pfsetvlan(12) WARN: SNMP trap handling not implemented for this type of switch. (pf::Switch::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 670.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string ne at /usr/local/pf/sbin/pfsetvlan line 678.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 689.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 698.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 709.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 713.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 716.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 719.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $switch_port in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(1) WARN: unable to parse trapLine.. here's the line: 10.100.6.30||||||||| (main::startTrapHandlers)
Feb 17 19:33:29 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Feb 17 19:33:29 pfsetvlan(1) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:29 pfsetvlan(1) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:29 pfsetvlan(1) INFO: trap received on (10.100.6.30) ifindex which is not ethernetCsmacd (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:29 pfsetvlan(1) INFO: doWeActOnThisTrap returns false. Stop handling (main::handleTrap)
Feb 17 19:33:29 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
Feb 17 19:33:39 pfsetvlan(13) WARN: SNMP trap handling not implemented for this type of switch. (pf::Switch::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 670.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string ne at /usr/local/pf/sbin/pfsetvlan line 678.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 689.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 698.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 709.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 713.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 716.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 719.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $switch_port in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(3) WARN: unable to parse trapLine.. here's the line: 10.100.6.30||||||||| (main::startTrapHandlers)
Feb 17 19:33:39 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Feb 17 19:33:39 pfsetvlan(3) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:39 pfsetvlan(3) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:39 pfsetvlan(3) INFO: trap received on (10.100.6.30) ifindex which is not ethernetCsmacd (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:39 pfsetvlan(3) INFO: doWeActOnThisTrap returns false. Stop handling (main::handleTrap)
Feb 17 19:33:39 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)

For reference, here is the up trap it received:

2015-02-17|03:41:46|UDP: [10.100.6.30]:33669->[10.100.16.108]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (661683) 1:50:16.83|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1|.1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1) END VARIABLEBINDINGS

and the down trap:

2015-02-17|03:42:30|UDP: [10.100.6.30]:33669->[10.100.16.108]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (666103) 1:51:01.03|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.3|.1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1|.1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: down(2) END VARIABLEBINDINGS

These were both when working on port 1
Steps To Reproduce: -Enable link up/down traps on switch
-Plug/unplug device from port
Additional Information: This is also affecting the ability to use the location log and delete old devices on M-Series devices never close out the line for locations and show offline.

I've attached an image of what the location log looks like for this in the web interface.
System Description
Attached Files: locationlog.jpg (62,948) 2015-02-17 22:47
https://www.packetfence.org/bugs/file_download.php?file_id=221&type=bug
jpg
Notes
(0003845)
fdurand   
2015-02-18 10:24   
(edited on: 2015-02-18 10:24)
Hello,

can you add:

=item parseTrap

=cut

sub parseTrap {
    my ( $this, $trapString ) = @_;
    my $logger = Log::Log4perl::get_logger(__PACKAGE__);

    my $trapHashRef;

    # link up/down traps
    if ( $trapString =~
            /BEGIN\ VARIABLEBINDINGS\ [^|]+[|]\.
            1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 # SNMP notification
            \ =\ OID:\ \.
            1\.3\.6\.1\.6\.3\.1\.1\.5\.([34]) # link UP(4) DOWN(3) trap
            \|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) # ifIndex
            /x ) {
        $trapHashRef->{'trapType'} = ( ( $1 == 3 ) ? "down" : "up" );
        $trapHashRef->{'trapIfIndex'} = $2;
    }
    # unhandled traps
    else {
        $logger->debug("trap currently not handled");
        $trapHashRef->{'trapType'} = 'unknown';
    }

    return $trapHashRef;
}

in /usr/local/pf/lib/pf/Switch/Netgear/MSeries.pm

and restart pfsetvlan ?
Regards
Fabrice





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1864 [PacketFence] hardware modules minor have not tried 2015-02-08 18:06 2015-02-17 11:14
Reporter: bwd_helpdesk Platform: All  
Assigned To: fdurand OS: All  
Priority: normal OS Version: All  
Status: resolved Product Version: 4.5.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Compatibility of HP Access Points
Description: Hi Packetfence,

I ned to confirm what AP's are supported for HP Procurve. On the product support page it only states HP procurve, nothing else. DOes this mean all models are supported?

At present we are looking at: HP 425 Wireless Dual Radio 802.11n (WW)
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003650)
fdurand   
2015-02-09 09:14   
Hello,
with HP Access Point you need a controller like a MSM760 to be able to deauth a device.
Regards
Fabrice
(0003651)
bwd_helpdesk   
2015-02-09 17:59   
Thanks for that confirmation, on the supported devices webpage it mentions there are 2 ways in which to use packetfence:

One where a controller handles the Access Points (AP) and one where AP act individually.

"HP Procurve" is listed on the access point support section. Could you please confirm what AP's you support directly without a controller?

Additionally can you confirm if there needs to be switch support as well - or only AP support for WIFI control?
(0003652)
fdurand   
2015-02-09 20:44   
I can´t confirm exactly a list of access point that are supported without controller, we don´t have all the HP AP available at work.

In out of band mode we need to have a way to reevaluate the device access (per example after the registration on the portal) by disassociating the device to have a new radius request. The HP controller offer that with snmpwrite , xml api or ssh. Standalone AP allow to disassociate the device with cli (sometimes) so to verify if the AP is supported by PacketFence then try to connect with ssh and try to launch 'disassociate wireless client @mac' if it works then the AP is supported.

Regards
Fabrice





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1863 [PacketFence] web admin minor always 2015-02-02 16:58 2015-02-03 16:01
Reporter: tristanrhodes Platform:  
Assigned To: jsemaan.inverse OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.5.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Trying to "Share unknown fingerprints" and got "Error! An error condition has occured. See server side logs for details."
Description: httpd.admin.log shows this:

Feb 02 16:57:21 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:23 httpd.admin(12447) ERROR: Caught exception in pfappserver::Controller::Configuration::Fingerprints->upload "Undefined subroutine &pfappserver::Controller::Configuration::Fingerprints::uri_escape called at /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm line 80." (pfappserver::Controller::Root::end)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003643)
ludovic   
2015-02-02 19:55   
If it's an easy fix, let's include it in 4.6.
(0003644)
jsemaan.inverse   
2015-02-02 20:03   
Yes I'll also push it to the maintenance.
Should be done tomorrow.
(0003645)
jsemaan.inverse   
2015-02-03 08:46   
Has been fixed in both maintenance/4.5 and devel

maintenance/4.5 : c66335e05543b0849f9ebb8ee14102ab5873fdba
devel : 9b4b827d9b30792532cad5ebf3a18d9db547e4a9

You can have this patch on 4.5 by running /usr/local/pf/addons/pf-maint.pl

Thanks!
(0003646)
tristanrhodes   
2015-02-03 13:45   
I got an error (see below). Did I update correctly?

[root@PacketFence-ZEN-4-5 pf]# /usr/local/pf/addons/pf-maint.pl
Currently at 566d2e3094e0c4375b53700ce47b67e5087de93f
** GET https://api.github.com/repos/inverse-inc/packetfence/branches/maintenance/4.5 [^] ==> 200 OK
Latest maintenance version is c66335e05543b0849f9ebb8ee14102ab5873fdba
** GET https://api.github.com/repos/inverse-inc/packetfence/compare/566d2e3094e0c4375b53700ce47b67e5087de93f...c66335e05543b0849f9ebb8ee14102ab5873fdba [^] ==> 200 OK (1s)

The following are going to be patched
  conf/chi.conf.example
  conf/radiusd/sql.conf.example
  html/captive-portal/lib/captiveportal.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm
  html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm
  html/captive-portal/lib/captiveportal/PacketFence/View/HTML.pm
  html/captive-portal/lib/captiveportal/Role/Request.pm
  html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm
  html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm
  html/pfappserver/lib/pfappserver/Model/Node.pm
  html/pfappserver/lib/pfappserver/Model/Search/Node.pm
  html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm
  lib/pf/Authentication/Source.pm
  lib/pf/Authentication/Source/LDAPSource.pm
  lib/pf/CHI.pm
  lib/pf/Switch/Cisco/Catalyst_2950.pm
  lib/pf/activation.pm
  lib/pf/api.pm
  lib/pf/config.pm
  lib/pf/radius.pm
  lib/pf/services/manager/httpd.pm
  lib/pf/services/manager/pfdhcplistener.pm
  lib/pf/vlan.pm
  lib/pf/web/externalportal.pm
  sbin/pfdhcplistener
  sbin/pfsetvlan
  t/data/authentication.conf
  t/ldap-auth-cache.t

Continue y/n [y]: y
Downloading the patch........
** GET https://github.com/inverse-inc/packetfence/compare/566d2e3094e0c4375b53700ce47b67e5087de93f...c66335e05543b0849f9ebb8ee14102ab5873fdba.diff [^] ==> 200 OK (1s)
Applying the patch........
patching file conf/chi.conf.example
patching file conf/radiusd/sql.conf.example
patching file html/captive-portal/lib/captiveportal.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/View/HTML.pm
patching file html/captive-portal/lib/captiveportal/Role/Request.pm
patching file html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm
patching file html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm
patching file html/pfappserver/lib/pfappserver/Model/Node.pm
patching file html/pfappserver/lib/pfappserver/Model/Search/Node.pm
patching file html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm
patching file lib/pf/Authentication/Source.pm
patching file lib/pf/Authentication/Source/LDAPSource.pm
patching file lib/pf/CHI.pm
patching file lib/pf/Switch/Cisco/Catalyst_2950.pm
patching file lib/pf/activation.pm
patching file lib/pf/api.pm
patching file lib/pf/config.pm
patching file lib/pf/radius.pm
patching file lib/pf/services/manager/httpd.pm
patching file lib/pf/services/manager/pfdhcplistener.pm
patching file lib/pf/vlan.pm
patching file lib/pf/web/externalportal.pm
patching file sbin/pfdhcplistener
patching file sbin/pfsetvlan
can't find file to patch at input line 990
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git a/t/data/authentication.conf b/t/data/authentication.conf
|index 22bf634..5c83364 100644
|--- a/t/data/authentication.conf
|+++ b/t/data/authentication.conf
--------------------------
File to patch:
(0003647)
jsemaan.inverse   
2015-02-03 13:52   
That's because someone made a mistake of adding a unit test to the maintenance branch. Just press enter twice and it will auto select the best approach (to ignore the file in this case)
(0003648)
tristanrhodes   
2015-02-03 15:41   
After updating and restarting all services, I have success! Thanks!

"Success! Thank you for submitting your fingerprints"
(0003649)
jsemaan.inverse   
2015-02-03 16:01   
You're welcome.

We got them so the whole process works.

Closing





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1844 [PacketFence] configuration block have not tried 2014-11-27 15:15 2015-01-27 20:07
Reporter: Eduardo Pereira Platform: PacketFence-ZEN-4_5_1  
Assigned To: jsemaan.inverse OS: CentOS  
Priority: high OS Version: 6.6  
Status: assigned Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Config CISCO SF300 / SG 300
Description: Hello ...

Installed and configured the server but now I'm having trouble with the models of Switches that have the doubt is there any configuration standard for CISCO equipment - Model SF300, SG300 Small Bussiness?

Read the guide but it only appears routers and switches I have are management.

Thank you ...
Steps To Reproduce:
Additional Information:
System Description
Attached Files: SG300.pm (2,110) 2014-11-28 09:42
https://www.packetfence.org/bugs/file_download.php?file_id=220&type=bug
Notes
(0003610)
ccaaajf   
2014-11-28 05:54   
We've got Packetfence running on Cisco SG300's.
(0003611)
Eduardo Pereira   
2014-11-28 06:10   
Hmmm cool ... but doing a quick survey, across the company more than 90% of switches are SF300 ... and this time looking at the PacketFense settings "Switches" I find the model specific and mainly how to make the PKF -ZEN do the reading, exchange and recording of MIB in this model SF300 therefore questioned whether there is a default setting?
(0003612)
ccaaajf   
2014-11-28 07:24   
we use the type "Cisco Catalyst 2950" if that's what you mean?
(0003613)
jsemaan   
2014-11-28 09:41   
(edited on: 2014-11-28 09:43)
We have an experimental module for the SG300.

I attached it to this ticket.

Place it in /usr/local/pf/lib/pf/Switch/Cisco/ and restart PacketFence

There is no official documentation for the moment but it's only a matter of enabling mac authentication and/or 802.1x and setup the RADIUS server to be PacketFence.
(0003629)
fdurand   
2014-12-22 20:03   
any feedback ?
(0003641)
jsemaan.inverse   
2015-01-27 20:07   
Unless there is a reply in the next week, I'll close this





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1860 [PacketFence] captive portal minor always 2015-01-19 08:51 2015-01-27 10:09
Reporter: repitah Platform: All  
Assigned To: jsemaan.inverse OS: All  
Priority: normal OS Version: All  
Status: assigned Product Version: 4.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Oauth2 methods do not populate User account fields
Description: When registering with Facebook/Google/MicrosoftLive (others untested) account, the user details (names, email, etc) are not captured.
Steps To Reproduce: Log in to the captive portal with a Facebook/Google/Microsoft account that has not previously been used.

Check the newly created user account for the registered device.
Additional Information: Example JSON information received, from /html/captive-portal/lib/captiveportal/PacketFence/ControllerOauth2.pm :: oauth2Result, that can be populated:

Facebook:{"id":"101XXXX5391XXXX17","email":"repXXXX\u0040XXXXil.com","first_name":"myFirstname","gender":"male","last_name":"myLastname","link":"https:\/\/www.facebook.com\/app_scoped_user_id\/101XXXX5391XXXX17\/","locale":"en_GB","name":"myFirstname myLastname","timezone":2,"updated_time":"2014-04-01T14:29:08+0000","verified":true}

Google: {"id": "1104XXXX82237XXXX2302","email": "repXXXX@XXXXil.com", "verified_email": true,"name": "myFirstname myLastname","given_name": "myFirstname", "family_name": "myLastname", "link": "https://plus.google.com/1104XXXX82237XXXX2302", [^] "picture": "https://lh3.googleusercontent.com/URL/to/photo.jpg", [^] "gender": "male"}

Microsoft: {"id": "fa87XXXX16e7XXXX", "name": "myFirstname myLastname", "first_name": "myFirstname", "last_name": "myLastname", "link":"https://profile.live.com/","birth_day": [^] null,"birth_month": null,"birth_year": null,"gender": null,"emails": {"preferred": "repXXXX@XXXXil.com","account": "repXXXX@XXXXil.com","personal": null,"business": null},"phones": {"personal": null,"business": null,"mobile": null},"locale": "en_ZA","updated_time": "2015-01-17T14:00:59+0000"}
System Description
Attached Files:
Notes
(0003636)
jsemaan.inverse   
2015-01-19 09:07   
I'll also do it for LinkedIn + Github.

We'll need to design it properly though.

Will add a link to the Github Pull request once done.
(0003637)
jsemaan.inverse   
2015-01-19 09:09   
I'll extend on the work done in
https://github.com/inverse-inc/packetfence/pull/282 [^]
(0003640)
jsemaan.inverse   
2015-01-27 10:09   
Development work done

See :
https://github.com/inverse-inc/packetfence/pull/319 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1830 [PacketFence] upgrade crash always 2014-10-08 13:13 2014-12-22 20:06
Reporter: pfbug Platform: Linux  
Assigned To: lmunro OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: resolved Product Version: 4.4.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Packetfence does not start after upgrade
Description: After upgrading from packetfence 4.3 to 4.4 via the inverse repository,
the following error message appears when

  /usr/local/pf/bin/pfcmd anyparameter

is executed:

Fatal error preventing configuration to load. Please review your configuration. Error: Sereal: Error in srl_decoder.c line 657 and char 1 of input: Bad Sereal header: Not a valid Sereal document. at /usr/share/perl5/Data/Serializer/Sereal.pm line 51. at /usr/local/pf/lib/pf/config.pm line 394
Compilation failed in require at /usr/local/pf/bin/pfcmd.pl line 84.
BEGIN failed--compilation aborted at /usr/local/pf/bin/pfcmd.pl line 84.

An

  apt-get --reinstall install packetfence

has been tried without success. Additionally,

  rm -fr /usr/local/pf/var/cache/*

has been executed as described in UPGRADE.asciidoc. The sereal Packages are installed:

# dpkg -l | grep sereal
ii libdata-serializer-sereal-perl 1.05-1 all Creates bridge between Data::Serializer and Sereal
ii libsereal-decoder-perl 3.001.003-1 amd64 fast, compact, powerful binary deserialization module
ii libsereal-encoder-perl 3.001.003-1 amd64 fast, compact, powerful binary serializationa module
Steps To Reproduce: Execute

  /etc/init.d/packetfence restart

after the upgrade from Packetfence 4.3.0.
Additional Information:
System Description
Attached Files:
Notes
(0003585)
lmunro   
2014-10-08 13:18   
pkill memcached and restart packetfence.
(0003586)
pfbug   
2014-10-08 16:43   
Thanks a lot, that solved the problem. Perhaps this should be added to the postinstall script?
(0003630)
fdurand   
2014-12-22 20:06   
Cache issue





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1678 [PacketFence] captive portal minor always 2013-08-02 09:13 2014-12-22 20:02
Reporter: KimHagen Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Google oauth redirects back to captive portal before you can select yes/no to allow your site.
Description: On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal.
(or first it will let you do your second-step authentication and then send you back to the captive portal page.)

If you then select the Google oauth again you will get on the page where you can accept your site to have access and if you select yes the network access progress-bar appears and you have access.

So you get 2 times the captive portal before you have access.
For the facebook oauth it is as you expect. (portal, login and then access)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003375)
KimHagen   
2013-08-02 09:15   
This was on an iphone 5 and samsung Galaxy S3
(0003376)
fdurand   
2013-08-02 09:25   
Hello,
it mean that one of the domain your device try to reach is forwarded to packetfence.
So sniff dns traffic between packetfence and your device and add the missing domains in the list of Authorized domains in your google authentication source.

Regards
Fabrice
(0003380)
KimHagen   
2013-08-02 11:42   
(edited on: 2013-08-02 11:46)
Hello,
I did sniff the dns traffic and i see what happens, i do not know if this is suppose to happen.

On iphone i select my wifi profile for packetfence and it opens a captive portal window (which i think always goes to www.apple.com)

I login with the google option, it goes to the google login, then it tries to go to www.apple.com instead of the google "accept this site" site.

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 75 Standard query A ssl.gstatic.com
8.8.8.8 10.0.0.59 DNS 91 Standard query response A 173.194.66.120
10.0.0.59 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.59 DNS 94 Standard query response A 173.194.66.94

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254

10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 67.205.85.245


From an android device you select the wifi, and then go to an url,
in my case www.tweakers.net and you get the captive portal,
i then use google auth and enter username and password.
Then the portal tries to go to www.tweakers.net before it goes to the google acceptance page.

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 67.205.85.245
10.0.0.67 8.8.8.8 DNS 84 Standard query A www.google-analytics.com
8.8.8.8 10.0.0.67 DNS 304 Standard query response CNAME www-google-analytics.l.google.com A 173.194.34.71 A 173.194.34.70 A 173.194.34.66 A 173.194.34.78 A 173.194.34.72 A 173.194.34.73 A 173.194.34.64 A 173.194.34.69 A 173.194.34.68 A 173.194.34.67 A 173.194.34.65
10.0.0.67 8.8.8.8 DNS 76 Standard query A mtalk.google.com
8.8.8.8 10.0.0.67 DNS 121 Standard query response CNAME mobile-gtalk.l.google.com A 173.194.78.188
10.0.0.67 8.8.8.8 DNS 74 Standard query A www.google.com
8.8.8.8 10.0.0.67 DNS 170 Standard query response A 173.194.66.99 A 173.194.66.104 A 173.194.66.147 A 173.194.66.103 A 173.194.66.105 A 173.194.66.106
10.0.0.67 8.8.8.8 DNS 79 Standard query A clients1.google.com
8.8.8.8 10.0.0.67 DNS 279 Standard query response CNAME clients.l.google.com A 173.194.34.78 A 173.194.34.69 A 173.194.34.68 A 173.194.34.71 A 173.194.34.65 A 173.194.34.64 A 173.194.34.67 A 173.194.34.73 A 173.194.34.66 A 173.194.34.70 A 173.194.34.72
10.0.0.67 8.8.8.8 DNS 84 Standard query A productforums.google.com
8.8.8.8 10.0.0.67 DNS 203 Standard query response CNAME groups.l.google.com A 173.194.66.100 A 173.194.66.113 A 173.194.66.139 A 173.194.66.102 A 173.194.66.138 A 173.194.66.101
10.0.0.67 8.8.8.8 DNS 75 Standard query A csi.gstatic.com
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 173.194.32.175
10.0.0.67 8.8.8.8 DNS 73 Standard query A www.google.nl
8.8.8.8 10.0.0.67 DNS 89 Standard query response A 173.194.66.94
10.0.0.67 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.67 DNS 135 Standard query response CNAME accounts-cctld.l.google.com A 173.194.66.94

10.0.0.67 8.8.8.8 DNS 75 Standard query A www.tweakers.nl
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 10.0.3.254

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 10.0.3.254 HTTP 686 GET /access?destination_url=http%3A%2F%2Fwww.packetfence.org%2F HTTP/1.1

It looks like it redirects to the requested url before google acceptance page.

Regards,
Kim
(0003390)
KimHagen   
2013-08-12 06:04   
The problem i had is gone, i think it was because i used inline interface in dns instead of management interface.

Regards,
Kim
(0003616)
delta   
2014-11-29 08:28   
On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal
(0003617)
delta   
2014-11-29 08:28   
can help
(0003628)
fdurand   
2014-12-22 20:02   
Configuration issue





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1845 [PacketFence] captive portal minor always 2014-12-02 12:12 2014-12-17 13:15
Reporter: delta Platform: All  
Assigned To: fdurand OS: All  
Priority: normal OS Version: All  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: packetfence
Description: I'm testing packetfence and get the following error message in
/usr/local/pf/logs/error_log

RSA server certificate CommonName (CN) '127.0.0.1' does not match server
name
thanks
Steps To Reproduce: I'm testing packetfence and get the following error message in
/usr/local/pf/logs/error_log

RSA server certificate CommonName (CN) '127.0.0.1' does not match server
name
thanks
Additional Information: I'm testing packetfence and get the following error message in
/usr/local/pf/logs/error_log

RSA server certificate CommonName (CN) '127.0.0.1' does not match server
name
thanks
System Description
Attached Files:
Notes
(0003618)
delta   
2014-12-02 12:13   
can help
(0003624)
fdurand   
2014-12-17 13:14   
It´s not really an error, it just mean that the selsign certificate doesn´t match the apache fqdn.
Btw apache will run.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1839 [PacketFence] core major always 2014-10-28 08:14 2014-12-17 08:48
Reporter: caralo Platform: Linux  
Assigned To: fdurand OS: Debian  
Priority: high OS Version: 7 (Wheezy)  
Status: resolved Product Version: 4.4.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: 364882d0d75b0191ab3e935db9d9592c11b03721
fixed in mtn revision:
Summary: Re-evaluate access fails with undefined subroutine
Description: After registration in portal, vlan _reevaluation fails when it calls subroutine &pf::api::locationlog_view_open_switchport_no_VoIP
Debian 7 and PF 4.4/4.5

These are the logs:

Oct 27 19:11:42 httpd.portal(21155) INFO: [00:44:54:85:f7:0c] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access)
Oct 27 19:11:42 httpd.portal(21155) INFO: [00:44:54:85:f7:0c] switch port is (10.0.1.4) ifIndex 10040 connection type: Wired SNMP (pf::enforcement::_vlan_reevaluation)
Oct 27 19:11:44 httpd.webservices(3662) ERROR: Undefined subroutine &pf::api::locationlog_view_open_switchport_no_VoIP call
ed at /usr/local/pf/lib/pf/api.pm line 251.
 (pf::WebAPI::JSONRPC::__ANON__)
Oct 27 19:12:21 httpd.portal(3622) INFO: [00:44:54:85:f7:0c] shouldn't reach here. Calling access re-evaluation. Make sure
your network device configuration is correct. (captiveportal::PacketFence::Controller::CaptivePortal::unknownState)
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003602)
fdurand   
2014-10-28 08:29   
Hello,

can you change the line 251 of /usr/local/pf/lib/pf/api.pm to that:
my @locationlog = pf::locationlog::locationlog_view_open_switchport_no_VoIP( $switch->{_id}, $ifIndex );

and also add this function in api.pm:

sub node_determine_and_set_into_VLAN {
    my ( $mac, $switch, $ifIndex, $connection_type ) = @_;

    my $logger = Log::Log4perl->get_logger('pfsetvlan::handling');
    Log::Log4perl::MDC->put( 'tid', threads->self->tid() );

    my $vlan_obj = new pf::vlan::custom();

    my ($vlan,$wasInline) = $vlan_obj->fetchVlanForNode($mac, $switch, $ifIndex, $connection_type);

    $switch->setVlan(
        $ifIndex,
        $vlan,
        undef,
        $mac
    );
}

And retry.

Regards
Fabrice
(0003603)
caralo   
2014-10-28 10:50   
Good job !!! I retried and it is working now with your patch.

There is a new error but i suppose it is not that important. It is another undefined subroutine &pf::api::violation_view_open_desc

These are the logs:

Oct 28 15:39:39 httpd.webservices(0) INFO: [55:d0:2b:55:e1:84] PID: "carcalo", Status: reg. Returned VLAN: 710 (pf::vlan::fetchVlanForNode)
Oct 28 15:39:40 httpd.webservices(0) INFO: setting VLAN at 10.0.1.67 ifIndex 10009 from 719 to 710 (pf::Switch::setVlan)
Oct 28 15:39:41 httpd.webservices(0) ERROR: Undefined subroutine &pf::api::violation_view_open_desc called at /usr/local/pf/lib/pf/api.pm line 269.
 (pf::WebAPI::JSONRPC::__ANON__)
(0003604)
fdurand   
2014-10-28 10:54   
Ok so try this in the api.pm file:
my @violations = pf::violation::violation_view_open_desc($mac);
 at line 269
(0003605)
caralo   
2014-10-28 11:04   
Excellent!!! No more errors in the logs. You can close the bug.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1840 [PacketFence] web admin minor always 2014-10-28 11:26 2014-11-26 09:17
Reporter: caralo Platform: Linux  
Assigned To: jrouzier OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: resolved Product Version: 4.4.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: +1  
    Target Version:  
fixed in git revision: 4c51dbc36909407dc2d604086ebd9b833f09e857
fixed in mtn revision:
Summary: Error applying role to multiple nodes
Description: when you select multiple nodes and try to apply a role it does not work and you get "Success. Roles applied to 0 nodes"
You can only apply the role if you click the mac address link individually.

These are the logs from httpd.admin.log:

Oct 28 16:24:48 httpd.admin(8148) INFO: Redirecting to admin interface https://localhost:1443/admin [^] (pfappserver::Controller::Root::index)
Oct 28 16:24:48 httpd.admin(8148) ERROR: Argument "\x{37}\x{34}..." isn't numeric in numeric ne (!=) at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Node.pm line 768.
 (pfappserver::__ANON__)
Oct 28 16:24:48 httpd.admin(8148) ERROR: Unable to modify node because specified category doesn't exist (pf::node::node_modify)
Oct 28 16:24:49 httpd.admin(8148) ERROR: Use of uninitialized value $all_or_any in string eq at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm line 73.
 (pfappserver::__ANON__)
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003606)
jmplumley   
2014-10-28 13:18   
Have same issue on version 4.5.0 on CentOS. I don't get all the above errors from log file, just this one "ERROR: Use of uninitialized value $all_or_any in string eq at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm line 73.
 (pfappserver::__ANON__)"
(0003607)
jmplumley   
2014-11-10 14:17   
Just an update. Upgraded my system to 4.5.1 on CentOS but still have same issue with applying roles to multiple nodes.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1838 [PacketFence] configuration minor have not tried 2014-10-25 18:23 2014-10-26 13:10
Reporter: deco Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: new Product Version: 4.4.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: New firefox version blocks PF 4.5 Configurator
Description: NOTE: *Not a bug with PF but how Firefox interacts with the install process*

Just did a fresh install of CentOS 6.5 and did a yum update && yum upgrade. This updated the Firefox Browser to 31.1.0. With this version of Firefox, it would not allow the configurator page to display. After some Googling I found this forum post on Firefox's support page:
https://support.mozilla.org/en-US/questions/1012765 [^]

Going into about:config and doing the following solved this issue:
setting "security.use_mozillapkix_verification" to 'true'

P.S. I couldn't select PF 4.5.0 As a product version in the drop down.

-Deco
Steps To Reproduce: Fresh install of CentOS & update and attempt to install PF.
Additional Information:
System Description
Attached Files:
Notes
(0003600)
erSitzt   
2014-10-26 12:49   
This is a general problem with firefox and self signed certificates.
In FF 33.0 "security.use_mozillapkix_verification" isnt't even available anymore.
(0003601)
deco   
2014-10-26 13:10   
I think the documentation should just put a !Note next to the configurator section that if you see this error to make the change in FF's config to enable seeing the page.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1834 [PacketFence] upgrade minor always 2014-10-23 08:24 2014-10-24 09:27
Reporter: erSitzt Platform: Linux x86_64  
Assigned To: fdurand OS: Ubuntu  
Priority: normal OS Version: 12.04  
Status: resolved Product Version: 4.4.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: packetfence upgrade held back because of missing libdatetime-format-rfc3339-perl
Description: When upgrading from 4.4 to 4.5 via apt packetfence-pfcmd-suid updates but packetfence fails:


buehring@srv-pf2:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  packetfence
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
buehring@srv-pf2:~$ sudo apt-get install packetfence
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 packetfence : Depends: libdatetime-format-rfc3339-perl but it is not installable
E: Unable to correct problems, you have held broken packages.
buehring@srv-pf2:~$ dpkg -l | grep packetfence
ii packetfence 4.4.0 PacketFence network registration / worm mitigation system
ii packetfence-pfcmd-suid 4.5.0 C wrapper that replace perl-suid dependence
buehring@srv-pf2:~$
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003590)
fdurand   
2014-10-23 11:32   
Hi,

i have just updated the repo, are you able to retry ?

Thanks
Fabrice
(0003591)
erSitzt   
2014-10-23 11:58   
Thanks, it's working now !





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1828 [PacketFence] doc minor always 2014-10-07 09:46 2014-10-07 09:54
Reporter: ae3 Platform: All  
Assigned To: francis OS: All  
Priority: normal OS Version: All  
Status: resolved Product Version: 4.2.2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.5.0  
    Target Version:  
fixed in git revision: f25ea483236c8aaac557313a02b842ef892910cf
fixed in mtn revision:
Summary: PF 4.4.0 ZEN manual URL error
Description: On PDF page 10 (paper page 7), the following paragraph contains a URL that needs to be httpS:

Configuring your PacketFence environment
Before booting your VM, make sure the network cable coming from the TRUNK port for the demonstration
PC is correctly plugged in the switch and the PC and that the link is up.
Once powered, open a browser and point it to the configuration URL as stated by the VM login prompt
(ie. http://PF_IP:1443/configurator [^]). The configuration process is a five steps process at the end of which,
the VM will be a persistent working PacketFence environment.
Steps To Reproduce: Open PDF file, scroll down 10 pages. :-)
Additional Information: The product version picklist in this bug reporter ends at 4.2.2.
System Description
Attached Files:
Notes
(0003584)
francis   
2014-10-07 09:54   
Fixed.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1824 [PacketFence] refactoring minor always 2014-09-12 09:12 2014-09-12 09:12
Reporter: juanvalencia Platform: Linux  
Assigned To: OS: CentOS  
Priority: normal OS Version: 6.5  
Status: new Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: VoiP phones don't get complete information when they are autoreg for a different method than dhcp.
Description: When you connect a VoIP phone and this is autoregister for a method like radius attributes, PF doesn't update OS info because when it detects that is a VoIP base on dhcp it is already register and PF rejects to do something. The same thing happens when is an autoregister violation created.
Steps To Reproduce: * Configure a switch to use MAB.
* Connect a Phone capable to send Radius attributes of VoIP.
* The VoIP is immediately autor-egistered because the Radius Attributes.
* The VoIP ask for DHCP, and PF detects that is form the category of VoIP Phones/Adapters.
* PF says the device is already auto-register do nothing.
Additional Information: PF should update the info of the node in every step that obtains info from the device, even if there is no action to do whit it. In this case the portion of the code, I think in pfsetvlan.pm that rejects to auto-register the device should obtain all the info and pushed into the node_info in the DB.
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1655 [PacketFence] inline major always 2013-06-25 11:47 2014-09-11 04:29
Reporter: JasonFell Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Inline Mode not forwarding after registration
Description: After creating a user and using these credential for logging in, no forwarding occurs. The screen states that I should check the network settings and try again. But nothing I do will alow it through except for restarting all the services. After looking into the packetfence logs I have found the following entries.

Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:38:52 redir.cgi(0) INFO: Updating node 00:1c:7e:d6:50:25 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0' (pf::web::web_node_record_user_agent)
Jun 25 09:38:52 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init)
Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 redirected to authentication page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 redirected to authentication page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:06 register.cgi(0) INFO: 192.168.250.100 - 00:1c:7e:d6:50:25 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 25 09:39:06 register.cgi(0) INFO: performing node registration MAC: 00:1c:7e:d6:50:25 pid: guest10 (pf::web::_sanitize_and_register)
Jun 25 09:39:06 register.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (manage_register called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:06 register.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:06 register.cgi(0) INFO: 192.168.250.100 - 00:1c:7e:d6:50:25 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 25 09:39:16 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:16 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:16 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:16 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access).

I have tried this on a number of occasions and get the same issue. I have tried leaving packetfence (for more than an hour, to see if it is an issue with time), I have disconnected the workstation requiring acccess (for more than an hour), and finally I have tried rebooting the workstation (requiring access). None of this gave internet access.
As previously noted the only way access is given is by restarting all the packetfence services.
Steps To Reproduce:
Additional Information: Current setup is as follows;
Inline enforcement
Packetfence
d-link unmanaged 4 port switch
Attached Files: Packetfence Output after secure redirect disable.txt (5,026) 2013-07-03 04:32
https://www.packetfence.org/bugs/file_download.php?file_id=178&type=bug
Packetfence-successful_activation.log (3,401) 2013-07-18 03:49
https://www.packetfence.org/bugs/file_download.php?file_id=180&type=bug
Notes
(0003330)
rivan   
2013-06-26 05:06   
I'm experiencing the same problem.
try to reboot the registered node.
but of course this is not a permanent solution.
(0003331)
JasonFell   
2013-07-02 06:15   
Forgot to add a couple of details:
Centos 6.4 minimal install.
clients tested with the same fault;
Win7
WinXP
Android 4.1.2

can you also let me know when there might be some movement on this issue?
(0003332)
rivan   
2013-07-02 22:28   
(edited on: 2013-07-02 22:29)
did you remove the secure redirect?
(0003333)
JasonFell   
2013-07-03 04:31   
Hi Rivan,
Removed the secure redirect, but still no joy.
Why would this make a difference to the forwarding of packets?
it seems more likely that the method for allowing access through packetfence does not update correctly (if I restart the services I get access)
(0003334)
rivan   
2013-07-04 23:01   
(edited on: 2013-07-04 23:01)
you have to restart the services after you reboot packetfence. It's a bug.
(0003335)
JasonFell   
2013-07-09 05:47   
(edited on: 2013-07-15 07:26)
That seemed like a silly run-a-round.
I have just re-installed pf and found that the secure redirect did not help me at all.
I still cannot get access from a workstation (or any other device) to the internet unless I restart the pf services (after the user has registered)! This is a major stumbling block as this would stop others from using the internet for the 60-120 seconds that the service is unavailable.....for every person who wants to register!!
(0003342)
JasonFell   
2013-07-18 03:48   
After waiting for some help with fixing this bug I can now inform you that I have made some progress, but it seems that the 'inline' functionality does not work the same as 'out-of-band' enforcement.
I made a leap of faith and installed both type of enforcement, even though I did not require both, and then 'created' 2 further (un-required) interfaces within the configurator for the 2 vlans (isolation & registration). I then proceeded to test further and found that all is working as it should be without issue.
I have taken a note of the packetfence.log file and will attached to this bug report.

on a side note I do find it amazing that the product is purported to support 'inline' enforcement (without implementing features that are not required), but it seems from my initial findings that this is not the case, and the support, or even advice, as been almost non-existent.
(0003360)
fdurand   
2013-07-31 20:13   
Hello,
is the captive portal you hit is on a inline interface ?
Can you paste me the result of ipset -L ?

Regards
Fabrice
(0003362)
jvlien   
2013-08-01 03:39   
Dear All,

I experience the same issue.
I have not tested rebooting the server but the client as suggested in the pf message to the client.

The ipsec -L before rebooting the client (IP 192.168.64.92 - MAC: 00:50:56:B5:8B:33):
Name: pfsession_Reg_192.168.64.0
Type: bitmap:ip,mac
Header: range 192.168.64.0-192.168.64.255
Size in memory: 4208
References: 1
Members:
192.168.64.83,54:26:96:A0:B9:F7
192.168.64.89,B8:F6:B1:AC:1B:56

The ipsec -L after rebooting the client (IP 192.168.64.92 - MAC: 00:50:56:B5:8B:33):
Name: pfsession_Reg_192.168.64.0
Type: bitmap:ip,mac
Header: range 192.168.64.0-192.168.64.255
Size in memory: 4208
References: 1
Members:
192.168.64.83,54:26:96:A0:B9:F7
192.168.64.89,B8:F6:B1:AC:1B:56
192.168.64.92,00:50:56:B5:8B:33

Before rebooting the client, packetfence.log shows:
Aug 01 10:25:03 redir.cgi(0) ERROR: Error while setting locale to en_US.utf8. (pf::Portal::Session::_initializeI18n)
Aug 01 10:25:03 redir.cgi(0) INFO: 00:50:56:b5:8b:33 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 01 10:25:03 redir.cgi(0) INFO: Updating node 00:50:56:b5:8b:33 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0' (pf::web::web_node_record_user_agent)
Aug 01 10:25:03 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init)
Aug 01 10:25:03 redir.cgi(0) INFO: MAC 00:50:56:b5:8b:33 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 01 10:25:03 redir.cgi(0) INFO: re-evaluating access for node 00:50:56:b5:8b:33 (redir.cgi called) (pf::enforcement::reevaluate_access)
Aug 01 10:25:03 redir.cgi(0) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique)

After rebooting the client:
ug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPREQUEST from 00:50:56:b5:8b:33 (192.168.64.92) (main::parse_dhcp_request)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: 00:50:56:b5:8b:33 requested an IP. DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp = 2013-08-01 10:28:08,computername = pos03,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPACK from 192.168.64.5 (00:50:56:b5:9b:ba) to host 00:50:56:b5:8b:33 (192.168.64.92) for 86400 seconds (main::parse_dhcp_ack)

Note:
192.168.64.5 is the pf server Inline interface IP.
(0003365)
fdurand   
2013-08-01 08:12   
Ok so ipset is working, is ip_forward enabled ?
Can you paste the iptables -L -n -v and iptables -L -n -v -t nat ?

Fabrice
(0003367)
jvlien   
2013-08-01 08:40   
#iptables -L -n -v
Chain INPUT (policy DROP 8842 packets, 866K bytes)
 pkts bytes target prot opt in out source destination
  587 1313K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
53092 70M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
 1620 79639 input-internal-inline-if all -- eth2 * 0.0.0.0/0 192.168.64.5
  605 175K input-internal-inline-if all -- eth2 * 0.0.0.0/0 255.255.255.255
    0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 192.168.65.211 tcp dpt:443
    9 476 input-management-if all -- eth1 * 0.0.0.0/0 0.0.0.0/0
    5 260 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

Chain FORWARD (policy DROP 1593 packets, 88109 bytes)
 pkts bytes target prot opt in out source destination
 2370 166K forward-internal-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0
  639 317K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 35265 packets, 7414K bytes)
 pkts bytes target prot opt in out source destination

Chain forward-internal-inline-if (1 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x3 match-set pfsession_passthrough dst,dst
  777 77790 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1

Chain forward-internal-vlan-if (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough dst,dst
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough src,src

Chain input-highavailability-if (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5405
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5407
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7788

Chain input-internal-inline-if (2 references)
 pkts bytes target prot opt in out source destination
    5 1717 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x3
  146 8491 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x3
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x2
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x2
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x1
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x1
    3 144 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x1
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x1
   19 912 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
   19 896 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

Chain input-internal-vlan-if (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

Chain input-management-if (1 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    8 420 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1443
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1812
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1813
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1813
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:162
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9392
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8834
    
# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 11776 packets, 1115K bytes)
 pkts bytes target prot opt in out source destination
 4767 457K prerouting-int-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 196 packets, 12121 bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 90 packets, 5600 bytes)
 pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 113 packets, 8001 bytes)
 pkts bytes target prot opt in out source destination
  142 9836 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
    0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x3
    0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x1
    0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x2

Chain postrouting-inline-routed (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain postrouting-int-inline-if (3 references)
 pkts bytes target prot opt in out source destination
    0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0

Chain prerouting-int-inline-if (1 references)
 pkts bytes target prot opt in out source destination
  146 8479 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x3
    0 0 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x2
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough dst,dst mark match 0x3
   19 912 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x3
    0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x2
   17 816 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x3
    0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x2

#ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:b5:b6:e0
          inet addr:192.168.60.13 Bcast:192.168.60.255 Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb5:b6e0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:63498 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3566 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4206524 (4.0 MiB) TX bytes:4622467 (4.4 MiB)

eth1 Link encap:Ethernet HWaddr 00:50:56:b5:3a:4c <--
          inet addr:192.168.65.211 Bcast:192.168.65.255 Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb5:3a4c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:49955 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34783 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:70775434 (67.4 MiB) TX bytes:3166477 (3.0 MiB)

eth2 Link encap:Ethernet HWaddr 00:50:56:b5:9b:ba
          inet addr:192.168.64.5 Bcast:192.168.64.255 Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb5:9bba/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:6999 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2347 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:756693 (738.9 KiB) TX bytes:749056 (731.5 KiB)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:871 errors:0 dropped:0 overruns:0 frame:0
          TX packets:871 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2183212 (2.0 MiB) TX bytes:2183212 (2.0 MiB)

Interfaces:
 * eth0 - Type: (None) - Comment: Interface on other LAN to allow remote access for management (I have added -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT in iptables.conf for this one)
 * eth1 - Type: Management
 - eth2 - Type: Inline
(0003368)
jvlien   
2013-08-01 08:41   
(edited on: 2013-08-01 10:04)
Note: no need to reboot the client computer after all. On Windows an "ipconfig /renew" does the trick. For Wifi a disconnect then reconnect from the Wi-Fi network also works (Access Point directly connected to Inline net)
(0003369)
fdurand   
2013-08-01 09:14   
And the iptables -L -n -v -t mangle too.
(0003370)
jvlien   
2013-08-01 10:03   
# iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 18149 packets, 4722K bytes)
 pkts bytes target prot opt in out source destination
 9936 993K prerouting-int-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 9734 packets, 2183K bytes)
 pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 7840 packets, 2440K bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 3694 packets, 3250K bytes)
 pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 10479 packets, 5632K bytes)
 pkts bytes target prot opt in out source destination

Chain prerouting-int-inline-if (1 references)
 pkts bytes target prot opt in out source destination
 9936 993K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x3
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Unreg_192.168.64.0 src,src MARK set 0x3
 3959 415K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Reg_192.168.64.0 src,src MARK set 0x1
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Isol_192.168.64.0 src,src MARK set 0x2
(0003371)
fdurand   
2013-08-01 15:40   
Hum it look good because : 3959 415K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Reg_192.168.64.0 src,src MARK set 0x1

have you checked /proc/sys/net/ipv4/ip_forward is equal to 1 ?

Fabrice
(0003374)
jvlien   
2013-08-02 02:57   
Yes, and once ipset -L shows the MAC/IP in the list the computer has access so it can't be this:
# cat /proc/sys/net/ipv4/ip_forward
1

It looks like something is not set when the client is logged in (auth is done via AD) and this same something is then triggered with the DHCP refresh:
Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement)

Would there be a way to trigger this event on the pf server to test if this is what is missing after login in but defore dhcp refresh?
(0003377)
fdurand   
2013-08-02 09:31   
Your setup look good, can you paste the routing table ?

Fabrice
(0003378)
jvlien   
2013-08-02 09:41   
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.65.210 0.0.0.0 UG 0 0 0 eth1
192.168.60.0 * 255.255.255.0 U 0 0 0 eth0
192.168.64.0 * 255.255.255.0 U 0 0 0 eth2
192.168.65.0 * 255.255.255.0 U 0 0 0 eth1
(0003384)
fdurand   
2013-08-05 11:16   
Your configuration looks correct, are you able to ping 192.168.65.210 from your device when your device is reg ?
(0003385)
jvlien   
2013-08-05 13:05   
When the computer is in the pfsession_Reg_192.168.64.0, yes I can ping 192.168.65.210.

As I said when I reboot/renew DHCPlease/disconnect & reconnect to Wireless network it shows this in the log:
Aug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPREQUEST from 00:50:56:b5:8b:33 (192.168.64.92) (main::parse_dhcp_request)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement)

And this seems to trigger the event that makes the computer to go from the pfsession_UnReg_192.168.64.0 to the pfsession_Reg_192.168.64.0 list but until this DHCPREQUEST the client stays in the Unreg list.
(0003386)
fdurand   
2013-08-05 13:56   
Ok so try this:
su - pf
and launch sudo ipset -L
If it doesn´t work it mean that there is a problem with sudoers file.
(0003387)
jvlien   
2013-08-06 03:11   
It looks like you're right!

# su - pf
$ /usr/sbin/ipset -L
ipset v6.12.1: Kernel error received: Operation not permitted

I have looked at the doc and unless I am mistaken I have not seen how to setup sudo (it is taken care of by the installation script?).
(0003434)
dranix   
2013-09-03 05:20   
I am having the same issue highlighted by JasonFell.
So after reading this bug, i realize that the issue revolves around ipset.

My setup is as follows:
-CentOS 6.4
-PacketFence 4.0.5-2

A "discovery" of the bug:
Scenario when new user authenticates:
1. When a new user successfully authenticates and registers, the wireless device would be stuck at the webpage that states, "Your network should be enabled within a minute or two. If it is not reboot your computer.".
2. The wireless client will never be able to access the Internet even though in the PacketFence portal, the device is registered correctly.
3. Upon checking the ipset, this device is not reflected in the pfsession_Reg_x.x.x.x ipset.
4. After performing "service packetfence restart", then only will the client be able to access the Internet.
5. Upon checking the ipset now, the device's IP and MAC is present in the pfsession_Reg_x.x.x.x ipset.

Scenario when a node is deregistered and deleted.
1. When a node is successfully registered it is able to access the Internet.
2. In the PacketFence portal, when the node is deregistered and removed, the node is still present in the pfsession_Reg_x.x.x.x ipset.
3. This means that a "non-registered" device would still be able to access the Internet.
4. After performing "service packetfence restart", then only will the client not be able to access the Internet.
5. Upon checking the ipset now, the device's IP and MAC is not in the pfsession_Reg_x.x.x.x ipset.

To add on the jvlien observation.
Executing "ipset -L" from user pf would give the Kernel error.
But executing the command "sudo ipset -L" works fine.

So it has something to do with ipset not being executed by the pf user when wireless clients are added or removed.

Hope this information helps.
Thanks.
(0003442)
dranix   
2013-09-11 23:14   
Updates to this bug.
Have tested with PacketFence 4.0.6.
Same problem still exists.
Newly registered wireless clients would not be able to access the Internet until PacketFence is restarted which "renews" the ipset list.
Thanks.
(0003451)
dranix   
2013-09-17 02:57   
Updates to this bug
Have updated to PacketFence 4.0.6-2.
Same problem still exists.

Have included the logs from packetfence.log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

##New Registration with bad password
Sep 17 14:33:46 register.cgi(0) INFO: 172.31.200.10 - aa:bb:cc:dd:ee:ff on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Sep 17 14:33:51 register.cgi(0) WARN: User cannot cn=test-staff,ou=people,dc=company,dc=com cannot bind from dc=company,dc=com on ldap-master.company.com:389 for source Staff (pf::Authentication::Source::LDAPSource::authenticate)
Sep 17 14:33:56 register.cgi(0) WARN: No entries found (0) with filter (cn=test-staff) from dc=intern,dc=company,dc=com on intern.company.com:389 for source Intern (pf::Authentication::Source::LDAPSource::authenticate)
##New Registration with good password
Sep 17 14:34:25 register.cgi(0) INFO: 172.31.200.10 - aa:bb:cc:dd:ee:ff on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Sep 17 14:34:30 register.cgi(0) INFO: Authentication successful for test-staff in source Staff (LDAP) (pf::authentication::authenticate)
Sep 17 14:34:35 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 17 14:34:35 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match)
Sep 17 14:34:41 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 17 14:34:41 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match)
Sep 17 14:34:46 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 17 14:34:46 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match)
Sep 17 14:34:46 register.cgi(0) INFO: performing node registration MAC: aa:bb:cc:dd:ee:ff pid: test-staff (pf::web::_sanitize_and_register)
Sep 17 14:34:46 register.cgi(0) INFO: creating person test-staff because it doesn't exist (pf::node::node_register)
Sep 17 14:34:46 register.cgi(0) INFO: person test-staff added (pf::person::person_add)
Sep 17 14:34:46 register.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (manage_register called) (pf::enforcement::reevaluate_access)
Sep 17 14:34:46 register.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Sep 17 14:34:55 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:34:55 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:34:55 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access)
Sep 17 14:34:55 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)
##Unable to access after rebooting wireless client
Sep 17 14:35:44 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:44 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:44 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access)
Sep 17 14:35:44 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Sep 17 14:35:51 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:51 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:51 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access)
Sep 17 14:35:51 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)

##check ipset before restarting packetfence
[root@packetfence logs]# ipset -L
Name: pfsession_Unreg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

Name: pfsession_Reg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

Name: pfsession_Isol_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

##Executed packetfence restart
service packetfence restart

##check ipset after restarting packetfence
[root@packetfence logs]# ipset -L
Name: pfsession_Unreg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

Name: pfsession_Reg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:
172.31.200.10,aa:bb:cc:dd:ee:ff

Name: pfsession_Isol_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:


##wireless client can surf the Internet without any issues


Hope the added information helps in the bug resolution.
Thanks.
(0003479)
showy   
2013-12-08 03:30   
Hi,
I'm new to packetfence and I've just ran into this problem with a minimal installation of debian wheezy. Have installed packetfence 4.0.6-2 via aptitude and configured for inline mode.

A quick fix of the problem is to replace in the reevaluate_access function of the enforcement.pm file the block after the call to isInlineEnforcementRequired:

if ($inline->isInlineEnforcementRequired($mac)) {

                # TODO avoidable load?
                my $trapSender = pf::SwitchFactory->getInstance()->instantiate('127.0.0.1');
                if ($trapSender) {
                    $logger->debug("sending a local firewallRequest trap to force firewall change");
                    $trapSender->sendLocalFirewallRequestTrap('127.0.0.1', $mac);
                } else {
                    

TO:

if ($inline->isInlineEnforcementRequired($mac)) {

$inline->performInlineEnforcement($mac);

} else {



PATCH <<

diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
index ebd975f..4cb863c 100644
--- a/lib/pf/enforcement.pm
+++ b/lib/pf/enforcement.pm
@@ -82,14 +82,7 @@ sub reevaluate_access {
             my $inline = new pf::inline::custom();
             if ($inline->isInlineEnforcementRequired($mac)) {
 
- # TODO avoidable load?
- my $trapSender = pf::SwitchFactory->getInstance()->instantiate('127.0.0.1');
- if ($trapSender) {
- $logger->debug("sending a local firewallRequest trap to force firewall change");
- $trapSender->sendLocalFirewallRequestTrap('127.0.0.1', $mac);
- } else {
- $logger->error("Can't instantiate switch 127.0.0.1! It's critical for internal messages!");
- }
+ $inline->performInlineEnforcement($mac);
 
             } else {
                 $logger->debug("MAC: $mac is already properly enforced in firewall, no change required");
(0003580)
jvlien   
2014-09-11 04:29   
Dear All,

It's been a while but I had the same issue again recently and finally found out that the issue was due to lack of RAM. The pfsetvlan service took all the available RAM leaving no free memory for all the other services. pfdhcplistener would not start and ipset would throw a Out of memory error. With 4GB of RAM for the pf machine I don't run into this issue any more (pfsetvlan takes 1GB alone).
This was not an easy find, despite the obvious errors at some point, as runing ipset as pf user lead to an other error (Kernel: operation not permitted) making me think of an sudoers/access right issue and also with a DHCP renew/reboot of the client it would trigger something that would make pf to work and give access at the end (which was a workaround used since then).
I did not came across such memory issue with "modern" OS since a while and that's also probably why I did not think of it at first.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1823 [PacketFence] web admin minor always 2014-09-05 10:22 2014-09-05 10:22
Reporter: jsemaan.inverse Platform: All  
Assigned To: OS: All  
Priority: normal OS Version: All  
Status: new Product Version: devel  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: The external script trigger for violations is broken in the admin ui
Description: The creation of external script triggers in the admin ui creates invalid configuration.

It adds the trigger 'external' when the configuration expects
'external<some user defined id>'

Then the path to the script must be configured in pf.conf in
[paths.external<the decided id>]

It must also be added to documentation.conf or pf won't checkup.

We need to review the way we create these triggers or adapt the admin interface to the current way of doing it.

The feature still works when creating the configuration manually
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1819 [PacketFence] radius minor always 2014-08-19 17:43 2014-08-19 18:50
Reporter: cpross90 Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: new Product Version: 4.2.2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Cisco Aironet 1042N periods in MAC
Description: When accounting data is sent to the pf server there are periods in the MAC.

Packetfence does not parse them properly causing bandwidth monitoring to not work correctly.
Steps To Reproduce: Use pf with Aironet 1042N.
Additional Information:
System Description
Attached Files:
Notes
(0003572)
fdurand   
2014-08-19 18:31   
Hi,

what do you mean by periods in the MAC ?

Fabrice
(0003573)
cpross90   
2014-08-19 18:47   
Aug 19 17:39:13 httpd.webservices(1699) INFO: [172.16.0.23] Returning ACCEPT with VLAN 2 and role (pf::Switch::returnRadiusAccessAccept)
Aug 19 17:41:14 httpd.webservices(1699) INFO: Unable to extract MAC from Called-Station-Id: 8875.56da.bf20 (pf::radius::extractApMacFromRadiusRequest)
Aug 19 17:41:14 httpd.webservices(1699) INFO: handling radius autz request: from switch_ip => 172.16.0.22, connection_type => Wireless-802.11-NoEAP,switch_mac => , mac => 38:aa:3c:22:ae:cf, port => 1496, username => 38aa3c22aecf (pf::radius::authorize)
Aug 19 17:41:14 httpd.webservices(1699) INFO: MAC: 38:aa:3c:22:ae:cf is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
(0003574)
cpross90   
2014-08-19 18:50   
It looks like the from /lib/pf/radius.pm sub extractApMacFromRadiusRequest only strips :'s or -'s.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1766 [PacketFence] hardware modules minor always 2014-02-05 20:25 2014-07-25 10:53
Reporter: aj14 Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: normal OS Version: 5  
Status: resolved Product Version: 4.0.3  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: PacketFence cannot receive SNMP traps from D-link DES3526 Switch
Description: Before deploying PF to our network, we are testing its functionality with the switches that we have.

So far so good, but when it comes to the D-Link DES3526, we have had no luck. When I look into the module itself, it is basically a container for the main Dlink.pm.

Basically, nothing happens on the switch when we connect a host authorized or unauthorized to it. When looking at the packetfence log, it seems as if PF is not understanding the trap coming from the switch ("trap currently not hadled").

I have attached an excerpt of packetfence.log. You can see that the trap contains the MAC address of the machine that is being connected to the switch. I have also attached the switch configuration. Firmware is 5.00-B27.
Steps To Reproduce: Connect a machine to a port in the switch configured to send traps.
Additional Information: packetfence.log entries:

Feb 04 16:56:08 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-04|00:56:06|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1248956) 3:28:09.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:08 pfmon(1) INFO: running expire check (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking violations for expiration (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking accounting data for potential bandwidth abuse (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: getting violations triggers for accounting cleanup (pf::accounting::acct_maintenance)
Feb 04 16:56:08 pfmon(1) INFO: Calling node acct maintenance total with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
Feb 04 16:56:08 pfsetvlan(23) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-04|00:56:07|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249056) 3:28:10.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:08 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-04|00:56:08|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249157) 3:28:11.57|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:11 pfsetvlan(22) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:11 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-04|00:56:09|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249256) 3:28:12.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:11 pfsetvlan(21) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)



Switch entry in switches.conf:
[10.100.6.32]
mode=production
SNMPCommunityRead=frydmwrt
SNMPCommunityWrite=frydmwrt
SNMPVersionTrap=2c
type=Dlink::DES_3526
VoIPEnabled=N
SNMPVersion=2c
uplink=26
SNMPCommunityTrap=frydmwrt
SNMPEngineID=800000ab03001cf09d649a
System Description
Attached Files: des-3526-config (8,410) 2014-02-05 20:25
https://www.packetfence.org/bugs/file_download.php?file_id=198&type=bug
Dlink-aj14.pm (7,895) 2014-02-28 11:13
https://www.packetfence.org/bugs/file_download.php?file_id=201&type=bug
Dlink.pm (7,879) 2014-04-23 14:34
https://www.packetfence.org/bugs/file_download.php?file_id=206&type=bug
Notes
(0003500)
fdurand   
2014-02-06 09:49   
Hello,
let check in the Dlink.pm module, it look like the format of the trap has changed.

Change that to match your trap:
/BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.0\.3\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/

Fabrice
(0003501)
aj14   
2014-02-06 15:56   
Fabrice,

I am not sure what is that I need to change. Is it Dlink.pm or something in the switch?

That statement that you wrote in your comment is already on Dlink.pm, line 57

Can you please clarify?

Thanks
Adrian
(0003502)
fdurand   
2014-02-06 16:10   
Adrian,

what i have posted is a regexp that parse the trap your switch send.

So your trap look like:
.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45
So you have to rewrite the regexp in packetfence to match your trap and get the ifindex of the port and the mac address.

Regards
Fabrice
(0003508)
aj14   
2014-02-19 23:13   
Fabrice,

I am not an expert in RegExp. Please verify that the change is correct.

 =~ /BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.2\.0\.2\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.14\.1\.1\.1\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/

Why do I have to do this in the first place? Is there a specific firmware supported for the DES-3526? There is not mention of it in the documentation.

Regards
Adrian
(0003509)
aj14   
2014-02-20 21:03   
After making that change and restarting the packetfence service (do I need to do that when I change a module?), it still does not work. I get pretty much the same results:

---
Feb 20 17:56:55 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852616) 16 days, 4:28:46.16|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 20 17:56:56 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852659) 16 days, 4:28:46.59|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(21) WARN: We have received a trap from switch 10.128.240.44. This switch is UNREGISTERED. Flush the trap (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(22) WARN: We have received a trap from switch 10.128.208.38. This switch is UNREGISTERED. Flush the trap (main::parseTrap)
Feb 20 17:56:57 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 20 17:56:57 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-20|01:56:56|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852763) 16 days, 4:28:47.63|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:59 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: opening SNMP v2c read connection to 10.100.6.32 (pf::SNMP::connectRead)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0 (pf::SNMP::connectRead)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for ifType: 1.3.6.1.2.1.2.2.1.3.1 (pf::SNMP::getIfType)
Feb 20 17:56:59 pfsetvlan(3) INFO: down trap received on 10.100.6.32 ifIndex 1 (main::handleTrap)
Feb 20 17:56:59 pfsetvlan(3) INFO: setting 10.100.6.32 port 1 to MAC detection VLAN (main::handleTrap)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2 (pf::SNMP::getDot1dBasePortForThisIfIndex)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: dot1dBasePort corresponding to ifIndex 1 is 1 (pf::SNMP::getDot1dBasePortForThisIfIndex)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qPvid: 1.3.6.1.2.1.17.7.1.4.5.1.1.1 (pf::SNMP::getVlan)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qVlanStaticName: 1.3.6.1.2.1.17.7.1.4.3.1.1.4 (pf::SNMP::isDefinedVlan)
Feb 20 17:56:59 pfsetvlan(3) WARN: MAC detection VLAN 4 is not defined on switch 10.100.6.32 -> Do nothing (pf::SNMP::setVlan)
Feb 20 17:56:59 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: closing SNMP v2c read connection to 10.100.6.32 (pf::SNMP::disconnectRead)
---

The last entries seem to indicate that some traps do work, but not the one for the MAC address violation.

Regards
Adrian
(0003510)
aj14   
2014-02-28 10:33   
No word on this?

After analyzing the trap closely, this is what is missing from it:

= INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1

Will re-write the regexp accordingly, but the question remains the same, why is it that I need to (so drastically) modify the module.

Regards
Adrian
(0003511)
aj14   
2014-02-28 11:11   
This also was preventing a match:

([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})

I changed it to this:

([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})

Now the trap is a match, but I get the following error:

Feb 28 07:55:48 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-28|15:55:44|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (205364994) 23 days, 18:27:29.94|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62.
Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64.
Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73.
Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74.

I will upload the current Dlink.pm that I have.

I now need help from you guys.
(0003530)
ah27   
2014-04-23 14:34   
I have reapplied the changes that you originally told Adrian to apply after upgrading our server to 4.1.0

With your version of the fix I get:

Apr 23 11:20:41 pfsetvlan(24) INFO: ignoring unknown trap: 2014-04-23|18:20:38|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6144888) 17:04:08.88|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap)

With Adrian's I get:

Apr 23 11:27:43 pfsetvlan(21) INFO: ignoring unknown trap: 2014-04-23|18:27:41|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6187149) 17:11:11.49|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap)
Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62.
Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64.
Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73.
Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74

I will also attach the version of the Dlink.pm we now have.
(0003531)
lmunro   
2014-04-25 13:53   
It looks like the format for the dlink traps has changed significantly.
You are probably running a newer version of the firmware than what we tested with.

I can't really fix this without knowing more. It will take a rewrite of the parseTrap function to support the new trap format.
I will need to know what type of traps we are receiving and run a few live tests with someone on your end.
(0003571)
lmunro   
2014-07-25 10:52   
Fixed by new DES_3526 module.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1814 [PacketFence] web admin minor always 2014-07-14 19:36 2014-07-15 12:58
Reporter: hagenbucher Platform: i686  
Assigned To: OS: Ubuntu Server  
Priority: normal OS Version: 12.04.4 LTS  
Status: new Product Version: devel  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Uplinks only allowed to be numeric
Description: You untick the usage of dynamic uplinks (how does it work?)

The field "Uplink" is editable now but does not allow ports like: A1, A2, A3 or Trk1, Trk2

issue 1 a) Trk1, Trk2 ... are trunks (static) or link aggretaions (lacp) created manually on the switch CLI (do not confuse cisco usage of the word trunk) for 5400zl and 2910al series.

issue 1 b) A1 is the first port on modul A on HP ProCurve 5400zl series.

issue 2) If there is only one uplink port - which is perfectly fine with an lacp created link connected to a distributed trunk/multi chassis lag or if you don't care about redundancy - there should be the possibility of configuring one port only as uplink.
Steps To Reproduce: Menu Configuration - Switches:
- Click 'Add Switch'
- Fill any non-numerical value to the file "Uplink"
- The field and caption gets framed/written in red and you cannot save your edit.
Additional Information: Tested with 4.3.0-201407140016 and 4.3.0

You can workaround issue number two by filling in "1, 1" if your only uplink port is port number 1.
System Description Running in VirtualBOX
Attached Files:
Notes
(0003564)
fdurand   
2014-07-15 07:18   
Hello,

when you define an uplink port it mean that it´s the ifIndex which is an integer.

Regards
Fabrice
(0003565)
hagenbucher   
2014-07-15 12:58   
Hello Fabrice,

thank you very much for clarifying this issue. It did help me a lot.

for future reference:

ifIndices for HP5400zl (max. of 288 ports as 5412zl)

Trk1 is ifIndex 290
Trk2 is ifIndex 291
Trk3 is IfIndex 292

ifIndices for HP2910al (fixed port switch with 44 1000baseTX and 4 fiber ports)

Trk1 is ifIndex 54
Trk2 is ifIndex 55


Kind regards,
David





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1806 [PacketFence] captive portal block always 2014-06-05 09:21 2014-07-09 01:03
Reporter: hudsonfas Platform: Linux  
Assigned To: OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: new Product Version: 4.2.2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Your network should be enabled within a minute or two
Description: In captive portal, after I put USERNAME and PASSWORD, and received the message:

"Your network should be enabled within a minute or two. If it is not reboot your computer"

... and nothing happens ....

In /usr/local/pf/logs/portal_error:

[Thu Jun 5 08:33:34 2014] -e: Use of uninitialized value $2 in uc at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm line 186
Steps To Reproduce:
Additional Information: Debian GNU/Linux 7 (wheezy)
packetfence:
  Installed: 4.2.2
  Candidate: 4.2.2
  Version table:
 *** 4.2.2 0
        500 http://inverse.ca/downloads/PacketFence/debian/ [^] wheezy/wheezy amd64 Packages
System Description
Attached Files:
Notes
(0003553)
fdurand   
2014-06-05 09:23   
What we need also is the packetfence.log when you reg your device.
(0003562)
rivanstudents   
2014-07-06 03:27   
it is actually happening if you use inline mode. I also have this kind of problem in the past. I forgot how to fix it.
(0003563)
rivanstudents   
2014-07-09 01:03   
(edited on: 2014-07-09 01:04)
I remember make sure that ip forward is enabled
vi /etc/sysctl.conf
look for net.ipv4.ip_forward = 0

make sure you make it 1
net.ipv4.ip_forward = 1

then exit

sysctl -p /etc/sysctl.conf

this is for Rhel/Centos
I don't know where is sysctl.conf in debian





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1813 [PacketFence] captive portal minor have not tried 2014-06-25 05:14 2014-07-07 12:36
Reporter: sisu Platform: Linux  
Assigned To: OS: Ubuntu  
Priority: normal OS Version: 12.04  
Status: new Product Version: 4.2.2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Phone number check with regex
Description: On Packetfence 4.1

In the File /pf/lib/pf/web/util.pm i changee the text form :


sub validate_phone_number {
    my ($phone_number) = @_;

    # north american regular expression
    if ($phone_number =~ /
        ^(?:\+?(1)[-.\s]?)? # optional 1 in front with -, ., space or nothing seperator
        \(?([2-9]\d{2})\)? # captures first 3 digits allows optional parenthesis
        [-.\s]? # separator -, ., space or nothing
        (\d{3}) # captures 3 digits
        [-.\s]? # separator -, ., space or nothing
        (\d{4})$ # captures last 4 digits
        /x) {
        return "$1$2$3$4" if defined($1);
        return "$2$3$4";
    }
    # rest of world regular expression
    if ($phone_number =~ /
        ^\+?\s? # optional + on front with optional space
        ((?:[0-9]\s?){6,14} # between 6 and 14 groups of digits seperated by spaces or not
        [0-9])$ # end with a digit
        /x) {
        # trim spaces
        my $return = $1;
        $return =~ s/\s+//g;
        return $return;
    }
    return;
}


to


sub validate_phone_number {
    my ($phone_number) = @_;

    $phone_number =~ s/\s+//g; # Leerzeichen rausnehmen
    $phone_number =~ s/\s-//g; # Minuszeichen rausnehmen
    $phone_number =~ s/^\+/00/; # + mit 00 ersetzen
    $phone_number =~ s/^0041/0/; # 0041 mit 0 ersetzen


    # Schweiz: ^07[5-9]\d{7}$

    #Frankreich ^00336(0(7|8)|3[0-2]|54|[6-8]\d{1})\d{6}$

    #Oesterreich ^00436(50|6(0|3|4)|7(6|8)|8(0|1|8)|99)\d{7}$

    #Deutschland ^00491(5(1|2|5|7|9)|6(0|2|3)|7)\d{8,9}$

    #Italien ^00393([2-4]\d{1}|6[0-8]|8\d{1}|9[0-3])\d{7}$

    #England ^00447(4|5|[7-9]|7624)\d{6,8}$


    if ($phone_number =~ /^07[5-9]\d{7}$|^00336(0(7|8)|3[0-2]|54|[6-8]\d{1})\d{6}$|^00491(5(1|2|5|7|9)|6(0|2|3)|7)\d{8,9}$|^00393([2-4]\d{1}|6[0-8]|8\d{1}|9[0-3])\d{7}$|^00447(4|5|[7-9]|7624)\d{6,8}$/) {
        return $phone_number;
    }
    return;
}


if I sign up with the number +49... the system sending sms to 0049....

On Packetfence 4.2 who i do the same if not send to 0049.... it sends to 49...


Thanks for help

Best Regards

Sisu
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1811 [PacketFence] configuration major always 2014-06-13 15:14 2014-06-13 15:14
Reporter: lmunro Platform: All  
Assigned To: OS: All  
Priority: normal OS Version: All  
Status: new Product Version: 4.2.2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: fake_mac_enabled by default
Description: The configurator always set fake_mac_enabled=enabled when doing VLAN enforcement.

This setting should only apply to inline enforcement.
Steps To Reproduce: Install PF, run the configurator and select VLAN enforcement.
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1810 [PacketFence] web admin major always 2014-06-11 10:37 2014-06-11 15:14
Reporter: pfbug Platform: Linux  
Assigned To: OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: ec3d6588084a5be371120aac4da9f4054357bf7e
fixed in mtn revision:
Summary: IP Address saved as MAC Address in Switch configuration
Description: When entering an IP address for a switch, e.g. 192.168.201.101 it is saved as MAC address 19:21:68:20:11:01 which renders the configuration unusable (the switch is not accessed from packetfence).

The bug was reproducible with Packetfence 4.2.2 and 4.3.0 (10062014). The same configuration was successful with Packetfence 4.2.0.
Steps To Reproduce: Add a switch via web interface, enter IP of the switch.
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1809 [PacketFence] core minor always 2014-06-10 16:02 2014-06-10 16:03
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.2.2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.3.0  
    Target Version: 4.2.3  
fixed in git revision: b43eb94de55b0e452d8fadb8c233eb1cd3d2ab9d
fixed in mtn revision:
Summary: allowed_device_types.txt file is not population the dropdown
Description: On the device registration page, even if we have stuff in the allowed_device_types.txt file, there is no dropdown to select the type of the device.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003557)
dwuelfrath   
2014-06-10 16:03   
Fixed in devel (Will be available in next release)
Also available in 4.2 maintenance branch





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1805 [PacketFence] captive portal minor have not tried 2014-06-04 11:38 2014-06-10 15:49
Reporter: francis Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.2.2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.3.0  
    Target Version: 4.2.3  
fixed in git revision: d1794798429942203277dd6ba41fbecf6adcc807
fixed in mtn revision:
Summary: Device Registration: unreg date/access duration not used
Description: When registering a device (aka gaming registration), neither the unreg date nor the access duration of the user is used.
Steps To Reproduce:
Additional Information: https://github.com/inverse-inc/packetfence/blob/stable/html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm#L128 [^]
Attached Files:
Notes
(0003556)
dwuelfrath   
2014-06-10 15:46   
Fixed in devel as of now
Available in 4.2 maintenance branch too.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1807 [PacketFence] captive portal minor sometimes 2014-06-05 15:35 2014-06-05 15:35
Reporter: jwesleyb Platform: LINUX  
Assigned To: OS: CENT OS  
Priority: normal OS Version: 6.3  
Status: new Product Version: 4.2.2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: error registering device
Description: Hi, i'm with the following problem. When I log on the network, packetfence registers the wrong mac address. Example: 00:00: BC: 62:00:0 A
With the correct MAC address: BF: F8: 48:0 D: 45: FA

How do I fix this error?

Thank you!
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1804 [PacketFence] web admin feature have not tried 2014-06-03 09:51 2014-06-03 09:51
Reporter: francis Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.2.2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Allow to reorder SMS carriers
Description: When defining a SMS authentication source, it would useful to easily reorder the list of carriers.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1603 [PacketFence] configuration tweak always 2012-11-13 09:37 2014-06-03 03:17
Reporter: maikel Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 3.6.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Bandwith violations edit doesnt reload pfmon
Description: When altering violations, in special as tested the bandwidth violations. These violations will not reload pfmon. Pfmon still listens to the old violations.conf. After restart of packetfence, the new violation rules are loaded and it works perfect. This minor tweak would be nice
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1267 [PacketFence] captive portal trivial random 2011-09-14 16:31 2014-06-02 08:15
Reporter: obilodeau Platform:  
Assigned To: fdurand OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: add template toolkit error reporting on all ->process calls
Description: Just like I did here at revno: 49438888fdbade2110cb70324e34381245c1bf25

--- pf/lib/pf/web/guest.pm      0a9d7807c131a50376d474012b92a1a629d5e85c
+++ pf/lib/pf/web/guest.pm      44fa683d2c052e22eac0e0f12b25250469c5a1e3
@@ -228,7 +228,7 @@ sub generate_registration_page {
     #}

     my $template = Template->new({ INCLUDE_PATH => [$CAPTIVE_PORTAL{'TEMPLATE_DIR'}], });
-    $template->process($pf::web::guest::REGISTRATION_TEMPLATE, $vars);
+    $template->process($pf::web::guest::REGISTRATION_TEMPLATE, $vars) || $logger->error($template->error());
     
exit;
 }


It helped out identify a nasty bug. It should be done by default on all the $template->process() calls.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002696)
obilodeau   
2012-05-03 13:45   
Something good to learn for you fdurand.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1786 [PacketFence] upgrade minor always 2014-04-05 11:52 2014-06-02 08:15
Reporter: huxiufei Platform: VMware  
Assigned To: fdurand OS: RHEL i386  
Priority: normal OS Version: 6.4  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: software installation error
Description: i followed "PacketFence_Administration_Guide-4.1.0" guild to install the packetfence. At the last step, when i execute the command "yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete"
there are some errors occur:
--> Finished Dependency Resolution
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: dhcp
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: ipset
Error: Package: perl-HTML-Tidy-1.08-5.el6.i686 (epel)
           Requires: libtidy-0.99.so.0
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: rrdtool
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: memcached
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl-rrdtool
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
Error: Package: perl-Email-Valid-0.184-1.of.el6.noarch (of)
           Requires: perl(Net::DNS)
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(GD)
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl(Net::DNS) = 0.65-4
 You could try using --skip-broken to work around the problem

 You could try running: rpm -Va --nofiles --nodigest

Could you tell me how to deal with this?
Thanks!
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003525)
huxiufei   
2014-04-06 05:21   
i have found there are 23 steps to install the PL on RHEL 6.4,
but when i come to step 2,
 'yum install perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite'
it shows: no packet aviliable:
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
No package perl-Net-Telnet available.
No package perl-XML-Simple available.
No package perl-SOAP-Lite available.
Error: Nothing to do
what's wrong with this?
(0003526)
huxiufei   
2014-04-06 15:52   
i have loaded the rpm packet manaully, and almost of the errors are solved.
but there is still an error i can solve, can anybody help me?
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
(0003527)
huxiufei   
2014-04-07 04:52   
i have loaded the rpm packet manaully, and almost of the errors are solved.
but there is still an error i can't solve, can anybody help me?
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
(0003528)
huxiufei   
2014-04-08 05:28   
Anyone can help me?
(0003550)
fdurand   
2014-06-02 08:15   
It has been written in the doc:
https://github.com/inverse-inc/packetfence/blob/stable/docs/PacketFence_Administration_Guide.asciidoc#rhel-6x [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1798 [PacketFence] captive portal minor have not tried 2014-05-25 08:07 2014-06-02 08:10
Reporter: hbongers Platform: Linux  
Assigned To: fdurand OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: resolved Product Version: 4.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Captive Portal Exception in version 4.2.1
Description: The Captive Portal Exception as reported in issue 0001794 still exists in 4.2.1 after upgrading from 4.1 in an inline setup
Steps To Reproduce: Upgrade from 4.1 to 4.2.1 in an inline setup.
Open captive portal
Additional Information:
System Description
Attached Files: captiveportal on Catalyst 5_90011.htm (16,922) 2014-05-27 06:01
https://www.packetfence.org/bugs/file_download.php?file_id=209&type=bug
Notes
(0003543)
hbongers   
2014-05-27 06:03   
The error in 0001794 is not completely the same.

The error I'm getting is:
Caught exception in captiveportal::View::HTML->process "Can't use string ("0") as a HASH ref while "strict refs" in use at /usr/local/pf/lib/pf/Portal/ProfileFactory.pm line 52."

I've attached the complete html error page.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1802 [PacketFence] hardware modules feature have not tried 2014-05-31 20:38 2014-06-02 08:08
Reporter: jsuddarth Platform: TPLink  
Assigned To: OS: OpenWRT firmware  
Priority: high OS Version: any  
Status: new Product Version: 4.2.2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Add TPLink Access Point hardware/firmware support
Description: Add support for TPLink AP's (running OpenWRT firmware) for ease of integration and low-cost option for medium-large scale deployments.

The customizability and features that come with OpenWRT make this a great option for hobbyists and people who want to deploy a solution on a budget.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003548)
fdurand   
2014-06-02 08:08   
Did you try hostapd module and this http://www.packetfence.org/news/2013/article/packetfence-now-supports-hostapd.html [^] ?

Regards
Fabrice





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1800 [PacketFence] captive portal minor always 2014-05-28 09:10 2014-06-02 08:07
Reporter: jwesleyb Platform: 64bits  
Assigned To: fdurand OS: CentOS  
Priority: normal OS Version: 6.5  
Status: resolved Product Version: 4.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Packetfence does not redirect to register
Description: Hi, I'm having trouble with my PF because it is not redirecting to the captive portal. I have a network in inline mode with two interfaces (eth0 - inline / eth1 - management)
Steps To Reproduce:
Additional Information: #vim /usr/local/pf/conf/pf.conf

[general]
domain=localhost
hostname = localhost
dnsservers = 10.1.1.1
dhcpservers = 10.1.1.1

[alerting]
emailaddr=j.wesley7@yahoo.com.br

[database]
pass=mypass

[captive_portal]
secure_redirect=disabled

[interface eth0]
enforcement=inline
type=internal
ip=192.168.1.1
mask=255.255.255.0

[interface eth1]
ip=10.1.1.58
gateway=10.1.1.1
type=management
mask=255.255.255.0

#vim /usr/local/pf/conf/networks.conf

[192.168.1.0]
netmask=255.255.255.0
gateway=192.168.1.1
next_hop=
domain-name=inline.localdomain
dns=8.8.8.8
dhcp_start=192.168.1.10
dhcp_end=192.168.1.120
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=inline
named=disabled
dhcpd=enabled

#vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
VLAN=yes

#vim /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=dhcp
NETWORK=10.1.1.0
ONBOOT=yes
TYPE=Ethernet
System Description
Attached Files:
Notes
(0003544)
jwesleyb   
2014-05-29 13:51   
I managed to solve, thank you!





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1801 [PacketFence] captive portal minor have not tried 2014-05-30 08:14 2014-06-01 16:22
Reporter: sisu Platform: All  
Assigned To: fdurand OS: Ubuntu  
Priority: normal OS Version: 12.4.4 LTS  
Status: resolved Product Version: 4.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.2  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Packetfence captive portal not function correct Product Version 4.2.2
Description: With the new Packetfence release 4.2.2 I get the following error message (See Upload File) on Captive Portal landing page
Steps To Reproduce:
Additional Information:
System Description
Attached Files: Unbenannt.PNG (31,102) 2014-05-30 08:14
https://www.packetfence.org/bugs/file_download.php?file_id=211&type=bug
png

Error.txt (7,291) 2014-05-30 08:40
https://www.packetfence.org/bugs/file_download.php?file_id=212&type=bug
Notes
(0003545)
fdurand   
2014-05-30 11:44   
Hi Sisu,

i am be able to reproduce this error.
It´s a catalyst issue and you have to install libcatalyst-perl 5.90015-1.

Update /etc/apt/sources.list.d/PacketFence.list like that
#deb http://inverse.ca/downloads/PacketFence/debian [^] precise precise
deb http://inverse.ca/downloads/PacketFence/debian-devel [^] precise precise

and apt-get update
apt-get install libcatalyst-perl
bin/pfcmd configreload hard
and restart packetfence.

Let me know if it works for you.

Regards
Fabrice
(0003546)
sisu   
2014-05-31 06:05   
Thank you very much!

it works!

Best Reagrds

Sisu
(0003547)
fdurand   
2014-06-01 16:22   
Packaging fixed (Catalyst version)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1700 [PacketFence] security minor always 2013-08-23 05:20 2014-05-29 11:45
Reporter: olive35 Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Mysql password and user passwords
Description: Hi,

Here is my problem ... I see all password in clear text on my server.

In PF configuration : /usr/local/pf/conf/pf.conf
We can find the password of the MySQL database (ie pass=p@...).

I connect to the DB with this password.

Now i can see all the tables used in PF. And i can see all user passwords
in table 'temporary_password'.
Next i try to change the admin password in the DB and it works !

This is a security issue ? How to remedy this problem and replace passwords
by hashes ?

Regards,

Olive

PS : I already talk about this issue on the user mailing list
Steps To Reproduce:
Additional Information: Here commands i used (non root) :
*
grep -E '(pass(word)?=).*' -nR --color /usr/local/pf/conf/

mysql -u pf -pp@... pf

SHOW TABLES;

SELECT * from temporary_password;

UPDATE temporary_password SET password='123456' WHERE pid='admin';*

and connect to the admin web interface.
Attached Files: 1.html (410) 2014-05-29 11:45
https://www.packetfence.org/bugs/file_download.php?file_id=210&type=bug
Notes
(0003428)
olive35   
2013-08-23 05:24   
http://sourceforge.net/mailarchive/forum.php?thread_name=D60720A8-6946-416F-8A16-BEA039DC82CD%40inverse.ca&forum_name=packetfence-users [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1799 [PacketFence] web admin minor have not tried 2014-05-26 17:20 2014-05-26 17:20
Reporter: lpelet Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.2.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: bulk removing nodes/users
Description: that could be great if we can remove nodes or users by bulk
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1794 [PacketFence] captive portal minor always 2014-05-08 11:15 2014-05-25 22:13
Reporter: shikasensei Platform: Linux  
Assigned To: jrouzier OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: resolved Product Version: 4.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.1  
    Target Version:  
fixed in git revision: e10dfba5d840460df5858eb0ece4ee4cfc66e9f8
fixed in mtn revision:
Summary: caught exeption on node registaration page, captive portal
Description: When I want to register an a new device through captive portal I get a node registration page with messages (I provided them in Additional Information field) above normal page content (login/pass fields and etc.). Also after login attempt I get page, which is attached to the report.
Steps To Reproduce:
Additional Information: Caught exception in captiveportal::Controller::Root->setupCommonStash "Undefined subroutine &captiveportal::PacketFence::Model::Portal::Session::enabled called at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm line 138."
Caught exception in captiveportal::Controller::Root->getLanguages "Undefined subroutine &captiveportal::PacketFence::Model::Portal::Session::enabled called at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm line 138."
Caught exception in captiveportal::Controller::Root->setupLanguage "Can't use string ("0") as an ARRAY ref while "strict refs" in use at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm line 111."
System Description
Attached Files: captiveportal on Catalyst 5.90015.html (20,687) 2014-05-08 11:15
https://www.packetfence.org/bugs/file_download.php?file_id=208&type=bug
Notes
(0003540)
fdurand   
2014-05-08 11:36   
Hello,

can you run addons/pf-maint.pl, a patch has been made.

https://github.com/inverse-inc/packetfence/commit/decae56b420a275006e73a067f5c1c9c92534bdc [^]

Regards
Fabrice





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1793 [PacketFence] web admin minor always 2014-05-07 23:30 2014-05-15 23:06
Reporter: shikasensei Platform: Linux  
Assigned To: fdurand OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.1  
    Target Version:  
fixed in git revision: d335f587db373e4cc63d3711cffd47d3f6fb419d
fixed in mtn revision:
Summary: web admin interface doesn't start after install
Description: After install Packetfence admin web interface doesn't start.So I can't get access to configurator. Few days before all worked well.
Steps To Reproduce:
Additional Information: * Please fire up your Web browser and go to https://@ip_packetfence:1443/configurator [^] to complete your PacketFence configuration.
* Please stop your iptables service if you don't have access to configurator.
service|command
memcached|start
httpd.admin|not started
Checking configuration sanity...
FATAL - please define exactly one management interface
FATAL - internal network(s) not defined!
FATAL - Unable to connect to your database. Please verify your connection settings in conf/pf.conf and make sure that it is started.
FATAL - networks.conf cannot be empty when services.dhcpd is enabled
WARNING - We have been unable to load your configuration. Are you sure you ran configurator ?
 
If needed here is httpd.admin.log

May 08 08:58:52 httpd.admin(5018) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup)
May 08 08:58:52 httpd.admin(5018) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before)
May 08 09:01:21 httpd.admin(5224) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup)
May 08 09:01:21 httpd.admin(5224) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before)
May 08 09:09:09 httpd.admin(5434) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup)
May 08 09:09:09 httpd.admin(5434) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before)
System Description
Attached Files:
Notes
(0003538)
fdurand   
2014-05-08 07:53   
Hello,

Are you using debian wheezy ?
If it´s the case then remove libdata-alias-perl package.

Fabrice
(0003539)
shikasensei   
2014-05-08 10:00   
Thanks, this solved the issue.
(0003541)
fdurand   
2014-05-08 15:54   
Fixed in devel





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1797 [PacketFence] configuration minor have not tried 2014-05-14 16:12 2014-05-14 16:15
Reporter: lpelet Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.2.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Renaming portal profile won't move files.
Description: When we rename a portal profile in admin GUI, it does not move the files.

we should make the field for the name of the portal profile unwritable.
And log a message when we don't find the file in the portal profile and we fall-back to the default file.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1796 [PacketFence] security minor always 2014-05-12 06:00 2014-05-12 08:19
Reporter: jochen Platform: Linux  
Assigned To: jrouzier OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: assigned Product Version: 4.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 4.2.1  
fixed in git revision:
fixed in mtn revision:
Summary: snort not started
Description: Snort is no longer started by packetfence.

Reverting this change in pf/services/manager/roles/pf_conf_trapping_engine.pm fixed the issue for me:


# return $monitor_int && isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $self->name && $self->$orig(@_) ? 1 : 0;
    return $monitor_int && isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $self->name;
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1795 [PacketFence] upgrade minor always 2014-05-12 05:12 2014-05-12 06:33
Reporter: jochen Platform: Linux  
Assigned To: francis OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: resolved Product Version: 4.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.1  
    Target Version:  
fixed in git revision: 4695a0b37d6ce49e5594f4edc4739eebfef33497
fixed in mtn revision:
Summary: SQL Upgrade fails due to extra dashes in SQL script
Description: db/upgrade-4.1.0-4.2.0.sql has some extra dashes causing syntax errors in the SQL script

FIX: s/---/--/g
Steps To Reproduce: Run upgrade script
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1776 [PacketFence] web admin minor have not tried 2014-03-14 14:03 2014-05-08 06:31
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.0  
    Target Version: 4.2.0  
fixed in git revision: 40136b458f756920b81a353948a60fb1220d21c8
fixed in mtn revision:
Summary: Default value of Access duration choices
Description: Under "Admin registration" of the configuration page, the default value of the access duration choices should *not* be displayed as a placeholder since it becomes painful to modify it.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1789 [PacketFence] radius minor always 2014-04-28 18:26 2014-05-07 08:30
Reporter: victor Platform: All  
Assigned To: fdurand OS: All  
Priority: normal OS Version: All  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Unable extract SSID on Cisco 1142
Description:
Cisco 1142 apparently sends multiple Cisco-AVPair records back to the radius server and trips over extractSsid sub.

tail -f logs/packetfence.log

Apr 28 08:13:46 pf::WebAPI(4307) INFO: Unable to extract SSID of Cisco-AVPair: ARRAY(0xbaf6fcc8) (pf::SNMP::Cisco::Aironet::extractSsid)


Output from /usr/sbin/radiusd -X -d /usr/local/pf/raddb/

        Cisco-AVPair = "ssid=TEST"
        Service-Type = Login-User
        Cisco-AVPair = "service-type=Login"




As a quick workaround I changed $radius_request->{'Cisco-AVPair'} into $radius_request->{'Cisco-AVPair'}[0] but a permanent fix should be better than that.
Steps To Reproduce:
Additional Information:
System Description
Attached Files: extractSsid.patch (978) 2014-05-05 14:49
https://www.packetfence.org/bugs/file_download.php?file_id=207&type=bug
Notes
(0003532)
victor   
2014-05-05 14:42   
Take a look at the patch below. extractSsid should be able to go through multiple Cisco-AVPair records to find the ssid.



--- packetfence-4.1.0/lib/pf/SNMP/Cisco/Aironet.pm 2013-12-11 12:40:14.000000000 -0700
+++ ../lib/pf/SNMP/Cisco/Aironet.pm 2014-05-05 06:27:44.115673527 -0600
@@ -203,11 +203,14 @@
     my $logger = Log::Log4perl::get_logger(ref($this));

     if (defined($radius_request->{'Cisco-AVPair'})) {
-
- if ($radius_request->{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = "ssid=PacketFence-Secure"
- return $1;
- } else {
- $logger->info("Unable to extract SSID of Cisco-AVPair: ".$radius_request->{'Cisco-AVPair'});
+ foreach my $ciscoAVPair (@{$radius_request->{'Cisco-AVPair'}}) {
+ $logger->trace("Cisco-AVPair: ".$ciscoAVPair);
+
+ if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = "ssid=PacketFence-Secure"
+ return $1;
+ } else {
+ $logger->info("Unable to extract SSID of Cisco-AVPair: ".$ciscoAVPair);
+ }
         }
     }
(0003533)
victor   
2014-05-05 14:49   
Copy-paste seems to wrecked formatting. The patch file is attached.
(0003535)
fdurand   
2014-05-06 08:18   
Hello Victor,

your patch has been included in the devel version so it will be available for the incoming 4.2 version.

https://github.com/inverse-inc/packetfence/commit/60a7e01bd0d20d0873e253b018ec19f260eeceab [^]

Fabrice
(0003537)
fdurand   
2014-05-07 08:30   
Available in pf 4.2 release





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1758 [PacketFence] core minor always 2014-01-15 12:06 2014-05-07 08:30
Reporter: jochen Platform: Linux  
Assigned To: fdurand OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: perl-Moose-2.1200-1.of.el6 complains Class::MOP::load_class is deprecated at /usr/lib64/perl5/vendor_perl/Class/MOP.pm line 76.
Description: Many components of packentfence complain about deprecated Class::MOP::load_class as soon as perl-Moose-2.1200-1.of.el6.x86_64.rpm is installed. Older version perl-Moose-2.1005-1.of.el6.x86_64.rpm works OK.
Steps To Reproduce: Install perl-Moose-2.1005-1.of.el6.x86_64.rpm
Execute /usr/local/pf/bin/pfcmd service pf watch
Additional Information:
System Description
Attached Files:
Notes
(0003534)
fdurand   
2014-05-06 07:54   
Hello,

it´s why we defined this in the spec file:
https://github.com/inverse-inc/packetfence/blob/devel/addons/packages/packetfence.spec#L226 [^]

Fabrice
(0003536)
fdurand   
2014-05-07 08:30   
In pf 4.2 we use only packetfence repo with the correct perl lib so you will never meet this issue again.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1790 [PacketFence] web admin feature have not tried 2014-05-01 10:43 2014-05-01 12:33
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.0  
    Target Version:  
fixed in git revision: 207ea2a94c1fbf9ec26ce76c8ffdb9c0e9cd4d95
fixed in mtn revision:
Summary: Nodes - search by OS
Description: The simple and advanced search form should allow to search nodes by OS (DHCP).
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1792 [PacketFence] web admin minor have not tried 2014-05-01 11:57 2014-05-01 11:58
Reporter: francis Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Export search results to CSV
Description: The results of a simple or advanced search on the Nodes or Users page should be exportable as a CSV file.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1791 [PacketFence] web admin feature have not tried 2014-05-01 11:48 2014-05-01 11:48
Reporter: francis Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Searches: customizable number of results per page
Description: We should allow the user to change the number of results per page, at least on the Nodes and Users pages.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1780 [PacketFence] web admin minor always 2014-03-27 15:52 2014-04-24 12:21
Reporter: lzammit Platform: All  
Assigned To: francis OS: All  
Priority: normal OS Version: All  
Status: resolved Product Version: 4.1.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.0  
    Target Version:  
fixed in git revision: 99acc5e52d13a1f45c123136cb079221ab35b1ef
fixed in mtn revision:
Summary: does not direct after a second authentication on the web admin
Description: if you are on the node page like /admin/nodes and you will need to be authenticate again, after a successful authentication you will be redirected to /configuration and not /admin/nodes
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1210 [PacketFence] error-handling minor always 2011-04-21 08:42 2014-04-24 11:58
Reporter: jamest Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: confirmed Product Version: 2.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.6.1  
fixed in git revision:
fixed in mtn revision:
Summary: Can't add/edit person with pfcmd if firstname or lastname have spaces in them
Description: If you try and add a person with pfcmd person add pid and have an assignment of firstname or surname with the add, this will fail with grammar test failed if the name has a space in it. The same thing happens with edit.
There's nothing I could see in the admin guide saying that names with spaces in are invalid, they can be added directly into the database with no apparent ill effect.
I would suggest that either pfcmd is fixed to allow these names (as people do have them in real life), or the restriction is documented and pfcmd gives a more meaningful error message.
Steps To Reproduce:
Additional Information: Some example output:
./pfcmd person add test5 firstname="space in the middle"
Command not understood. (pfcmd grammar test failed at line 223.)
Usage: pfcmd person <add|view|edit|delete> pid [assignments]

manipulate person entries

examples:
  pfcmd person view all
  pfcmd person add bjenkins notes="Bob Jenkins"
  pfcmd person delete bjenkins

./pfcmd person add test5 surname="space in the middle"
Command not understood. (pfcmd grammar test failed at line 223.)
Usage: pfcmd person <add|view|edit|delete> pid [assignments]

manipulate person entries

examples:
  pfcmd person view all
  pfcmd person add bjenkins notes="Bob Jenkins"
  pfcmd person delete bjenkins

./pfcmd person add test5 firstname="underscore_in_the_middle"
Attached Files:
Notes
(0003000)
obilodeau   
2012-08-31 10:34   
This should be fixed now. I'll try to reproduce later in the lab and let you know.
(0003002)
obilodeau   
2012-08-31 10:48   
In stable this isn't fixed now but 0001523 should fix it. Let me check that.
(0003003)
obilodeau   
2012-08-31 10:58   
No it's not :(
(0003007)
obilodeau   
2012-08-31 15:13   
Debugging the parser, I don't really understand what's going on here..

I was able to make it work with:
pfcmd 'person add bjenkins notes="Bob Jenkins"'

I'll have to compare the parser debug results but this implies that it works from the Web Admin since it always single quotes all arguments together.
(0003175)
fgaudreault   
2012-10-19 13:48   
Need to see if it's fixed or not.
(0003237)
fgaudreault   
2012-10-24 10:04   
Still an issue. Tested on 3.6.0-devel.

[root@pf-3-centos6 pf]# ./bin/pfcmd person add test5 firstname="space in the middle"
Command not understood. (pfcmd grammar test failed at line 210.)
Usage: pfcmd person <add|view|edit|delete> pid [assignments]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1775 [PacketFence] configuration block always 2014-03-13 10:08 2014-04-17 14:07
Reporter: DanCreed Platform: Latest Packetfence Zen  
Assigned To: dwuelfrath OS: N/A  
Priority: urgent OS Version: N/A  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.2.0  
    Target Version: 4.2.0  
fixed in git revision: 90cc0a1796a84fce5155284b49129bdc87efe3ff
fixed in mtn revision:
Summary: Thread 1 terminated abnormally: Undefined subroutine &pf::SNMP::Cisco::Catalyst_2960::handleReAssignVlanTrapForWiredMacAuth call
Description: Won't change VLAN's with PacketFence Zen (latest version)

Thread 1 terminated abnormally: Undefined subroutine &pf::SNMP::Cisco::Catalyst_2960::handleReAssignVlanTrapForWiredMacAuth called at /usr/local/pf/sbin/pfsetvlan line 1618

(switch is a Cisco 3750)
Steps To Reproduce: Problem changing VLAN's for any switch using the Catalyst_2960.pm as a base.
Additional Information:
System Description
Attached Files: 1775-temp_patch.diff (1,201) 2014-03-14 11:10
https://www.packetfence.org/bugs/file_download.php?file_id=205&type=bug
Notes
(0003520)
dwuelfrath   
2014-03-14 09:42   
Confirmed.
Will provide a "patch" for the moment to make it work but need some investigation on why it is happening.
(0003521)
dwuelfrath   
2014-03-14 11:11   
Please view attached file.
Like I mentioned, this is a temp patch and code should be reviewed to fix the issue.
But for the moment, that should allow you to work your way out.

Cheers
(0003529)
dwuelfrath   
2014-04-17 14:06   
Will be fixed in 4.2





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1787 [PacketFence] configuration minor always 2014-04-16 14:23 2014-04-16 16:08
Reporter: lpelet Platform: Linux  
Assigned To: dwuelfrath OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: assigned Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: configurator breaks system network configuration
Description: NETWORKING=yes HOSTNAME=pf.localdomain
GATEWAY=172.21.2.1

instead of
NETWORKING=yes
HOSTNAME=pf.localdomain
GATEWAY=172.21.2.1
Steps To Reproduce: if your gateway is set in /etc/sysconfig/network-scripts/ifcfg-ethx PacketFence configurator will rearrange your system network configuration
Additional Information: maybe we should keep the gateway in the /etc/sysconfig/network-scripts/ifcfg-ethx, if it has been already manually configured.
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1785 [PacketFence] core major always 2014-04-04 08:04 2014-04-04 08:04
Reporter: canepan Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: When database is stoped, pfmon ends in an inconsistent state
Description: To perform backup, we stop the database of PacketFence every night.
If pfmon tries to access the DB during the backup, it logs:
Apr 02 18:00:23 pfmon(0) INFO: running expire check (main::cleanup)
Apr 02 18:00:23 pfmon(0) INFO: checking registered nodes for expiration (main::cleanup)
Apr 02 18:00:23 pfmon(0) WARN: database query failed with: MySQL server has gone away. (errno: 2006), will try again (pf::db::db_query_execute)
Apr 02 18:00:23 pfmon(0) FATAL: unable to connect to database: Can't connect to MySQL server on '127.0.0.1' (111) at /usr/local/pf/lib/pf/node.pm line 888.
 (pf::db::db_connect)
Apr 02 18:00:23 pfmon(0) ERROR: Error restarting pfmon: unable to connect to database: Can't connect to MySQL server on '127.0.0.1' (111) at /usr/local/pf/lib/pf/node.pm line 888.
 (main::cleanup)

Also, pfmon results running with "ps", but "pfcmd service pfmon status" doesn't agree:
/usr/local/pf # ./bin/pfcmd service pfmon status
service|shouldBeStarted|pid
pfmon|1|0

so it's not possible to restart it without doing kill to the running process.

Nodes expired after this happening are not requested login again (they are registered forever), and so they do not expire
Steps To Reproduce: 1) start PacketFence
2) stop database
3) wait a minute
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1688 [PacketFence] captive portal minor always 2013-08-14 12:17 2014-04-03 14:01
Reporter: KimHagen Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Captive portal access to common/network-access-detection.gif use lan ip.
Description: In the Captive portal option to enter an ip for access to common/network-access-detection.gif it states that you can use your LAN ip here.

This is however fire-walled (in inline mode).
Steps To Reproduce:
Additional Information: I made a patch to iptables.pm so it works.
is it safe to put this patch?

--- /usr/src/iptables.pm 2013-08-14 18:01:53.000000000 +0200
+++ /usr/local/pf/lib/pf/iptables.pm 2013-08-14 18:02:26.256478576 +0200
@@ -187,6 +187,7 @@
             $rules .= "-A INPUT --in-interface $dev -d $ip --jump $FW_FILTER_INPUT_INT_INLINE\n";
             $rules .= "-A INPUT --in-interface $dev -d 255.255.255.255 --jump $FW_FILTER_INPUT_INT_INLINE\n";
             $rules .= "-A INPUT --in-interface $dev -d $mgmt_ip --protocol tcp --match tcp --dport 443 --jump ACCEPT\n";
+ $rules .= "-A INPUT --in-interface $dev -d $mgmt_ip --protocol tcp --match tcp --dport 80 --jump ACCEPT\n";
             $rules .= "-A FORWARD --in-interface $dev --jump $FW_FILTER_FORWARD_INT_INLINE\n";
 
         # nothing? something is wrong

regards,
Kim
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1784 [PacketFence] guests minor have not tried 2014-04-03 10:29 2014-04-03 10:30
Reporter: francis Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Extend list of email-to-SMS gateways
Description: We are missing a lot of carriers from Europe. We must find a reliable source.

Current list comes from http://gitorious.org/statusnet/mainline/blobs/raw/master/db/sms_carrier.sql [^]
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1783 [PacketFence] dhcp minor have not tried 2014-04-02 18:37 2014-04-02 23:07
Reporter: lpelet Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: dhcpd no lease free
Description: I had a mask mismatching between the centos configuration and the pf.conf and the network.
it could be interesting to have a error message telling us there is a mismatch.

thanks
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003524)
francis   
2014-04-02 23:07   
Please provide an example. Thanks :)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1782 [PacketFence] web admin minor always 2014-04-02 15:39 2014-04-02 17:16
Reporter: bclaiborne Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: feedback Product Version: 4.1.0  
Product Build: Resolution: reopened  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: 7fa605f91765e9bdf7371dd87a3e07851219b19a
fixed in mtn revision:
Summary: IP address column not populating
Description: The IP address column on the 'Nodes' tab of Web Admin does not show an IP address for some nodes.
Steps To Reproduce:
Additional Information: It looks like nodes with an end date, even when the end date is a future date, do not show the IP address of that node in the IP Address column. Therefore, nodes cannot be sorted effectively by IP address.
Attached Files:
Notes
(0003522)
francis   
2014-04-02 15:41   
Already fixed earlier today.

https://github.com/inverse-inc/packetfence/commit/7fa605f91765e9bdf7371dd87a3e07851219b19a [^]
https://github.com/inverse-inc/packetfence/commit/d3d977f2a824d767f0e9e39564a22a786b907702 [^]
(0003523)
bclaiborne   
2014-04-02 17:16   
Made the edits posted in the notes. IP addresses do display but results that should show multiple pages do not show beyond the first page.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1781 [PacketFence] core minor have not tried 2014-04-01 16:01 2014-04-01 16:02
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: assigned Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Wrong workflow when trapping.registration is disabled
Description: - Evaluation on whether registration feature is enabled or not (trapping.registration in pf.conf) is made in getRegistrationVlan and that is kind of wrong. That evaluation should be done (at this point) in fetchVlanForNode rather than going in getRegistrationVlan and exiting saying "we do not use registration" and then going in getNormalVlan.

- When we are not using registration feature (trapping.registration in pf.conf) and a new node is connecting on the network, no category/role is being assigned to that node so getNormalVlan is unable to successfully assign a VLAN based on that "no role".
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1779 [PacketFence] core major always 2014-03-26 07:00 2014-03-26 08:56
Reporter: lpelet Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: 5a788205a47ee54116eca01eeb8c06971647ad8c
fixed in mtn revision:
Summary: pfmon unable to do maintenance if mac is without delimiter
Description: If you are using network equipment like HP controller that sends to PacketFence a mac formatted without delimiter like d20019e59060. Pfmon by pfcmd will be unable to process the mac address and it will be unable to do the maintenance (unregistration) on it.
It's fixed in commit 5a788205a47ee54116eca01eeb8c06971647ad8c, by adding a simple clean_mac before sending the mac address to Pfmon.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1772 [PacketFence] addons minor always 2014-03-03 14:41 2014-03-20 21:13
Reporter: mrobbert Platform: All  
Assigned To: francis OS: All  
Priority: normal OS Version: All  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: 8255430c40643b8f059f01c37f8acc00063c6db5
fixed in mtn revision:
Summary: logrotate doesn't properly rotate logs due to syntax error
Description: There is a duplicate file entry in the packetfence logrotate configuration file that is apparently causing it to not read the rest of the file, therefore it doesn't do the copytruncate. The logs get moved instead of copied and since there is no restart they continue to log to the old log files.
I have sent a pull request (0000125) on Github with a fix.
Steps To Reproduce: 1. run logrotate
2. Observe that logs are getting written to old log files or use lsof/fuser to see that running processes still have old files open.
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1665 [PacketFence] web admin feature always 2013-07-09 20:46 2014-03-20 21:08
Reporter: Xen0Phage Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: No way to add a node via the GUI
Description:     With our current NAC system we can manually add new devices via the
GUI. We're able to add the MAC of the device, the role it should be in,
and a description. The description is incredibly useful for identifying
devices quickly.

    This doesn't appear to be possible in PF 4.0.1, though there is the CLI
method for adding a node, albeit without a description.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003519)
Xen0Phage   
2014-03-12 14:37   
This was fixed in 4.1 and can probably be closed now.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1778 [PacketFence] security major always 2014-03-20 12:25 2014-03-20 21:07
Reporter: lpelet Platform: All  
Assigned To: francis OS: All  
Priority: high OS Version: All  
Status: resolved Product Version: 4.0.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: 27bd6016b8a13638b2c6c06061f4ad4ecf9588c1
fixed in mtn revision:
Summary: admin user gain role default
Description: In the database schema >= 4.0.0, we define the user admin with the category = 1.
It lets the user admin to gain the role default if authenticated on the captive portal.
Verify that your admin password is strong else users can guess it and register devices with role default.
If you don't use the user admin on the captive portal, remove this capability on the user tab in users properties for admin.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1777 [PacketFence] web admin feature N/A 2014-03-14 14:09 2014-03-14 14:09
Reporter: lpelet Platform: All  
Assigned To: OS: All  
Priority: normal OS Version: All  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: verify fingerbank version before share unknow fingerprints
Description: We should warn the Administrator trying to share unknown fingerprints by saying that the fingerprint database currently installed is outdated and propose him to download the new one.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1774 [PacketFence] core feature always 2014-03-12 14:43 2014-03-12 14:43
Reporter: Xen0Phage Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: CLI should allow multiple formats for node identification
Description: 4.1 added the ability, in the web UI, to use multiple formats to identify a node. For instance, the standard colon notation, dotted notation, dashed notation, etc. The command line version of this (pfcmd lookup) doesn't seem to allow anything other than colon notation.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1773 [PacketFence] i18n minor always 2014-03-04 04:48 2014-03-06 09:09
Reporter: liqiang Platform: i386  
Assigned To: OS: CentOS  
Priority: high OS Version: 6.5  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Why multi-language translation fails
Description: I have translated some strings of file that I18N/en.po to Chinese, and change the file type to utf-8.
Part Content:
=============
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
=============
AND:
=============
# html/pfappserver/root/user/create.tt
msgid "Create Users"
msgstr "????"

# html/pfappserver/root/user/create.tt
msgid "Create local users that trigger specific actions."
msgstr "????????????"

# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm
# html/pfappserver/lib/pfappserver/Form/User.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm
# html/pfappserver/root/admin/login.tt
# html/pfappserver/root/configurator/admin.tt
# html/pfappserver/root/configurator/database.tt
# html/pfappserver/root/user/list_password.tt
# html/pfappserver/root/user/print.tt
msgid "Username"
msgstr "???"

# html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm
# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm
# html/pfappserver/root/admin/login.tt
# html/pfappserver/root/authentication/source/type/AD.tt
# html/pfappserver/root/authentication/source/type/LDAP.tt
# html/pfappserver/root/configurator/admin.tt
# html/pfappserver/root/configurator/database.tt
# html/pfappserver/root/user/list_password.tt
# html/pfappserver/root/user/print.tt
# html/pfappserver/root/user/view.tt
msgid "Password"
msgstr "??"

# html/pfappserver/root/node/create.tt
# html/pfappserver/root/user/create.tt
msgid "Single"
msgstr "??"
=============

But after the restart the service,
WEB pages is not displayed correctly.

COMMAND:
/usr/local/pf/bin/pfcmd service httpd.admin restart

The WEB page have not button of submit.

WHY?

thanks,
Steps To Reproduce:
Additional Information:
System Description
Attached Files: Source Error.jpg (294,000) 2014-03-04 04:48
https://www.packetfence.org/bugs/file_download.php?file_id=202&type=bug
WEB Error..jpg (57,185) 2014-03-04 04:48
https://www.packetfence.org/bugs/file_download.php?file_id=203&type=bug
jpg

en.po (135,304) 2014-03-04 04:50
https://www.packetfence.org/bugs/file_download.php?file_id=204&type=bug
Notes
(0003513)
liqiang   
2014-03-04 04:51   
I have uploaded en.po and some pictures.
Please help me,

thanks,
(0003515)
francis   
2014-03-04 08:56   
(edited on: 2014-03-04 08:56)
Have you generated the .mo file?

We generate those files when we create the packages. See the .spec file:

https://github.com/inverse-inc/packetfence/blob/stable/addons/packages/packetfence.spec#L306 [^]
(0003516)
liqiang   
2014-03-04 20:38   
I have not created the *.mo file.
I modified the en.po in lib/pfappserver/I18N/en.po.

I find not relationship between conf/locale/$TRANSLATION/LC_MESSAGES/packetfence.po and WEB UI of admin.

Right?

thanks francis.
(0003517)
liqiang   
2014-03-06 09:09   
I have fixed the problem.

Because the catalyst encoding is not currect,and URL:
http://lists.scsys.co.uk/pipermail/catalyst/2007-August/014822.html [^]
http://wiki.catalystframework.org/wiki/tutorialsandhowtos/using_unicode.view#View:_TT_Templates [^]

pfaddserver.pm:
use Catalyst qw/ -Debug ConfigLoader Unicode::Encoding /;

View: TT Templates:
__PACKAGE__->config( {
    ENCODING => 'utf-8',
} );

OK,
thanks,
(0003518)
liqiang   
2014-03-06 09:09   
PLEASE close this bug, thanks.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1762 [PacketFence] configuration major always 2014-01-25 08:26 2014-03-03 14:54
Reporter: rishabh0510 Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: epel error
Description: unable to fix this error while installation


[root@localhost yum.repos.d]# yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of PacketFence-complete
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again


help to fix this issue
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003512)
mrobbert   
2014-03-03 14:54   
It looks like your host may be having problems connecting to the internet. Can you try running these commands and send the output:

yum --enablerepo=epel clean all
yum --enablerepo=epel check-update





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1771 [PacketFence] web admin feature always 2014-02-27 14:58 2014-02-27 14:58
Reporter: Leonel Bonito Platform: All  
Assigned To: OS: All  
Priority: normal OS Version: All  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Nodes - Add options to search
Description: It would be nice if there was an option in the Advanced Search, to search for Status (registered/unregistered) and for Role.

Also, when I try to make a search to get all persons, I choose "Person name" / "is not" and leave the next field empty, and nothing returns to me.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1770 [PacketFence] hardware modules minor always 2014-02-26 12:58 2014-02-26 12:58
Reporter: Jean-Noel Martineau Platform: HP Procurve 2530-24G  
Assigned To: OS: All  
Priority: normal OS Version: YA.15.12.0007  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: pfsetvlan INFO: ignoring unknown trap
Description: Hello,
a plug/unplug on HP 2530-24G port generate this snmp trap which seem to be ignored by pfsetvlan, debug trace here :

Feb 26 18:40:55 pfsetvlan(21) INFO: ignoring unknown trap: 2014-02-26|17:40:52|UDP: [10.200.201.135]:161->[10.50.76.113]|10.200.201.135|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.76 = STRING: I 02/26/14 18:40:54 00076 ports: port 7 is now on-line END VARIABLEBINDINGS (main::parseTrap)
Feb 26 18:40:55 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-26|17:40:52|UDP: [10.200.201.135]:161->[10.50.76.113]|10.200.201.135|BEGIN TYPE 3 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7|.1.3.6.1.2.1.2.2.1.7.7 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.7 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.2.7 = STRING: 7|.1.3.6.1.2.1.31.1.1.1.18.7 = STRING: END VARIABLEBINDINGS (main::parseTrap)

Can we customize packetfence to accept them ?
Thanks.
Jean-Noel
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1769 [PacketFence] captive portal minor always 2014-02-11 07:31 2014-02-14 11:14
Reporter: erSitzt Platform: Linux  
Assigned To: fdurand OS: Ubuntu  
Priority: normal OS Version: 12.04.3 LTS  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: +1  
    Target Version:  
fixed in git revision: https://github.com/inverse-inc/packetfence/commit/57122f4dc4bdf4d73e64335f66519a1f0a889ce2 [^]
fixed in mtn revision:
Summary: Proxy Interception : 503 Service Unavailable
Description: I've enabled proxy interception for the default ports 8080 and 3128 and seems to work with regard to the log entries and the url changing to the packetfence fqdn.

But instead of the captive portal i get a
503 Service Unavailable Error

/etc/hosts has 127.0.0.1 for the fqdn of packetfence
Steps To Reproduce:
Additional Information:
Attached Files: reverse_reproxy_error_log (681,741) 2014-02-11 07:49
https://www.packetfence.org/bugs/file_download.php?file_id=199&type=bug
proxy_error_log (2,432) 2014-02-11 07:49
https://www.packetfence.org/bugs/file_download.php?file_id=200&type=bug
Notes
(0003504)
erSitzt   
2014-02-11 07:45   
Just noticed that there are new logfiles:

proxy_error_log:
[Mon Feb 10 16:38:56 2014] [warn] proxy: No protocol handler was valid for the URL 127.0.0.1:444. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

I've attached the error-logs as well
(0003505)
erSitzt   
2014-02-11 07:50   
In reverse_reproxy_error_log it looks like packetfence is trying to connect to 127.0.0.1:443 but nobody is listening there...

netstat -anp | grep 127.0.0.1
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1368/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1162/memcached
tcp 0 0 127.0.0.1:444 0.0.0.0:* LISTEN 23968/apache2
tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN 23931/apache2
tcp 0 0 127.0.0.1:48460 127.0.0.1:11211 ESTABLISHED 24007/pfsetvlan
tcp 0 0 127.0.0.1:48448 127.0.0.1:11211 ESTABLISHED 23931/apache2
tcp 0 0 127.0.0.1:11211 127.0.0.1:48450 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48462 127.0.0.1:11211 ESTABLISHED 24049/pfdhcplistene
tcp 0 0 127.0.0.1:11211 127.0.0.1:48463 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48463 127.0.0.1:11211 ESTABLISHED 24048/pfdhcplistene
tcp 0 0 127.0.0.1:48535 127.0.0.1:11211 ESTABLISHED 23918/apache2
tcp 0 0 127.0.0.1:48457 127.0.0.1:11211 ESTABLISHED 23988/pfdns
tcp 0 0 127.0.0.1:11211 127.0.0.1:48454 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48480 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48448 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48450 127.0.0.1:11211 ESTABLISHED 23948/apache2
tcp 0 0 127.0.0.1:48461 127.0.0.1:11211 ESTABLISHED 24050/pfdhcplistene
tcp 0 0 127.0.0.1:48444 127.0.0.1:11211 ESTABLISHED 23909/apache2
tcp 0 0 127.0.0.1:48454 127.0.0.1:11211 ESTABLISHED 23968/apache2
tcp 0 0 127.0.0.1:11211 127.0.0.1:48460 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48461 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48536 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48444 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48536 127.0.0.1:11211 ESTABLISHED 23924/apache2
tcp 0 0 127.0.0.1:11211 127.0.0.1:48457 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48462 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48535 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48480 127.0.0.1:11211 ESTABLISHED 24084/perl
udp 0 0 127.0.0.1:18120 0.0.0.0:* 23996/freeradius
udp 0 0 127.0.0.1:11211 0.0.0.0:* 1162/memcached
udp 0 0 127.0.0.1:161 0.0.0.0:* 1447/snmpd
(0003506)
fdurand   
2014-02-11 11:47   
Hello,
i have just tested and in fact you have to change in /etc/hosts file to resolv on the ip address where the portal is listening and not 127.0.0.1.

I will change the documentation.

Regards
Fabrice
(0003507)
erSitzt   
2014-02-14 04:34   
Changed the fqdn in /etc/hosts to the ip of packetfence in the registration network and it works just fine now.
Thanks





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1768 [PacketFence] web admin feature unable to reproduce 2014-02-11 05:29 2014-02-11 05:29
Reporter: wvalkering Platform: All  
Assigned To: OS: All  
Priority: normal OS Version: All  
Status: new Product Version: 4.0.5-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Can't delete nodes whilst 'active'
Description: When you want to delete a user which has a node with an old location log open you can't remove the node and so you can not remove the user.

An option to close the location log of a node would be nice so you won't have to close it manually on the server. Would save time and would be more user-friendly.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1750 [PacketFence] captive portal minor have not tried 2013-12-03 10:41 2014-02-10 13:39
Reporter: tech Platform: All  
Assigned To: OS: win  
Priority: high OS Version: sevem  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Guest registration page doesn't show any submit button
Description: V 4.0.6-2

Hello all, i am setting up a guest registration page using Packet fence. However i have what seems to be a common problem, the guest registration page doesn't show any submit button. i was wondering if anyone has fixed it yet, any help on this would be great.

many thanks

ian
Steps To Reproduce:
Additional Information:
System Description
Attached Files: s1.png (30,620) 2013-12-03 11:08
https://www.packetfence.org/bugs/file_download.php?file_id=191&type=bug
png

Screenshot.png (182,872) 2013-12-04 05:48
https://www.packetfence.org/bugs/file_download.php?file_id=193&type=bug
png

Screenshot-1.png (187,978) 2013-12-04 05:48
https://www.packetfence.org/bugs/file_download.php?file_id=194&type=bug
png

login page.png (48,886) 2013-12-09 05:31
https://www.packetfence.org/bugs/file_download.php?file_id=195&type=bug
png
Notes
(0003474)
francis   
2013-12-03 13:20   
Can you show the content of conf/profiles.conf?
(0003475)
tech   
2013-12-04 05:49   
are these the right files?
(0003477)
francis   
2013-12-05 08:48   
On the login page (not the self-registration page), do you have a "Sign up" button?
(0003480)
tech   
2013-12-09 05:31   
that's a screen shot of the login in page, I could not find a sign up button.
(0003503)
francis   
2014-02-10 13:39   
Would you be able to test the latest stable release (4.1.0)?





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1759 [PacketFence] web admin minor always 2014-01-16 05:39 2014-02-07 11:13
Reporter: erSitzt Platform: Linux  
Assigned To: francis OS: Ubuntu  
Priority: normal OS Version: 12.04.3  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: f1e234847617a17665e70670e3c7b215ad983e8c
fixed in mtn revision:
Summary: Can't set webadmin access level when creating a new user
Description: When creating a new user and adding the action "Set access level of web admin" no field to select the access level is displayed.

If a user is edited this works.
Steps To Reproduce:
Additional Information:
Attached Files: create_user_webadmin_accesslevel.PNG (33,310) 2014-01-16 05:39
https://www.packetfence.org/bugs/file_download.php?file_id=197&type=bug
png
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1729 [PacketFence] web admin minor have not tried 2013-10-10 10:09 2014-02-03 08:32
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision: f0660655caeb7205555bc22c9dd88b8aadbc8910
fixed in mtn revision:
Summary: Can't add rules to a freshly created authentication source
Description: After having created an authentication source, it's impossible to add rules to it.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1763 [PacketFence] web admin trivial always 2014-01-31 13:00 2014-02-03 05:33
Reporter: maikel Platform: All  
Assigned To: OS: All  
Priority: normal OS Version: All  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: 3.6 web based status and reports are missing from pf 4
Description: All the stats are still there with the old way of pfcmd, though missing
Still from the web the reports and status should get back as also reported on the mail list today.
Most needed is a list of all open violations. I can make a feature request also of all missing 3.6 reports in differant bug ids.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003497)
francis   
2014-01-31 13:24   
Please list in the this ticket the reports you would like to have back in PF4. Thanks!
(0003498)
maikel   
2014-02-03 05:33   
Will do. Need to compare it good.
What i found sofar in 3.6:
Reports

IP - MAC History
Location History (switch)
Location History (MAC)
Accounting (switch)
Accouting (MAC)
Accouting (User)
Active
Inactive
Registered
Unregistered
OS
OS Class
Unknown Fingerprints
Unknown User-Agents
Open Violations
Probable Static IPs
Connection-Type (All)
Connection-Type (Registered)
SSID


graphs:
Unregistered Nodes
Violations
Total Nodes
Accounting (Switch)
Accounting (MAC)
Accounting (User)
SNMP Traps


Most needed is the old violation tab in the UI
Always did pcmd violation view all
Now you always have to go trough a node to find an open violation or do it command line.

Will update this ticket also if some stuff is infact already in 4.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1764 [PacketFence] addons minor N/A 2014-02-02 14:30 2014-02-02 14:30
Reporter: mmcgrath Platform: All  
Assigned To: OS: All  
Priority: low OS Version: All  
Status: new Product Version: +0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Audit log for registrations
Description: We have 60+ student workers working the help desk. Every now and then when one of them manually registers a device, they do it wrong. They don't put an unreg date, they don't put a role, etc, etc, etc...

Would it be possible to keep some kind of audit log, that is viewable via the web interface, of who registered a node (either the user themselves via the portal or secure connection or a helpdesk worker via the admin interface)?
Steps To Reproduce:
Additional Information: I'm not sure if this is the proper place for enhancement requests...or if I've filled the form out properly. Please let me know.
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1745 [PacketFence] error-handling major always 2013-11-04 02:31 2014-01-30 12:03
Reporter: rnaveed Platform: x86  
Assigned To: OS: RHEL  
Priority: high OS Version: 6.2  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: unable to install
Description: we are trying to install the PacketFence for testing purpose, we follow the Administration guide, but unable to install & receive following error.

An early response to resolve this issue will be highly appreciated.


---> Package perl-Net-DNS.x86_64 0:0.66-1.of.el6 will be installed
--> Processing Dependency: perl(Net::IP) >= 1.2 for package: perl-Net-DNS-0.66-1.of.el6.x86_64
---> Package perl-PadWalker.x86_64 0:1.93-1.of.el6 will be installed
---> Package perl-Thread-Serialize.noarch 0:0.11-1.el6.rf will be installed
--> Finished Dependency Resolution
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: rrdtool
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
           Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS::Nameserver) = 835
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
           Installing: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS::Nameserver) = 835
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: memcached
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: dhcp
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl-rrdtool
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS) = 0.65-4
           Installing: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS) = 0.66
Error: Package: perl-HTML-Tidy-1.08-5.el6.x86_64 (epel)
           Requires: libtidy-0.99.so.0()(64bit)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS) = 0.65-4
           Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS) = 0.66
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: ipset
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(GD)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: zlib-devel
Error: Package: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
           Requires: perl(Net::IP) >= 1.2
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@PF ~]#
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003478)
evargas   
2013-12-05 20:15   
I'm running into the same issue.

2.6.32-220.23.1.el6.x86_64 0000001 SMP Mon Jun 18 18:58:52 BST 2012 x86_64 x86_64 x86_64 GNU/Linux

--> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch
---> Package xorg-x11-font-utils.x86_64 1:7.2-11.el6 will be installed
--> Processing Dependency: libfontenc.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.2-11.el6.x86_64
--> Processing Dependency: libXfont.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.2-11.el6.x86_64
--> Running transaction check
---> Package ORBit2.x86_64 0:2.14.17-3.1.el6 will be installed
--> Processing Dependency: libIDL-2.so.0()(64bit) for package: ORBit2-2.14.17-3.1.el6.x86_64
---> Package libXfont.x86_64 0:1.4.1-2.el6_1 will be installed
---> Package libfontenc.x86_64 0:1.0.5-2.el6 will be installed
---> Package packetfence.noarch 0:4.0.6-2.el6 will be installed
--> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch
---> Package sgml-common.noarch 0:0.6.3-32.el6 will be installed
--> Running transaction check
---> Package libIDL.x86_64 0:0.8.13-2.1.el6 will be installed
---> Package packetfence.noarch 0:4.0.6-2.el6 will be installed
--> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch
--> Finished Dependency Resolution
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: ipset
(0003494)
ccaaajf   
2014-01-30 08:50   
Dito

--> Finished Dependency Resolution
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(GD)
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
           Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS::Nameserver) = 835
           Installed: perl-Net-DNS-0.65-4.el6.x86_64 (@rhel-6-server-rpms)
               Not found
           Available: perl-Net-DNS-0.65-2.el6.x86_64 (rhel-6-server-rpms)
               Not found
           Available: perl-Net-DNS-0.65-5.el6.x86_64 (rhel-6-server-rpms)
               Not found
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
(0003495)
ccaaajf   
2014-01-30 11:53   
yum install --enablerepo=* perl-GD

Enabling all the RHEL repo's gets me down to one error....

having an issue with perl-Net-DNS...
(0003496)
ccaaajf   
2014-01-30 12:03   
yum erase perl-Net-DNS
yum install perl-Net-DNS-0.65-4.el6.x86_64
yum install --enablerepo=* perl-Net-DNS-Nameserver

&
yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete

WORKED!





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1761 [PacketFence] captive portal minor always 2014-01-20 11:16 2014-01-20 11:16
Reporter: caralo Platform: Linux  
Assigned To: OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: new Product Version: 4.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Captive Portal needs packetfence restart to show locale characters right
Description: All the special locale characters (accented vowels,..) are shown as "?" unless you restart packetfence. It seems that the init.d script needs to source the locale LANG variable.
It works if you add something like this to /etc/init.d/packetfence:
if [ -f /etc/default/locale ]; then
    . /etc/default/locale
    export LANG
fi
Or you could add a locale LANG variable in /etc/default/packetfence.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1760 [PacketFence] web admin trivial always 2014-01-18 17:05 2014-01-20 09:14
Reporter: mmcgrath Platform: Linux  
Assigned To: francis OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: c5a95038199edcb0e7640104ce2987a8487df053
fixed in mtn revision:
Summary: Unable to save searches under Nodes
Description: Unable to save custom searches under Nodes (both Simple and Advanced searches). The Save Search box appears, I fill in a name and click Save -- nothing happens. I can click Save as many times as I want. The Close button properly closes the save box.
Steps To Reproduce: Go to Nodes and try to save a search.
Additional Information: I have tried Chrome 32, Firefox 26 and IE 10.
System Description
Attached Files:
Notes
(0003492)
francis   
2014-01-20 09:14   
This has been fixed two weeks ago.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1757 [PacketFence] web admin minor always 2014-01-13 10:24 2014-01-14 10:27
Reporter: caralo Platform: Linux  
Assigned To: francis OS: Debian  
Priority: normal OS Version: 7 (Wheezy)  
Status: resolved Product Version: 4.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: dff8c1fbc9ff850cd50f7d705af36eb97f3e29c9
fixed in mtn revision:
Summary: httpd.admin Error when applied role in nodes action menu
Description:  When you select a node in the Nodes tab and try to apply a new role in the action menu, the node role gets changed but it doesnt evaluate the new role. So it doesnt change the vlan if it has to.
 If you examine packetfence.log, you can see:

 httpd.admin(0) ERROR: Odd number of elements in hash assignment at /usr/local/pf/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm line 30.
 (pfappserver::__ANON__)

If you change the node role directly pressing in the mac, everything works as expected.
Steps To Reproduce: Web gui -> Nodes Tab -> select one or more nodes
Action menu -> Apply role -> Select any Role
Additional Information:
System Description
Attached Files:
Notes
(0003486)
dbsanch   
2014-01-13 19:01   
Resolved: the my.conf file had been changed to force a recovery and never changed back to the default value ('0').

[mysqld]
innodb_force_recovery = 4

As a safety measure, InnoDB prevents users from performing INSERT, UPDATE, or DELETE operations when innodb_force_recovery is greater than 0.
--------------------------------------------------------------------------------
Resolution:

[mysqld]
innodb_force_recovery = 0
(0003487)
caralo   
2014-01-14 03:50   
I have connected to mysql database and the system variable innodb_force_recovery was 0. Just in case it was not right, I have forced "innodb_force_recovery = 0" in my.cnf but I still get the same error.
(0003488)
fdurand   
2014-01-14 07:57   
Hello,
if you want to be able to reévaluate the vlan after changing the role then you can apply this patch:
https://github.com/inverse-inc/packetfence/pull/117/files [^]

Fabrice
(0003489)
caralo   
2014-01-14 08:54   
I have applied the patch and but it doesnt work. I think that the problem is previous to reevaluation. It has to do with:

 httpd.admin(0) ERROR: Odd number of elements in hash assignment at /usr/local/pf/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm line 30.
 (pfappserver::__ANON__)

The role change (and reevaluation) works perfectly if you change the role in the menu that opens when you press the mac of a node. But in this case you have to change the role one by one. If you want to change the role of many nodes at the same time, you should use the action menu but it doesnt work (changes the role but not the vlan)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1756 [PacketFence] error-handling block always 2014-01-07 09:37 2014-01-08 12:44
Reporter: dbsanch Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: high OS Version: 6  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Configuration Wizard: Unable to proceed past Administration Tab
Description: Cannot proceed past Administration Tab in Configuration Wizard. Will not allow modification of password or use of current password to Continue. Did not work with admin / admin either.
Steps To Reproduce: 1. Fill out tabs in Configuration Wizard
2. Get to Administration Tab
3. Use default admin / admin
4. Try to enter new password - example pfuseradmiN and press modify
5. Press 'Continue'
Additional Information: error: Verify configuration - cannot proceed with install. Would like to know if there is a work-around to the GUI interface.
System Description
Attached Files: steps.docx (1,123,596) 2014-01-08 12:44
https://www.packetfence.org/bugs/file_download.php?file_id=196&type=bug
Notes
(0003484)
lmunro   
2014-01-07 09:47   
Hi David,
Can you confirm that the database is running?

Usually issues like that are related to DB access.
(0003485)
dbsanch   
2014-01-07 10:17   
Yes - MySql has been up for awhile. Uptime: 2321437 Threads: 1 Questions: 406 Slow queries: 0 Opens: 75 Flush tables: 1 Open tables: 33 Queries per second avg: 0.0





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1685 [PacketFence] web admin minor always 2013-08-14 06:17 2013-12-17 09:32
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.1  
    Target Version:  
fixed in git revision: 66139bb516f17c579ae06aadb0a4b445e90aa7e3
fixed in mtn revision:
Summary: connections number wrong on Connections Types report page
Description: After quite not heavy use of PacketFence Wired 802.1x connections number shown on web page is 12728 (Wired MAC Auth connections number is also too high - 1166). However, database queries show accordingly 158 and 17 connections which are real numbers (see below).

So looks like connections number is wrong on Connections Types report page.
Steps To Reproduce:
Additional Information: mysql> select count(*) from locationlog where connection_type = "Ethernet-EAP";
+----------+
| count(*) |
+----------+
| 158 |
+----------+
1 row in set (0.00 sec)

mysql> select count(*) from locationlog where connection_type = "WIRED_MAC_AUTH";
+----------+
| count(*) |
+----------+
| 17 |
+----------+
1 row in set (0.00 sec)

mysql>
Attached Files: PF_connection_types.png (27,105) 2013-08-14 09:06
https://www.packetfence.org/bugs/file_download.php?file_id=185&type=bug
png
Notes
(0003406)
francis   
2013-08-14 08:35   
The SQL queries to extract the number of wired and wireless connections for the past week look like this :

        SELECT count(*) AS nb FROM (
          SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
          FROM locationlog
          WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type NOT LIKE 'Wireless%' GROUP BY start_day, mac
        ) AS wired_count

        SELECT count(*) AS nb FROM (
          SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
          FROM locationlog
          WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type LIKE 'Wireless%' GROUP BY start_day, mac
        ) AS wireless_count
(0003407)
muhlig   
2013-08-14 09:06   
So we have 5 and 0 (see below). Why the page displays thousands wired connections then (see attached file)?

mysql> use pf
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SELECT count(*) AS nb FROM (
    -> SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
    -> FROM locationlog
    -> WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type NOT LIKE 'Wireless%' GROUP BY start_day, mac
    -> ) AS wired_count;
+----+
| nb |
+----+
| 5 |
+----+
1 row in set (0.00 sec)

mysql> SELECT count(*) AS nb FROM (
    -> SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
    -> FROM locationlog
    -> WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type LIKE 'Wireless%' GROUP BY start_day, mac
    -> ) AS wireless_count ;
+----+
| nb |
+----+
| 0 |
+----+
1 row in set (0.00 sec)

mysql>
(0003409)
francis   
2013-08-14 09:44   
The queries I posted were for the dashboard. I'll have a look at the queries for the connection types report.
(0003481)
francis   
2013-12-17 09:30   
Fixed by counting distinct MAC addresses.

BEFORE:

mysql> SELECT connection_type, COUNT(*) AS connections,
    ->             ROUND(COUNT(*)/
    ->                 (SELECT COUNT(*)
    ->                     FROM locationlog
    ->                     WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->                 )*100,1
    ->             ) AS percent
    ->         FROM locationlog
    ->         WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->        GROUP BY connection_type
    -> ;
+-----------------------+-------------+---------+
| connection_type       | connections | percent |
+-----------------------+-------------+---------+
| Ethernet-NoEAP        |        1215 |     1.6 |
| Inline                |       35377 |    47.7 |
| Wireless-802.11-EAP   |        5851 |     7.9 |
| Wireless-802.11-NoEAP |       31670 |    42.7 |
+-----------------------+-------------+---------+


AFTER:

mysql> SELECT connection_type, COUNT(DISTINCT mac) AS connections,
    ->             ROUND(COUNT(DISTINCT mac)/
    ->                 (SELECT COUNT(DISTINCT mac)
    ->                     FROM locationlog
    ->                     WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->                 )*100,1
    ->             ) AS percent
    ->         FROM locationlog
    ->         WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->        GROUP BY connection_type
    -> ;
+-----------------------+-------------+---------+
| connection_type       | connections | percent |
+-----------------------+-------------+---------+
| Ethernet-NoEAP        |         350 |     6.8 |
| Inline                |        3155 |    61.2 |
| Wireless-802.11-EAP   |         737 |    14.3 |
| Wireless-802.11-NoEAP |        3866 |    75.0 |
+-----------------------+-------------+---------+





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1753 [PacketFence] hardware modules feature N/A 2013-12-12 09:59 2013-12-12 10:01
Reporter: chami Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: compatibility of switch
Description: I have a request about of the compatibility of switch and PacketFance.
This switch is not in your list of "supported network devices".

Us is the following equipment for disposal
ProSafe 24-PORT GIGABIT SMART SWITCH GS724T-300

best regards
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1752 [PacketFence] scanning minor always 2013-12-04 14:18 2013-12-04 14:25
Reporter: thedeco Platform: Linux  
Assigned To: francis OS: RHEL / CentOS  
Priority: low OS Version: 6  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision: 7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1
fixed in mtn revision:
Summary: Fresh Snort install fails to start after rules update script is run
Description: After a fresh install of Snort and running the update_rules.pl script, Snort cannot start up by default.

Checking /var/log/messages show the following error:

FATAL ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-virus.rules": No such file or directory.

It appears the update_rules script failed to install this one rule set in conf/snort directory even though it is present in the violations.conf file by default.
Steps To Reproduce: Fresh install of PacketFence 4.0.6-2

service packetfence stop
yum install snort
run the rules update located /usr/local/pf/addons/snort/update_rules.pl
service packetfence start
service snortd status
Additional Information: I was able to start Snort after removing the emerging-virus.rules from the list of Snort rules in violations.conf file
System Description
Attached Files:
Notes
(0003476)
francis   
2013-12-04 14:25   
Fixed two months ago.

https://github.com/inverse-inc/packetfence/commit/7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1 [^]
https://github.com/inverse-inc/packetfence/commit/02160bac4ee9dddc928b85279bb70707e2daef9c [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1749 [PacketFence] web admin minor have not tried 2013-12-02 22:27 2013-12-02 22:29
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version: 4.1.0  
fixed in git revision: 7e8eea8cd15b3b0a687036c5b4938195340ae7f9
fixed in mtn revision:
Summary: Can't assign rules to an authentication source
Description: When assigning rules to an authentication source whose name matches the beginning of another source's name, the rules are never saved to the configuration file authentication.conf even though there's no error message.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1155 [PacketFence] web admin feature N/A 2011-01-18 14:52 2013-11-27 08:10
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: long-term  
fixed in git revision:
fixed in mtn revision:
Summary: Roles should be fetchable from LDAP in Web Admin
Description: When using access control in the web admin (conf/admin.perm), what user is using what role should be fetched from LDAP.

ex: users in pfTech are assigned the helpdesk role, users in pfAdmin are assigned the admin role
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1747 [PacketFence] web admin feature always 2013-11-19 10:48 2013-11-19 10:48
Reporter: francis Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Dynamic attributes in LDAP authentication source
Description: The current list of LDAP attributes available when defining a condition in a rule is limited to the list defined in the method "available_attributes" of pf::Authentication::Source::LDAPSource. It would be nice to be able to configure additional attributes in the current LDAP source.
Steps To Reproduce:
Additional Information: This happens as soon as the LDAP directory is extended with custom schemas.
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1744 [PacketFence] configuration minor always 2013-10-30 16:02 2013-11-15 15:47
Reporter: Xen0Phage Platform: Linux  
Assigned To: francis OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision:
fixed in mtn revision: f0660655caeb7205555bc22c9dd88b8aadbc8910
Summary: Unable to add new rule to existing authentication source via the GUI
Description: After adding a new rule to an existing authentication source, the new rule is apparently not saved. Add the new rule and then go back into the authentication source. Rule is not there.

This occurs whether you save just the new rule, or if you also save the authentication source itself.

I am unable to find any errors in the logs indicating a problem. On the contrary, I see this :

Oct 30 15:56:12 httpd.admin(0) DEBUG: Database statements not prepared, preparing... (pf::db::db_query_execute)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Preparing pf::nodecategory database queries (pf::nodecategory::nodecategory_db_prepare)
Oct 30 15:56:12 httpd.admin(0) DEBUG: function pf::db::get_db_handle is calling db_connect (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: checking handle (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: (Re)Connecting to MySQL (thread id: 0) (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: connected (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source local (pf::Authentication::Source::SQLSource) (pf::authentication::writeAuthenticationConfigFile)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source set_role (pf::Authentication::Source::LDAPSource) (pf::authentication::writeAuthenticationConfigFile)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source file1 (pf::Authentication::Source::HtpasswdSource) (pf::authentication::writeAuthenticationConfigFile)

Which seems to indicate that the write succeeded. In this example. I'm specifically making changes to the set_role source.
Steps To Reproduce: 1) Go to configuration->sources
2) Choose an existing authentication source
3) Click the "Add Rule" button
4) Enter the details for the new rule
5) Click Save
Additional Information:
System Description
Attached Files:
Notes
(0003470)
Xen0Phage   
2013-10-31 12:39   
Louis suggested restarting memcached. Restarting that appears to have resolved this problem for the time being. I'm able to add/remove rules now.
(0003471)
erSitzt   
2013-11-01 10:50   
Same here, restarting memcached resolved the problem temporarily.
(0003473)
francis   
2013-11-15 15:47   
There's a patch available here for 4.0.6-2 :

https://github.com/inverse-inc/packetfence/commit/5d4bfc2883e6f66bb1938a79c3e677c9c53c3854 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1716 [PacketFence] error-handling minor always 2013-09-19 10:11 2013-11-06 07:11
Reporter: fmts Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 4.1.0  
fixed in git revision:
fixed in mtn revision:
Summary: Insecure dependency on service start
Description: After an upgrade from 4.0.5-2 i got the following error at service start:

httpd.admin|start
Checking configuration sanity...
service|command
config files|start
iptables|start
pfdns|start
Insecure dependency in sprintf while running with -T switch at /usr/local/pf/lib/pf/services.pm line 398.
Steps To Reproduce:
Additional Information: Service started again,
when i added following lines to the service.pm (right before line 398):

$launcher =~ /^(.*)$/;
$launcher = $1;

Seems to be like a simliar problem as in 0001575.
Attached Files:
Notes
(0003472)
aderumier   
2013-11-06 07:11   
Hi,

I have exactly the same bug since upgrade to upgrade from 4.0.5-2.

$launcher =~ /^(.*)$/;
$launcher = $1;

fix the problem for me





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1746 [PacketFence] captive portal minor always 2013-11-04 10:51 2013-11-04 10:51
Reporter: jochen Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: RADIUSSource doesn't match username
Description: match_in_subclass() doesn't process any source specific conditions.

Some code like this is missing:

    foreach my $condition (@{ $own_conditions }) {
      if ($condition->{'attribute'} eq "username") {
        if ( $condition->matches("username", $params->{'username'}) ) {
          push(@{ $matching_conditions }, $condition);
        }
      }
    }
Steps To Reproduce: Create RADIUS Source
Create condition matching username
Log in using this username

=> The condition does not match
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1672 [PacketFence] web admin feature always 2013-07-12 14:13 2013-10-30 15:12
Reporter: Xen0Phage Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Switches configuration should include an alias/name
Description: The switch configuration should allow a name or alias to be entered. The IP is required, of course, to identify the switch. However, humans are somewhat better at remembering names, especially since we can name things based on where they're located.

Can a name/alias field be added to the switch configuration?
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003469)
Xen0Phage   
2013-10-30 15:12   
This appears to have been added at some point between the time I reported it and the current release. Thanks! This can be closed as a result. :)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1743 [PacketFence] core minor always 2013-10-28 04:27 2013-10-29 06:31
Reporter: erSitzt Platform: Linux  
Assigned To: OS: Ubuntu  
Priority: normal OS Version: 12.04  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Service watchdog not able to restart all services
Description: "pfcmd service pf start" and the watchdog if it tries to restart services that are not running produces this error

Insecure dependency in sprintf while running with -T switch at /usr/local/pf/lib/pf/services.pm

Needs to be untainted :

sub launchService {
    my ($daemon,@launcher_args) = @_;
    my $launcher = $service_launchers{$daemon};
    if ($launcher) {
        my $logger = Log::Log4perl::get_logger('pf::services');
### untaint launcher ###
        $launcher =~ /^(.*)$/;
        $launcher = $1;
########################
        my $cmd_line = sprintf($launcher, @launcher_args);
        $logger->info("Starting $daemon with '$cmd_line'");
        if ($cmd_line =~ /^(.+)$/) {
            $cmd_line = $1;
            my $t0 = Time::HiRes::time();
            my $return_value = system($cmd_line);
            my $elapsed = Time::HiRes::time() - $t0;
            $logger->info(sprintf("Daemon %s took %.3f seconds to start.", $daemon, $elapsed));
            return $return_value;
        }
    }
    return;
}
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003468)
francis   
2013-10-29 06:31   
The upcoming pull of the "service refactor" branch will fix this problem.

See https://github.com/inverse-inc/packetfence/pull/104 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1742 [PacketFence] captive portal major always 2013-10-24 19:44 2013-10-25 14:48
Reporter: fdurand Platform: All  
Assigned To: fdurand OS: All  
Priority: normal OS Version: All  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version: +1  
fixed in git revision: 523f11a7f9372740e521564f1e01b933df7a42f7
fixed in mtn revision:
Summary: Wispr doesn´t work
Description: We fetch from the cgi object the username and password but for wispr we never use cgi.
We have to use $req->param("username") and $req->param("password") in the wispr.pm file.
 
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1740 [PacketFence] web admin feature always 2013-10-24 03:53 2013-10-24 03:53
Reporter: MavLam Platform: All  
Assigned To: OS: All  
Priority: normal OS Version: All  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Node details not populating for 802.1x clients
Description: I am currently deploying Packetfence in a VLAN enforcement mode and the DHCP server runs on an external server. The machines auto registers with 802.1x auth against AD and automatically get a role assigned. All works great!

Is it possible to make the Computer Name field editable via the UI? At the moment becuase the way I have implimented it Packetfence does not pull the node information. I am editing the name via MySQL which is not ideal when I hand over to support.

And obviously if there was a way to still pull the node information this would be ideal.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1739 [PacketFence] IDS minor always 2013-10-22 13:50 2013-10-22 13:50
Reporter: francis Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 4.1.0  
fixed in git revision:
fixed in mtn revision:
Summary: Move snort_rules from violations.conf to pf.conf
Description: The snort_rules parameter is defined in the 'defaults' of violations.conf. However, it should be moved to pf.conf under a new 'IDS' section.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1738 [PacketFence] web admin minor have not tried 2013-10-18 12:00 2013-10-18 12:05
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version: 4.1.0  
fixed in git revision: 5ddb92d1cce25fc3b43c8f46644aa300532afca2
fixed in mtn revision:
Summary: Advanced search results of users: Can't sort by telephone nor by nodes count
Description: When performing an advanced search on users, it's impossible to sort by telephone number of nodes count.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1737 [PacketFence] captive portal minor have not tried 2013-10-18 11:22 2013-10-18 11:36
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version: 4.1.0  
fixed in git revision: 6b47384c3f273f96cabf8a8f7c78db35f03ee444
fixed in mtn revision:
Summary: An matches/regexp condition in an LDAP source doesn't test all values
Description: A regexp condition in an LDAP source only tests the first value of the attribute.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1735 [PacketFence] guests feature have not tried 2013-10-11 14:46 2013-10-11 14:46
Reporter: dwuelfrath Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Allow localdomain for email registration should use a different value than general.domain
Description: We offer the possibility to allow/deny the use of a localdomain address when using email guest self-registration.
We check that the email is matching against the configured domain of PacketFence. Most of the time, that configured domain is not the same as the company use for their email addresses so we should probably use a new "configuration parameter" to specify the email addresses domain.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1732 [PacketFence] radius minor have not tried 2013-10-10 14:46 2013-10-10 14:47
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: assigned Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Using NAS-IP-Address for managing RADIUS equipment
Description: We are currently validating is a network equipment is managed by PacketFence (IP is part of switches list) by using the NAS-IP-Address in the RADIUS request. We are using the incoming IP of the Access-Request to do the secret check (which is OK) but after that, we use the NAS-IP-Address to refer to that network equipment.
Steps To Reproduce:
Additional Information: NAS-IP-Address should not be used to initiate communication with network equipment. We should base ourselves on the incoming IP address used for the Access-Request at all time.
Will have to "refactor" the flow of RADIUS to make the correct distinguition between the two.
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1731 [PacketFence] web admin minor have not tried 2013-10-10 14:14 2013-10-10 14:14
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: assigned Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 4.1.0  
fixed in git revision:
fixed in mtn revision:
Summary: Show additional columns in nodes module
Description: Some users have expressed the desire to see more/other columns in the nodes module. For example, the registration date and the detection date.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1730 [PacketFence] web admin minor have not tried 2013-10-10 10:12 2013-10-10 10:12
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision: 69812df81b26649aeb4d1f46d1f779bffbe9688a
fixed in mtn revision:
Summary: Authentication rules can't include dashes in their name
Description: If a rule name contains a dash, only the part before the dash is considered.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1727 [PacketFence] radius major always 2013-10-09 12:45 2013-10-09 12:45
Reporter: carrots Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: high OS Version: 6  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Addition of perl module in the sites-enabled/default file causes error Failed to find "perl" in the "modules" section.
Description: Whenever following the instructions in Appendix B of the admin guide for manual configuration of FreeRADIUS version 2 an error is given for the addition of the perl module as follows:-

Error: /usr/local/pf/raddb//sites-enabled/default[200]: Failed to find "perl" in the "modules" section.
Error: /usr/local/pf/raddb//sites-enabled/default[69]: Errors parsing authorize section.
Error: Failed to load virtual server <default>

Contents of some of the configuration files are as follows:-

/usr/local/pf/conf/radiusd/radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = %%install_dir%%/var
sbindir = /usr/sbin
logdir = %%install_dir%%/logs
raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}
run_dir = ${localstatedir}/run

db_dir = ${raddbdir}

libdir = /usr/lib%%arch%%/freeradius
pidfile = ${run_dir}/${name}.pid

user = pf
group = pf

max_request_time = 30
cleanup_delay = 5
max_requests = 1024

listen {
        type = auth
        ipaddr = %%management_ip%%
        port = 0
        virtual_server = packetfence
}

listen {
        ipaddr = %%management_ip%%
        port = 0
        type = acct
        virtual_server = packetfence
}

hostname_lookups = no
allow_core_dumps = no

regular_expressions = yes
extended_expressions = yes

log {
        destination = files
        file = ${logdir}/radius.log
        syslog_facility = daemon
        stripped_names = no
        auth = yes
        auth_badpass = yes
        auth_goodpass = yes
}

checkrad = ${sbindir}/checkrad

security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
}

proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf

thread pool {
        start_servers = 5
        max_servers = 32
        min_spare_servers = 3
        max_spare_servers = 10
        max_requests_per_server = 0
}

modules {
        $INCLUDE ${confdir}/modules/
        $INCLUDE eap.conf
        $INCLUDE sql.conf
}

instantiate {
        exec
        expr
        expiration
        logintime
}

$INCLUDE policy.conf
$INCLUDE sites-enabled/

authorize {
        eap
        files
}

authenticate {
        eap
}



/usr/local/pf/raddb/sites-enabled/default - perl entry lines shown...
authorize {

<sic>
        #
        # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
        # authentication.
        #
        # It also sets the EAP-Type attribute in the request
        # attribute list to the EAP type from the packet.
        #
        # As of 2.0, the EAP module returns "ok" in the authorize stage
        # for TTLS and PEAP. In 1.x, it never returned "ok" here, so
        # this change is compatible with older configurations.
        #
        # The example below uses module failover to avoid querying all
        # of the following modules if the EAP module returns "ok".
        # Therefore, your LDAP and/or SQL servers will not be queried
        # for the many packets that go back and forth to set up TTLS
        # or PEAP. The load on those servers will therefore be reduced.
        #
        eap {
                ok = return
        }

<sic>

        #
        # The ldap module will set Auth-Type to LDAP if it has not
        # already been set
# ldap

        #
        # Enforce daily limits on time spent logged in.
# daily

        #
        # Use the checkval module
# checkval

        expiration
        logintime
        perl



<sic>

# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
post-auth {
        # Get an address from the IP Pool.
# main_pool
        perl
        #
        # If you want to have a log of authentication replies,
        # un-comment the following line, and the 'detail reply_log'
        # section, above.
# reply_log


If the perl configuration is remvoed from the default file then the errors also show for inner-tunnel until they are also removed. Once there is no reference to perl then everything starts fine.
Steps To Reproduce: Install packetfence 4.0.3 or 4.0.6 on CentOS 6.3 and make changes in Appendix B of the admin guide.
Additional Information: I've noticed that there are double slashes in the folder path to /sites-enabled but this seems to be accepted as it works fine without the "perl" entries.

I was also unsure about the {confdir} within the radius.conf as it seems to reference the var folder but there is no radiusd or modules folder in the /usr/local/pf/var directory:-

raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1715 [PacketFence] scanning minor have not tried 2013-09-18 09:28 2013-10-09 09:46
Reporter: maikel Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision: 7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1
fixed in mtn revision:
Summary: Snort
Description: emerging-virus.rules is no longer available for snort. Oinkmaster also cannot grab this file. Because violations.conf still has this requirement listed (as in you cannot remove it YET from the webinterface) snort will always fail to start.
ATAL ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-virus.rules": No such file or directory.

remove it from violations.conf and snort worksgood again.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1725 [PacketFence] core major always 2013-10-08 14:44 2013-10-08 15:07
Reporter: lpelet Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: high OS Version: 6  
Status: new Product Version: 4.0.5-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 4.1.0  
fixed in git revision:
fixed in mtn revision:
Summary: not using mail relay server
Description: email and sms activation mail don't pass through the relay server specified in the menu tab Alerting
Steps To Reproduce: ask in PacketFence to register as guest by email. then you will see the mail to activate your access is not sent using the mail relay server
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1717 [PacketFence] packaging block always 2013-09-24 21:02 2013-10-08 14:46
Reporter: serjao Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Dependências CentOS 6
Description: Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Authentication::Credential::HTTP)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Plack)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Controller::HTML::FormFu)
Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)
           Requires: perl(MooseX::Types::LoadableClass) >= 0.006
Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)
           Requires: perl(Moose) >= 2.0007
           Installed: perl-Moose-1.15-1.el6.x86_64 (@epel)
               perl(Moose) = 1.15
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Plugin::Authentication)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::OAuth2)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Plack::Middleware::ReverseProxy)
Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)
           Requires: perl(MooseX::Types::LoadableClass)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Plugin::Session::Store::File)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Moo) >= 1.0
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Authentication::Store::Htpasswd)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(CHI::Driver::Memcached)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(CHI)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(MooseX::Types::LoadableClass)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
Steps To Reproduce:
Additional Information: [root@heimdall yum.repos.d]# ls
CentOS-Base.repo CentOS-Media.repo epel.repo mirrors-rpmforge mirrors-rpmforge-testing PacketFence.repo
CentOS-Debuginfo.repo CentOS-Vault.repo epel-testing.repo mirrors-rpmforge-extras openfusion.repo rpmforge.repo
Attached Files:
Notes
(0003458)
lpelet   
2013-10-08 14:46   
Hello,
can you post the command you have run to try to install PacketFence.

Regards,
Loick





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1657 [PacketFence] configuration major always 2013-06-27 11:22 2013-10-08 14:38
Reporter: Raphux Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.2  
    Target Version:  
fixed in git revision: 51f206fe78353b3201ac3380ca1533bec68ddd31
fixed in mtn revision:
Summary: LDAP test routine doesn't use "port" information
Description: In the configuration page, users => Sources => Add AD source.

On the page, you can configure the port you want to query. But this parameter is not used when you click the «test» button. It queries 389 (LDAP) by default, event if, for example, you set 3268 (AD Global Catalog Default port), resulting in permanent error.
Steps To Reproduce:
Additional Information: I made a small patch, hope that it will be useful.
Attached Files: LDAPSource.pm.patch (517) 2013-06-27 11:22
https://www.packetfence.org/bugs/file_download.php?file_id=177&type=bug
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1724 [PacketFence] web admin minor have not tried 2013-10-07 22:14 2013-10-07 22:24
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version: 4.1.0  
fixed in git revision: da53748a78a85c527ef211ebd1cbba0fe59f74f1
fixed in mtn revision:
Summary: Help from documentation.conf is truncated
Description: When a parameter description extends to multiple lines, only the first line is displayed on the web interface.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1712 [PacketFence] hardware modules block always 2013-09-16 09:08 2013-10-06 16:53
Reporter: alessiol Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision: https://github.com/inverse-inc/packetfence/commit/f5cfd3344bd1fd9f70c50ecb3f66230fb2bd1be5 [^]
fixed in mtn revision:
Summary: Argument "noSuchObject" isn't numeric in numeric eq
Description: I use an HP 4100 (J4121A) Switch but packetFence 4.0.6-2 can not get the MAC address by SNMP. This is the log:

Sep 16 14:38:07 pfsetvlan(4) INFO: up trap received on 10.0.0.150 ifIndex 41 (main::handleTrap)
Sep 16 14:38:07 pfsetvlan(4) INFO: setting 10.0.0.150 port 41 to MAC detection VLAN (main::handleTrap)
Argument "noSuchObject" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP.pm line 985.
Sep 16 14:38:07 pfsetvlan(4) WARN: old VLAN noSuchObject is not a managed VLAN -> Do nothing (pf::SNMP::setVlan)
Sep 16 14:38:07 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:09 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:11 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:13 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:16 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:18 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:20 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:22 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:24 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:26 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:28 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:30 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:33 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:35 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:37 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:39 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:41 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:43 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:45 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Steps To Reproduce:
Additional Information: This is fixed.

The message "Argument "noSuchObject" isn't numeric in numeric eq (==)" will no longer happen

You can find the patch here.

https://github.com/inverse-inc/packetfence/commit/f5cfd3344bd1fd9f70c50ecb3f66230fb2bd1be5 [^]
Attached Files:
Notes
(0003449)
francis   
2013-09-16 10:16   
Show your configuration file switches.conf.
(0003450)
alessiol   
2013-09-16 10:47   
#
# Copyright 2006-2008 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html [^]
[default]
description=Switches Default Values
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=no
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=

[192.168.0.1]
description=Test Switch
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24

[10.0.0.149]
mode=production
description=TEST iPECS
type=LG::ES4500G
VoIPEnabled=N
uplink=1
radiusSecret=tele
ospitiVlan=1
ladelziaVlan=2
SNMPVersionTrap=2c
SNMPVersion=2c
macDetectionVlan=1
isolationVlan=30
voiceVlan=50
inlineVlan=60
ospitiRole=1
ladelziaRole=2
registrationVlan=1

[10.0.0.150]
mode=production
ospitiVlan=1
description=HP 4000
type=HP::Procurve_4100
VoIPEnabled=N
ladelziaVlan=2
uplink=1
ospitiRole=1
ladelziaRole=2
radiusSecret=tele
macDetectionVlan=1
isolationVlan=30
registrationVlan=1
voiceVlan=50
inlineVlan=60
SNMPVersionTrap=2c
SNMPVersion=2c
#SNMPVersion = 3
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
#SNMPVersionTrap = 3
#SNMPUserNameTrap = readUser
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1723 [PacketFence] core block always 2013-10-03 09:03 2013-10-03 09:03
Reporter: alessiol Platform: Linux  
Assigned To: OS: RHEL / CentOS  
Priority: high OS Version: 6  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: WARN: couldn't get MAC at ifIndex 33. This is a problem.
Description: Apply the git patch introduced with issue 0001712 but when I connect a device to HP 4100 Switch Packetfence can not change the vlan.... please check the log
Steps To Reproduce:
Additional Information: This is the /usr/local/pf/logs/packetfence.log :

Oct 03 14:51:39 pfsetvlan(24) INFO: ignoring unknown trap: 2013-10-03|12:51:37|UDP: [10.0.0.150]:161->[10.0.0.148]|10.0.0.150|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.76 = STRING: I 10/03/13 12:51:44 ports: port E1 is now on-line END VARIABLEBINDINGS (main::parseTrap)
Oct 03 14:51:39 pfsetvlan(11) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Oct 03 14:51:39 pfsetvlan(11) INFO: up trap received on 10.0.0.150 ifIndex 33 (main::handleTrap)
Oct 03 14:51:39 pfsetvlan(11) INFO: setting 10.0.0.150 port 33 to MAC detection VLAN (main::handleTrap)
Use of uninitialized value $vlan in concatenation (.) or string at /usr/local/pf/lib/pf/SNMP.pm line 612.
Oct 03 14:51:40 pfsetvlan(11) WARN: old VLAN is not a managed VLAN -> Do nothing (pf::SNMP::setVlan)
Oct 03 14:51:40 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:42 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:42 pfdhcplistener(8860) INFO: DHCPREQUEST from 00:15:65:2b:b6:b0 (10.0.0.153) (main::parse_dhcp_request)
Oct 03 14:51:42 pfdhcplistener(8860) INFO: Unknown DHCP fingerprint: 1,2,3,4,6,7,12,15,28,42,66,67,43,120 (DHCP Message Type: DHCPREQUEST) (main::process_fingerprint)
Oct 03 14:51:42 pfdhcplistener(8860) INFO: 00:15:65:2b:b6:b0 requested an IP. Unknown DHCP fingerprint. Modified node with last_dhcp = 2013-10-03 14:51:42,computername = ,dhcp_fingerprint = 1,2,3,4,6,7,12,15,28,42,66,67,43,120 (main::listen_dhcp)
Oct 03 14:51:45 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:47 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:49 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:52 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:54 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:57 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:59 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:01 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:04 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:06 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:09 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:11 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:13 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:16 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:18 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:21 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:23 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:25 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:28 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:30 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:33 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:35 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:37 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:40 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:42 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:45 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:47 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:49 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:49 pfsetvlan(11) WARN: Tried to grab MAC address at ifIndex 33 on switch 10.0.0.150 30 times and failed (main::handleTrap)
Oct 03 14:52:49 pfsetvlan(11) INFO: cannot find MAC (maybe we found a VoIP, but they don't count here). Do nothing (main::handleTrap)
Oct 03 14:52:49 pfsetvlan(11) INFO: finished (main::cleanupAfterThread)
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1722 [PacketFence] captive portal minor have not tried 2013-10-02 13:47 2013-10-02 14:02
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version: 4.1.0  
fixed in git revision: 764f63ba5a345101a39dd35d586ff3242ecdb218
fixed in mtn revision:
Summary: Local users can't login on expiration date
Description: A user won't be able to register a new device on the expiration date specified in the temporary_password.

We should accept registration until the last minute of the expiration date (23:59).
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1721 [PacketFence] web admin minor have not tried 2013-10-02 13:19 2013-10-02 13:31
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version: 4.1.0  
fixed in git revision: 6879e9bb2868514be4570cfa40b929635f785e64
fixed in mtn revision:
Summary: Error when creating users with no "set role" action
Description: From the Web admin interface, creating one or multiple users without specifying a role returns an error.

The message displayed in the Web interface is "Unexpected error. See server-side logs for details.".

In the log file, we have :

WARN: database query failed with: Column 'category' cannot be null. (errno: 1048), will try again (pf::db::db_query_execute)
ERROR: Database issue: We tried 3 times to serve query temporary_password_add_sql called from pf::db::db_data and we failed. Is the database running? (pf::db::db_query_execute)
WARN: something went wrong creating a new temporary password for pouetpouet (pf::temporary_password::generate)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003457)
francis   
2013-10-02 13:31   
Must alter the temporary_password table. See db/upgrade-4.0.0-4.1.0.sql





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1668 [PacketFence] web admin minor always 2013-07-11 05:54 2013-10-02 11:37
Reporter: roadracer96 Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Unable to manually add device in web UI
Description: Need to be able to manually add a device in the web UI instead of waiting for it to be detected.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1720 [PacketFence] captive portal text always 2013-10-01 14:12 2013-10-01 14:12
Reporter: Xen0Phage Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Misleading error message
Description: There is a misleading error message that pops up when a user is not put into a valid role. ie, there is no matching role. In that case, authentication passes, but the user is presented with a message indicating that they have too many devices registered. This appears in the node.pm file.

This should be changed to indicate that there is a role issue, but a max devices issue.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1718 [PacketFence] scanning major always 2013-09-25 04:22 2013-09-25 08:30
Reporter: erSitzt Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.6-2  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: OpenVAS XML-Respone can only be read if order and spaces are exactly as expectet by PacketFence
Description: The XML response returned by omp is parsed via regex like this one :

/<get_reports_response\ status="([0-9]+)" [^\<]+[\<][^\>]+[\>] ([a-zA-Z0-9\=]+)/x

In my case omp returns this XML

<get_reports_response status_text="OK" status="200"><report id="15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a" format_id="6c248850-1f62-11e1-b082-406186ea4fc5" extension="html" type="scan" content_type="text/html">

As you can see "status_text" and "status" are in a different order than pf expects them.

I think the way the XML responses are evaluated is prone to errors and should be changed. Regex is not the way to go here.

I have asked (in #openvas) if the order of elements is fixed in the xml and it is not...
Steps To Reproduce:
Additional Information: Ubuntu 12.04
OpenVAS 5

ii libopenvas5 5.0.4-1
ii openvas-administrator 1.2.1-1ubuntu1~precise
ii openvas-check-setup 2.2.0-0ubuntu1~precise
ii openvas-cli 1.1.5-1ubuntu1~precise
ii openvas-client 2.0.5-1ubuntu1
ii openvas-manager 3.0.6-0ubuntu1~precise
ii openvas-scanner 3.3.1-1ubuntu1~precise
Attached Files: openvas.pm (11,603) 2013-09-25 05:22
https://www.packetfence.org/bugs/file_download.php?file_id=187&type=bug
Notes
(0003454)
erSitzt   
2013-09-25 04:24   
I've removed the Base64 encoded part of the response here to keep the post readable.
(0003455)
erSitzt   
2013-09-25 05:19   
I suggest using XML::Simple, this returns an easy to use hash.

$VAR1 = {
          'report' => {
                      'format_id' => '6c248850-1f62-11e1-b082-406186ea4fc5',
                      'extension' => 'html',
                      'content_type' => 'text/html',
                      'content' => 'BASE64ENCODEDCONTENT',
                      'type' => 'scan',
                      'id' => '15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a'
                    },
          'status' => '200',
          'status_text' => 'OK'
        };

This is what it looks like in openvas.pm

    my $xml = new XML::Simple;
    my $response = $xml->XMLin($output);
    my $status = $response->{'status'};
    my $escalator_id = $response->{'id'};

    # Fetch response status and escalator id
    # Scan escalator successfully created
    if ( defined($status) && $status eq $RESPONSE_RESOURCE_CREATED ) {
        $logger->info("Scan escalator named $name successfully created with id: $escalator_id");
        $this->{_escalatorId} = $escalator_id;
        return $TRUE;
    }

I've renamed $response to $status, because thats what it is.

I'll attach my version of the file.
(0003456)
erSitzt   
2013-09-25 08:30   
I needed to untaint the result of the $command executed by pf_run in util.pm

From line 983:

    } else {
        # scalar context
        `$command` =~ /^(.*)$/;
        $result = $1;
        return $result if ($CHILD_ERROR == 0);
    }





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1714 [PacketFence] captive portal minor have not tried 2013-09-17 11:04 2013-09-17 11:05
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6-2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision: ff1f1cf69a5cee7b2b582a459b24370b8bb10c11
fixed in mtn revision:
Summary: Htpasswd source doesn't respect username
Description: A Htpasswd authentication source always matches the username.
Steps To Reproduce:
Additional Information: The method fetchPass of the Apache::Htpasswd module returns 0 when the user is not found while the HtpasswdSource tests if the returned value is defined.
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1711 [PacketFence] web admin minor have not tried 2013-09-13 15:19 2013-09-13 15:19
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6-2  
    Target Version:  
fixed in git revision: a761ec4998b2f34ea86e30a99a6b7a230e33ee4d
fixed in mtn revision:
Summary: caching issue when creating an authentication source
Description: Adding a rule to a newly created source can return an error depending on which httpd process answers the request.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1710 [PacketFence] core minor have not tried 2013-09-13 11:13 2013-09-13 11:14
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6-2  
    Target Version:  
fixed in git revision: 6d1d6a8131a05e6a1b05b14978c54180af5786b8
fixed in mtn revision:
Summary: Unable to stop services via pfcmd
Description: I seem to be unable to stop services via pfcmd after upgrading to 4.0.6. The command runs and I get the normal output indicating that the services should be stopping, but if I check service status, the only service that has actually stopped is pfdhcplistener.
Steps To Reproduce:
Additional Information: Reported by Jason Frisvold <xenophage@godshell.com> on the mailing list
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1676 [PacketFence] radius major have not tried 2013-08-01 16:11 2013-09-13 11:10
Reporter: dgreer Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.4  
    Target Version:  
fixed in git revision: 4861189ba7faf680eef257d5b1c157d7260fe0de
fixed in mtn revision:
Summary: In 4.0.3, RADIUS stopped authenticating
Description: Not sure what I did to trigger this, but had a problem with RADIUS authentication, specifically the following error message:
"Error: rlm_perl: No or invalid reply in SOAP communication with server. Check server side logs for details."

Digging down, I found this was coming from the call of pf/raddb/packetfence.pm, and in that I figured out that I could dump return contents to the radius.log, so I did that and got this:

"Thu Aug 1 14:37:44 2013 : Info: rlm_perl: curl_return_code: 0
Thu Aug 1 14:37:44 2013 : Info: rlm_perl: <?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" [^] xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" [^] xmlns:xsd="http://www.w3.org/2001/XMLSchema" [^] soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" [^] xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Content-Type [^] must be 'text/xml,' 'multipart/*,' 'application/soap+xml,' 'or 'application/dime' instead of 'application/x-www-form-urlencoded'</faultstring></soap:Fault></soap:Body></soap:Envelope>
"

Doing some Googling brought me to this article on StackExchange:
http://stackoverflow.com/questions/9062121/send-a-http-post-requestxml-data-using-wwwcurl-in-perl [^]

So I plugged in the CURLOPT_HTTPHEADER() line to force it to use "text/xml" and problem is fixed.

Here's the patch:

]# diff -U2 /root/backup/usr/local/pf/raddb/packetfence.pm packetfence.pm
--- /root/backup/usr/local/pf/raddb/packetfence.pm 2013-07-22 14:30:34.000000000 -0500
+++ packetfence.pm 2013-08-01 15:01:57.000000000 -0500
@@ -174,4 +174,5 @@
     my $response_body;
     $curl->setopt(CURLOPT_HEADER, 0);
+ $curl->setopt(CURLOPT_HTTPHEADER(), ['Content-Type: text/xml; charset=UTF-8']);
     $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' [^] . SOAP_PORT); # TODO: See note1
 # $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' [^] . $Config{'ports'}{'soap'}); # TODO: See note1
@@ -184,5 +185,6 @@

     # For debugging purposes
- #&radiusd::radlog($RADIUS::L_INFO, "curl_return_code: $curl_return_code");
+# &radiusd::radlog($RADIUS::L_INFO, "curl_return_code: $curl_return_code");
+# &radiusd::radlog($RADIUS::L_INFO, "$response_body");

     # Looking at the results...
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003373)
fdurand   
2013-08-01 21:12   
Hello,
you are right but to late ;-)
https://github.com/inverse-inc/packetfence/commit/4861189ba7faf680eef257d5b1c157d7260fe0de [^]

Fabrice





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1709 [PacketFence] 802.1x minor have not tried 2013-09-13 11:03 2013-09-13 11:03
Reporter: francis Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.6  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6-2  
    Target Version:  
fixed in git revision: 92e9339121f16d7b6d328f149fcb4b4c07944d73
fixed in mtn revision:
Summary: 802.1x error in RADIUS authorize
Description: RADIUS is authenticating fine, but the WebAPI no like...

Sep 10 08:26:38 pf::WebAPI(29881) INFO: handling radius autz request: from switch_ip => 1.2.3.4, connection_type => Wireless-802.11-EAP mac => c8:6f:1d:40:96:6e, port => 4097, username => tim.denike (pf::radius::authorize)
Sep 10 08:26:38 pf::WebAPI(29881) INFO: autoregister a node that is already registered, do nothing. (pf::node::node_register)
Sep 10 08:26:38 pf::WebAPI(29881) INFO: Found a match (CN=Tim DeNike,ETC ETC ETC) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 10 08:26:38 pf::WebAPI(29881) INFO: Matched rule (W_Netshare) in source Employee, returning actions. (pf::Authentication::Source::match)
Sep 10 08:26:38 pf::WebAPI(29881) ERROR: radius authorize failed with error: panic: attempt to copy freed scalar 7f1471d513d8 to 7f1470e25ac8 at /usr/local/pf/lib/pf/authentication.pm line 498.
 (PFAPI::radius_authorize)
 (main::__ANON__)
 (main::__ANON__)
Steps To Reproduce:
Additional Information: Reported by Tim DeNike <tim.denike@mcc.edu> on the mailing list.
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1634 [PacketFence] captive portal minor always 2013-04-10 10:08 2013-09-13 10:58
Reporter: lmunro Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.6.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.4  
    Target Version:  
fixed in git revision: 8944d5b31f898073ec393fed73da2b2d46a4c65b
fixed in mtn revision:
Summary: Guest email self registration assumes pid is an email address
Description: When using guest self registration using email, the pid is used as email address to send the validation email to.

Yet the PacketFence administrator has the option to select which field to use as pid with guests_self_registration.guest_pid.

If guests_self_registration.guest_pid is set to something else than "email" and guest self registration using email is attempted, it will fail because the "TO" address will be invalid.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003448)
francis   
2013-09-13 10:58   
Ref: https://github.com/inverse-inc/packetfence/commit/8944d5b31f898073ec393fed73da2b2d46a4c65b#L2L122 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1705 [PacketFence] configuration block always 2013-09-09 11:03 2013-09-13 10:14
Reporter: alessiol Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.5  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6-2  
    Target Version:  
fixed in git revision: e88eb947b98323287dbec750d65b5ee062354314
fixed in mtn revision:
Summary: PacketFence 4.0.6 Ubuntu 10.04.3 dependency problem
Description: Packetfence won't install on Ubuntu 10.04.3 (fresh install)
because of missing: libterm-ansicolor-perl.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003439)
jraby   
2013-09-09 12:59   
Is that on 12.04 or 10.04 ?

That dependency problem should be fixed, pf shouldn't depend on libterm-ansicolor-perl since Term::ANSIColor is a core perl module.

https://github.com/inverse-inc/packetfence/commit/e88eb947b98323287dbec750d65b5ee062354314 [^]
(0003440)
alessiol   
2013-09-09 13:21   
sorry, Ubuntu Server LTS 12.04.3
(0003441)
erSitzt   
2013-09-11 11:06   
There is another perl package that is causing problems with Ubuntu 12.04.3

packetfence : Depends: libmoo-perl (>= 1.0) but 0.009013-1 is installed.

I was not sure if it made sense to create an issue for this, as both are perl-related dependency problems.
(0003443)
francis   
2013-09-12 13:42   
We've packaged this module some time ago:

http://www.packetfence.org/downloads/PacketFence/debian/pool/precise/libm/libmoo-perl/ [^]
(0003445)
erSitzt   
2013-09-13 04:00   
What do you mean by packaged ?

Is this still correct ?
http://www.packetfence.org/support/faqs/article/how-to-install-packetfence-on-ubuntu.html [^]
Here this url is listed
deb http://inverse.ca/downloads/PacketFence/debian [^] precise precise
Install fails with Error:
( packetfence : Depends: libterm-ansicolor-perl but it is not installable )

but the administration guide lists another source
deb http://inverse.ca/downloads/PacketFence/ubuntu [^] precise precise
Install fails with Error:
( packetfence : Depends: libterm-ansicolor-perl but it is not installable )


With both its not possible to install packetfence on a freshly installed ubuntu 12.04.3
(0003447)
francis   
2013-09-13 08:27   
Please read all comments carefully. In brief:

- libterm-ansicolor-perl: should not be a dependancy, fixed in devel, minor release (4.0.6-2) coming soon.
- libmoo-perl >= 1.0: available in our repo.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1683 [PacketFence] captive portal major have not tried 2013-08-13 09:27 2013-09-13 10:08
Reporter: Sylvain Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.5  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Self-registration page shown even if no external source exists
Description: When updating from 4.0.1 to 4.0.5-2 there is a new feature :
"Self-registration is now enabled when a profile has at least one external authentication source" introduced in 4.0.4

I have no external source, but still get the guest/self-registration page.
I was feeling lucky and tried creating then removing external sources, or simply creating new internal sources, but it didn't work either.

I tried to add sources to the profile but was blocked by another bug : http://www.packetfence.org/bugs/view.php?id=1682 [^]

This bug is tricky as I also encouter this one :
http://www.packetfence.org/bugs/view.php?id=1681 [^]

Best regards,

Sylvain
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003395)
Sylvain   
2013-08-13 09:39   
Relevant lines in packetfence.log:

Aug 13 15:06:33 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 13 15:06:33 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff redirected to guests self registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 13 15:06:33 redir.cgi(0) INFO: generate_selfregistration_page (pf::web::guest::generate_selfregistration_page)
Aug 13 15:06:33 redir.cgi(0) ERROR: No source of type 'SMS' defined for profile 'default' (pf::Portal::Profile::getSourceByType)

This line also seems to be linked in portal_error_log (it appears at the same time):

Use of uninitialized value in subroutine entry at /usr/local/pf/lib/pf/web/dispatcher.pm line 68.
(0003417)
Sylvain   
2013-08-19 10:59   
After solving http://www.packetfence.org/bugs/view.php?id=1682, [^] I can say it happens only when no authentication source is selected.

Therefore the problem was caused by bug 1682.

Here, there's no important problem (it works fine if you have selected a source), but we can think about the behaviour of the captive portal when no authentication source is selected.
(0003418)
Sylvain   
2013-08-19 10:59   
By the way, I can't decrease severity ;)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1706 [PacketFence] configuration minor always 2013-09-09 11:43 2013-09-11 16:15
Reporter: Xen0Phage Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.5  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.1.0  
    Target Version:  
fixed in git revision: 3b282102bfdb6d6841e28edf032f2714e7cb21a8
fixed in mtn revision:
Summary: Freeradius config files overwritten on RPM upgrade
Description: Some of the Freeradius configuration files are overwritten on an upgrade, causing issues with the overall system as a result. Specifically, the config files in raddb/modules are overwritten with the default install files. This is specifically an issue with LDAP 802.1x authentication as the ldap file is defaulted, removing the needed LDAP access to validate 802.1x logins.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1365 [PacketFence] captive portal tweak always 2012-01-12 12:14 2013-09-04 14:42
Reporter: maikel Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: Captive portal - email activation - Name the network by its catagorie
Description: When using the self registration meganism, per default the category guest is used. But if in the config another category is used. It would be nicer to name the network instead off guest, the actual name.
So in email_activation.cgi send the catagory to this function:
pf::web::guest::generate_activation_confirmation_page

then the template and i18n message can be altered automatically
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003251)
fgaudreault   
2012-10-26 16:24   
Can you elaborate? You mean, you want to send a different template depending of the category name?
(0003436)
maikel   
2013-09-03 07:28   
Looks like this function is now there with the portal profiles and functions there. thankx! lets close this ticket





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1702 [PacketFence] captive portal text always 2013-08-30 13:17 2013-09-03 08:10
Reporter: Xen0Phage Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.5  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: 1363fda9125f233c27cdb3af873441a179e21766
fixed in mtn revision:
Summary: Text string not in locales file
Description: I received a request to change the text string displayed when a user failed to authenticate on the captive portal. I looked through the locale file, but was unable to find it. I finally found it via a grep of the packetfence files.

/usr/local/pf/lib/pf/authentication.pm line 467.

This line should exist in the locale file and not be hard-coded into the library.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1630 [PacketFence] security feature N/A 2013-02-12 09:55 2013-09-03 05:35
Reporter: bemosior Platform:  
Assigned To: ludovic OS:  
Priority: normal OS Version:  
Status: assigned Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: +1  
fixed in git revision:
fixed in mtn revision:
Summary: Username Registration Blacklist
Description: We see value in the addition of a username blacklist feature in order to prevent certain AD/LDAP registrations from occurring.

Use Case:
An individual may no longer register his/her own devices on the network (due to violations), but he/she may still use public lab machines. Disabling the AD/LDAP account is not an option, as the individual must still be able to access other services using AD/LDAP for authentication.

Workflow (my understanding of it, at least):
User attempts internet access and is redirected to the registration page. User enters username. PF compares username against blacklist, failing the process on match (with a user-facing error). In this case, no LDAP query is made/executed.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003298)
bemosior   
2013-02-12 09:57   
I am assuming this blacklist is maintained independently by the local PF administrators and is simply a list of disallowed usernames.
(0003299)
ludovic   
2013-02-13 19:27   
Would be easy to do in PF v4 with a per-source blacklist of IDs.
(0003435)
dranix   
2013-09-03 05:35   
I have made a script where wireless devices (MAC) are banned upon attempting to brute-force password guess (LocalDB or LDAP account).
The script runs in the background and listens to the /usr/local/pf/log/packetfence.log and keep track of failed attempts.
After 10 failed attempts, the MAC is placed in the iptables and all packets will be dropped from accessing the inline interface.

Would the developers be interested in the script?





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1701 [PacketFence] web admin feature N/A 2013-08-28 02:22 2013-08-29 21:07
Reporter: fmts Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.5  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: daeda0bf839735067befece306d1e6a34b600f5c, 680099611a5a39f9a2a0dfdf5e5d0d2f49dde1e6
fixed in mtn revision:
Summary: Search through notes
Description: It would be nice if there was an option in the advanced search, to search for notes (in Users and Nodes).

So for example you could filter for auto registred devices.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1693 [PacketFence] web admin major always 2013-08-18 02:49 2013-08-22 14:29
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: portal uses source which is undefined there
Description: There are three External Sources defined in my PacketFence server: sms, email & sponsor. My portal profile has two sources defined: (own internal) LDAP and email. Please note it doesn't contain sms. However packetfence.log shows:

Aug 16 12:52:18 pf::WebAPI(17002) INFO: Matched rule (catchall) in source sms, returning actions. (pf::Authentication::Source::match)

Looks like PacketFence uses source sms which it shouldn't use. It works, because sms rule is the same as email rule, but proper source (one of these defined in portal) should be taken info account.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003423)
muhlig   
2013-08-21 07:14   
Actually this happens also for internal sources. I defined PF_RADIUS and PF_LDAP as sources, but only PF_LDAP is defined as source in portal profile. However in packetfence.log I get:

Aug 21 11:53:15 register.cgi(0) INFO: Matched rule (default) in source PF_RADIUS, returning actions. (pf::Authentication::Source::match)
Aug 21 11:53:19 pf::WebAPI(30930) INFO: Matched rule (default) in source PF_RADIUS, returning actions. (pf::Authentication::Source::match)
(0003427)
francis   
2013-08-22 14:29   
This has been fixed in subsequent versions.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1698 [PacketFence] web admin minor always 2013-08-21 07:20 2013-08-21 09:13
Reporter: muhlig Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: acknowledged Product Version: 4.0.5  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: unable to define logo in profile other than default
Description: There is no possibility to define logo in profile other than default.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003424)
francis   
2013-08-21 08:12   
This is by design. If you want to change the logo in a custom portal profile, simply replace the "logo" template variable of the header template by the path of the image you want to use.
(0003425)
muhlig   
2013-08-21 09:13   
OK, understood, thx :-)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1695 [PacketFence] configuration major always 2013-08-20 13:51 2013-08-20 13:54
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.5  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: dcc1f6d2758e1f92329311b678d71ea79d7bdc5c
fixed in mtn revision:
Summary: Apache error for guest: You don't have permission to access /cgi-perl/email_activation.cgi on this server.
Description: ./lib/pf/services/apache.pm

line 94:

    my $guest_regist_allowed = $guest_self_registration{'enabled'};

However, $guest_self_registration{'enabled'} is undefined. The effect is:

line 95:

    if ($guest_regist_allowed && isenabled.............................

and line 102:

    if ($guest_regist_allowed && ($email_enabled.....................

conditions are not fulfilled and ./var/conf/captive-portal-common.conf is not properly generated and some URIs are not allowed from all, thus bringing WWW error:

   “You don't have permission to access /cgi-perl/email_activation.cgi on this server.”
Steps To Reproduce:
Additional Information: I'd advice simply get rid of $guest_regist_allowed variable and accordingly modify these two conditions. Otherwise you need to define $guest_self_registration{'enabled'} somewhere.
Attached Files:
Notes
(0003422)
francis   
2013-08-20 13:54   
Fixed a few days ago.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1667 [PacketFence] web admin minor always 2013-07-11 05:53 2013-08-20 09:01
Reporter: roadracer96 Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.2  
    Target Version:  
fixed in git revision: 8835549747e4a0a0136e360140a33e58f83dc91b
fixed in mtn revision:
Summary: Unable to edit notes in Web UI
Description: Unable to edit notes for a deviec in web UI
Steps To Reproduce:
Additional Information: Interesting one. It was possible in 3.X but removed in 4.X.
Can you open a feature request : http://packetfence.org/bugs [^]

Cheers!
dw.

--
dwuelfrath@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)



On 2013-06-28, at 12:42 PM, Tim DeNike <tim.denike@mcc.edu> wrote:

> Agreed. U would like to make more use of notes/details as well.
> Manual creation would be helpful too.
>
> Sent from my iPhone
>
> On Jun 28, 2013, at 12:41 PM, Jason Frisvold <xenophage@godshell.com> wrote:
>
>> Greetings,
>>
>> With our current NAC system we can manually add new devices via the
>> GUI. We're able to add the MAC of the device, the role it should be in,
>> and a description. The description is incredibly useful for identifying
>> devices quickly.
>>
>> This doesn't appear to be possible in PF 4.0.1, though there is the CLI
>> method for adding a node, albeit without a description. What would it
>> take to have this functionality added to PF?
>>
>> Thanks,
>>
>> --
>> ---------------------------
>> Jason 'XenoPhage' Frisvold
>> xenophage@godshell.com
>> ---------------------------
>>
>> "Any sufficiently advanced magic is indistinguishable from technology.\"
>> - Niven's Inverse of Clarke's Third Law
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev [^]
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users [^]
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev [^]
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users [^]


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev [^]
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users [^]
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1694 [PacketFence] web admin minor always 2013-08-19 15:22 2013-08-20 08:51
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: cff7c1426c2dc8f760134afd4226b53badb5c87e
fixed in mtn revision:
Summary: pre-registration confirmation mail - %s not replaced by domain name
Description: There is a message in PacketFence:

msgid "%s: Guest access confirmed!"

which is used as a subject of confirmation mail in case of pre-registration. A guest receives this mail, but in the subject "%s" is not replaced by domain name of PacketFence system.

It's worth noting all the other mails from PacketFence have "%s" correctly replaced - just this one particular mail has this issue.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003421)
muhlig   
2013-08-20 02:32   
Fix: /usr/local/pf/html/captive-portal/email_activation.cgi

line 113

is

'subject' => i18n("%s: Guest access confirmed!", $Config{'general'}{'domain'}),

should be

'subject' => i18n_format("%s: Guest access confirmed!", $Config{'general'}{'domain'}),





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1681 [PacketFence] captive portal major always 2013-08-13 09:13 2013-08-19 20:56
Reporter: Sylvain Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.5  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: a0cc0dae4aaa30f4ef2247a06df0f556b32469fb
fixed in mtn revision:
Summary: Guest registration page doesn't show any submit button
Description: Version 4.0.5-2

That's quite simple : the guest registration page doesn't show any submit button.
Tried filling fields and scroll the "use policy", but didn't help.
Please find a screenshot attached.

Best regards,

Sylvain
Steps To Reproduce:
Additional Information:
Attached Files: screenshot.png (198,895) 2013-08-13 09:13
https://www.packetfence.org/bugs/file_download.php?file_id=183&type=bug
png
Notes
(0003394)
francis   
2013-08-13 09:16   
Is there a registration/external authentication source associated to your default portal profile?
(0003396)
Sylvain   
2013-08-13 09:48   
No, actually I forgot to mention this page displays because of this bug :
http://www.packetfence.org/bugs/view.php?id=1683 [^]

And I cannot edit the sources of the portal profiles because of this one :
http://www.packetfence.org/bugs/view.php?id=1682 [^]
(0003419)
Sylvain   
2013-08-19 11:00   
After solving http://www.packetfence.org/bugs/view.php?id=1682, [^] [^] I can say it happens only when no authentication source is selected.

Therefore the problem was caused by bug 1682.

Here, there's no important problem (it works fine if you have selected a source), but we can think about the behaviour of the captive portal when no authentication source is selected.

Severity can be decreased.
(0003420)
francis   
2013-08-19 11:06   
I've already improved the Web page when no source is selected on the default portal profile :

https://github.com/inverse-inc/packetfence/commit/131496903ad30fa19341197c4b660f07f9d2a594#L3R53 [^]

(With no source specified, all internal sources will be used.)

And there's already at least one internal source: the "local" SQL source.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1690 [PacketFence] web admin major always 2013-08-17 03:49 2013-08-17 21:47
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: a08b5b63bba1504a29894617f45632dec737971d
fixed in mtn revision:
Summary: duration missing from Guest Network Access Information mail
Description: Mail excerpt:

This username and password will be valid starting 2013-08-18. Once authenticated the access will be valid for .

So, duration is missing from the line although registration window is defined for guest from 2013-08-18 to 2013-08-22.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1691 [PacketFence] web admin major always 2013-08-17 04:02 2013-08-17 21:02
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: 5a18b25f56cde34cceef32c402e78af550544275
fixed in mtn revision:
Summary: unable to add/edit user telephone number
Description: Display admin/users page. Click user. There is no form field for Telephone.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1692 [PacketFence] web admin minor sometimes 2013-08-17 04:05 2013-08-17 20:58
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.6  
    Target Version:  
fixed in git revision: 8c3b78a95504bc8aac808861ed1c66c5f584c994
fixed in mtn revision:
Summary: user display: ERROR: Use of uninitialized value in concatenation
Description: Display admin/users page. Click user. If some fields aren't filled, packetfence.log shows:

Aug 17 10:02:38 httpd.admin(0) ERROR: Use of uninitialized value in concatenation (.) or string at /usr/local/pf/html/pfappserver/lib/pfappserver/Form/Widget/Field/Span.pm line 28.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1684 [PacketFence] scanning major always 2013-08-13 11:02 2013-08-13 11:02
Reporter: Sylvain Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: new Product Version: 4.0.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: OpenVAS - "Bogus command name" when creating escalator
Description: It occurs under version 4.0.1, but I couldn't test under 4.0.5 because of some other bugs (which aren't related to this one).
As i didn't see anything either in changelogs and in issues reported... here it is.

This happen when launching a OpenVAS scan.

Right after registration, the pre-configured "System Scan" violation (1200001) is triggered.
The captive portal tells that scan is in progress.
Once the progress bar is filled, it tells that the machine is still being scanned since a given hour.
It will keep telling that (and here the problem begins).

In packetfence.log can be found:
There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator)

The scanned machine can be sent to the default vlan, by acknowledging the "System Scan" violation (1200001), as expected. But of course bypassing scan is not the best approach ;)

Here is the whole relevant output from packetfence.log:

Aug 09 17:05:30 release.pm(0) INFO: scanning 192.168.1.1 by calling /usr/local/pf/bin/pfcmd schedule now 192.168.1.1 1>/dev/null 2>&1 (pf::web::release::handler)
Aug 09 17:05:30 release.pm(0) INFO: violation for mac aa:bb:cc:dd:ee:ff vid 1200001 modified (pf::violation::violation_modify)
Aug 09 17:05:33 pfcmd.pl(10765) INFO: New ID generated: 137606073317f486 (pf::util::generate_id)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Instantiate a new vulnerability scanning engine object of type pf::scan::openvas. (pf::scan::instantiate_scan_engine)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan target named 137606073317f486 for host 192.168.1.1 (pf::scan::openvas::createTarget)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Scan target named 137606073317f486 successfully created with id: 0162c1eb-e374-4e39-8e16-faddab0d58e9 (pf::scan::openvas::createTarget)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan escalator named 137606073317f486 (pf::scan::openvas::createEscalator)
Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan task named 137606073317f486 (pf::scan::openvas::createTask)
Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan task named 137606073317f486, here's the output: <create_task_response status="400" status_text="Bogus element: escalator"></create_task_response> (pf::scan::openvas::createTask)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Starting scan task named 137606073317f486 (pf::scan::openvas::startTask)
Aug 09 17:05:37 pfcmd.pl(10765) WARN: There was an error starting the scan task named 137606073317f486, here's the output: <start_task_response status="404" status_text="Failed to find task ''"></start_task_response> (pf::scan::openvas::startTask)

Best regards,

Sylvain
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003402)
Sylvain   
2013-08-13 11:02   
In the report above I only wrote about SNMP linkUp/Down VLAN enforcement and "standard" registration.
I was initially testing with 802.1x auto-registration and enforcement, but couldn't get any information about the problem.
Actually when using 802.1x there were no log about the failed OpenVAS scan.

I have gathered informations about this lack of log, should I post them here or in a separate ticket ?





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1680 [PacketFence] captive portal major always 2013-08-12 06:09 2013-08-12 11:40
Reporter: KimHagen Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.5-2  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Oauth stopped working getting error "OAuth2 Error: Failed to get the token"
Description: 4.0.3 the Oauth for google/facebook works, but on the 4.0.4-2 and 4.0.5 release i get:

"OAuth2 Error: Failed to get the token"

Aug 12 12:00:50 oauth2.cgi(0) DEBUG: instantiating new pf::Portal::Session object (pf::Portal::Session::new)
Aug 12 12:00:50 oauth2.cgi(0) DEBUG: instantiating new pf::Portal::Profile object (pf::Portal::Profile::new)
Aug 12 12:00:50 oauth2.cgi(0) INFO: Sending 04:f7:e4:83:6a:c6to OAuth2 - Provider:google (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_oauth2_2ecgi::handler)
Aug 12 12:00:51 oauth2.cgi(0) DEBUG: instantiating new pf::Portal::Session object (pf::Portal::Session::new)
Aug 12 12:00:51 oauth2.cgi(0) DEBUG: instantiating new pf::Portal::Profile object (pf::Portal::Profile::new)
Aug 12 12:00:51 oauth2.cgi(0) DEBUG: API CODE: 4/DrEXOm0luo4KbOkcbpC-bIyYZOuj.6tUntWmjEQYLOl05ti3ZT3ZXUPTjgAE (pf::web::generate_oauth2_result)
Aug 12 12:00:51 oauth2.cgi(0) INFO: OAuth2: failed to receive the token from the provider, redireting to login page (pf::web::generate_oauth2_result)
Aug 12 12:00:51 oauth2.cgi(0) DEBUG: rendering template named login.html (pf::web::generate_login_page)

I have tried a clean install of 4.0.5 on debian wheezy

Kind regards,

Kim
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003391)
KimHagen   
2013-08-12 10:11   
I have tried to debug it a little.

On the file /usr/local/pf/lib/pf/web.pm in line 389 i set a log setting for the "@" variable.
This is what i get in the log:
Can't call method "get_access_token" on an undefined value at /usr/local/pf/lib/pf/web.pm line 386.

I do not know where this should be defined.

Kind regards,

Kim
(0003392)
francis   
2013-08-12 11:09   
Can you try this patch?

https://github.com/inverse-inc/packetfence/commit/9c52b4e1c2cb263de6677c8fa24bf2aeb48fc35b [^]

Thanks!
(0003393)
KimHagen   
2013-08-12 11:30   
Ha Francis,

You patch works, thank you very much!!

regards,
Kim





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1679 [PacketFence] captive portal major always 2013-08-08 04:05 2013-08-08 10:16
Reporter: muhlig Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.3  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.5  
    Target Version:  
fixed in git revision: 8458546e980e090bfa414d8f5c32fd5ef3085e68
fixed in mtn revision:
Summary: guest registration parameter missing from profile denies guest access to activation page
Description: guest_self_reg parameter is missing from both profile.conf file and web admin profile page. This parameter state is checked in lib/pf/iptables.pm (as $guest_self_registration{'enabled'} and should be taken into account in lib/pf/config.pm (in if ( isenabled($profile->{'guest_self_reg'}) ) { $guest_self_registration{'enabled'} = $TRUE; }. Effectively iptables rule allowing access to tcp 443 from outside is not being generated.

There is also the second missing from admin GUI parameter: guest_modes=sms,email,sponsor (it is however present in profile.conf file).

Probably there is some inconsistency here but worth fixing because guest access to activation page is denied.
Steps To Reproduce:
Additional Information: Actually issue was found in 4.0.4 (number currently not available in BTS dropdown list)
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1662 [PacketFence] core minor always 2013-07-08 07:21 2013-08-01 08:10
Reporter: fmts Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: [Violation] Action "Send email" doesn't get executed if the violation is enabled
Description: I created a violation with following settings:

--

[4000001]
priority=1
trigger=vendormac::2249
actions=autoreg,email,role
desc=Testgeraete
enabled=Y
template=generic
auto_enable=N
whitelisted_categories=isolation,default,guest
target_category=test
vclose=4000001

--

The violation gets executed, but the node only gets the status "registred". The role isn't set and a mail doesn't get sent.

As you can see in the attached log there is a warning about Perl ("insecure dependency") and the pfcmd command returns an error. Maybe it has something to do with it.

If i remove the "email"-Action, the violation works as it should.
Also if i set "enabled=N" and trigger it manually it works fine. Even with the "email"-action.
Steps To Reproduce:
Additional Information: System: Debian Wheezy (up to date)
Repo: deb http://inverse.ca/downloads/PacketFence/debian-stable [^] wheezy wheezy
Attached Files: violation.txt (4,004) 2013-07-08 07:21
https://www.packetfence.org/bugs/file_download.php?file_id=179&type=bug
Notes
(0003355)
fdurand   
2013-07-31 20:01   
Hello,
can you edit action.pm and comment the line pfmailer(%message);
You will not receive an email but it's just to see if if will have the "Insecure dependency in connect while running with -T switch at /usr/lib/perl/5.14/IO/Socket.pm line 114." error.
If it works (if the role is set) it mean that it's the pfmailer function the problem so edit the file util.pm and in the pfmailer sub use the untaint_chain on somes variables like:

my $smtpserver = untaint_chain($Config{'alerting'}{'smtpserver'});
....

Regards
Fabrice
(0003363)
fmts   
2013-08-01 07:12   
Hi Fabrice,

As you said, it's a pfmailer issue. With your "untaint_chain"-line it works like a charm.

Thanks,
Florian
(0003364)
fdurand   
2013-08-01 08:10   
Ok thanks, it has been fixed in devel.

Fabrice





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1654 [PacketFence] performance major always 2013-06-22 23:29 2013-07-31 20:07
Reporter: rivan Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: can't access GUI
Description: after Installing, everything is working fine until I reboot the server
I can't access the GUI. Even if I do service PacketFence Restart.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003328)
rivan   
2013-06-22 23:31   
I've also reinstall it a lot of times, but the problem still occurs.
(0003329)
rivan   
2013-06-23 06:30   
http://sourceforge.net/mailarchive/forum.php?thread_name=1371879141.32740.YahooMailNeo%40web164503.mail.gq1.yahoo.com&forum_name=packetfence-users [^]

I'm not the only one experiencing the said problem.
(0003358)
fdurand   
2013-07-31 20:07   
Fixed in the last release.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1649 [PacketFence] 802.1x major always 2013-06-05 10:15 2013-07-31 20:06
Reporter: dgreer Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Problems returning role information from pf::authentication::match
Description: There are actually several things going on here (I think).

First, in logging, there is a logic error in an if statement. Here's the diff:

--- authentication.pm.orig 2013-06-05 07:43:17.390616523 -0500
+++ authentication.pm 2013-06-05 07:43:34.957616501 -0500
@@ -465,7 +465,7 @@
         return undef;
     }

- if (defined $action) {
+ if (! defined $action) {
         $logger->debug("No source matches action $action");
     } else {
         $logger->debug("Returning actions ".join(', ', map { $_->type." = ".$_->value } @$actions ));


Once that was found and fixed, I was able to see that I was getting matches but no returns. Have been staring at the code for quite a while, and can't figure this out. I added a debugging logging entry in the "foreach my $condition..." in Authentication/Source.pm so I could see what was being looked at, and I can see that all my conditions are being hit, but even when I've set one to specifically to match it fails to to return any actions (or, apparently to match).

Here's the log entries:

Jun 05 08:56:07 pf::WebAPI(24234) WARN: switch = pf::SNMP::Motorola::RFS=HASH(0x7fa24f9d9340), ifIndex = 1, mac = 00:22:fb:56:9d:3c, node_info = HASH(0x7fa24f9ddb00), conne
ction_type = Wireless-802.11-EAP, user_name = DPTLABS_NT\\dgreer, ssid = BasicEmployees (pf::vlan::getNormalVlan)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Trying to determine VLAN from role. (pf::vlan::getNormalVlan)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Match called with parameters SSID => BasicEmployees, connection_type => Wireless-802.11-EAP, username => DPTLABS_NT\\dgreer (pf::au
thentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: Match called with parameters SSID => BasicEmployees, connection_type => Wireless-802.11-EAP, username => DPTLABS_NT\\dgreer (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Matching rules for action set_role in source local (SQL) (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: Matching rules for action set_role in source local (SQL) (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) TRACE: attempt #0 to run query temporary_password_view_sql from module temporary_password (pf::db::db_query_execute)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Database statements not prepared, preparing... (pf::db::db_query_execute)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Preparing pf::temporary_password database queries (pf::temporary_password::temporary_password_db_prepare)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Matching rules for action set_role in source file1 (Htpasswd) (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: Matching rules for action set_role in source file1 (Htpasswd) (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Checking condition username equals admin (pf::Authentication::Source::match)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Matching rules for action set_role in source ad1 (AD) (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: Matching rules for action set_role in source ad1 (AD) (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Checking condition sAMAccountName equals DPTLABS_NT\\dgreer (pf::Authentication::Source::match)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Matching rules in LDAP source. (pf::Authentication::Source::LDAPSource::match_in_subclass)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: LDAP filter: (&(sAMAccountName=DPTLABS_NT\\dgreer)(sAMAccountName=DPTLABS_NT\\dgreer)) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Searching for (&(sAMAccountName=DPTLABS_NT\\dgreer)(sAMAccountName=DPTLABS_NT\\dgreer)), from DC=dpt,DC=DFB,DC=NET, with scope one (pf::Authentication::Source::LDAPSource::match_in_subclass)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Returning actions (pf::authentication::match)
Jun 05 08:56:07 pf::WebAPI(24234) DEBUG: Username was defined (DPTLABS_NT\\dgreer) - got role ARRAY(0x7fa24f9f3bd0) (pf::vlan::getNormalVlan)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: vlanName = ARRAY(0x7fa24f9f3bd0) (pf::SNMP::getVlanByName)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: No parameter ARRAY(0x7fa24f9f3bd0)Vlan found in conf/switches.conf for the switch 192.168.99.3 (pf::SNMP::getVlanByName)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: Resolved VLAN for node is not properly defined: Replacing with macDetectionVlan (pf::vlan::fetchVlanForNode)
Jun 05 08:56:07 pf::WebAPI(24234) WARN: vlanName = macDetection (pf::SNMP::getVlanByName)
Jun 05 08:56:07 pf::WebAPI(24234) INFO: MAC: 00:22:fb:56:9d:3c, PID: dgreer, Status: reg. Returned VLAN: 1 (pf::vlan::fetchVlanForNode)

Using CentOS 6.4 with updates.
Using packetfence-4.0.2-0.20130529.el6.noarch.rpm (and friends)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003315)
fdurand   
2013-06-05 10:32   
I fact your username doesn´t match with the sAMAccountName of your active directory (i suppose) it should be something like that dgreer and not DPTLABS_NT\\dgreer.
So to fix this issue, just have a look there:
https://github.com/inverse-inc/packetfence/blob/devel/raddb/sites-available/packetfence-tunnel [^]
In the post section we rewrite the User-Name attribute to match with AD.
(0003316)
francis   
2013-06-05 10:38   
@dgreer: Your patch is incorrect. There's no error in the logic to print the debugging information.
(0003317)
dgreer   
2013-06-05 12:04   
Thanks. I'll take a look at the patch (and roll back my change :^).
(0003318)
dgreer   
2013-06-05 12:13   
Ok, made those changes. I'm getting a return now, but it's returning an array where (I think) an string is required.

Jun 05 11:06:39 pf::WebAPI(24235) DEBUG: Matching rules for action set_role in source ad1 (AD) (pf::authentication::match)
Jun 05 11:06:39 pf::WebAPI(24235) WARN: Matching rules for action set_role in source ad1 (AD) (pf::authentication::match)
Jun 05 11:06:39 pf::WebAPI(24235) DEBUG: Checking condition sAMAccountName equals dgreer (pf::Authentication::Source::match)
Jun 05 11:06:39 pf::WebAPI(24235) DEBUG: Matching rules in LDAP source. (pf::Authentication::Source::LDAPSource::match_in_subclass)
Jun 05 11:06:39 pf::WebAPI(24235) DEBUG: LDAP filter: (&(sAMAccountName=DPTLABS_NT\\dgreer)(sAMAccountName=dgreer)) (pf::Authentication::Source::LDAPSource::match_in_subcla
ss)
Jun 05 11:06:39 pf::WebAPI(24235) DEBUG: Searching for (&(sAMAccountName=DPTLABS_NT\\dgreer)(sAMAccountName=dgreer)), from DC=dpt,DC=DFB,DC=NET, with scope one (pf::Authent
ication::Source::LDAPSource::match_in_subclass)
Jun 05 11:06:39 pf::WebAPI(24235) DEBUG: Returning actions (pf::authentication::match)
Jun 05 11:06:39 pf::WebAPI(24235) DEBUG: Username was defined (DPTLABS_NT\\dgreer) - got role ARRAY(0x7fa24f9f3b00) (pf::vlan::getNormalVlan)
Jun 05 11:06:39 pf::WebAPI(24235) WARN: vlanName = ARRAY(0x7fa24f9f3b00) (pf::SNMP::getVlanByName)
Jun 05 11:06:39 pf::WebAPI(24235) WARN: No parameter ARRAY(0x7fa24f9f3b00)Vlan found in conf/switches.conf for the switch 192.168.99.3 (pf::SNMP::getVlanByName)
Jun 05 11:06:39 pf::WebAPI(24235) WARN: Resolved VLAN for node is not properly defined: Replacing with macDetectionVlan (pf::vlan::fetchVlanForNode)
Jun 05 11:06:39 pf::WebAPI(24235) WARN: vlanName = macDetection (pf::SNMP::getVlanByName)


The actsion are:
Set role : default
Set unregistration date : 2020-01-01
(0003319)
dgreer   
2013-06-05 12:53   
Ok, looks like I forgot to restart PF after undoing the change to authentication.pm.

The ARRAY thing goes away once I stop being stupid, but I'm getting "No source matches action set_role" when I have such an entry.
(0003326)
dgreer   
2013-06-14 14:26   
This was a problem with my configuration: I had an incorrect SNMP config on the device I was using to test the wireless auth stuff. Derek caught this.

You can close this ticket.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1451 [PacketFence] core feature N/A 2012-05-11 16:30 2013-07-31 19:43
Reporter: obilodeau Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: get rid of the uplinks=... concept
Description: After doing 7264ede and a1b4cc8 I wrote:

# FIXME I just refactored that method but I think we should simply get rid
# of the uplinks=... concept. If you've configured access-control on an
# uplink then it's your problem. Anyway we don't do anything on RADIUS based
# requests. I guess this was there at first because of misconfigured up/down
# traps causing concerns.

Plus we haven't implemented dynamic support on most vendor other vendors and maintaining a list manually is just painful.

We'll discuss it and then decide whether we should do it or not.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003343)
Xen0Phage   
2013-07-22 20:26   
I'd like to ping this instead of opening a new bug request on it. We're having a problem with this now. Basically, the SNMP module for Cisco has "Cisco IP Phone" hardcoded as an identifier for a VoIP phone, but we don't use Cisco VoIP phones. I can easily make the change myself to support our phones, but then I run into maintenance issues with future upgrades.

Removing the uplinks concept entirely sounds viable, except that then there's no "gut check" when a trap comes in to catch any traps sourced from actual uplinks. I'm not sure when, if ever, such a trap would be sent, but having a check to prevent problems may be better than breaking the network.

I can think of two possible solutions. One, have a configurable option where the user can list the CDP/LLDP values of the IP phones they use. Another would be to reverse the check and have users list the CDP/LLDP values of switches they use. Either would solve this problem, I think, and would then put the onus of making the list on the user. Some simple help documentation on how to get the list from the switch should be sufficient.
(0003354)
fdurand   
2013-07-31 19:42   
it has been fixed, so now we fetch the bit to detect if it's an ip phone in CDP flag.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1673 [PacketFence] configuration major always 2013-07-25 10:11 2013-07-31 19:34
Reporter: maikel Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Can't update dhcp fingerprints
Description: Error! Unable to update DHCP fingerprints: 500 Can't connect to www.packetfence.org:80 (Bad hostname)

Seems it resolves back to inverse.ca and fails thus. Better to have the correct hostname there (inverse.ca)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003346)
Xen0Phage   
2013-07-29 11:54   
Are you sure this wasn't a DNS problem on your end? It's working fine here... Using packetfence.org seems appropriate given that it's the name of the project. As long as it resolves to the proper location, it should work....
(0003350)
maikel   
2013-07-29 14:09   
This can be so. Maybe even at the PF.org side. Currently i just tested it on the same server with unchanged code etc and now it works. Can be at the reporting day though in Canada there might have been an issue. For now i agree with XenOPhage to close this ticket.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1142 [PacketFence] captive portal major always 2010-12-20 10:49 2013-07-31 17:15
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: urgent OS Version:  
Status: assigned Product Version: 2.0.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: investigate  
fixed in git revision:
fixed in mtn revision:
Summary: CGISessions are not expiring properly
Description: We see on high usage setups that CGISessions are not expiring properly. This cause a problem in the /tmp folder, and can affect the time MySQL takes to restart. Problem has been detected at least on version 1.8.7, 1.9.0, 1.9.1, and 2.0.0, and may impact older versions.

- Maybe we need to properly set a lower expiration time when we create the session.
- Maybe we can clear the session after a user registers.

An easy fix to workaround this problem, run a cron to wipe the sessions older than 30min :
find /tmp -name "cgisess_*" -mmin +30 -exec rm -f {} \;
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002844)
fgaudreault   
2012-07-19 10:21   
(edited on: 2012-07-19 10:29)
We should consider putting a $session->expire($time) somewhere. (redir.cgi?)

We also need to call
$session->delete()
$session->flush()

at the end of the process, somewhere in generate_release_page I guess...
(0002850)
fgaudreault   
2012-07-25 09:54   
Commited the delete/flush part for web.pm (generate_release_page).

However, we will need to see how we can fix the session handling in the CGI files. The current way is just not working.
(0003089)
fgaudreault   
2012-09-24 14:53   
Bumping this to urgent. Some clients had issues recently with this. We should get rid of the cron and fix the problem once and for all.
(0003345)
sinusoidal   
2013-07-26 06:48   
Just had this rear its ugly head. Will put in the cron workaround. Can I confirm with someone - the cron to remove the sessions after 30 mins - once registered we have a session time out of 3 days. Do I need to change that 30 min value to avoid kicking people off the system after 30 mins? Not sure what the 30 mins relates to. Is this fixed in 4?
(0003352)
fdurand   
2013-07-31 17:15   
Yes it has been fixed in packetfence 4 since we use memcached to store cgi session.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1651 [PacketFence] core major always 2013-06-12 15:08 2013-07-12 16:23
Reporter: dwuelfrath Platform: All  
Assigned To: dwuelfrath OS: All  
Priority: high OS Version: All  
Status: assigned Product Version: 4.0.1  
Product Build: Resolution: suspended  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Snort cannot start if pfdetect is not started
Description: When we start PacketFence, we create a FIFO (/usr/local/pf/var/alert) in which Snort is writing detected alerts.

Snort is trying to open that FIFO in WRITE mode but a FIFO can only be opened in WRITE if a process already opened that FIFO in READ.

Currently, PacketFence starts Snort before pfdetect (starting sequence) which cause Snort to hung since the FIFO cannot be opened in WRITE due to the lack of a process opening that FIFO in READ (pfdetect).

Startup sequence need to be adapted so that pfdetect is started before Snort.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0003325)
dwuelfrath   
2013-06-14 14:09   
Mitigate in c2d817f0ecb53fb7a95a97fcd798ae1140b07f33
(0003341)
lpelet   
2013-07-12 16:23   
Same error when Suricata try to log into the fifo alert.
Patch suricata.yaml in section where the alert file is declared to specify filetype = regular

view https://github.com/inverse-inc/packetfence/commit/ff90a8c83ba2fa4c2d3bd6204643936443466025 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1670 [PacketFence] web admin feature always 2013-07-12 14:09 2013-07-12 14:30
Reporter: Xen0Phage Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.2  
    Target Version:  
fixed in git revision: 43787f33a70e4fbaca5cd82b5dcacaa6fd963268
fixed in mtn revision:
Summary: Switches list not sorted
Description: The list of switches in Configuration -> Network -> Switches does not appear to be sorted in any way. It appears to be displayed in the order it's read from the config file.

This should be sorted to reduce the time necessary to find a particular switch.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1645 [PacketFence] web admin minor have not tried 2013-05-29 11:46 2013-07-12 09:45
Reporter: dgreer Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.2  
    Target Version: 4.0.2  
fixed in git revision:
fixed in mtn revision:
Summary: When editing a User, unable to save changes because of missing fields "from" and "Expiration"
Description: Modifying the user created when I logged into the registration portal, adding name, email, etc. All fields filled.

When I press "Save" I get:
"Error! Valid from field is required"
"Error! Expiration field is required"

Not a show stopper, but wanted to get it on the todo list.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003306)
francis   
2013-05-29 15:36   
How was performed the registration? By email? By SMS? By sponsorship?
(0003307)
dgreer   
2013-05-29 16:34   
I didn't know you had to register users by email or sponsorship, I thought you just had to register nodes.

The user was created by logging into the registration page from the workstation I'm using for testing. Authentication was via an LDAP connection to our AD server.
(0003313)
francis   
2013-06-04 11:45   
I've improved the user form. Hopefully, you won't get those errors anymore.
(0003314)
dgreer   
2013-06-04 13:14   
What's the patch number?





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1666 [PacketFence] web admin trivial always 2013-07-10 14:27 2013-07-12 09:44
Reporter: Xen0Phage Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.2  
    Target Version:  
fixed in git revision: e8154cf97dc5c8994207981baff6970dfc5af85a
fixed in mtn revision:
Summary: Sort order of routed networks is not numeric
Description: This is a nitpicky issue, but I thought I'd report it. The sort order for routed networks in the "Configuration -> Interfaces" screen is not in numeric order. For instance, 10.10.100.0 appears before 10.10.2.0.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1641 [PacketFence] core minor sometimes 2013-05-10 18:08 2013-07-11 08:44
Reporter: lmunro Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.1  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: max nodes per-user limit reached for admin user
Description: A user reports:
I've been doing some work on our PF 4.0 install. I have LDAP
authentication working for the admin logins as well as logging in via
RADIUS. I believe we talked yesterday about the "User Sources" being
used for identifying user roles when authenticating via 802.1x.
Looking at the vlan.pm code, this appears to be what will happen, but
I need to have the node in a registered state first. So how do we go
about doing that?

    Additionally, if I try to manually switch the node to Registered, I
get the following in the logs :

INFO: per-category max nodes per-user limit reached: 1 are already
registered to admin for category
Steps To Reproduce:
Additional Information: node:is_max_reg_nodes_reached tests if $pid equals $default_pid.
$default_pid is defined as 1 in config.pm whereas it is entered as "admin" in the database.

Should that be changed?
Attached Files:
Notes
(0003303)
francis   
2013-05-14 12:46   
I fixed the value of $default_pid :

https://github.com/inverse-inc/packetfence/commit/d8d6c5f65ca68d4c9622d15e76bc54ac3c64bf39 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1153 [PacketFence] hardware modules tweak N/A 2011-01-17 17:18 2013-07-11 07:49
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: assigned Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: long-term  
fixed in git revision:
fixed in mtn revision:
Summary: More flexible VLAN Attributes handling with RADIUS (support for Vendor Specific Attributes aka VSA)
Description: Right now VLAN assignment through RADIUS is always done using the same tunnel attributes namely:

    $RAD_REPLY{'Tunnel-Medium-Type'} = 6;
    $RAD_REPLY{'Tunnel-Type'} = 13;
    $RAD_REPLY{'Tunnel-Private-Group-ID'} = $vlan;


However, to be more flexible, it would be interesting to consider allowing the hardware module to specify it's own RADIUS attributes.

For this, a new call. Here's the pseudo-code:
getVlanAssignmentAttributes(radius_hashref, $vlan) : radius_hashref {
    $RAD_REPLY->{'Tunnel-Medium-Type'} = 6;
    $RAD_REPLY->{'Tunnel-Type'} = 13;
    $RAD_REPLY->{'Tunnel-Private-Group-ID'} = $vlan;
}

put the above default implementation in pf::SNMP and then other modules can differ. For ex:

getVlanAssignmentAttributes(radius_hashref, $vlan) : radius_hashref {
    $RAD_REPLY->{'Tunnel-Medium-Type'} = 6;
    $RAD_REPLY->{'Tunnel-Type'} = 13;
    $RAD_REPLY->{'Tunnel-Private-Group-ID'} = $vlan;
    $RAD_REPLY->{'Extreme-Netlogin-Extended-VLAN'} = T220;
}

would add a hardware-specific reply that would add a tagged VLAN 220 to the port
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003339)
roadracer96   
2013-07-11 07:49   
Id like to bump this. I was working on writing my own poor mans NAC prior to discovering PF. The one thing I was able to do was use Extreme-Netlogin-Extended-VLAN VSA to assign tagged, untagged, or a combination of both to a port. A reply of Extreme-Netlogin-Extended-VLAN = U10;T200 would assign vlan 10 Untagged AND vlan 200 tagged. It would make implementation with Extreme switches more flexible.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1652 [PacketFence] web admin minor always 2013-06-13 10:30 2013-07-10 10:33
Reporter: lmunro Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: 4.0.2  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Node search by pid is broken
Description: Node search using "person name" does not work.

The logs show the following errors:
Jun 13 09:47:24 httpd.admin(0) ERROR: Odd number of elements in hash assignment at /usr/local/pf/html/pfappserver/l
ib/pfappserver/Base/Action/SimpleSearch.pm line 21.
 (pfappserver::__ANON__)
Jun 13 09:48:06 httpd.admin(0) ERROR: Caught exception in pfappserver::Controller::Node->advanced_search "Can't use
 string ("pid") as a HASH ref while "strict refs" in use at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Se
arch/Node.pm line 276." (pfappserver::Controller::Root::end)
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1663 [PacketFence] web admin feature always 2013-07-08 17:05 2013-07-09 09:30
Reporter: Xen0Phage Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.2  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Missing option to enable VoIP for a switch via the Admin GUI
Description: Title says it all. In the 3.x version there was an option via the GUI to enable VoIP on a switch. In 4.x, it appears this has vanished. I can enable it via a direct edit of the switches.conf file, but enabling this requires a restart of services. Being able to do this via the GUI would handle it in a much smoother way without interruption of service.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003336)
francis   
2013-07-09 09:30   
Fixed. See https://github.com/inverse-inc/packetfence/commit/50ec7a9b411579e6b32f81a3240ebd2aea67570b [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1653 [PacketFence] captive portal major always 2013-06-19 08:57 2013-06-19 14:35
Reporter: muhlig Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: lib/pf/web.pm undefined value as an ARRAY reference
Description: This is on current snapshot (packetfence-4.0.2-0.20130619.el6.noarch.rpm). I'm trying to login using captive-portal. I fill accept terms, username and password and click Login. Then I get page with Software error:

Can't use an undefined value as an ARRAY reference at /usr/local/pf/lib/pf/web.pm line 582.
Steps To Reproduce:
Additional Information: I'm not sure if my config is correct; the error is not a faulty config message though :-)

The node doesn't get registered.
Attached Files:
Notes
(0003327)
jrouzier   
2013-06-19 14:35   
This has been fixed will be available in next build.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1650 [PacketFence] captive portal major always 2013-06-06 06:12 2013-06-07 23:34
Reporter: rivan Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: feedback Product Version: 4.0.1  
Product Build: Resolution: reopened  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Unable to Authenticate
Description: I've done the following
1. to create user
Configuration>create
username:guest10
password:guest10
2. add an authentication source
configuration>sources>add source>Htpasswd
name: guest
description:guest
file path:/usr/local/pf/conf/guest.conf
3. add a rule in newly created source (guest)
conditions: username starts guest
action
set access level: all
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003320)
ludovic   
2013-06-06 06:37   
"set access level" is wrong here, it's for the admin interface.

You MUST use "set role" AND "set unreg date"/"set access duration".
(0003321)
francis   
2013-06-06 08:06   
Steps 2 and 3 are not required.

From the "Users" page, edit your new user and set the actions to "set role" as Ludovic mentioned.
(0003322)
rivan   
2013-06-06 21:36   
(edited on: 2013-06-06 23:16)
that's the first thing that I did before I set it to all
sorry I didnt mention that.
I'm also running it as Inline Enforcement.
(0003324)
rivan   
2013-06-07 23:34   
The bug is just in Inline Enforcement.

Vlan Enforcement is good and running.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1648 [PacketFence] web admin major always 2013-06-04 08:58 2013-06-04 15:55
Reporter: dgreer Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: https://github.com/inverse-inc/packetfence/blob/c55373379b232dfae6915b86bcded863830febe8/html/pfappserver/lib/pfappserver/Controller/Configuration.pm [^]
fixed in mtn revision:
Summary: Admin pages errors
Description: Under "Configuration", all the options down to "Provisioning" throw errors. Here's the errors from packetfence.log:
Jun 04 07:51:13 httpd.admin(0) ERROR: Use of uninitialized value in pattern match (m//) at /usr/share/perl5/vendor_perl/Catalyst/Action/RenderView.pm line 54.
 (pfappserver::__ANON__)
Jun 04 07:51:13 httpd.admin(0) ERROR: Use of uninitialized value in pattern match (m//) at /usr/share/perl5/vendor_perl/Catalyst.pm line 1917.
 (pfappserver::__ANON__)
Jun 04 07:51:13 httpd.admin(0) ERROR: Use of uninitialized value $status in numeric ge (>=) at /usr/share/perl5/vendor_perl/Plack/Handler/Apache2.pm line 124.
 (pfappserver::__ANON__)
Jun 04 07:51:13 httpd.admin(0) ERROR: Use of uninitialized value in subroutine entry at /usr/share/perl5/vendor_perl/Plack/Handler/Apache2.pm line 138.
 (pfappserver::__ANON__)

I'm suspecting that this may be related to my "fix" in bug 1647. Will roll back to a previous version.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1529 [PacketFence] web admin major always 2012-08-24 10:25 2013-06-03 08:43
Reporter: suenall Platform:  
Assigned To: francis OS:  
Priority: high OS Version:  
Status: assigned Product Version: 3.5.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: investigate  
fixed in git revision:
fixed in mtn revision:
Summary: web configurator
Description: "continue button" resets page to defaults instead of continuing
Steps To Reproduce:
Additional Information: RHEL 6,
Attached Files: packetfence.log (280,719) 2012-08-24 10:25
https://www.packetfence.org/bugs/file_download.php?file_id=158&type=bug
Notes
(0002962)
francis   
2012-08-24 10:29   
At which step are you having the problem? Database? If so, have you succeed in creating both the database and the database account?
(0002963)
suenall   
2012-08-24 11:53   
had been using IE.
Rolled back VM to pre configuration snapshot, restarted configurator in Chrome.
selected VLAN enforcement and deselected Inline, clicking continue takes me to networks page, but the only interface type options are mgmt, inline, and other.
the interface types necessary for vlan enforcement are not there.
(0002964)
suenall   
2012-08-24 11:55   
also, in anser to your question, no the database and user were not created. When we tried (pre rollback) to create manually, ran into issues getting PF to talk to the db, causing the rollback and subsequent switch to chrome.
(0002965)
obilodeau   
2012-08-27 09:42   
What version of IE?

Also, the log you provided, is it for the first problem (continue resets the page) or the second one (missing interface types)?
(0002968)
obilodeau   
2012-08-27 11:38   
Adding information received by email:


We're using IE 9. And the log was for the first issue (continue resets the page). I didn't take a log for the other, just muddled thru and got PF services started and went to the main PF Web interface.

Cheers,
Sue
(0002977)
obilodeau   
2012-08-28 09:38   
Extracted relevant pieces of log:

Aug 22 14:41:32 pfappserver_server.pl(0) WARN: 10.17.10.0.type does not exists (pfappserver::Model::Config::Networks::read_value)
...

Aug 22 14:52:06 pfappserver_server.pl(0) ERROR: DBI connect('dbname=pf;host=localhost;port=3306','pf',...) failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (
2) at /usr/local/pf/html/pfappserver/script/../lib/pfappserver/Model/DB.pm line 83. (pfappserver::__ANON__)
Aug 22 14:52:06 pfappserver_server.pl(0) WARN: Error in connection to the database pf with user pf | Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) (pfappserve
r::Model::DB::connect)
...
Aug 23 15:41:04 pfappserver_server.pl(0) INFO: Loaded existing /usr/local/pf/conf/networks.conf file (pfappserver::Model::Config::Networks::_load_networks_conf)
Aug 23 15:41:04 pfappserver_server.pl(0) WARN: 10.17.10.0.type does not exists (pfappserver::Model::Config::Networks::read_value)
Aug 23 15:41:04 pfappserver_server.pl(0) WARN: 172.20.0.0.type does not exists (pfappserver::Model::Config::Networks::read_value)
Aug 23 15:41:04 pfappserver_server.pl(0) WARN: 172.20.2.0.type does not exists (pfappserver::Model::Config::Networks::read_value)
Aug 23 15:41:04 pfappserver_server.pl(0) WARN: 172.20.3.0.type does not exists (pfappserver::Model::Config::Networks::read_value)

Regarding first issue, could we have javascript issues with IE 9?

Regarding second issue, we should try to reproduce the problem in the lab with the exact step.

Also it feels like the code to start the database server never worked.
(0002978)
obilodeau   
2012-08-28 09:41   
Adding information received by email:

True, we did have to start the mysql server by hand in the linux cli.

Cheers,
Sue
(0002979)
obilodeau   
2012-08-28 09:47   
Reminder sent to:: fdurand
Fabrice, have you found any issues (besides the one you already fixed in documentation) regarding the web configurator on a pure RHEL6 install? Problems with MySQL starting?
(0002980)
fdurand   
2012-08-28 09:56   
I installed a new pure RHEL 6 server, and the only thing i remark is that you must set NM_CONTROLLED to no in your network interface configuration file to prevent the network disconnection.

For MySQL i don´t know, but each time i have installed packetfence, i must have to start it by hand just after installing packetfence.
(0002981)
obilodeau   
2012-08-28 10:01   
Well, web configurator is supposed to be able to start it.. so it's a bug. On your next install, get one of the devs to look at it please. Thanks.
(0003085)
milkmansson   
2012-09-20 10:07   
(edited on: 2012-09-20 10:12)
The issue exists for the ZEN 3.5.1 ESX image.... 'Contine' and 'save' buttons do not work in IE 8/9, but functionality does work on Firefox 13.0. IE displays the error exclamation on the lower left corner of the window. Hope this helps!

Edit: In addition, the logic for the coding of the Enabled/Disabled buttons seems to be a little out - the text remains correct, but running your mouse over them repeatedly makes them change colour (red/green) with no action occurring - in case this is linked!
(0003086)
obilodeau   
2012-09-20 10:18   
Reminder sent to:: francis
front-end problems for you Francis ;)
(0003106)
francis   
2012-09-28 09:13   
I just fixed a call to a JavaScript function that was causing an error under IE8:

https://github.com/inverse-inc/packetfence/commit/b2e36e8c879c1ed235ddf2f437181b76a96f8d8a [^]

Other question : is the date on your virtual machine properly set? Very important since we're using web cookies.
(0003107)
candlerb   
2012-09-28 12:58   
> selected VLAN enforcement and deselected Inline, clicking continue takes me to networks page, but the only interface type options are mgmt, inline, and other.

I saw exactly the same problem when installing PacketFence last week:

* Deselect Inline enforcement, select VLAN enforcement
* On next page only "Management" and "Inline" are offered
* If I go back to the beginning, Inline enforcement is re-selected and VLAN enforcement de-selected

This was with Chrome and Safari under OSX, although Firefox was fine. Platform was PacketFence 3.5.1 under CentOS 6.3 x86_64

However I have now tried to replicate this using a VirtualBox VM with same flavour of CentOS and PacketFence, and I can't make it happen. With Chrome and Safari I get "Management", "Registration", "Isolation" as expected.

Most strange!
(0003108)
candlerb   
2012-09-28 13:13   
Additional info:

* I can confirm that mysqld had to be started by hand on the command line (in both my original installation and the newly-created VM)

* In the original installation I got stuck in a state where pf had created the pf mysql user and database, but wouldn't let me continue. In the end I did a manual "drop database" to sort it out. I didn't have this problem when doing the VM install.
(0003126)
fgaudreault   
2012-10-19 11:14   
I heard that some other client had the same issue yesterday.

Unselecting Inline, Selecting VLAN, and the customer had to configure Inline stuff. This differs from the original bug, maybe we should open a new bug entry to the Inline/VLAN part?
(0003127)
francis   
2012-10-19 11:15   
I suspect a more general web session issue. No need to open a new ticket.
(0003129)
fgaudreault   
2012-10-19 11:17   
Ok. Will put this into the "investigate" queue. Do you want to take the lead on this?
(0003312)
francis   
2013-06-03 08:43   
Does this problem still persist in release 4.0.1?





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1642 [PacketFence] packaging major always 2013-05-14 21:44 2013-05-15 07:13
Reporter: adamashley Platform:  
Assigned To: francis OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 4.0.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: +1  
    Target Version:  
fixed in git revision: https://github.com/inverse-inc/packetfence/commit/0816032722c3b4c99be2010667b2e585c0acc756 [^]
fixed in mtn revision:
Summary: Ubuntu package install fails when trying to stop services that don't exist
Description: Clean ubuntu 12.04.2 LTS install with minimal install. Only SSH and requirements to boot are installed.

Add repository and install package as documented at http://www.packetfence.org/support/faqs/article/how-to-install-packetfence-on-ubuntu.html [^]

Install runs until following error message occurs:
dpkg: error processing packetfence (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 packetfence


Edited /var/lib/dpkg/info/packetfence.postinst to add more comments through out the process that is failing. Resulting log:

root@proxy01:/var/lib/dpkg# apt-get install -f
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up packetfence (4.0.0) ...
DH already exists, won't touch it!
managing services
Stopping snort
dpkg: error processing packetfence (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 packetfence
E: Sub-process /usr/bin/dpkg returned an error code (1)

Install script is failing because there is no service called snort installed on the machine. Only packages installed are those listed as dependancies for packetfence.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1621 [PacketFence] core tweak always 2013-01-10 13:46 2013-03-18 09:45
Reporter: ludovic Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: +1  
    Target Version:  
fixed in git revision: feature/catalyst-admin
fixed in mtn revision:
Summary: Wrong SNMP deauth call for Cisco WLC
Description: In lib/pf/SNMP/Cisco/WLC.pm we have:

sub _deauthenticateMacSnmp {
...

while it should be:

sub _deauthenticateMacSNMP {

Otherwise, SNMP deauth won't work for Cisco WLC/WiSM.

That bug is also present in v3.6.1

A test should be developed to make sure we don't have problems in the future.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003301)
fdurand   
2013-03-18 09:45   
Fixed in the future version PacketFence 4.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1628 [PacketFence] refactoring minor random 2013-02-04 15:42 2013-02-04 15:42
Reporter: dwuelfrath Platform: All  
Assigned To: dwuelfrath OS: All  
Priority: normal OS Version: All  
Status: assigned Product Version: 3.6.1  
Product Build: stable Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: +2  
fixed in git revision:
fixed in mtn revision:
Summary: Refactor the VLAN change workflow on wired switchports
Description: The whole setVlan, authorizeMac, bouncePort workflow differs from switch to switch and from enforcement methods.
Bounce port occurs when there's VoIP phone in some case (MAC auth) but not in others (port-security) which mess the standard workflow.

We should standardize this workflow.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1625 [PacketFence] inline feature always 2013-01-21 20:18 2013-01-22 09:31
Reporter: dwuelfrath Platform: All  
Assigned To: dwuelfrath OS: All  
Priority: normal OS Version: All  
Status: assigned Product Version: 3.6.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Inline enforcement mode should have a similar workflow as the VLAN enforcement mode
Description: With the new inline RADIUS feature, we should consider improving the handling of the registration process for nodes connecting using this enforcement mode.
Example: SSID
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1624 [PacketFence] upgrade minor always 2013-01-17 14:05 2013-01-21 14:56
Reporter: ae3 Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.6.1  
Product Build: stable Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.1  
    Target Version: +0  
fixed in git revision: 11acb8b4d1728b8e09546a01ac234ecff18e0c9c
fixed in mtn revision:
Summary: db/upgrade-3.5.0-3.6.1.sql has primary key error
Description: When I run the database schema update on ZEN 3.6.0 to upgrade to 3.6.1, MySQL terminates with error 1062 as shown under additional information below. I had previously added custom categories through the admin web GUI, and the first one was automatically assigned node_category 3. Hence, the primary key conflict for me, and anyone else who defined custom categories.

I do not know if there is a dependency on node_category=3 for gaming devices elsewhere in the code, but I created the entry via the admin web GUI and it assigned it 0000008. If there is no dependency on that entry being 0000003, you could just drop the "category_id" and "3" from the insert command since the table was created with category_id defined as auto_increment so it will always use the next number on insert.
Steps To Reproduce:
Additional Information: [root@pf-zen-esx pf]# mysql -u pf -p pf -v < db/upgrade-3.5.0-3.6.1.sql
Enter password:
--------------
INSERT INTO `node_category` (category_id,name,notes) VALUES ("3","gaming","Gaming devices")
--------------

ERROR 1062 (23000) at line 5: Duplicate entry '3' for key 'PRIMARY'
[root@pf-zen-esx pf]#
Attached Files:
Notes
(0003292)
dwuelfrath   
2013-01-18 14:51   
Will commit fix
(0003293)
dwuelfrath   
2013-01-21 14:23   
Fixed in 3.6.1 stable branch as of 2012.01.21





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1623 [PacketFence] major always 2013-01-14 12:06 2013-01-14 13:59
Reporter: fdurand Platform: All  
Assigned To: dwuelfrath OS: All  
Priority: normal OS Version: All  
Status: assigned Product Version: 3.6.1  
Product Build: stable Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: +1  
fixed in git revision:
fixed in mtn revision:
Summary: TrapLimitation Disable local trap
Description: When a trap Limitation is enabled in packetfence and when it reach this limit, then the local trap are disabled.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1599 [PacketFence] configuration text have not tried 2012-11-08 15:58 2013-01-03 10:55
Reporter: _KaszpiR_ Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: feedback Product Version:  
Product Build: Resolution: reopened  
Projection: none      
ETA: none Fixed in Version: 3.6.1  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Debian FreeRADIUS auth agains AD documentation is missing dependency
Description: Just a minor note to section:
Option 1: Authentication against Active Directory (AD)
...
Samba / Kerberos / Winbind
Install SAMBA

Under Debian
apt-get install samba winbing krb5-user
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003283)
fdurand   
2012-11-28 08:34   
It has been included in the doc
Thanks
(0003290)
_KaszpiR_   
2013-01-03 10:55   
Just noticed my typo: should be winbind, not winbing ;)
Haven't checked the manual yet.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1619 [PacketFence] guests minor always 2012-12-28 16:21 2013-01-03 09:55
Reporter: lmunro Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.1  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: sponsored account registration url contains regular expression
Description: Whenever a guest tries to register using a sponsor, the sponsor receives an email where the url is malformed.
It contains a regular expression like this example:

https://pftest-lm.packetfence.org/activate/email(.*)/381359d5d9bde6a37d0a41140153dd81 [^]

Note the "email(.*)" part.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003289)
fdurand   
2013-01-03 09:55   
Fixed in devel





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1616 [PacketFence] minor always 2012-12-13 09:53 2012-12-13 09:56
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.1  
    Target Version:  
fixed in git revision: 6651312273b6af1fb853beac164a5378e66f87b0
fixed in mtn revision:
Summary: Apple XML provisioning profile displays payload rather than the profile itself
Description: When connecting from an IOS device with the profile provisioning enabled, the device is displaying the XML profile payload rather than prompting to add the new profile.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003284)
dwuelfrath   
2012-12-13 09:56   
This regression was introduced with the rewriting of some lib/pf/web.pm functions regarding the rendering of the page.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1612 [PacketFence] configuration minor always 2012-11-28 13:22 2012-11-28 13:22
Reporter: fdurand Platform: Linux  
Assigned To: dwuelfrath OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: assigned Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Vlan creation under configurator (under 4096)
Description: When i try to create a new vlan in the configurator, the highest vlan than we can add is 4094.
So we just have to change the text (under 4096) in configurator.
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1602 [PacketFence] captive portal major always 2012-11-12 10:58 2012-11-12 11:17
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.1  
    Target Version:  
fixed in git revision: 480663772a400fe61e79c7f007245fc09ad6a3db
fixed in mtn revision:
Summary: Perl errors on some signup options
Description: Some signup options seems to produce weird perl errors (unable to instantiate some required modules even if the path is correct)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003276)
dwuelfrath   
2012-11-12 10:59   
Seems to be a regression introduced with 3.6.0 with the new captive-portal dispatcher.
Some captive-portal "modules" does not seems to go through the good virtual host.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1597 [PacketFence] error-handling minor always 2012-11-07 15:45 2012-11-07 15:57
Reporter: _KaszpiR_ Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Mantis and MySQL collation
Description: Not Packetfence related, but the issue is with Mantis.
Looks like database was set up with latin1 while website runs on utf8.
Workaround - did not use special chars ;)
Steps To Reproduce:
Additional Information: Tried to update profile, error occured.

Database query failed. Error received from database was 0001267: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '=' for the query: SELECT id
FROM mantis_user_table
WHERE username='Micha? Socho?'.
Attached Files:
Notes
(0003271)
fgaudreault   
2012-11-07 15:57   
Ok.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1550 [PacketFence] configuration minor have not tried 2012-09-14 14:34 2012-10-29 16:00
Reporter: dwuelfrath Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.1  
fixed in git revision: 7f6335b14c7a5d90999eec0d4d6b3ee1c29e3c6a
fixed in mtn revision:
Summary: ssl-certificates.conf file
Description: The conf/ssl-certificates.conf file should be moved into conf/httpd.conf.d since it is part of the httpd configuration.

This change will imply modification to the packaging (RHEL, Debian) to make sure to handle the new location and an entry in the UPGRADE document.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003265)
fgaudreault   
2012-10-29 16:00   
Fixed in devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1317 [PacketFence] core minor always 2011-10-20 12:00 2012-10-29 15:02
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: high OS Version:  
Status: resolved Product Version: 3.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.1  
fixed in git revision: ad54619a893500d7d6febeb08094357048caa7ba
fixed in mtn revision:
Summary: Nodes are beeing unreg if expire_mode set to window and no unreg date is set
Description: Problematic query :
$node_statements->{'node_expire_window_sql'} = get_db_handle()->prepare(
        qq [ SELECT mac FROM node WHERE status="reg" AND unix_timestamp(regdate) + ? < unix_timestamp(now()) ]
    );

If you set no unregdate (0000-00-00 00:00:00) and you add 999w, it will always be lower than NOW(). The nodes will then be unregistered even if they should not.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002373)
obilodeau   
2011-10-21 11:25   
watch out, unregdate is not in the above query. So what is important is regdate + window < unix_timestamp( now() ).

When you saw nodes being batch de-registered what did they had as a regdate? Why was it so low?
(0002374)
fgaudreault   
2011-10-21 14:41   
You are right, my regdate was 0 since I registered my devices using raw SQL without updating that field with now(). However, the bug remains, if my regdate is 3 days ago, and my window is 2d, regardless the unregdate, I will still be unregistered.
(0002484)
obilodeau   
2011-12-22 11:15   
Reducing severity since the feature works as intended.

But we will still fix it by setting now + window to unregdate instead of looking at regdate because it gives more control to the administrators if they want to manually alter the unregdate.
(0003263)
fgaudreault   
2012-10-29 14:37   
We should only rely on the unregdate. At the registration time, we set the proper unregdate if using mode deadline or mode window. We should NEVER base our decision regarding the regdate.

A network admin should be allowed to mess with the unregdate manually.

I will remove the unnecessary code in node_maintenance.
(0003264)
fgaudreault   
2012-10-29 15:02   
Fixed in devel. Cleaned up some useless code.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1591 [PacketFence] captive portal tweak always 2012-10-29 13:44 2012-10-29 14:05
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.6.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.1  
fixed in git revision: 2dc9f94baf271b0fc6d5301e9f20e73e630f8f8c
fixed in mtn revision:
Summary: Signup link availability issue
Description: When you select OAuth2 authenticators in the guest_self_registration.modes, the signup link will be available but it shouldn't be.

Only sponsor, sms, or email should trigger the link to be available.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003262)
fgaudreault   
2012-10-29 14:05   
Fixed in devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1579 [PacketFence] captive portal minor always 2012-10-22 12:44 2012-10-29 13:48
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.1  
fixed in git revision: be472568ac42e129c3916d34162de3885685174c
fixed in mtn revision:
Summary: SMS confirmation page should return an error message if PIN is invalid
Description: The page is not telling us if the PIN entered is invalid, it just refresh.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003261)
fgaudreault   
2012-10-29 13:47   
Fixed in Devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1538 [PacketFence] core minor always 2012-09-04 12:28 2012-10-29 12:37
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version: 3.5.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.1  
fixed in git revision: cc5719ccb34980bb335bfb31d6b33d0a3050ccc0
fixed in mtn revision:
Summary: Missing query for accounting violation
Description: When using a non-supported time frame for the accounting violations, the code says we should look at the data since the beginning of time. However, that sub is missing.

- Should we remove the unsupported time values from the REGEXP to check the trigger format?
- Should we add the proper sub?
- Should we support all time format?
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003260)
fgaudreault   
2012-10-29 12:36   
I decided to force the usage of the D(aily) W(eekly) M(onthly) Y(early) modifiers in the trigger format.

Fixed in devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1342 [PacketFence] configuration feature N/A 2011-11-23 14:24 2012-10-29 11:29
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.1  
fixed in git revision: b4bc7f2e56bc1c77eb6c638639e51b0d8ee8ece7
fixed in mtn revision:
Summary: have minimal radius logging and expose it on the web interface
Description: Helpful for people who have not yet connected the radiusd to packetfence properly.

We should add a note in the performance section to disable the logging on high throughput networks and also take the opportunity to document the async syslog trick too.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002604)
obilodeau   
2012-03-08 12:55   
We have modified radius logging lately, it should be ready for an exposition on the admin ui.

Forget about the async syslog trick, we don't log there anymore.
(0003259)
fgaudreault   
2012-10-29 11:29   
Fixed in devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1494 [PacketFence] core minor always 2012-07-24 10:04 2012-10-26 16:06
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: acknowledged Product Version: 3.4.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.6.1  
fixed in git revision:
fixed in mtn revision:
Summary: pf watch should restart only the crashed service
Description: pf watch should only restart the crashed service instead of everything. Right now, if for example pfmon is crashed, pf watch will restart packetfence entirely instead of just restarting the crashed service.

Why we need to restart the captive portal because of pfmon? ;)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002891)
obilodeau   
2012-08-07 09:37   
I agree that it is rather stupid. Triaged as such.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
749 [PacketFence] core minor have not tried 2009-07-16 16:33 2012-10-26 16:05
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: high OS Version:  
Status: assigned Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.6.1  
fixed in git revision: b78251653ec9f535f9e1cf3fa898b75350357d5e
fixed in mtn revision:
Summary: Violation load does not validate if 2 violations have the same ID
Description: There should be a control, when loading violations, that make sure that 2 violations do not have the same ID in violations.conf.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002870)
fgaudreault   
2012-08-06 12:18   
In Devel!!
(0002902)
obilodeau   
2012-08-07 12:13   
I moved this out of devel into a separate branch. Identical copy / pasted code is prone to insidious bugs in the face of future changes (forgetting the old location). It should be extracted out in a method that shares the same code.

Branch created: https://github.com/inverse-inc/packetfence/tree/fix/749-check-duplicate-violation-id [^]

I'll refactor the code if you don't have the time for it.
(0003178)
fgaudreault   
2012-10-19 13:51   
Code need refactoring.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1517 [PacketFence] packaging minor have not tried 2012-08-16 10:01 2012-10-26 15:51
Reporter: obilodeau Platform: Linux  
Assigned To: fgaudreault OS: RHEL / CentOS  
Priority: normal OS Version: 6  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: freeradius depsolving problems on RHEL 6
Description: PacketFence won't install on RHEL 6 because of dependency solving problems with freeradius-2.1.12-3.

This version is more recent than in our repo but that doesn't explain why installation fails.
Steps To Reproduce:
Additional Information: Info about update: http://rhn.redhat.com/errata/RHBA-2012-0881.html [^]

Interesting but unrelated:

* Previously, freeradius was compiled without the "--with-udpfromto" option.
Consequently, with a multihomed server and explicitly specifying the IP address,
freeradius sent the reply from the wrong IP address. With this update,
freeradius has been built with the --with-udpfromto configuration option and the
RADIUS reply is always sourced from the IP the request was sent to. (BZ#700870)
Attached Files:
Notes
(0002937)
obilodeau   
2012-08-16 10:36   
Poked at changelogs and try to understand why this would fail but I wasn't able to.

If someone can reproduce please provide more information.
(0002938)
fdurand   
2012-08-16 10:46   
Error: Package: freeradius-mysql-2.1.12-1.el6.x86_64 (@PacketFence)
           Requires: freeradius = 2.1.12-1.el6
           Removing: freeradius-2.1.12-1.el6.x86_64 (@PacketFence)
               freeradius = 2.1.12-1.el6
           Updated By: freeradius-2.1.12-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.12-3.el6
           Available: freeradius-2.1.9-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.9-3.el6
           Available: freeradius-2.1.10-5.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.10-5.el6
Error: Package: freeradius-perl-2.1.12-1.el6.x86_64 (@PacketFence)
           Requires: freeradius = 2.1.12-1.el6
           Removing: freeradius-2.1.12-1.el6.x86_64 (@PacketFence)
               freeradius = 2.1.12-1.el6
           Updated By: freeradius-2.1.12-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.12-3.el6
           Available: freeradius-2.1.9-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.9-3.el6
           Available: freeradius-2.1.10-5.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.10-5.el6
Error: Package: freeradius-utils-2.1.12-1.el6.x86_64 (@PacketFence)
           Requires: freeradius = 2.1.12-1.el6
           Removing: freeradius-2.1.12-1.el6.x86_64 (@PacketFence)
               freeradius = 2.1.12-1.el6
           Updated By: freeradius-2.1.12-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.12-3.el6
           Available: freeradius-2.1.9-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.9-3.el6
           Available: freeradius-2.1.10-5.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.10-5.el6
Error: Package: freeradius-ldap-2.1.12-1.el6.x86_64 (@PacketFence)
           Requires: freeradius = 2.1.12-1.el6
           Removing: freeradius-2.1.12-1.el6.x86_64 (@PacketFence)
               freeradius = 2.1.12-1.el6
           Updated By: freeradius-2.1.12-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.12-3.el6
           Available: freeradius-2.1.9-3.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.9-3.el6
           Available: freeradius-2.1.10-5.el6.x86_64 (rhel-x86_64-server-6)
               freeradius = 2.1.10-5.el6
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
(0002941)
obilodeau   
2012-08-16 12:59   
Looked at the SPEC file from SRPM and didn't find anything related to -mysql,-perl and all removed or with specific deps.

Also, putting them in a separate repository makes little sense to me.. I wonder what's going on.
(0003249)
fgaudreault   
2012-10-26 15:51   
We have FR 2.2.0 packages now.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1220 [PacketFence] web admin minor always 2011-05-24 11:33 2012-10-26 15:26
Reporter: cactus-jake Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 2.2.0  
Product Build: Resolution: unable to reproduce  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Violation Page changes description format
Description: After I delete a line on the Violations Page, the Description column displays the violation number rather than the violation description. It displays correctly after I stop editing.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003236)
fgaudreault   
2012-10-24 09:59   
Can you give us a little more detail. I don't see how to reproduce.
(0003248)
fgaudreault   
2012-10-26 15:25   
Cannot reproduce. Reopen if you have more details.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1573 [PacketFence] configuration block always 2012-10-22 09:48 2012-10-25 16:48
Reporter: fgaudreault Platform:  
Assigned To: fdurand OS:  
Priority: immediate OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: packetfence-suid package is not copied properly, wrong arch in wrong repo
Description: The configurator from devel is not listing all the daemons when it's time to start PF. It also crash with error :

Error! Unidentified error see server side logs for details.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003214)
fgaudreault   
2012-10-22 09:49   
Related to a missing package:

Oct 22 09:46:51 pfappserver_server.pl(0) ERROR: Can't exec "/usr/local/pf/bin/pfcmd": No such file or directory at /usr/local/pf/lib/pf/util.pm line 864.
 (pfappserver::__ANON__)
Oct 22 09:46:51 pfappserver_server.pl(0) WARN: Problem trying to run command: /usr/local/pf/bin/pfcmd service pf start 2>&1 called from pfappserver::Model::Services::start. OS Error: No such file or directory (pf::util::pf_run)
Oct 22 09:46:51 pfappserver_server.pl(0) ERROR: Use of uninitialized value $result in concatenation (.) or string at /usr/local/pf/html/pfappserver/script/../lib/pfappserver/Model/Services.pm line 34.
 (pfappserver::__ANON__)
Oct 22 09:46:51 pfappserver_server.pl(0) INFO: Request took 0.016783s (59.584/s)
(0003215)
fgaudreault   
2012-10-22 09:53   
Found the issue, but the package packetfence-suid is not properly copied to the repos. I will assign someone to check.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1434 [PacketFence] packaging minor always 2012-04-27 16:22 2012-10-24 15:10
Reporter: obilodeau Platform: Linux  
Assigned To: fgaudreault OS: Debian  
Priority: normal OS Version: 6  
Status: resolved Product Version: 3.3.2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: debian packages don't build the translations .mo files
Description: On your first install it's ok because installer.pl does it for you.

On your upgrades, as a work-around, you can re-run the installer to regenerate them or do:

/usr/bin/msgfmt conf/locale/<lang>/LC_MESSAGES/packetfence.po
mv packetfence.mo conf/locale/<lang>/LC_MESSAGES/


for the locale you use
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003147)
fgaudreault   
2012-10-19 12:02   
No sure about the status of this bug, can someone tell me?
(0003148)
fgaudreault   
2012-10-19 12:03   
Reminder sent to:: dwuelfrath, fdurand
Are you aware of this?
(0003241)
fdurand   
2012-10-24 15:08   
Done in devel





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1555 [PacketFence] web admin minor always 2012-09-19 15:33 2012-10-24 12:24
Reporter: mada Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: confirmed Product Version: 3.5.1  
Product Build: Resolution: reopened  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.6.1  
fixed in git revision: 0fa41aae771a1e655f92515ed641c2ccc76f5a0a
fixed in mtn revision:
Summary: Violations that have been deleted are selectable from PF::Violation::Add or PF::Violation::Edit
Description: After deleting a few custom violations (and restarting the PacketFence server) the deleted violations are still selectable options in the PF::Violation::Add "Identifier" dropdown box and in the PF::Violation::Edit "Description" dropdown box. The custom violations no longer show up in the "Configuration -> Violations" menu.

Ex:
-From the webadmin, created violation with Identifier 7100001 and description "Test"
-Restarted PacketFence services
-Applied violation to node using PF::Violation::Add (Violation tab -> Add tab from webadmin)
-Closed violation and deleted the record in the webadmin Violation tab
-Deleted the violation from the "Configuration -> Violations" tab
-Confirmed that neither conf/violations.conf nor the webadmin "Configuration -> Violations" tab showed the violation anymore
-Restarted the PacketFence server (hard restart)

From there, conf/violations.conf and the webadmin "Configuration -> Violations" tab continue to show that the custom violation no longer exists. However, by going to the "Violation -> View" tab, editing an existing violation and choosing the "Description" dropdown OR going to the "Violation -> Add" tab and choosing the "Identifier" dropdown the custom violation is still selectable.
Steps To Reproduce:
Additional Information:
Attached Files: packetfence.log (136,305) 2012-09-20 11:40
https://www.packetfence.org/bugs/file_download.php?file_id=163&type=bug
Notes
(0003081)
fgaudreault   
2012-09-20 07:33   
Log out the UI and log back in. You won't see them anymore.
(0003082)
mada   
2012-09-20 08:52   
I've tried:
-Logging out
-Closing the browser entirely
-Flushing the browsers cache
-Using a different browser
-Using a different system

And the entries still appear.
(0003083)
fgaudreault   
2012-09-20 08:57   
try:
- pfcmd reload violation
- log off
- log on
(0003084)
mada   
2012-09-20 09:05   
Gave 'pfcmd reload violations' a shot then retried the 5 steps in my previous note, the deleted entries are still there.
(0003087)
obilodeau   
2012-09-20 10:57   
Wow, if this is a regression I think it was introduced a long time ago and I'm actually surprised that we weren't bitten by this earlier..

Grepping the code history it looks it never worked. class_delete or class_cleanup where never really called. I remember tweaking some startup code but not sure if it was related and not able to find it.

Can you crank up the logs in conf/log.conf to TRACE and do a pfcmd reload violations. Then attach the log here. I'll see if I'm missing something.
(0003088)
mada   
2012-09-20 11:45   
Sure thing, the log's attached. (I cleaned it up a bit, just the DHCP info.)

----
(Also fixed the
Sep 20 11:34:18 pfcmd(27110) ERROR: attempt to add existing trigger 806 806 [os] (pf::trigger::trigger_add)
error - just had the trigger in there twice, as it says.)
(0003173)
fgaudreault   
2012-10-19 13:45   
We need to try reproducing this in the lab. Transfered to the investigate queue.
(0003219)
fgaudreault   
2012-10-22 14:48   
Confirmed Bug, the violation is still available when doing a violation add. Reproduced in the lab using 3.6.0-devel.

I remember that we had another report about the violation reload not being agressive enough. The database is not flushed properly when you delete a violation. I'll check to see if it's a simple fix.
(0003220)
fgaudreault   
2012-10-22 15:00   
Will implement a class_flush sub in pf/class.pm. When we will reload the violations.conf file, we will flush the class table first, before flushing the trigger table.

It will be a bit slower for people having hundreds of violations, but that should fix the issue.
(0003221)
fgaudreault   
2012-10-22 15:18   
Fixed in devel. Will be part of 3.6.0.
(0003240)
fgaudreault   
2012-10-24 11:44   
I guess it's a big oops to myself. Naively, I did a delete from class when you reload the violations. The problem, there is a ON DELETE CASCADE on the violation IDs. So when you drop the class, it also wipe the violation table. Not good!

I will revert the fix, and think a bit more.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
549 [PacketFence] web admin minor always 2009-01-23 16:20 2012-10-24 10:43
Reporter: 94jaccha95107 Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: lookup node should allow looking up incomplete MACs just like filter does
Description: when searching for 'a5:09' using the filter in the node -> view tab, I can see 1 node.
when searching for 'a5:09' using the node -> lookup tab, I see nothing.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001038)
user4   
2009-01-26 07:45   
This is the supposed behavior ! The filter in the node pages does a substring search on all fields of the node table. The lookup node, on the other hand, expects a complete MAC address as its input
(0001381)
obilodeau   
2009-10-30 15:58   
re-opened and assigned to myself

lets fix that, its not really normal to be inconsistent like that
(0003208)
fgaudreault   
2012-10-19 15:04   
Let's try to reproduce, I would be surprised that this hasn't been fixed.
(0003239)
fgaudreault   
2012-10-24 10:43   
Not a bug. The lookup function is really to check the status of a specific mac address, not search. Won't fix.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1373 [PacketFence] core major random 2012-01-31 14:43 2012-10-24 10:39
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Non-Alphanumeric chars will make Disconnect-Message Fail
Description: Seeing on a client server, the shared secret was containing the following chars:
- @ $

It made the RADIUS dynauth unusable, PF was complaining about a bad secret, when it was working fine using radclient.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002562)
obilodeau   
2012-01-31 14:50   
Almost everything parsed by Config::IniFiles is affected by this. not only radius dyn-auth.

From what I recall SNMP communities, telnet usernames or passwords are also affected...

This lasted long enough! You time is over nasty bug! I'm coming at you!
(0003096)
obilodeau   
2012-09-25 22:43   
I just re-checked the CoA code and I don't see why these would cause failures. They are never interpolated.

Did you confirm that the conf/switches.conf file had the proper stuff in it? Because before we were bad at saving $,@,... from the web admin but that was fixed lately. Editing conf/switches.conf by hand always worked.

If you did validate that conf/switches.conf was correct, it could well be a library issue unfortunately... We use Net::Radius::Packet we should probably check its changelog from time to time (or maybe even report the bug).
(0003238)
fgaudreault   
2012-10-24 10:39   
Deauth worked fine with - @ or $.

The issue might have been something else then. Marked as resolved.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1423 [PacketFence] inline minor random 2012-04-16 11:24 2012-10-24 09:58
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Weird behavior with DNS and connection tracking in inline enforcement
Description: Sometimes DNS is still blackholed even if the mark on the inline node was removed. Looking at the firewall you see no reason why the DNS would be still handled that way but a pcap reveals that it actually still does. This happens for a couple of minutes and then DNS is NATed to the right destination properly again.

We think it's an UDP connection tracking issue and that clients that don't change their source port for every DNS query are more affected than others as they are in the conntrack table. An old CentOS 5.2 client exhibited that behavior while most other OS tested properly changed its source port (OSX, Windows, Fedora, Android, iOS). We had problems with OSX once but weren't able to reproduce reliably.

We are not really 100% sure it's related to connection tracking at this point since it worked fine on some lab servers but didn't on others and they are very similar (same OS but kernel version differs).

Since our latest tests showed it working on all the above mentionned OS, we are giving this a low priority but giving us solid reproducible cases will increase bug's priority. It is too random for us right now to sanely track.

What we think we'll do in the future is either disable or aggressively reduce the UDP tracking timers for DNS traffic (if that's even possible) or integrate with the conntrack-tools to kill any active conntrack session when a node is changed state. This requires an additional dependency (unpackaged in CentOS5 at this point) so it will need to be evaluated or bring enough value to warrant it.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002649)
obilodeau   
2012-04-17 10:56   
(edited on: 2012-04-17 10:58)
For the record, connection tracking variables for UDP are located here: /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout*

Turning these down to 0 and trying again with a client that re-uses source ports (like the CentOS 5.2 we tried) would be a good way to confirm or deny that the problem is connection tracking related after all.

Unfortunately we know that it's not going to be an acceptable fix since we NAT through in inline enforcement and it would break UDP-based applications (like Skype).
(0003150)
fgaudreault   
2012-10-19 12:08   
Reminder sent to:: fdurand
Is this fixed with the ipset feature?
(0003164)
fdurand   
2012-10-19 12:58   
Yes this is fixed with ipset feature
(0003235)
fgaudreault   
2012-10-24 09:58   
Fixed with the ipset feature that will be released in 3.6.0.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1584 [PacketFence] configuration minor always 2012-10-22 16:46 2012-10-24 09:55
Reporter: fgaudreault Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision: fc6e7265f5b1ed2fb7908920af20dc1f33d1d061
fixed in mtn revision:
Summary: Having an inline network if you define an inline interface should be enforced
Description: When you define an inline interface in pf.conf, pfcmd checkup should make sure you have one inline subnet defined in networks.conf.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003234)
fgaudreault   
2012-10-24 09:55   
Fixed in commit fc6e7265f5b1ed2fb7908920af20dc1f33d1d061





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1318 [PacketFence] upstream minor sometimes 2011-10-21 13:25 2012-10-24 09:53
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: 802.1X Machine Authentication won't work with Samba 3.6
Description: This is a tracking ticket for the upstream issue about Samba 3.6.

Full details are here:
https://lists.samba.org/archive/samba/2011-September/163991.html [^]
Steps To Reproduce:
Additional Information: You will have this output in radiusd -X :
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: host/cadm-spare5.csdesiles.qc.ca
[mschap] Told to do MS-CHAPv2 for host/cadm-spare5.csdesiles.qc.ca with NT-Password
[mschap] expand: --username=%{mschap:User-Name} -> --username=cadm-spare5$
[mschap] mschap2: c8
[mschap] Creating challenge hash with username: host/cadm-spare5.csdesiles.qc.ca
[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=6cf0087e16755e14
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=cbbd1ed99417f0399e7e3d7bd07212e5314170a8f86fe631
Exec-Program output: No logon workstation trust account (0xc0000199)
Exec-Program-Wait: plaintext: No logon workstation trust account (0xc0000199)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
Attached Files:
Notes
(0003158)
fgaudreault   
2012-10-19 12:45   
We should see if it's fixed upstream.
(0003233)
fgaudreault   
2012-10-24 09:53   
Fixed upstream. I cannot reproduce with the latest samba 3.6 packages.

Use Samba 3.6.8 or later.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1574 [PacketFence] configuration block always 2012-10-22 10:00 2012-10-24 09:37
Reporter: fgaudreault Platform:  
Assigned To: dwuelfrath OS:  
Priority: immediate OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: minor fix      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision: c7505cd27ad5d81eed8dc227dc0d274b45aa1f2a
fixed in mtn revision:
Summary: Configurator should report success or failure of the MySQL start
Description: We should be able to see if MySQL has been properly started or not on the configurator.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1578 [PacketFence] configuration block always 2012-10-22 12:37 2012-10-23 14:47
Reporter: fgaudreault Platform:  
Assigned To: dwuelfrath OS:  
Priority: immediate OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision: 51afba3057e3b01c55f33f16f915249e74410ed3
fixed in mtn revision:
Summary: Configurator appears to create the pf.conf with wrong privileges
Description: Using the configurator, the permissions for pf.conf are not right.

-rw------- 1 root root 310 Oct 22 12:03 pf.conf

It breaks a lot of stuff.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003231)
dwuelfrath   
2012-10-23 14:47   
-rw-r--r-- 1 root root 235 Oct 23 14:41 pf.conf





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1334 [PacketFence] configuration minor always 2011-11-15 08:40 2012-10-23 14:38
Reporter: qzx Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Routed mode DNS entry duplication in iptables
Description: During launch packetfence generates the iptables rules before sending them to iptables. During this generation it goes through all the routed networks managed by packetfence. In my case I have 300 routed networks, all of them need to be defined with DNS so that clients also get the address via DHCP. For all my networks the name servers are the same; however packetfence generates 300(*2) lines in iptables to allow domain lookup from the internet. Instead of only allowing each permitted nameserver once.
Steps To Reproduce:
Additional Information: I had this sorted alright in the beta before upgrading to 3.0.1 release, but it was a very sloppy hack to verify the DNS ips for each network and omitting the line if it matched.
Attached Files: iptables.conf (131,248) 2011-11-16 07:42
https://www.packetfence.org/bugs/file_download.php?file_id=122&type=bug
Notes
(0002443)
obilodeau   
2011-11-15 09:02   
Can you post your iptables config? The generated iptables config is in /usr/local/pf/var/conf/iptables.conf.
(0002446)
qzx   
2011-11-16 07:47   
I've uploaded the iptables.conf as it used to look like. I have modified the iptables template configuration file to be more efficient and include the necessary rules.

This one looks like it used to but is not directly generated by the iptables library. This could probably be solved with a slight modification of /usr/local/pf/lib/pf/iptables.pm I reckon. Empty hash, attempt to match dns statement to hash, add it if it doesn't match, ignore if it does; generate forward rules after processing all routed networks in network configuration?
(0003230)
fgaudreault   
2012-10-23 14:38   
This was fixed at some point. I cannot reproduced using 3.6.0-devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1580 [PacketFence] core major always 2012-10-22 13:13 2012-10-23 13:52
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: high OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision: 99922982bed054b648105eb2b91ad370065fd00e
fixed in mtn revision:
Summary: RADIUS Inline and Logging
Description: When using the RADIUS inline feature, the logs says it returned the normalVlan instead of the Inline VLAN. However, I get the Inline VLAN.

Example:
Oct 22 13:11:25 pf::WebAPI(4602) INFO: handling radius autz request: from switch_ip => 10.0.0.24, connection_type => Wireless-802.11-EAP mac => 00:1b:b1:8b:82:13, port => 1, username => test (pf::radius::authorize)
Oct 22 13:11:26 pf::WebAPI(4602) INFO: MAC: 00:1b:b1:8b:82:13, PID: bleh, Status: reg. Returned VLAN: 10 (pf::vlan::fetchVlanForNode)
Oct 22 13:11:26 pf::WebAPI(4602) INFO: Inline trigger match, the node is in inline mode, returning Access-Accept (pf::radius::authorize)
Oct 22 13:11:26 pf::WebAPI(4602) WARN: Role-based Network Access Control is not supported on network device type pf::SNMP::Ruckus. (pf::SNMP::supportsRoleBasedEnforcement)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003229)
fgaudreault   
2012-10-23 11:20   
(edited on: 2012-10-23 11:31)
This has been reworked.

See commit a79da72129b9d68b7cb8028680db6606ec0783c8





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1583 [PacketFence] core major always 2012-10-22 16:02 2012-10-23 09:13
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: high OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Passthrough no longer working
Description: I believe this have been caused by the mod_perl rework. The passthroughs URLs are no longer working.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003227)
fgaudreault   
2012-10-23 09:13   
Configuration issue on the test server. Disregard!





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1566 [PacketFence] packaging tweak N/A 2012-10-02 11:34 2012-10-23 08:55
Reporter: fgaudreault Platform:  
Assigned To: fdurand OS:  
Priority: low OS Version:  
Status: resolved Product Version: 3.5.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.6.0  
fixed in git revision: d7a5263358df56b455760577a7fda5660b0377fc
fixed in mtn revision:
Summary: Missing condrestart in the Debian init script
Description: Reported on the Mailing List:

The /etc/logrotate.d/packetfence file installed by the Debian package calls /etc/init.d/packetfence with the 'condrestart' parameter, but that parameter doesn't exist in the version of the init script installed by the Debian package, which is different to the version in the root of the source tree which does contain that parameter as a valid option.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003224)
fdurand   
2012-10-22 15:46   
Fixed in devel





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1581 [PacketFence] core block always 2012-10-22 13:17 2012-10-22 16:45
Reporter: fgaudreault Platform:  
Assigned To: fdurand OS:  
Priority: immediate OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Inline mode appears to be broken
Description: Tested using the RADIUS inline, my node is registered in PF, but I still get to the portal. In fact, the ipset sessions doesn't print.

I am on CentOS 6.3

Oct 22 13:16:20 redir.cgi(0) INFO: re-evaluating access for node 00:1b:b1:8b:82:13 (redir.cgi called) (pf::enforcement::reevaluate_access)
Oct 22 13:16:20 redir.cgi(0) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique)
Oct 22 13:16:23 pfsetvlan(24) INFO: local (127.0.0.1) trap for switch 127.0.0.1 (main::parseTrap)
Oct 22 13:16:23 pfsetvlan(7) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Oct 22 13:16:23 pfsetvlan(7) INFO: firewallRequest trap received for inline client: 00:1b:b1:8b:82:13. Modifying firewall. (main::handleTrap)
Oct 22 13:16:23 pfsetvlan(7) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique)
Oct 22 13:16:23 pfsetvlan(7) INFO: MAC: 00:1b:b1:8b:82:13 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement)
Oct 22 13:16:23 pfsetvlan(7) INFO: finished (main::cleanupAfterThread)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003226)
fgaudreault   
2012-10-22 16:45   
It was a configuration issue. However, the checkup should have catch that. Will open another bug with lower priority.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1275 [PacketFence] core minor always 2011-09-22 11:15 2012-10-22 16:01
Reporter: dwuelfrath Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.0.0  
Product Build: Resolution: unable to reproduce  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: httpd fail to start using passthrough=proxy
Description: using passthrough=proxy in pf.conf without passthrough section will break httpd startup

should add a check in checkup.pm
Steps To Reproduce:
Additional Information: Can't use string ("0") as a HASH ref while "strict refs" in use at
        /usr/local/pf/lib/pf/services/apache.pm line 302 (0000001)
    (F) Only hard references are allowed by "strict refs". Symbolic
    references are disallowed. See perlref.
    
Uncaught exception from user code:
        Can't use string ("0") as a HASH ref while "strict refs" in use at /usr/local/pf/lib/pf/services/apache.pm line 302.
Attached Files:
Notes
(0002299)
obilodeau   
2011-09-27 13:06   
reproducible even with a [passthroughs] section
(0003172)
fgaudreault   
2012-10-19 13:41   
Reminder sent to:: dwuelfrath
This has been fixed right?
(0003225)
fgaudreault   
2012-10-22 16:01   
Cannot reproduce using 3.6.0. However, we have another issue with passthroughs. I will open a new ticket.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1442 [PacketFence] core minor sometimes 2012-05-04 14:21 2012-10-22 15:41
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.3.2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision: 1644ef2ea94f4138b045c8c95051e440eba7da77
fixed in mtn revision:
Summary: Checkup of roles syntax is failing
Description: If the role or the category name contains a dash in it, the checkup will return a warning.

We should see which chars are not included in the \w regexp parameter.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003144)
fgaudreault   
2012-10-19 11:59   
I think this has been fixed... will doublecheck. Target as investigate.
(0003223)
fgaudreault   
2012-10-22 15:26   
Reproduced in the lab.

Checking configuration sanity...
WARNING - switches.conf | Roles parameter (test-test=patate;test2=patate2) is badly formatted for switch 10.0.0.24. It should be: <category_name1>=<controller_role1>;<category_name2>=<controller_role2>;...

Targetting 3.6.0.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1415 [PacketFence] core minor have not tried 2012-04-05 11:28 2012-10-22 15:24
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Potential issue when reloading violations
Description: It appears that when you reload the violations using pfcmd, the old violations are not deleted from the table, it only updates the actual violations that are in the violations.conf.

To reproduce:
nsert into class (vid,description) values ('31337','h@x0r');
insert into action values (31337,'email');
pfcmd reload violations
select * from action where vid=31337;
+-------+--------+
| vid | action |
+-------+--------+
| 31337 | email |
+-------+--------+

I did not try to reproduce it in lab yet.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003222)
fgaudreault   
2012-10-22 15:21   
Duplicate of 0001555





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1506 [PacketFence] configuration trivial always 2012-08-07 17:53 2012-10-22 13:04
Reporter: Ondaje Platform:  
Assigned To: fdurand OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision: 5083b422602f08e103dcb152db1d5f845525a5f5
fixed in mtn revision:
Summary: Packetfence's configurator port should be configurable (and changed from 3000 to 1444)
Description: After installing PacketFence onto a debian box that already had Ntop installed, I am unable to access the PacketFence web configurator, hence unable to use PacketFence.

Ntop uses port 3000 just like Catalyst's development server default port.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002914)
fdurand   
2012-08-07 18:24   
To change the default port 3000 to 3001, in the pfappserver init script change _start function like that:

_start() {
  iptables -I INPUT -p tcp --dport 3001 -j ACCEPT
  start-stop-daemon --start --port 3001 --quiet --pidfile $PIDFILE -m --chdir $APPDIR \
    ${USER:+"--chuid"} $USER ${GROUP:+"--group"} $GROUP --background \
    --startas $APPDIR/script/${UNIXNAME}_server.pl
(0002915)
Ondaje   
2012-08-07 18:55   
Hmm. When i run service pfappserver restart, it fails to start. Any way to view the error?
(0002917)
obilodeau   
2012-08-08 08:51   
Updated title, description and triaged.
(0002920)
fdurand   
2012-08-08 09:22   
Sorry for the mistake

_start() {
  iptables -I INPUT -p tcp --dport 3001 -j ACCEPT
  start-stop-daemon --start --quiet --pidfile $PIDFILE -m --chdir $APPDIR \
    ${USER:+"--chuid"} $USER ${GROUP:+"--group"} $GROUP --background \
    --startas $APPDIR/script/${UNIXNAME}_server.pl -- -p 3001
(0002922)
Ondaje   
2012-08-08 11:30   
That fixed it! Thanks!
(0003177)
fgaudreault   
2012-10-19 13:50   
Target for 3.6.0.
(0003218)
fgaudreault   
2012-10-22 13:04   
Fixed in commit 5083b422602f08e103dcb152db1d5f845525a5f5





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1576 [PacketFence] radius block always 2012-10-22 11:46 2012-10-22 12:01
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: immediate OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: radutmp should be disabled
Description: we don't need that, we should disable the radutmp module in the accounting section.

Error: rlm_radutmp: Error accessing file /usr/local/pf/logs/radutmp: No such file or directory
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003217)
fgaudreault   
2012-10-22 12:01   
Fixed in commit 0561093bd166138ce62419afafa7f9676f7a0050





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1575 [PacketFence] error-handling block always 2012-10-22 11:19 2012-10-22 11:40
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: immediate OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Insecure dependency on service restart
Description: When restarting service with pfcmd, we receive this error:
Insecure dependency in sprintf while running with -T switch at /usr/local/pf/lib/pf/services.pm line 170.

We need to fix this for 3.6.0, this is an annoying error message.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003216)
fgaudreault   
2012-10-22 11:40   
Added :
#Untaint Daemon
    $daemon =~ /^(.*)$/;
    $daemon = $1;

In lib/pf/services.pm.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1561 [PacketFence] configuration minor always 2012-09-29 15:56 2012-10-19 16:05
Reporter: candlerb Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: PFCMD networkconfig delete "Insecure dependency" error
Description: When deleting a network through the GUI:

---
Error: Problems executing 'PFCMD networkconfig delete 10.1.254.0'

Insecure dependency in sysopen while running setgid at
/usr/share/perl5/File/Temp.pm line 513.
---

This is pf 3.5.1 under CentOS 6.3
Steps To Reproduce:
Additional Information: WORKAROUND:

Go to a root shell and execute the command there.

cd /usr/local/pf
bin/pfcmd networkconfig delete 10.1.254.0
Attached Files:
Notes
(0003124)
fgaudreault   
2012-10-19 11:06   
(edited on: 2012-10-19 11:06)
Wondering if this is fixed with perl-suid... will target to 3.6.0
(0003213)
fgaudreault   
2012-10-19 16:05   
Confirmed. Fixed with perl-suid.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1553 [PacketFence] doc minor have not tried 2012-09-18 15:28 2012-10-19 15:51
Reporter: dwuelfrath Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Documentation presentation in PacketFence Administration Guide
Description: Looks like the rendering of the documentation messed up the presentation of this one.
Steps To Reproduce:
Additional Information: http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Administration_Guide-3.5.1.pdf [^] page 42.
Attached Files:
Notes
(0003130)
fgaudreault   
2012-10-19 11:19   
Targetted for 3.6.0.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1450 [PacketFence] upstream minor have not tried 2012-05-11 08:43 2012-10-19 15:51
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version: 3.3.2  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Avaya software 6.2.4 potential regressions
Description: This ticket is to track a potential regression issue with Avaya 5520/5510s using the 6.2.4 software and port-security

If the switch is stacked, it looks like the switch is sending the security trap using the wrong ifIndex.

We did not reproduce this in our lab so far (we do not have a 5510/5520). If someone has more info about this or would like to test, please feed this ticket :)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003143)
fgaudreault   
2012-10-19 11:57   
Should write a POD entry in the module, and mark the bug as resolved.

Will target for 3.6.0.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
703 [PacketFence] core feature have not tried 2009-06-03 09:16 2012-10-19 15:16
Reporter: 94jaccha95107 Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: ifDesc instead of ifIndex
Description: allow the usage / display of ifDesc in addition to ifIndex
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003155)
fgaudreault   
2012-10-19 12:32   
Dupe of 0001054





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1120 [PacketFence] core feature N/A 2010-11-17 14:26 2012-10-19 15:15
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: node import support for more input fields
Description: the ability to assign the following fields when importing nodes would be important:
- categories
- pid
- notes
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003163)
fgaudreault   
2012-10-19 12:57   
Dupe ticket.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1171 [PacketFence] captive portal feature N/A 2011-02-02 16:49 2012-10-19 15:15
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: authentication::radius should support "encrypted" RADIUS authentication
Description: Right now our authentication::radius module seems to be doing only plaintext password checking. RADIUS supports other means which are encrypted*.

We rely on Authen::Radius for RADIUS Authentication but we would probably need to find a better client module that supports CHAP. Then again it might be something that is negotiated at the server side then we should try to make it work and document how to do it.

It was requested on the mailing list.

*: the means are considered insecure but it's better than to see cleartext passwords in freeradius' debug output
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003167)
fgaudreault   
2012-10-19 13:03   
Let's wait on RADSEC.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
919 [PacketFence] core feature N/A 2010-02-25 11:08 2012-10-19 15:15
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: include connection_type in relevant reports
Description: some reports would benefit of the new connection_type field, I should look at incorporate it
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001994)
fgaudreault   
2011-03-25 13:20   
Since we created custom reports especially for connection type, should we close this bug?
(0003183)
fgaudreault   
2012-10-19 14:07   
Use the connection_type report.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
587 [PacketFence] core feature always 2009-02-12 07:13 2012-10-19 15:15
Reporter: maikel Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: vlan_named and interface types registration and isolation
Description: If pf generates the named.conf files, it parses the templates. It would be nicer if the template doesn't need to be altered, eg, that it also gets the correct ip out of pf.conf. But due to the removal of type=registration in the interface stub, it cannot be parsed in an efficient way in services.pm
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001099)
user4   
2009-02-12 07:15   
I absolutely agree with you on this. It already was in my todo list :-)
(0003184)
fgaudreault   
2012-10-19 14:10   
Old and no more relevant.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
799 [PacketFence] configuration minor N/A 2009-09-14 16:57 2012-10-19 15:15
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Expose visitor cleanup as a pfcmd command instead of asking users to run SQL straight to the db
Description: For consistency, we should always expose our software's capability through our pfcmd and web interfaces. Raw SQL on the db is not the way to go.

Unfortunately, right now, to de-register all visitors at night, one must do something like:
mysql -u $DB_USER -p$DB_PWD $DB_NAME -e "update node set status='unreg' where pid='visitor';"

We should have something in pfcmd to do that. (Maybe we already have?)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001422)
obilodeau   
2009-11-30 15:37   
check for the various ways to expire nodes in pf.conf.defaults or documentation.conf
(0001423)
obilodeau   
2009-11-30 15:42   
triaged for 1.8.6
(0001430)
obilodeau   
2009-12-01 11:16   
Need more work and we will probably break config compatibility, moving to 1.9x.
(0001559)
obilodeau   
2010-05-05 17:48   
Now that we have node categories, we could look into doing per-category node expiration or something similar.

Marked as a feature and re-targeted for 1.10.x
(0003186)
fgaudreault   
2012-10-19 14:12   
Use unregdate.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1458 [PacketFence] configuration feature N/A 2012-06-04 12:35 2012-10-19 15:14
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: networks.conf: add a type none or skip
Description: This would allow users to have networks.conf with all their network in it and don't have inconsistent dhcp / dns configuration because they section is incomplete.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003140)
fgaudreault   
2012-10-19 11:54   
No sure to understand the use case. Will close it.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1436 [PacketFence] performance minor random 2012-04-30 11:58 2012-10-19 15:14
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Web Admin's status and node pages are slower since upgrade from 1.9.0
Description: Not sure why. need to profile.

Reported by customer.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003146)
fgaudreault   
2012-10-19 12:02   
I bet it was accounting query.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1279 [PacketFence] core minor unable to reproduce 2011-09-23 13:40 2012-10-19 15:14
Reporter: dwuelfrath Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.0.0  
Product Build: Resolution: unable to reproduce  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: iptables.bak unable to restore on shutdown due to 1 service still running
Description: pfdhcplistener seems to hang on shutdown and the services doesn't stop.
Steps To Reproduce:
Additional Information: Sep 23 13:34:43 pfcmd(18458) INFO: pidof -x pfdhcplistener returned 16415 (pf::services::service_ctl)
Sep 23 13:34:43 pfcmd(18458) INFO: /usr/local/pf/sbin/pfmon status (pf::services::service_ctl)
Sep 23 13:34:43 pfcmd(18458) INFO: pidof -x pfmon returned 0 (pf::services::service_ctl)
Sep 23 13:34:43 pfcmd(18458) ERROR: Even though 'service pf stop' was called, there are still 1 services running. Can't restore iptables from var/iptables.bak (main::service)
Attached Files:
Notes
(0002292)
obilodeau   
2011-09-26 09:43   
Any idea how to reproduce? Is the pfdhcplistener hanging is the one on the inline interface?
(0002313)
dwuelfrath   
2011-10-05 14:03   
Nothing seems strange in the differents pfdhcplistener log files...
(0002322)
obilodeau   
2011-10-06 10:17   
Marking as unable to reproduce. We need to be able to reproduce. Anyone experiencing this please give instructions to reproduce.
(0003160)
fgaudreault   
2012-10-19 12:51   
Cannot reproduce.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1367 [PacketFence] captive portal minor random 2012-01-18 15:20 2012-10-19 15:13
Reporter: fgaudreault Platform:  
Assigned To: francis OS:  
Priority: low OS Version:  
Status: resolved Product Version: 3.1.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Javascript error using IE 8
Description: When hitting the portal using IE 8, we see a javascript error. The portal still works tho :

Message: Object expected
Line: 22
Char: 1
Code: 0
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003157)
fgaudreault   
2012-10-19 12:36   
Reminder sent to:: francis
I think we fixed this, did we?
(0003162)
francis   
2012-10-19 12:56   
I can't reproduce it.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1332 [PacketFence] web admin feature always 2011-11-09 12:54 2012-10-19 15:12
Reporter: packetfence4me Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: devel  
fixed in git revision:
fixed in mtn revision:
Summary: Request to Edit node details under unregistered report
Description: I would be beneficial to our organization to have the ability to edit the node details from within the status/unregistered report. This way when a report is run and when a device that is found needs to be registered, it can be done from that report view.
Steps To Reproduce:
Additional Information: I've enabled this through the modification of both the html/admin/status/reports.php file and the html/admin/common.php file.

The reports.php I just enabled editable, I've attached the common.php which has more mods
Attached Files: common.php (55,066) 2011-11-09 12:54
https://www.packetfence.org/bugs/file_download.php?file_id=121&type=bug
Notes
(0003190)
fgaudreault   
2012-10-19 14:20   
Old ticket. Please re-open if you still need this.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
988 [PacketFence] configuration feature N/A 2010-05-14 17:22 2012-10-19 15:07
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 1.9.3  
fixed in git revision:
fixed in mtn revision:
Summary: modification to pf.conf to allow the conf/ directory to be automatically synced
Description: When we need high-availability we have to move files over a lot. All of them are identical except pf.conf because of the primary IP of the admin interface.

Either get rid of this requirement or autodetect it.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001588)
obilodeau   
2010-06-30 16:07   
re-targeted since I haven't had a new deployment opportunity to try out a new HA layout
(0003212)
fgaudreault   
2012-10-19 15:07   
Use RSYNC.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1022 [PacketFence] configuration feature N/A 2010-07-01 11:45 2012-10-19 15:06
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 1.9.3  
fixed in git revision:
fixed in mtn revision:
Summary: Improvements in configurator.pl
Description: tasks
- templates should be splitted in modes and modes should be explained (copy of the text in install or admin guide)
- dhcp mode should be covered by templates
- vlan isolation templates improvements
-- questions about routed mode vs spanned-vlans and configure accordingly
-- handle dhcpd and named by default
-- template with registration scanning
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003211)
fgaudreault   
2012-10-19 15:06   
Configurator is no more.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1032 [PacketFence] scanning minor always 2010-07-13 18:07 2012-10-19 15:06
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Interface between nessus and packetfence needs improvement
Description: Right now, we run the CLI nessus client by hand and perform only file existence validation.

Several cases were experimented that we could handle with some regexp and status checking.

Maybe there's an API or another approach that is recommended.

Or, being pragmatic here, maybe we should provide a CLI nessus scan test in addons/ that would exercise the right piece of code and send everything to STDOUT so people can troubleshoot by themselves.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001625)
obilodeau   
2010-08-04 16:21   
baby partial fix in revno bdde42c9bc9852c123a7d7029201ac7645c3ed85 (branch 1.9)
(0003210)
fgaudreault   
2012-10-19 15:06   
That's been fixed using the XML API of Nessus.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
999 [PacketFence] error-handling minor have not tried 2010-05-31 12:43 2012-10-19 15:05
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: routed-mode: dhcpd doesn't start complaining about no listen interfaces
Description: I tried several different things and it's still not working so I am opening a bug so we can give a better error message when this condition is reached.

In pf::util under get_dhcp_devs() when we are about to return an empty list, we should give some diagnostic about how to fix such a situation.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001570)
obilodeau   
2010-05-31 13:08   
Ok, here's the deal: I was trying to do dhcp without a local subnet (only through IP-Helpers) after a bit of googling I found out that dhcpd doesn't like that so I added a new local scope even though I have no plans to use it.

Maybe when we generate the config, if we see that no local dhcp subnet is defined we should die saying you need at least a local one.

Btw, my above hint about "get_dhcp_devs()" is false.
(0001586)
obilodeau   
2010-06-30 14:51   
The admin guide recommends running local VLANs which should prevent the experience of this problem. Because of that, I re-target for 1.9.1.
(0001727)
obilodeau   
2010-10-20 10:39   
changing conf/templates/dhcpd_vlan.conf to:
authoritative;
ddns-update-style none;
ignore client-updates;
local-address 10.10.0.10;

subnet 10.10.0.0 netmask 255.255.255.0 {
}


does the trick for now but this should work out of the box.
(0003209)
fgaudreault   
2012-10-19 15:05   
Fixed recently.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
915 [PacketFence] refactoring minor N/A 2010-02-18 14:01 2012-10-19 14:55
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: hardcoded 'reg' and 'unreg' node status should be refactored into constants
Description: global constants in lib/pf/config.pm
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003204)
fgaudreault   
2012-10-19 14:55   
(edited on: 2012-10-19 14:55)
Dupe of 0000948.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
997 [PacketFence] captive portal feature N/A 2010-05-27 20:19 2012-10-19 14:52
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Have an entity=.. config in pf.conf to represent the business / school / entity and use it in templates
Description: This would simplify customization.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003202)
fgaudreault   
2012-10-19 14:52   
Portal Profiles?





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1005 [PacketFence] captive portal feature N/A 2010-06-07 17:58 2012-10-19 14:51
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: 802.1x and unauthenticated VLAN
Description: This auth combinaison is a way to handle guests without a full-blown NAC like PacketFence. If the client is unable to provide proper credentials, then a specific VLAN is used as a last mean to give access. It is not the same as Cisco's Guest-VLAN feature.

The variant with MAB means that non-capable 802.1x go straight to MAB while 802.1x capable devices that fail to provide valid credential (or successful EAP exchanges) are put in the unauthenticated VLAN. With this in mind, you can clearly see that you can use the captive portal also to remediate misbehaving 802.1x clients (including guests from other 802.1x networks) into a proper config.

So, if configured properly, a registered 802.1x user that is in isolation VLAN would need to be presented with 802.1x instructions (including offering a download of a client) and could be logged.

Modifying the captive portal to support that is trivial but it might not be something that everyone wants so it needs to be considered appropriately.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003201)
fgaudreault   
2012-10-19 14:51   
Custom use case. Using Inline for that VLAN would work.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1045 [PacketFence] upgrade feature N/A 2010-08-09 11:23 2012-10-19 14:48
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: extension points for pf::web and cgi-bin files
Description: These files changes a lot from install to install due to customization. And the RPM upgrade process wipes them clean.

We should provide an extension point ability like we do for pf::vlan and pf::radius (in trunk). And our templates subsystem should be improved to better cope with change and future upgrades.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001735)
obilodeau   
2010-10-27 17:46   
(edited on: 2010-10-27 17:47)
Partially fixed by rev 1ec2e627037b57964da031df09d3b3362969f40b creating a pf::web::custom which allows users to redefine pf::web's subs in there in a clean way.

This new goodness will be available in 1.9.2.
(0003200)
fgaudreault   
2012-10-19 14:48   
web/custom.pm is available since a while.

For the cgi files, I will open a new request.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
947 [PacketFence] packaging minor N/A 2010-04-09 11:23 2012-10-19 14:38
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: dependency cleanup
Description: really strange things are pulled by a packetfence install:

 xorg-x11-filesystem noarch 7.1-2.fc6 base 5.4 k
 xorg-x11-font-utils i386 1:7.1-2 base 75 k
 xorg-x11-fonts-Type1 noarch 7.1-2.1.el5 base 1.5 M
 xorg-x11-xfs i386 1:1.0.2-4 base 68 k

investigate and hopefully get rid of these
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003199)
fgaudreault   
2012-10-19 14:38   
Bof.... I don't really care.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1168 [PacketFence] packaging feature N/A 2011-02-01 09:43 2012-10-19 14:36
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: packetfence-doc package
Description: With the new docbook documentation coming up, building and packaging doc will become important.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003198)
fgaudreault   
2012-10-19 14:36   
Unless we want to provide man pages, just download the doc from the website. Open a feature request if you want manpages.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
844 [PacketFence] refactoring minor have not tried 2009-11-10 17:23 2012-10-19 14:32
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: assigned Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: Catalyst 2950 and 3500XL offer a ping function
Description: less code is less bugs

we offer a ping function in catalyst 2950 and 3500xl modules. At time of this report, no one consumes it.

We should get rid of it.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1178 [PacketFence] core minor always 2011-02-07 10:52 2012-10-19 14:27
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Voice over IP (VoIP) static port-security instead of dynamic for locationlog accuracy and security
Description: Right now, we aim to configure VoIP using dynamic port-security on the voice VLAN. This has a sad side-effect of having the phones not show up in the PacketFence system. Adding to the confusion there's the fact that if an IPT is put there alone some will do untagged traffic, generate a trap then show up in PF..

We should rework VoIP to always handle it with static port-security, have it show up in the secure table and making sure the locationlog is accurate. It will be more consistent across other vendors and will have an inventory benefit.

Will also give us the opportunity to refactor this code (extract into methods, re-indent, simplify ifs, reduce nesting depth, etc.) making it easier to maintain in the future.

Must be done in a major release cycle (trunk).

keywords: IPT, IP Telephony
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002107)
obilodeau   
2011-07-15 08:59   
For Cisco this has been implemented while fixing other issues. Turns out this is a per vendor thing, other vendors would need to be validated.
(0003194)
fgaudreault   
2012-10-19 14:26   
This has been fixed a WAY back ago.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1363 [PacketFence] dhcp minor always 2012-01-10 14:02 2012-10-19 14:17
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: high OS Version:  
Status: assigned Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: investigate  
fixed in git revision:
fixed in mtn revision:
Summary: DHCPd slow startup
Description: Seen in inline mode when there's huge lease files (a lot of devices).
PacketFence can take up to 3 minutes to start due to the slow start up of dhcpd.
Steps To Reproduce:
Additional Information: On startup, after reading the dhcpd.conf file, dhcpd also reads the saved dhcpd.leases file
http://www.qnx.com/developers/docs/6.3.2/neutrino/utilities/d/dhcpd.leases.html [^]

https://lists.isc.org/pipermail/dhcp-users/2006-June/000857.html [^]

https://lists.isc.org/pipermail/dhcp-users/2010-August/011887.html [^]
Attached Files: dhcp.spec (4,756) 2012-01-13 14:23
https://www.packetfence.org/bugs/file_download.php?file_id=128&type=bug
dhcp-4.1.1-9.centos5.x86_64.rpm (1,003,432) 2012-01-17 09:38
https://www.packetfence.org/bugs/file_download.php?file_id=132&type=bug
Notes
(0002536)
dwuelfrath   
2012-01-13 14:23   
Latest packaged version (dhcp-3.0.5-29.el5_7.1): 2min30sec with kinda huge leases files
Latest sources version (dhcp-4.2.3-P2): 30secs with the same leases files
(0002537)
dwuelfrath   
2012-01-13 14:24   
Uploaded .spec file for 4.2.3-P2 package
(0002539)
dwuelfrath   
2012-01-17 09:40   
Due to some kind of problems in the 4.2.3-P2 spec file (can't manage to correctly update the 3.0 dhcp package), we decided to use a previous version which still correct the problem.
Uploaded rpm 4.1.1-9 for centos 5 x64
(0002560)
obilodeau   
2012-01-30 11:01   
Experienced the slow dhcpd restart causing freeradius watchdog to fail because PF took too long to restart radiusd.

I wonder if we should put that rpm in our repo so that it'll be installed by default.
(0002561)
dwuelfrath   
2012-01-30 11:10   
I think it's really something we need to look into.
It's causing problem on a lot of client setups.
(0003188)
fgaudreault   
2012-10-19 14:17   
Need a status on this.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1042 [PacketFence] core feature N/A 2010-07-28 13:03 2012-10-19 14:14
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 1.9.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: autoreg in a category
Description: The violation action autoreg would need to be augmented the ability to assign a category.

One thing I could think of is to change the syntax to: autoreg(phone) so it would assign the phone category on autoregistration.

I don't know how you feel about this suggestion though, maybe it's an opportunity to rethink autoregistration like we said many times.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003187)
fgaudreault   
2012-10-19 14:14   
This can be done using custom code in vlan/custom.pm.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1003 [PacketFence] hardware modules minor have not tried 2010-06-03 10:54 2012-10-19 14:11
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Is it better to do some 'write mem' with port-security
Description: we should think about doing some 'write mem' regularly (every 15 min?) on each switch using port-security. This way we would avoid receiving gazillions of port-security traps when there is a major power outage and many switches reboot at the same time.
Steps To Reproduce:
Additional Information: - make sure that when we write mem, static port-security MAC addresses are saved in the config
- how often should we do that ? every 15, 30 mins
- add this feature to pfmon ?
Attached Files:
Notes
(0003185)
fgaudreault   
2012-10-19 14:11   
Use a cron with the proper addons script. See documentation.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1396 [PacketFence] configuration minor sometimes 2012-03-09 12:37 2012-10-19 14:05
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.5.0  
fixed in git revision:
fixed in mtn revision:
Summary: bond interfaces causes virtual-ip detection to fail
Description: I suspect that Net::Interface doesn't support them..

Maybe it's VLAN interfaces period because the issue was reported on a bond vlan interface (ex: bond0.10).

I'll need to reproduce in the lab.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002610)
obilodeau   
2012-03-09 12:52   
pushed a workaround in 3f948bc: new virtual-ip parameter available under interface configuration.

This will override vip autodetection so in that case you should hardcode it there.
(0003182)
fgaudreault   
2012-10-19 14:05   
Workaround is enough for me. If it's a limitation of the underlaying software, we cannot do much more. Re-open if you think we should investigate more.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1372 [PacketFence] dhcp minor have not tried 2012-01-27 15:59 2012-10-19 14:03
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: confirmed Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: unable to parse DHCP packet: Invalid DHCP Option 53 (Message Type)
Description: here's what's logged:
Jan 27 14:41:39 pfdhcplistener(6609) WARN: Unable to parse DHCP packet: Invalid DHCP Option 53 (Message 
Type) received from 0000f0ab96ea00000000000000000000 at /usr/local/pf/lib/pf/util/dhcp.pm line 169. (main::__ANON__)

Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002622)
dnelson   
2012-03-20 17:06   
I am also getting this from a Zebra Label Printer only.
Mar 20 15:06:17 pfdhcplistener(22160) WARN: Unable to parse DHCP packet: Invalid DHCP Option 53 (Message Type) received from 00074d29f69b00000000000000000000 at /usr/local/pf/lib/pf/util/dhcp.pm line 169.
 (main::__ANON__)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1467 [PacketFence] upstream minor sometimes 2012-06-14 10:58 2012-10-19 13:59
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: normal OS Version:  
Status: assigned Product Version: 3.2.0  
Product Build: Resolution: suspended  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: long-term  
fixed in git revision:
fixed in mtn revision:
Summary: OpenVAS tasks starts after 10 minutes
Description: Hello,
i use OpenVAS in combination with Packetfence. If Packetfence insert a new scan task into OpenVAS the task only starts after 10 minutes. First the task is "requested" for 10min, then the task "run" for 15sec. If i start an task manuell, it waits 10 min.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002769)
dwuelfrath   
2012-06-14 10:58   
This situation has been encountered several times during development of the OpenVAS integration.
(0002770)
dwuelfrath   
2012-06-14 10:59   
Post from Matthew Mundell on the OpenVAS mailing-list:
"When the Manager connects to the Scanner to start the task, the Scanner always sends all the details of the NVTs to the Manager. Processing of this might be what is taking the 10 minutes. This happens every time a client connects to the Manager."
(0002771)
dwuelfrath   
2012-06-14 11:00   
Asked Matthew / OpenVAS mailing about the correct way to triggers a scan using OMP.
(0002785)
dwuelfrath   
2012-06-14 14:32   
Reply from Matthew:
What you're doing is "correct". You could also use the same OMP connection
multiple times. That way the Manager would only connect to the Scanner the
first time. A new connection each time is more resistant to bugs and leaks
in the Manager though.
(0002786)
dwuelfrath   
2012-06-14 14:33   
Discussion about Matthew's reply:

>>> What I'm looking for is the "correct" way to triggers scan on OpenVAS
>>> without having to wait that 10minute delay each time.
>> What you're doing is "correct".
> By correct you mean we can work something better?
What you are doing is the standard way. The GSA does it this way, for
example.

>> You could also use the same OMP connection
>> multiple times. That way the Manager would only connect to the Scanner the
>> first time.
> That way we only face the 10 minutes delay the first time?
Yes.

>> A new connection each time is more resistant to bugs and leaks
>> in the Manager though.
> But we'll face the 10 minutes delay at each connection?
Yes.

This should speed up considerably in the future, if that's any consolation.
(0002787)
dwuelfrath   
2012-06-14 14:33   
Still discussion:

> So your recommandation would be to stay that way and wait for Openvas to
> speed up ?
Depends how bad 10 minutes is for you, and how much time you have to try
the alternative. The Scanner speedup could be a year or more away.
(0002788)
dwuelfrath   
2012-06-14 14:34   
End of story:

It is an OpenVAS issue. We may try to keep the connection active from the first time but this may cause some memory leaks on the OpenVAS side.
It seems to be in the roadmap to fix this issue from the OpenVAS side.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1495 [PacketFence] hardware modules minor random 2012-07-27 14:42 2012-10-19 13:54
Reporter: fgaudreault Platform:  
Assigned To: dwuelfrath OS:  
Priority: high OS Version:  
Status: resolved Product Version: 3.4.1  
Product Build: Resolution: fixed  
Projection: minor fix      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Printable MAC bug on SNMP GETs
Description: Yup! We've seen this bug again, but on SNMP GETs.

Some hardware module use gettable in order to get the list of associated devices. On some occasions, the mac listed will be printable, and the gettable will list them as strings instead of HEX strings which will cause deauth issues.

Impacted Modules so far:
HP/Controller_MSM710.pm
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002851)
dwuelfrath   
2012-07-27 15:30   
work should be done in fix/1495-printable-mac-hp-module
(0002892)
obilodeau   
2012-08-07 09:43   
It probably affects several other modules as well.. All MACs not encoded in OID format could be affected. Do not mark as resolved until all of them are reviewed and fixed.

See the fix in 0001098 for an example of how to fix it globally and the kind of effort that should take place. Here's the commit: https://github.com/inverse-inc/packetfence/commit/a495ff232bdffa32c9b7ec526598389790703a60 [^]
(0002893)
obilodeau   
2012-08-07 09:44   
That said there should be a lot less problematic places since most of the time MACs are encoded in OID format.
(0003179)
fgaudreault   
2012-10-19 13:54   
This has been fixed for HP for sure. Let's close it, and reopen if see other problems.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1438 [PacketFence] core minor have not tried 2012-05-01 10:15 2012-10-19 13:52
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: perl 5.12+ and/or modern distro and setuid script
Description: Apparently perl 5.12 dropped suidperl support (packaged as suid-perl) and distros are starting to be more picky about setuid stuff.

We will need to implement a workaround. Here's what perlsec says:
http://perldoc.perl.org/perlsec.html#Security-Bugs [^]

Here are distro bugs for BackupPC which went through that process:
https://bugzilla.redhat.com/show_bug.cgi?id=611009 [^]
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581950 [^]
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002982)
obilodeau   
2012-08-28 14:33   
See branch fix/perl-suid and pull request: https://github.com/inverse-inc/packetfence/pull/15 [^] for progress on this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1485 [PacketFence] core feature N/A 2012-07-10 15:55 2012-10-19 13:46
Reporter: dwuelfrath Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: pf::web::guest / admin guest creation need some kind of separation
Description: It's seems like there's code "reutilization" but in a strange way...
guest creation (preregistered) should be "admin stuff" and for the moment there's a strong link with portal methods
Steps To Reproduce:
Additional Information: new portal profiles uses a portalSession object which is not meant to be used on the admin side. Since some methods in the guests preregistration workflow are the same as the ones used for different captive portal pages generation, there's some kind of conflict

There should also have a real distinction between these concepts (templates, cgi, generation methods)
Attached Files:
Notes
(0002827)
dwuelfrath   
2012-07-11 16:22   
- should a real distinction between admin web and portal web... admin should include guest_admin_reg
- different templates used for guest self registration and guest admin registration (put these templates elsewhere...)
- pf::web::generate_error_page <-> pf::web::generate_admin_error_page

ONCE DONE:
- inline get_client_ip in new pf::Portal::Session stuff
- standardize the way of calling templates, variables VS non-variables, ..
(0002983)
obilodeau   
2012-08-28 15:02   
work started in branch: fix/1485-web-guest-vs-admin-separation

See: https://github.com/inverse-inc/packetfence/commits/fix/1485-web-guest-vs-admin-separation [^]
(0002990)
obilodeau   
2012-08-29 16:13   
I'm done with this here. See the changes:
https://github.com/inverse-inc/packetfence/compare/fix/apache-acl-generation-for-guests...fix/1485-web-guest-vs-admin-separation [^]

Once the pull request for fix/apache-acl-generation-for-guests will be merged, I'm going to open a pull request for fix/1485-web-guest-vs-admin-separation.

Doing so because the latter branch was derived from the former branch.
(0003055)
obilodeau   
2012-09-12 14:01   
pull request opened: https://github.com/inverse-inc/packetfence/pull/60 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1554 [PacketFence] hardware modules feature N/A 2012-09-18 18:56 2012-10-19 13:44
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Add a getPhonesLLDPAtIfIndex for Cisco modules
Description: I think it is time now to put the effort to add LLDP support for the Cisco switches. This will allow us to support non-Cisco non-CDP phones on the Cisco switches.

I have an appointment tomorrow with a client, and I will try the nortel sub against a Cisco 3750 to see what happens.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003079)
fgaudreault   
2012-09-19 11:34   
(edited on: 2012-09-19 12:12)
Did that for Cisco using the Capabilities Flag. Need some rework:
sub getPhonesLLDPAtIfIndex {
    my ( $this, $ifIndex ) = @_;
    my $logger = Log::Log4perl::get_logger( ref($this) );
    my @phones;
    if ( !$this->isVoIPEnabled() ) {
        $logger->debug( "VoIP not enabled on switch "
                . $this->{_ip}
                . ". getPhonesLLDPAtIfIndex will return empty list." );
        return @phones;
    }
    my $oid_lldpRemPortId = '1.0.8802.1.1.2.1.4.1.1.7';
    my $oid_lldpRemSysDesc = '1.0.8802.1.1.2.1.4.1.1.10';
    my $oid_lldpRemSysCapEnabled = '1.0.8802.1.1.2.1.4.1.1.12';

    if ( !$this->connectRead() ) {
        return @phones;
    }

    #Transfer ifIndex to LLDP index
    my $lldpIndex = ($ifIndex-10000)+2;

    $logger->trace(
        "SNMP get_next_request for lldpRemSysCapEnabled: $oid_lldpRemSysCapEnabled");
    my $result = $this->{_sessionRead}
        ->get_table( -baseoid => $oid_lldpRemSysCapEnabled );
    foreach my $oid ( keys %{$result} ) {
        if ( $oid =~ /^$oid_lldpRemSysCapEnabled\.([0-9]+)\.([0-9]+)\.([0-9]+)$/ ) {
            if ( $lldpIndex eq $2 ) {
                my $cache_lldpRemTimeMark = $1;
                my $cache_lldpRemLocalPortNum = $2;
                my $cache_lldpRemIndex = $3;
                if ( $this->getBitAtPosition($result->{$oid},5) ) {
                    $logger->trace(
                        "SNMP get_request for lldpRemPortId: $oid_lldpRemPortId.$cache_lldpRemTimeMark.$cache_lldpRemLocalPortNum.$cache_lldpRemIndex"
                    );
                    my $MACresult = $this->{_sessionRead}->get_request(
                        -varbindlist => [
                            "$oid_lldpRemPortId.$cache_lldpRemTimeMark.$cache_lldpRemLocalPortNum.$cache_lldpRemIndex"
                        ]
                    );
                    if ($MACresult
                        && ($MACresult->{
                                "$oid_lldpRemPortId.$cache_lldpRemTimeMark.$cache_lldpRemLocalPortNum.$cache_lldpRemIndex"
                            }
                            =~ /^0x([0-9A-Z]{2})([0-9A-Z]{2})([0-9A-Z]{2})([0-9A-Z]{2})([0-9A-Z]{2})([0-9A-Z]{2})$/i
                        )
                        )
                    {
                        push @phones, lc("$1:$2:$3:$4:$5:$6");
                        last;
                    }
                }
            }
        }
    }
    return @phones;
}
(0003080)
fgaudreault   
2012-09-19 14:14   
(edited on: 2012-09-19 14:14)
Also need rework:

sub getPhonesDPAtIfIndex {
    my ( $this, $ifIndex ) = @_;
    my $logger = Log::Log4perl::get_logger( ref($this) );
    my @phones;
    if ( !$this->isVoIPEnabled() ) {
        $logger->debug( "VoIP not enabled on switch "
                . $this->{_ip}
                . ". getPhonesDPAtIfIndex will return empty list." );
        return @phones;
    }
    # Check CDP First, then Check LLDP
    @phones = $this->getPhonesCDPAtIfIndex($ifIndex);

    if (!@phones) {
        @phones = $this->getPhonesLLDPAtIfIndex($ifIndex);
    }

    return @phones;
    
}
(0003090)
obilodeau   
2012-09-24 17:07   
Implementation in good shape. Missing a few things to fully complete it. Will most likely be completed tomorrow.

Branch: feature/lldp-enhancements





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1004 [PacketFence] upstream major always 2010-06-07 16:36 2012-10-19 13:40
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: investigate  
fixed in git revision:
fixed in mtn revision:
Summary: Mac OS X doesn't renew DHCP after a 802.1x re-auth requested from a switch
Description: Mac OS X's network stack doesn't renew DHCP after a 802.1x re-auth requested from a switch.

Windows does, haven't tested linux.

In wired 802.1x we use 802.1x re-auth request (from PAE MIB) when we change the VLAN of a device (isolation) so the fact that OSX doesn't do DHCP after that is pretty much a big road block for the captive portal to work..
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001907)
fgaudreault   
2011-03-09 11:28   
I'll look into this.
(0001909)
fgaudreault   
2011-03-09 17:34   
I can reproduce the problem using 802.1X on Ethernet. Changing the status from Registered to Unregistered forced a port re-auth, but the interface did not do DHCP on the fly. It took more than 3 minutes to see the IP change. Looks like the bug that we faced on the wireless has NOT been fixed on the wired interface.

Using 10.6.6
(0003171)
fgaudreault   
2012-10-19 13:40   
We should re-test using Mountain Lion.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1019 [PacketFence] performance minor have not tried 2010-06-16 16:21 2012-10-19 13:37
Reporter: ludovic Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Test RADIUS performance
Description: The RADIUS performance part of PacketFence should likely be tested using RadPerf - http://networkradius.com/radperf.html [^]
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003170)
fgaudreault   
2012-10-19 13:37   
Yes, it can :)





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1179 [PacketFence] packaging minor always 2011-02-11 11:48 2012-10-19 13:35
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 2.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: pfdetect_remote should include perl-version in the dependancies
Description: pfdetect_remote requires perl-version to start :

Starting pfdetect_remote: Can't locate version.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/lib/perl5/vendor_perl/5.8.8/SOAP/Packager.pm line 17.
BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.8/SOAP/Packager.pm line 17.
Compilation failed in require at /usr/lib/perl5/vendor_perl/5.8.8/SOAP/Lite.pm line 3425.
BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.8.8/SOAP/Lite.pm line 3425.
Compilation failed in require at /usr/local/pf/sbin/pfdetect_remote line 22.
BEGIN failed--compilation aborted at /usr/local/pf/sbin/pfdetect_remote line 22.
                                                           [FAILED]
Steps To Reproduce:
Additional Information: Workaround is to manually install perl-version with yum
Attached Files:
Notes
(0001859)
fgaudreault   
2011-02-11 11:49   
Or maybe the issue is still with the SOAP-Lite package?
(0003169)
fgaudreault   
2012-10-19 13:35   
Fixed upstream.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1310 [PacketFence] core minor always 2011-10-15 02:10 2012-10-19 13:34
Reporter: psnizek Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.0.1  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: adding a node before adding a person causes key constraint failed without proper error message in the UI
Description: it's correct that adding a node before a person should cause an error. However, the error should be displayed in the WebUI which is not the case. Instead, the WebUI displays 'Added Record' (without dispaying the mac address) which suggests everything's OK. In packetfence.log the below 'key constraint failed' is logged leaving the user guessing what might be wrong.

Despite of what the pf pdf documentation might or might not mention I believe this could be handled much more user friendly.
Steps To Reproduce:
Additional Information: Oct 15 07:51:56 pfcmd(4340) WARN: database query failed with: Cannot add or update a child row: a foreign key constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`pid`) REFERENCES `person` (`pid`) ON DELETE CASCADE ON UPDATE CASCADE). (errno: 1452), will try again (pf::db::db_query_execute)
Attached Files:
Notes
(0002360)
obilodeau   
2011-10-17 10:05   
Duplicate, please subscribe to 0000840 to follow status.

This problem is deep in pf's db layer architecture. Proper fix would mean radical changes.
(0003168)
fgaudreault   
2012-10-19 13:34   
Dupe. See the ticket for info.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1169 [PacketFence] upstream major always 2011-02-01 16:23 2012-10-19 13:01
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 2.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: devel  
fixed in git revision:
fixed in mtn revision:
Summary: Extricom not sending proper radius attributes on Mac Authentication
Description: Working on Extricom today, we noticed that the Called-Station-ID field is not populated with the Mac Authentication mechanism (Open SSID), so our module will fail to authorize MAC on the Open SSID :

rad_recv: Access-Request packet from host 192.168.1.254 port 1027, id=92,
length=70
    User-Name = "aabbccddeeff"
    User-Password = "aabbccddeeff"
    Service-Type = Authenticate-Only
    NAS-Port = 0
    NAS-IP-Address = 192.168.1.254

Another problem, the SSID is not sent through a RADIUS VSA, so we cannot do SSID-based VLAN assignments. Those problems have been reported to the manufacturer.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003166)
fgaudreault   
2012-10-19 13:01   
This is fixed in their latest firmware.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1200 [PacketFence] doc feature N/A 2011-03-20 16:35 2012-10-19 13:01
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: translate our documentation
Description: Once we will be all docbook, here are some tips I've found to manage translated docbook documentation:

http://replay.waybackmachine.org/20090109142146/http://weblogs.goshaky.com/weblogs/lars/entry/translating_docbook_documents [^]

poedit - http://www.poedit.net/ [^] (we could already use that for captive portal translations)
xml2po - part of gnome-doc-utils (http://git.gnome.org/browse/gnome-doc-utils/tree/xml2po [^])

Close this issue once we have started with at least one translated docbook document and a documented process in a README (maybe).
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003165)
fgaudreault   
2012-10-19 13:01   
95% of our users can read english. I don't see why we should put any energy into the translations for now.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1276 [PacketFence] packaging minor sometimes 2011-09-22 14:01 2012-10-19 12:52
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.0.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.5.0  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: packetfence-freeradius2 not updating the configs properly
Description: On some occasions, when you do a yum update, the newer packetfence-freeradius2 module is not replacing the radius configs properly. This is causing the sql module not to load (accounting will fail), and eap.conf will be missing SoH configurations.
Steps To Reproduce:
Additional Information: This can be overcome by forcing a reinstall:
yum reinstall packetfence-freeradius2
Attached Files:
Notes
(0003161)
fgaudreault   
2012-10-19 12:52   
Now using managed configs.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1307 [PacketFence] captive portal major random 2011-10-13 09:21 2012-10-19 12:35
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: high OS Version:  
Status: resolved Product Version: 3.0.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.5.0  
fixed in git revision:
fixed in mtn revision:
Summary: Redirection after registration is not working well
Description: As seen on site with a client lately, more browsers appears to have issues with the Javascript redirection after the registration :
- IE8 - that one we already knew
- IE9 - We are receiving a 403 after the redirection
- Safari (Lion) - We are not redirected
- BlackBerry Browser - We are not redirected

 

As a work-around you can disable the broken javascript-based redirection by adding the following in conf/pf.conf:

[captive_portal]
network_detection=disabled
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002346)
obilodeau   
2011-10-14 08:42   
I'm thinking that we might want to enable the javascript redirection on "known to be working browsers" and fallback to a progress bar then a "it should work open a new tab or window" message to all unknown or known-not-to-work browsers.

It would improve the situation instantly for android, kindle, black berry, playstation, etc. And the redirection is still sexy for good browsers.
(0002358)
francis   
2011-10-14 11:05   
Could someone test this patch?

--- pf/html/common/pf.js 9249a03a53d92fb76df43908d5573fc3a0d1b6a0
+++ pf/html/common/pf.js d54fbb9deeb02d8598e7ca438e80a717a17341c0
@@ -71,7 +71,8 @@ function performRedirect(destination_url
  Simple wrapper to redirect the browser. The wrapper enables us to call the redirect with .delay().
  */
 function performRedirect(destination_url) {
- top.location.replace(destination_url.unescapeHTML());
+ window.location.href = destination_url.unescapeHTML();
 }
 
 /**
(0002559)
obilodeau   
2012-01-30 09:59   
Mailing list user Ahmed Sabry Raghib Saad <Ahmed.Sabry@EtisalatData.net> confirmed it's not working on his blackberry on the blackberry browser.
(0003156)
fgaudreault   
2012-10-19 12:35   
Not heard anything about that lately. Worst case, disable the feature in the configuration.

Re-Open if you still have issues.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1407 [PacketFence] configuration minor have not tried 2012-03-27 06:11 2012-10-19 12:13
Reporter: ksolangi Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.1.0  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Switches.conf ownership changes to root after update from GUI.
Description: Hi,

Switches.conf ownership is changed to root:root from pf:pf everytime we make any changes / add new switch in PacketFence. I have seen few issues open related with that. Not sure if this is resolved in the later versions or is still to be looked.

Regards,
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003151)
fgaudreault   
2012-10-19 12:13   
This is a dupe of http://www.packetfence.org/bugs/view.php?id=960 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1473 [PacketFence] performance feature have not tried 2012-06-16 03:42 2012-10-19 11:51
Reporter: _KaszpiR_ Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.3.2  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Enable output buffering in PHP scripts
Description: I was surprised there is no output buffering in any of the scripts in the PacketFence (well, except some AJAX files).

It could give some performance gains on the web pages, not to mention how well it helps handling sending headers to the client especially in late code execution.
Steps To Reproduce:
Additional Information: http://php.net/manual/en/book.outcontrol.php [^]

In general adding ob_start() at the very beginning of the common.php should be sufficient.

Could be expanded to support browsers that can handle compression etc.
Attached Files:
Notes
(0003139)
fgaudreault   
2012-10-19 11:51   
Since we plan to refactor the UI entirely, I don't think it will help for now. I will mark as closed, re-open if you feel we would benefit HUGE performance gain.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1532 [PacketFence] inline feature have not tried 2012-08-29 10:38 2012-10-19 11:31
Reporter: dwuelfrath Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Generic inline module for wired/wireless hardware
Description: Could be interesting to have such an hardware module to be able to use inline enforcement mode with RADIUS auth.
Steps To Reproduce:
Additional Information: Example:
- Wireless equipment that doesn't support dynamic VLAN assignation
- Client would like a setup with both vlan and inline enforcement (inline since some of the hardware is incompatible with vlan)
- Client would like to create the same SSID on inline enforcement wireless equipment
- Connection to the secure SSID on inline would auto-register the node (inline enforcement style with iptable) but will not proceed with vlan change or deauth...
- +++
Attached Files:
Notes
(0002986)
obilodeau   
2012-08-29 12:12   
should discuss at next meetup
(0003133)
fgaudreault   
2012-10-19 11:31   
This code has been pushed in Devel, and will be released in 3.6.0





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1329 [PacketFence] upstream major random 2011-11-07 16:04 2012-10-19 11:29
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 3.6.0  
fixed in git revision: 927ea1da396e158bba00aca5645c5f86b3acd775
fixed in mtn revision:
Summary: Mac OS X 10.7+ and SSL captive portal
Description: Some users are reporting problems with SSL captive portal access with Lion 10.7.2. It appears to be a problem with OCSP (Online Certificate Status Protocol) and CRL (revocation list). In 10.7.2, there is a security patch for Captive Portal Hijacking, and it appears to cause issue.

See:
http://superuser.com/questions/349740/mac-os-x-lion-10-7-2-update-breaks-ssl [^]
http://forums.macrumors.com/showthread.php?t=1251971 [^]
Steps To Reproduce:
Additional Information: Even by disabling the OCSP and CRL in keychain, users are reporting it is not fixing the problem.

We will evaluate what we can do on our side (ie. Give access to OSCP servers while in registration)
Attached Files:
Notes
(0002427)
fgaudreault   
2011-11-07 16:49   
(edited on: 2011-11-07 16:53)
Bug opened at Apple :
#10407994

Track using openradar:
rdar://10407994 [^]
(0002440)
fgaudreault   
2011-11-11 17:03   
This is a dupe of #8510566. I cannot go and check the ticket backlog since Apple bug reporter is down :S
(0002972)
obilodeau   
2012-08-27 15:47   
I've just been bitten by this on a customer with a GoDaddy cert. Browser tries for a long time to fetch the OCSP stuff resulting in bad user experience.

Sample access_logs:

10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
10.10.0.103 - - [27/Aug/2012:09:47:06 -0400] "GET /repository/gd_intermediate.crt HTTP/1.1" 
307 330 "-" "ocspd/1.0"
...


Worked around it by adding:

[trapping]
passthrough=proxy
...

[passthroughs]
cert_ocsp=http://certificates.godaddy.com/repository/gd_intermediate.crt [^]
cert_ocsp_ssl=https://certificates.godaddy.com/repository/gd_intermediate.crt [^]
(0002973)
fgaudreault   
2012-08-28 08:45   
FYI, there is also a FAQ for that:
http://www.packetfence.org/support/faqs/article/ocsp-issues-on-mac-osx-while-in-registration.html?no_cache=1&cHash=53e9592aba14abe6e9e0ea1c5de40e67 [^]
(0003061)
fgaudreault   
2012-09-13 11:01   
What should we do here? The bug is supposed to be fixed in > 10.7.2 and 10.8, and there is a FAQ to mitigate. I guess we can close it?
(0003063)
fgaudreault   
2012-09-13 11:41   
To be added by default (From Rich Graves mailing list post):

[trapping]
passthrough=proxy

[passthroughs]
crlthawte=http://crl.thawte.com [^]
ocspthawte=http://ocsp.thawte.com [^]
crlcomodo=http://crl.comodoca.com [^]
ocspcomodo=http://ocsp.comodoca.com [^]
crlincommon=http://crl.incommon.org [^]
ocpincommon=http://ocsp.incommon.org [^]
crlusertrust=http://crl.usertrust.com [^]
ocspusertrust=http://ocsp.usertrust.com [^]
msrcl=http://mscrl.microsoft.com [^]
crlms=http://crl.microsoft.com [^]
ocspapple=http://ocsp.apple.com [^]
crlgeotrust=http://crl.geotrust.com [^]
ocspdigicert=http://ocsp.digicert.com [^]
ocspentrust=http://ocsp.digicert.com [^]
svrintlver=http://svrintl-crl.verisign.com [^]
ocspverisign=http://ocsp.verisign.com [^]
(0003064)
fgaudreault   
2012-09-13 12:11   
Basic list commited in 927ea1da396e158bba00aca5645c5f86b3acd775. Added a new ocsp-crl.conf in the http.conf.d folder.
(0003065)
fgaudreault   
2012-09-13 12:14   
Mozilla provides a good list here:
http://www.mozilla.org/projects/security/certs/included/ [^]
(0003132)
fgaudreault   
2012-10-19 11:29   
Re-Open if this is still an issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1404 [PacketFence] web admin minor random 2012-03-23 13:59 2012-10-19 11:23
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Guest portal doesn't show the form on IE8
Description: Maybe that's fixed in 3.2, but in 3.1, I cannot see the form for guest management using IE 8. See the screenshot below.
Steps To Reproduce:
Additional Information:
Attached Files: Screen Shot 2012-03-23 at 1.57.31 PM.png (339,718) 2012-03-23 13:59
https://www.packetfence.org/bugs/file_download.php?file_id=138&type=bug
Screen Shot 2012-03-26 at 2.16.37 PM.png (234,007) 2012-03-26 14:20
https://www.packetfence.org/bugs/file_download.php?file_id=139&type=bug
png
Notes
(0002625)
francis   
2012-03-26 14:20   
I don't have the problem with the latest version.
(0002626)
obilodeau   
2012-03-27 08:31   
Have we changed anything between 3.1.0 and 3.2.0 regarding that page (or the CSS)?

If so and it's a fix close the ticket. If not leave it open for further investigation.
(0002627)
obilodeau   
2012-03-27 08:32   
Reducing priority since it only affects optional guest management.
(0003056)
francis   
2012-09-12 14:17   
I can reproduce the problem with IE7 but not with IE8.
(0003059)
francis   
2012-09-12 15:31   
Fixed for IE7 :

https://github.com/inverse-inc/packetfence/commit/88dfd6f48664e94a6c9d8121aee9d2a2f8ddcd37 [^]

Please close this ticket if it solves your issue under IE8.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1551 [PacketFence] captive portal feature N/A 2012-09-17 11:47 2012-10-19 11:20
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Add support for OAuth2 (Google/Facebook) to authenticate guest users
Description: Extra flow for self-registration: allow Facebook/Google credentials to register guest devices. It appears to be popular for Hotspots.
Steps To Reproduce:
Additional Information: I did some basic testing using Net::OAuth2. I need to integrate that in the portal flow, I used their Demo and Dancer for testing.
Attached Files:
Notes
(0003073)
fgaudreault   
2012-09-18 12:08   
We will need to systematically let accounts.google.com go through using NAT. Otherwise, we will be fighting with SSL issues.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1557 [PacketFence] dhcp minor always 2012-09-28 13:54 2012-10-19 11:10
Reporter: candlerb Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: Two instances of pfdhcplistener started
Description: [root@pf pf]# ps auxwww | grep pfdhcp
root 12180 0.0 0.8 238956 33896 ? Ss Sep27 0:08 pfdhcplistener: listening on eth0
root 12198 0.0 0.8 238956 33896 ? Ss Sep27 0:08 pfdhcplistener: listening on eth0
root 17280 0.0 0.0 103244 836 pts/0 S+ 17:22 0:00 grep pfdhcp

# grep "pfdhcp.*Start" logs/packetfence.log|tail
Sep 27 07:24:47 pfcmd(12114) INFO: Starting pfdhcplistener with '/usr/local/pf/sbin/pfdhcplistener -i eth0 -d &' (pf::services::service_ctl)
Sep 27 07:24:47 pfcmd(12114) INFO: Starting pfdhcplistener with '/usr/local/pf/sbin/pfdhcplistener -i eth0 -d &' (pf::services::service_ctl)

However the web GUI shows only one process:

pfdhcplistener Running Running (pid: 12180)

Configuration:
---- 8< ----
[interface eth0]
ip=192.0.2.14
type=internal,management
mask=255.255.255.224
enforcement=vlan

[database]
pass=XXXXXX

[general]
dhcpservers=10.1.7.10,192.0.2.14,192.0.2.15
domain=example.com
hostname=pf
dnsservers=192.0.2.10,192.0.2.24,192.0.2.80
timezone=Africa/Accra

[alerting]
emailaddr=postmaster@example.com

[interface eth1]
ip=0.0.0.0
mask=255.255.255.255
type=monitor
enforcement=

[guests_self_registration]
modes=sponsor

[registration]
auth=radius
guests_self_registration=disabled

[trapping]
range=192.0.0.0/16,10.0.0.0/8
registration=enabled
detection=enabled
------------

(IPs sanitised to 192.0.2, domain sanitised to example.com)

Note: you can see eth0 has 'internal,management'. If I change this to 'management' only, then on attempting to start the daemons I get:

Checking configuration sanity...
FATAL - internal network(s) not defined!
Steps To Reproduce:
Additional Information: It appears that:
@listen_ints gets interfaces with type=internal
@dhcplistener_ints gets interfaces with type=management

and these are combined:

                            my @devices = @listen_ints;
                            push @devices, @dhcplistener_ints;

Hence two instances of the daemon are started, because the same interface is marked as both internal and management
Attached Files:
Notes
(0003109)
obilodeau   
2012-09-28 14:02   
This issue is fixed in this pull request which should be part of the next stable release. https://github.com/inverse-inc/packetfence/pull/65 [^]
(0003110)
candlerb   
2012-09-29 15:42   
Thank you. Patch applied and it has solved the problem.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1565 [PacketFence] dhcp minor always 2012-09-29 16:59 2012-10-19 11:03
Reporter: candlerb Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.1  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: dhcpd does not start if all isolation/registration networks are remote
Description: Suppose you have a registration interface configured:

[interface eth1.255]
enforcement=vlan
ip=192.168.255.1
type=internal
mask=255.255.255.0

Similarly, isolation interface eth1.254, 192.168.254.1

However the actual networks you want to enforce are remote. So in conf/networks.conf do you not have any entries [192.168.255.0] or [192.168.254.0]. Instead you have, say,

[192.168.2.0]
dns=192.168.2.1
dhcp_start=192.168.2.10
gateway=192.168.2.1
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-registration
netmask=255.255.255.0
dhcp_end=192.168.2.246
dhcp_default_lease_time=30
domain-name=vlan-registration.localdomain

... similar for remote isolation VLAN.

Under this circumstance, dhcpd does not start. You get the following error:

----
No subnet declaration for eth1.255 (192.168.255.1).
** Ignoring requests on eth1.255. If this is not what
   you want, please write a subnet declaration
   in your dhcpd.conf file for the network segment
   to which interface eth1.255 is attached. **


No subnet declaration for eth1.254 (192.168.254.1).
** Ignoring requests on eth1.254. If this is not what
   you want, please write a subnet declaration
   in your dhcpd.conf file for the network segment
   to which interface eth1.254 is attached. **


Not configured to listen on any interfaces!
----

The problem is simple to fix. You need to add empty subnet declarations for the connected interfaces where you wish to listen for remote DHCP requests, but not actually serve DHCP for the local network.

It would be good if PF did this automatically in the generated %%networks%%
Steps To Reproduce:
Additional Information: WORKAROUND: manually add the empty interface subnets into conf/dhcpd.conf

# dhcpd configuration
# This file is manipulated on PacketFence's startup before being given to dhcpd
authoritative;
ddns-update-style none;
ignore client-updates;

### ENABLE DHCP ON INTERFACES ###
subnet 192.168.255.0 netmask 255.255.255.0 {
}
subnet 192.168.254.0 netmask 255.255.255.0 {
}
### END ###

%%networks%%
Attached Files:
Notes
(0003112)
candlerb   
2012-09-30 04:37   
Patch here: https://github.com/inverse-inc/packetfence/pull/71 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1569 [PacketFence] security major always 2012-10-15 10:52 2012-10-19 10:58
Reporter: fdurand Platform: Linux  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.1  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Htaccess problem with password superior to 8 caracters
Description: With htaccess authentication, packetfence just check the first 8 caracters.
Steps To Reproduce: Add a user in users.conf with a password more than 8 caracters and try to logging with only the first 8 caracters. It will match.
Additional Information:
Attached Files:
Notes
(0003118)
fgaudreault   
2012-10-17 13:33   
It's a limitation of the upstream algorithm. The only thing we can do is... dropping htpasswd :P
(0003123)
fgaudreault   
2012-10-19 10:58   
We cannot do anything about it, it's a limitation of the htpasswd algorithm.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
966 [PacketFence] minor have not tried 2010-04-22 11:28 2012-10-19 10:18
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: since routed vlan mode Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: node expiration with expire.node=... won't work in routed VLAN
Description: expire.node triggers node_cleanup from pfmon

several problems:
- uses node_delete which doesn't delete in vlan-isolation if there's an open locationlog entry (and we know there are tons of that)
- the expiration is calculated on last_arp field in the node table, last_arp won't be triggered in routed environment

Hints for solution:
- Add a last_activity field to the node table that is updated based on different mechanism (ie: arp, dhcp, mac activity, on connection with radius stuff, captive portal, etc.)
- we should auto-close locationlog entries after 1 day when they are of type except snmp-traps and MAB because the client need to periodically re-auth anyway (configurable)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002878)
obilodeau   
2012-08-06 16:01   
Reminder sent to:: fgaudreault
With your node expiration changes, can this be closed?
(0003034)
fgaudreault   
2012-09-10 14:33   
I think so yes.
(0003036)
fgaudreault   
2012-09-10 14:39   
Not relevant anymore. We now use last_dhcp to trigger the node_expire.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1493 [PacketFence] error-handling minor always 2012-07-22 04:25 2012-10-19 10:18
Reporter: Moshe_Levi Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: resolved Product Version: 3.4.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision: f451796f7b61f01e150e4c3c68acd389efb41d37
fixed in mtn revision:
Summary: pfcmd_vlan return code always success even on error
Description: I using pfcmd_vlan to do deauthenticateDot1x command.
even the mac is not exist in the AP the exit code of pfcmd_vlan is 0.

It is because the is no check in the $switch->deauthenticateMac($mac, 1); ( line 506.
I think you should add the correct exit code to all pfcmd_vlan commands
Steps To Reproduce:
Additional Information:
Attached Files: pfcmd_vlan.patch (1,760) 2012-08-07 03:37
https://www.packetfence.org/bugs/file_download.php?file_id=150&type=bug
pfcmd_vlan-deauth-exit-code-fix-1493-v2.patch (10,110) 2012-08-08 10:56
https://www.packetfence.org/bugs/file_download.php?file_id=152&type=bug
Notes
(0002888)
obilodeau   
2012-08-06 16:46   
Unfortunately, no care was given to pfcmd_vlan's exit codes during it's development... nor to much of the pf::SNMP subsystem for that matter..

Unfortunately this also isn't a priority but patches are accepted and would be quickly merged if we don't see adverse effects on other callers.
(0002890)
Moshe_Levi   
2012-08-07 03:40   
I add a patch to fix the exit codes for the deauthenticateDot1x operation.
we are using this command in freeradius and need the return code.
I would appreciate if you can merge it to packetfence.
(0002904)
obilodeau   
2012-08-07 14:09   
the patch doesn't separate arguments to pod2usage with a comma
(0002905)
obilodeau   
2012-08-07 14:26   
Also the != $TRUE forces numeric context and I think it would issue a warning if undef was returned instead of 0 ($FALSE).
(0002906)
obilodeau   
2012-08-07 14:39   
(edited on: 2012-08-07 14:41)
I created the following branch with an updated version of the fix: https://github.com/inverse-inc/packetfence/tree/fix/1493-pfcmd_vlan-deauth-exit-code-fix [^]

Here's a copy of a warning I added in the code and in the commit message:

    Warning: several (if not all) implementations of deauthenticateMac are
    *not* trying to have coherent return codes. An extensive review was *not*
    performed. Please test before relying on that behavior.
    
    Patches to fix relevant implementations will be merged in priority and
    should be contributed back.


I attached a patch to the ticket also. Please confirm that it works for your environment w/o problems and then I'll merge it for our next release.
(0002916)
Moshe_Levi   
2012-08-08 03:29   
you are missing ; in line 155 (my $result = $switch->deauthenticateMac($mac, $TRUE)) in the patch. other then that it is works for me.

thank you.
(0002921)
obilodeau   
2012-08-08 10:57   
(edited on: 2012-08-08 10:59)
Updated the patch and the github branch. Opening pull request to include fix in next release.
(0003114)
fgaudreault   
2012-10-04 16:05   
Merged in Devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1433 [PacketFence] i18n minor always 2012-04-26 13:30 2012-10-19 10:17
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision: 950410141967c029b79416a590b5ec0b85421fc8
fixed in mtn revision:
Summary: get rid of our domain in packetfence's gettext (PO) files
Description: transifex doesn't deal with the gettext "domain" feature and I remember reading that it has been disapprovedby upstream gettext project (I have no links unfortunately).

Otherwise we need to remove the following lines:
domain "packetfence"
#, fuzzy


Before each source push or translation pulls.

To fix:
- remove domain and fuzzy from all locale files
- make sure that the captive portal doesn't rely on the domain of the string anymore
- re-test the captive portal
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003057)
obilodeau   
2012-09-12 15:10   
fix in pull request here: https://github.com/inverse-inc/packetfence/pull/61 [^]
(0003113)
fgaudreault   
2012-10-04 15:28   
Merged in Devel.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1465 [PacketFence] i18n minor random 2012-06-12 15:38 2012-10-19 10:17
Reporter: obilodeau Platform: Linux  
Assigned To: OS: Debian  
Priority: high OS Version: 6  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision: f22ccf109918a287f74c4fab69ca3275858a46df
fixed in mtn revision:
Summary: captive portal show odd strings
Description: The portal will show stuff like 'register: all systems must be registered' instead of 'As we may need to contact users regarding individual systems, all systems on this network must be registered.'.

It's the i18n (gettext) stuff that doesn't seem to be properly initialized on first run.

On the liveusb system reproducing is as easy as rebooting the OS.

Work-around: restart packetfence at least once after each reboot with:
/etc/init.d/packetfence restart
Steps To Reproduce:
Additional Information:
System Description
Attached Files:
Notes
(0002813)
obilodeau   
2012-06-18 14:23   
assigned to Fabrice at last planning meeting
(0002816)
obilodeau   
2012-06-19 17:09   
Looks like I'm reproducing this issue on pf-dev on a branch out of stable 3.4.1 that isn't even related to our catalyst-configurator feature.

No need to restart, just hard-refreshes seems to resolve the issue. Maybe on a per-process basis as it is odd to reproduce.

I'm going to remove Debian from the issue's subject.

I'm starting to wonder if it's not an upstream change that is causing problems or else what could it be?
(0002887)
fdurand   
2012-08-06 16:44   
Under debian:
dpkg-reconfigure locales
and select locales you want to use fix the problem.
(0002889)
obilodeau   
2012-08-06 16:51   
So Catalyst is picky because of the way the locales are configured on the OS? I think this should be fixed by code and not by asking admins to run commands.
(0003058)
obilodeau   
2012-09-12 15:23   
Might have another hint about this one: debian package doesn't generate the .mo files.
(0003075)
obilodeau   
2012-09-18 12:30   
(edited on: 2012-09-18 12:31)
I think this *could* be fixed by our latest debian package fixes. I'm marking as resolved but feel free to re-open if it turns out it's not fixed.

https://github.com/inverse-inc/packetfence/pull/62 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1508 [PacketFence] configuration trivial have not tried 2012-08-08 13:11 2012-10-19 10:16
Reporter: obilodeau Platform:  
Assigned To: francis OS:  
Priority: high OS Version:  
Status: resolved Product Version: 3.5.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision:
fixed in mtn revision:
Summary: get rid of catalyst' default page
Description: Load http://pf:3000/ [^] and see Catalyst's default landing page.

We should get rid of that.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003066)
dwuelfrath   
2012-09-14 14:22   
Hitting :3000 should redirect to either configurator or webadmin
(0003067)
francis   
2012-09-14 15:06   
Fixed

https://github.com/inverse-inc/packetfence/commit/f6b211d64c952fc1579c3d66d200fde0fa48f074 [^]
(0003068)
dwuelfrath   
2012-09-14 15:20   
Should we add the "currently-at" logic at this point too ?
(0003069)
francis   
2012-09-14 15:39   
The Configurator controller takes care of this.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1545 [PacketFence] dhcp minor have not tried 2012-09-11 10:18 2012-10-19 10:15
Reporter: obilodeau Platform: Linux  
Assigned To: OS: Debian  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.1  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version: 3.6.0  
fixed in git revision: 4e7e8a8123
fixed in mtn revision:
Summary: pfdhcplistener management regressions
Description: As reported on the mailing list:

I've just carried out a new installation of PacketFence 3.5.1 on Debian and everything seems to be working 
properly, apart from pfdhcplistener. It isn't being started by the PacketFence init script, apparently 
because it's already running:

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
service|shouldBeStarted|pid
pfdhcplistener|1|1954 1956 1958
$

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener start
Checking configuration sanity...
service|command
config files|start
iptables|start
pfdhcplistener|already running
$

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener stop
service|command
pfdhcplistener|stop
$

$ sudo /usr/local/pf/bin/pfcmd service pfdhcplistener status
service|shouldBeStarted|pid
pfdhcplistener|1|2067 2069 2071
$

The packetfence.log file contains the following for the period during which the above command were run:


Sep 07 15:25:16 pfcmd(1953) INFO: Executing pfcmd service pfdhcplistener status (main::service)
Sep 07 15:25:16 pfcmd(1953) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:25:16 pfcmd(1953) INFO: pfdhcplistener pids eth0.3299 => 1954, eth0.3199 => 1956, eth0 
=> 1958 (pf::services::service_ctl)
Sep 07 15:25:20 pfcmd(1961) INFO: Executing pfcmd service pfdhcplistener start (main::service)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/named status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x named returned 0 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/dhcpd status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x dhcpd returned 0 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/snort status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x snort returned 0 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/bin/suricata status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x suricata returned 0 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/freeradius status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x freeradius returned 1642 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/apache2 status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x apache2 returned 1703 1702 1701 1700 1699 1686 (pf::services::service_ctl)

Sep 07 15:25:22 pfcmd(1961) INFO: /usr/sbin/snmptrapd status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x snmptrapd returned 1688 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfdetect status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfdetect returned 0 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfredirect status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfredirect returned 0 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfsetvlan returned 1696 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:25:22 pfcmd(1961) INFO: pfdhcplistener pids eth0.3299 => 1975, eth0.3199 => 1977, eth0 
=> 1979 (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: /usr/local/pf/sbin/pfmon status (pf::services::service_ctl)
Sep 07 15:25:22 pfcmd(1961) INFO: pidof -x pfmon returned 1695 (pf::services::service_ctl)
Sep 07 15:25:23 pfcmd(1961) INFO: restoring iptables from /usr/local/pf/var/conf/iptables.conf (pf::iptables::iptables_restore)

Sep 07 15:26:05 pfcmd(1986) INFO: Executing pfcmd service pfdhcplistener stop (main::service)
Sep 07 15:26:05 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener stop (pf::services::service_ctl)

Sep 07 15:26:05 pfcmd(1986) INFO: Stopping pfdhcplistener with '/usr/bin/pkill pfdhcplistener' (pf::services::service_ctl)

Sep 07 15:26:05 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:05 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 1988, eth0.3199 => 1990, eth0 
=> 1992 (pf::services::service_ctl)
Sep 07 15:26:05 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:07 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:08 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 1994, eth0.3199 => 1996, eth0 
=> 1998 (pf::services::service_ctl)
Sep 07 15:26:08 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:10 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:10 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2000, eth0.3199 => 2002, eth0 
=> 2004 (pf::services::service_ctl)
Sep 07 15:26:10 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:12 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:12 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2006, eth0.3199 => 2008, eth0 
=> 2010 (pf::services::service_ctl)
Sep 07 15:26:12 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:14 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:14 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2012, eth0.3199 => 2014, eth0 
=> 2016 (pf::services::service_ctl)
Sep 07 15:26:14 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:16 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:16 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2018, eth0.3199 => 2020, eth0 
=> 2022 (pf::services::service_ctl)
Sep 07 15:26:16 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:18 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:18 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2024, eth0.3199 => 2026, eth0 
=> 2028 (pf::services::service_ctl)
Sep 07 15:26:18 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:20 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:20 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2030, eth0.3199 => 2032, eth0 
=> 2034 (pf::services::service_ctl)
Sep 07 15:26:20 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:22 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:22 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2036, eth0.3199 => 2038, eth0 
=> 2040 (pf::services::service_ctl)
Sep 07 15:26:22 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:24 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:24 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2042, eth0.3199 => 2044, eth0 
=> 2046 (pf::services::service_ctl)
Sep 07 15:26:24 pfcmd(1986) INFO: Waiting for pfdhcplistener to stop (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/sbin/named status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x named returned 0 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/sbin/dhcpd status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x dhcpd returned 0 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/sbin/snort status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x snort returned 0 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/bin/suricata status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x suricata returned 0 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/sbin/freeradius status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x freeradius returned 1642 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/sbin/apache2 status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x apache2 returned 1703 1702 1701 1700 1699 1686 (pf::services::service_ctl)

Sep 07 15:26:26 pfcmd(1986) INFO: /usr/sbin/snmptrapd status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x snmptrapd returned 1688 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdetect status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x pfdetect returned 0 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/local/pf/sbin/pfredirect status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x pfredirect returned 0 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/local/pf/sbin/pfsetvlan status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x pfsetvlan returned 1696 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:26 pfcmd(1986) INFO: pfdhcplistener pids eth0.3299 => 2058, eth0.3199 => 2060, eth0 
=> 2062 (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: /usr/local/pf/sbin/pfmon status (pf::services::service_ctl)
Sep 07 15:26:26 pfcmd(1986) INFO: pidof -x pfmon returned 1695 (pf::services::service_ctl)
Sep 07 15:26:33 pfcmd(2066) INFO: Executing pfcmd service pfdhcplistener status (main::service)
Sep 07 15:26:33 pfcmd(2066) INFO: /usr/local/pf/sbin/pfdhcplistener status (pf::services::service_ctl)

Sep 07 15:26:33 pfcmd(2066) INFO: pfdhcplistener pids eth0.3299 => 2067, eth0.3199 => 2069, eth0 
=> 2071 (pf::services::service_ctl)

The PIDs for pfdhcplistener seem to increase each time the status command is executed, but there's no 
evidence of the processes actually being started. If I execute pfdhcplistener manually, it starts normally 
and I get DHCP fingerprint information in the log. Another server running PacketFence 3.5.0 and an almost 
identical configuration does not exhibit this problem.

Hoping somebody else can reproduce this problem or suggest a fix.

Regards,
Steps To Reproduce:
Additional Information:
Attached Files: pfdhcplistener-process-mgmt-3.5.1-regression.patch (1,179) 2012-09-11 14:43
https://www.packetfence.org/bugs/file_download.php?file_id=162&type=bug
Notes
(0003049)
obilodeau   
2012-09-11 11:58   
We've got similar reports of problems w/ CentOS 6 that I'm investigating right now.
(0003050)
obilodeau   
2012-09-11 12:16   
(edited on: 2012-09-11 12:17)
Unable to reproduce on CentOS 6. Asked my colleague more information.

Investigating on debian live cd now.
(0003051)
obilodeau   
2012-09-11 13:45   
Debian:

I added the -l flag to the pgrep call to see what was matching as a false pfdhcplistener and here it is:

# bin/pfcmd service pfdhcplistener status
service|shouldBeStarted|pid
pfdhcplistener|1|1391 sh -c pgrep -l -f "pfdhcplistener: listening on eth0.100" 1393 sh -c 
pgrep -l -f "pfdhcplistener: listening on eth0"


So it's pgrep catching itself and since it's a valid pid, no need to start another pfdhcplistener or complain further.
(0003052)
obilodeau   
2012-09-11 13:55   
CentOS:

With a setup with eth0, eth0.<vlan>, etc. I was able to reproduce. This is caused by pgrep not being strict about the pattern.

After all looking for a process called 'pfdhcplistener: listening on eth0' will match 'pfdhcplistener: listening on eth0.100'.
(0003053)
obilodeau   
2012-09-11 13:55   
The fix in both cases is to be strict about the match by adding -x to the pgrep call. A patch is on it's way.
(0003054)
obilodeau   
2012-09-11 14:42   
Attached patch to ticket. Everyone affected should apply it with:

cd /usr/local/pf/
patch -p1 < <patchfile>


Fix committed in stable. Will be part of our next release.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1424 [PacketFence] inline major random 2012-04-16 12:31 2012-10-19 10:14
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.6.0  
    Target Version: 3.6.0  
fixed in git revision: 3e4cf73908019527f60785aa1ac2cba7d260bd86
fixed in mtn revision:
Summary: obtaining a node's current mark fails from non-root
Description: When the captive portal tries to re-evaluate the posture of a node, it does so from a pf uid process.

Turns out that fetching firewall rules w/o root fails but what made it worse is that IPTables::ChainMgr instead of letting us know it failed is returning the last temporary file generated by root (at least in ipt_exec_style 'system' mode). Since temporary file names are predictable and world-readable, it is possible for the root user to write the temp file and to have a non-root read it. I'll check to report upstream.

I'll try the other mode of operations for ChainMgr and see if they still badly report permission problems. We might have to force temp files to be appended with a pid and/or randomness or even generate their names through an empty open (which is perl's way to do mktemp).

Then, we'll need to ensure that get_mark... is always run in a privileged mode either through a pf password-less sudo or by adding a hook into bin/pfcmd. This might be delayed if our 'app server' model moves along quickly and we'll just push it as a WebService right there.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002976)
obilodeau   
2012-08-28 09:07   
The feature/ipset branch apparently fixes that issue. Review is on going: https://github.com/inverse-inc/packetfence/pull/41 [^]
(0003116)
fgaudreault   
2012-10-11 09:00   
Fixed in Devel for CentOS6/Debian. Cannot fix for RHEL/CentOS 5





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1556 [PacketFence] upstream major have not tried 2012-09-26 10:28 2012-09-26 17:14
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: 5147571f
fixed in mtn revision:
Summary: depsolving problems with Net::Appliance::Session
Description: 
Resolving Dependencies
--> Running transaction check
---> Package openfusion-release.noarch 0:0.5-1.of.el6 will be updated
---> Package openfusion-release.noarch 0:0.6.2-1.of.el6 will be an update
---> Package perl-Net-Appliance-Session.noarch 0:1.36-1.el6.rf will be updated
--> Processing Dependency: perl(Net::Appliance::Session) = 1.36 for package: packetfence-3.6.0-0.20120921.el6.noarch

---> Package perl-Net-Appliance-Session.noarch 0:3.122100-2.el6 will be an update
--> Processing Dependency: perl(Net::CLI::Interact) >= 1.122100 for package: perl-Net-Appliance-Session-3.122100-2.el6.noarch

--> Processing Dependency: perl(Net::CLI::Interact) for package: perl-Net-Appliance-Session-3.122100-2.el6.noarch

--> Running transaction check
---> Package perl-Net-Appliance-Session.noarch 0:1.36-1.el6.rf will be updated
--> Processing Dependency: perl(Net::Appliance::Session) = 1.36 for package: packetfence-3.6.0-0.20120921.el6.noarch

---> Package perl-Net-CLI-Interact.noarch 0:1.122100-2.el6 will be installed
--> Processing Dependency: perl(Log::Dispatch::Configurator::Any) for package: perl-Net-CLI-Interact-1.122100-2.el6.noarch

--> Processing Dependency: perl(Log::Dispatch::Config) for package: perl-Net-CLI-Interact-1.122100-2.el6.noarch

--> Processing Dependency: perl(IPC::Run) for package: perl-Net-CLI-Interact-1.122100-2.el6.noarch

--> Running transaction check
---> Package perl-IPC-Run.noarch 0:0.89-1.of.el6 will be installed
---> Package perl-Log-Dispatch-Config.noarch 0:1.04-3.el6 will be installed
---> Package perl-Log-Dispatch-Configurator-Any.noarch 0:1.110690-5.el6 will be installed
---> Package perl-Net-Appliance-Session.noarch 0:1.36-1.el6.rf will be updated
--> Processing Dependency: perl(Net::Appliance::Session) = 1.36 for package: packetfence-3.6.0-0.20120921.el6.noarch

--> Finished Dependency Resolution
Error: Package: packetfence-3.6.0-0.20120921.el6.noarch (@/packetfence-3.6.0-0.20120921.el6.noarch)
           
Requires: perl(Net::Appliance::Session) = 1.36
           Removing: perl-Net-Appliance-Session-1.36-1.el6.rf.noarch (@rpmforge)
               perl(Net::Appliance::Session) = 1.36
           Updated By: perl-Net-Appliance-Session-3.122100-2.el6.noarch (epel)
               perl(Net::Appliance::Session) = 3.122100
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
Problem updating system packages. Aborting nightly build process...
Leaving chroot centos-6-i386-os


to investigate
Steps To Reproduce:
Additional Information: Introduced in EPEL 6: https://bugzilla.redhat.com/show_bug.cgi?id=853380 [^]
Attached Files: perl-Net-Appliance-Session.spec.diff (808) 2012-09-26 14:19
https://www.packetfence.org/bugs/file_download.php?file_id=164&type=bug
Notes
(0003099)
obilodeau   
2012-09-26 11:14   
Ok, a generic `yum update` does exhibit the problem.
(0003100)
milkmansson   
2012-09-26 11:31   
(edited on: 2012-09-26 11:31)
Olivier, saw your post on packetfence-users list, doing 'yum update' (taking care of enabling the repos) on the 3.5.1 ESX VPX/image reproduces the issue exactly. HTH!
(0003101)
obilodeau   
2012-09-26 12:21   
I tried several things and it didn't work.

I considered updating our code to 3.x w/ the v2 compat module but found that it has been dropped already by upstream: https://metacpan.org/source/OLIVER/Net-Appliance-Session-4.122630/Changes [^]

I'm thinking of providing our own N::A::S in our repo w/ an Epoch in front of the version.
(0003102)
obilodeau   
2012-09-26 14:18   
Ok, we created a perl-Net-Appliance-Session with epoch 1 so that 1:1.36 will be better than 0:3.xx.. The patch on the repoforge spec will be attached here.

Please confirm that this fixes your issue.

Can you try:

yum clean all

with all the proper repositories enabled.

Then confirm that a `yum update` proceeds successfully.

Thanks!
(0003103)
obilodeau   
2012-09-26 17:10   
Confirmed as fixed on the mailing list.

Basically, we worked around upstream EPEL providing a newer package and RPM from not honoring our hardcoded required version in our SPEC. We fakely created a newer package by using Epoch flag in our repo.
(0003104)
obilodeau   
2012-09-26 17:14   
Once 0001313 is fixed, we'll get rid of our package.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1366 [PacketFence] captive portal minor always 2012-01-16 13:35 2012-09-25 22:24
Reporter: francis Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Captive portal - self registration by email - access granted
Description: When activating an account by email, the "access granted" page is missing the IP and MAC address in the footer (see attached screenshot).
Steps To Reproduce:
Additional Information:
Attached Files: Screen Shot 2012-01-16 at 10.52.08 AM.png (265,602) 2012-01-16 13:35
https://www.packetfence.org/bugs/file_download.php?file_id=129&type=bug
Notes
(0003094)
obilodeau   
2012-09-25 22:24   
This was inadvertently fixed by reworking the captive portal's template rendering in the fix/apache-acl-something branch.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1380 [PacketFence] doc trivial always 2012-02-22 13:06 2012-09-25 22:17
Reporter: dwuelfrath Platform:  
Assigned To: obilodeau OS:  
Priority: low OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: devel  
    Target Version:  
fixed in git revision: ba29614
fixed in mtn revision:
Summary: wrong documentation for the use of setVlanByName
Description: In some places in switches modules (pf::SNMP ++) it is documented to use setVlanByName but the sequence is wrong.
DEPRECATED: use setVlanByName($ifIndex, $switch_locker_ref, 'isolationVlan') instead

Method declaration:
sub setVlanByName {
    my ($this, $ifIndex, $vlanName, $switch_locker_ref) = @_;
Steps To Reproduce:
Additional Information: The $vlanName and $switch_locker_ref need to be swapped. (Probably in the POD and not in the method declaration)
Attached Files:
Notes
(0003092)
obilodeau   
2012-09-25 22:17   
Removed the deprecated functions. There were no core callers and they were publicly marked as deprecated since 2.0 almost two years ago.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1383 [PacketFence] doc text always 2012-02-23 11:29 2012-09-25 21:59
Reporter: albertochavez Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: b5548f1
fixed in mtn revision:
Summary: Typo in Administration Guide for Packetfence 3.2.0
Description: On page 44 of the Administration Guide for Packetfence 3.2.0 The following paragraph reads:

LIMIT: You can set a number of bytes(B), kilobytes(KB), megavytes(MB), gigabytes(GB), or petabytes(PB)

Megabytes is misspelled.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003091)
obilodeau   
2012-09-25 21:59   
typo fixed in stable. Will be part of our next release.

Thanks for reporting, sorry for the delay. It slipped under the radar.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1535 [PacketFence] upstream major always 2012-08-31 07:20 2012-09-13 10:57
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: 986f432a2dc277819e76c8556b0e91d392e78169
fixed in mtn revision:
Summary: Inline mode and OSX DNS Caching issues for home page
Description: When visiting a mac based shop, we were having some issues using inline mode. Let me describe the problem that will impact most 10.6 users. 10.7 and 10.8 have the thin client browser that mitigate the issue, but the problem is still there is you use a real browser.

So what appears to happen is when you open a browser while unregistered, the browser will try to hit your home page. PacketFence will then resolve it to its inline ip address so that you can hit the portal. But, by doing so, the system caches the result, and when you are registered, the cache wins. When you try to go back to visit your home page, you won't be able to.

I was able to reproduce it all the time even with the ipset feature.

Now to fix this, why aren't we using DNAT for http/https traffic only if your mark is 0x2 or 0x3 (unreg/isol)? Let's resolve the real IP, but forward the packets to the inline interface for portal.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002994)
obilodeau   
2012-08-31 07:27   
I think we would face the Apache vhost problem we had before doing DNS DNAT but I'm not sure.

Just an idea that I would like you to try: How about putting a TTL of 1 in named in inline? Could you try that?
(0002995)
fgaudreault   
2012-08-31 07:28   
Hmmm interesting. I can try to reduce the TTL of the zone yes. Ill let you know how it goes :)
(0003004)
fgaudreault   
2012-08-31 12:07   
TTL 1 fixed the problem.
(0003037)
fgaudreault   
2012-09-10 14:42   
Is the "TTL 1" a fair solution? I mean the only downside really is the number of DNS queries that the DNS server will have to handle. I am sure a decent server can handle it.
(0003041)
obilodeau   
2012-09-10 15:25   
Yes, I think we should go with the TTL of 1 approach.

I think we should do this change in a major release so we test thoroughly w/ several different devices before releasing.
(0003045)
fgaudreault   
2012-09-11 09:29   
Commited in devel with id b770fd2e04f63969b3a97d4a8534fe70960f5418

I don't think we need to test more, it has been live at a customer site since last week, and everything is A1.
(0003046)
obilodeau   
2012-09-11 09:36   
This could also help with javascript redirection in VLAN mode. Should we perform a similar change there?
(0003047)
fgaudreault   
2012-09-11 09:38   
Good idea. I think it will help too.
(0003060)
fgaudreault   
2012-09-13 10:57   
Fixed in devel.

Commit 986f432a2dc277819e76c8556b0e91d392e78169





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1534 [PacketFence] performance minor random 2012-08-30 16:35 2012-09-10 15:12
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: c49873873d5a057dd71484fdf191f99e3e34de65
fixed in mtn revision:
Summary: RADIUS Accounting slow queries are not optimized
Description: Sample from the slow query log:

# Query_time: 27.180624  Lock_time: 0.000208 Rows_sent: 1  Rows_examined: 3064889
SET timestamp=1346357116;
SELECT CONCAT(SUBSTRING(callingstationid,1,2),':',SUBSTRING(callingstationid,3,2),':',SUBSTRING(callingstationid,5,2),':',
               
SUBSTRING(callingstationid,7,2),':',SUBSTRING(callingstationid,9,2),':',SUBSTRING(callingstationid,11,2)) 
AS mac,
               username,IF(ISNULL(acctstoptime),'connected','not connected') AS status,acctstarttime,acctstoptime,FORMAT(acctsessiontime/60,2) 
AS acctsessiontime,
               nasipaddress,nasportid,nasporttype,acctinputoctets AS acctoutput,
               acctoutputoctets AS acctinput,(acctinputoctets+acctoutputoctets) AS accttotal,
               IF(ISNULL(acctstoptime),'',acctterminatecause) AS acctterminatecause
        FROM (SELECT * FROM radacct ORDER BY acctstarttime DESC) AS tmp
        GROUP BY callingstationid
        HAVING callingstationid = 'E4D53D39968D';


Examined 3064889 and took 27 seconds. I wonder if indexing could help.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003038)
fgaudreault   
2012-09-10 14:46   
(edited on: 2012-09-10 14:53)
That part:
SELECT * FROM radacct ORDER BY acctstarttime DESC

I am pretty sure it's the one that caused issues. Ordering 3 millions rows is not fun.
(0003039)
fgaudreault   
2012-09-10 14:54   
Gne...

Try with this instead:
SELECT CONCAT(SUBSTRING(callingstationid,1,2),':',SUBSTRING(callingstationid,3,2),':',SUBSTRING(callingstationid,5,2),':',SUBSTRING(callingstationid,7,2),':',SUBSTRING(callingstationid,9,2),':',SUBSTRING(callingstationid,11,2)) AS mac,username,IF(ISNULL(acctstoptime),'connected','not connected') AS status,acctstarttime ,acctstoptime,FORMAT(acctsessiontime/60,2) AS acctsessiontime, nasipaddress,nasportid,nasporttype,acctinputoctets AS acctoutput, acctoutputoctets AS acctinput,(acctinputoctets+acctoutputoctets) AS accttotal, IF(ISNULL(acctstoptime),'',acctterminatecause) AS acctterminatecause FROM (SELECT * FROM radacct WHERE callingstationid = 'E4D53D39968D' ORDER BY acctstarttime DESC) AS tmp GROUP BY callingstationid HAVING callingstationid = 'E4D53D39968D';
(0003040)
fgaudreault   
2012-09-10 15:12   
Fixed the problematic query. Time stripped down from 25-30sec to below 1sec.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1323 [PacketFence] IDS minor always 2011-11-01 13:47 2012-09-10 14:34
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: snort will not install on centos 6 64bit
Description: We are relying on the upstream package of SNORT. They only package the i386 version. Trying to install it on a CentOS 6 64bit give us this error even if libnet is installed properly:

Error: Package: 1:snort-2.9.1-1.i386 (PacketFence)
           Requires: libdnet.1
Steps To Reproduce:
Additional Information: I will recompile my own 64bit version and retry.
Attached Files:
Notes
(0002417)
fgaudreault   
2011-11-01 15:09   
Recompiling my own 64bit SNORT packages did the trick. I will also compile the 32bit soon.

Looks like we will have to continue to build them.
(0002418)
fgaudreault   
2011-11-01 16:41   
Both i386 and x86_64 packages are now available in our repos.
(0002694)
obilodeau   
2012-05-02 11:44   
Looks like upstream is not going to provide x86_64 packages :(

We can probably close this ticket as fixed then.
(0003035)
fgaudreault   
2012-09-10 14:34   
Let's close it. If we need, we will re-open.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1526 [PacketFence] addons minor always 2012-08-22 11:29 2012-09-10 14:23
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: 1cae66aca835d439865f95eefd887e6217323054
fixed in mtn revision:
Summary: managed radius doesn't provide log rotation
Description: Logs will just keep growing.. We should probably integrate the radius' logs rotation into our own addons/logrotate strategy.
Steps To Reproduce:
Additional Information:
Attached Files:
There are no notes attached to this issue.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1542 [PacketFence] configuration minor have not tried 2012-09-10 02:28 2012-09-10 08:15
Reporter: pablo222 Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.5.1  
Product Build: Resolution: duplicate  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: problem with pf install
Description: Error while installing pf

 yum groupinstall --enablerepo=PacketFence,rpmforge,of,epel packetfence



Transaction Check Error:
  file /usr/share/man/man3/Apache::Test.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestConfig.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestMB.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestMM.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestReport.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestRequest.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestRun.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestRunPHP.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestRunPerl.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestServer.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestSmoke.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestTrace.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
  file /usr/share/man/man3/Apache::TestUtil.3pm.gz from install of perl-Apache-Test-1.36-1.of.el6.noarch conflicts with file from package mod_perl-2.0.4-10.el6.i686
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003031)
pablo222   
2012-09-10 02:30   
OS version= updated Centos6
(0003032)
obilodeau   
2012-09-10 08:15   
You need to ignore packages. This is mentionned in the Administration Guide. See also bug 0001537.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1540 [PacketFence] scanning minor always 2012-09-06 08:58 2012-09-06 11:05
Reporter: dwuelfrath Platform:  
Assigned To: dwuelfrath OS:  
Priority: low OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: pf::scan will try to instanciate unknown module
Description: Even if we do a check if the scanning type exist or not, we do not handle the result and continue the workflow.
Steps To Reproduce:
Additional Information: https://github.com/inverse-inc/packetfence/blob/stable/lib/pf/scan.pm#L93 [^]
Attached Files:
Notes
(0003028)
obilodeau   
2012-09-06 11:01   
Another thing to look at: https://github.com/inverse-inc/packetfence/blob/stable/lib/pf/scan.pm#L165 [^]
(0003029)
obilodeau   
2012-09-06 11:05   
Ok, pf::scan's run_scan is never checked for success or not. Also scans are initiated explicitly by bin/pfcmd and never inside daemons so the crash wouldn't be as bad as causing a daemon to crash.

That said, it could introduce subtle mistake if we ever decide start scans inside daemons or long term processes like apache so it should be fixed.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1537 [PacketFence] core minor always 2012-09-04 04:21 2012-09-04 09:44
Reporter: link Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: error when install
Description: after install repo( follow installation guide), i've run:
"yum install packetfence" or "yum groupinstall --enablerepo=PacketFence,rpmforge,epel,of Packetfence-complete". and here's error that i've received:

Transaction Check Error:
  file /usr/share/man/man3/Apache::Test.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestConfig.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestMB.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestMM.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestReport.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestRequest.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestRun.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestRunPHP.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestRunPerl.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestSmoke.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestTrace.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Apache::TestUtil.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
  file /usr/share/man/man3/Bundle::ApacheTest.3pm.gz from install of perl-Apache-Test-1.36-1.of.el5.noarch conflicts with file from package mod_perl-2.0.4-6.el5.i386
can anybody tell me why??:(
sorry for my English
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0003008)
fgaudreault   
2012-09-04 07:29   
Read the documentation, not a bug:

Under RHEL 5.x / Centos 5.x, you must exclude packages from rpmforge repository edit /etc/yum.repos.d/
rpmforge.repo and add the line exclude = perl-PathTools*,perl-File-Spec* on the section [rpmforge] Under
RHEL 6.x / Centos 6.x, you must exclude perl-Apache-Test from rpmforge and openfusion repository. Edit /
etc/yum.repos.d/rpmforge.repo and add the line exclude = perl-Apache-Test* on the section [rpmforge]
Edit /etc/yum.repos.d/openfusion.repo and add the line exclude = perl-Apache-Test* on the section [of].
(0003009)
obilodeau   
2012-09-04 09:44   
Still, I'm pretty sure we can do a better job rather than force exclude every package that causes a transaction conflict...





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1492 [PacketFence] captive portal feature have not tried 2012-07-19 16:56 2012-08-06 16:43
Reporter: ludovic Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: acknowledged Product Version:  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: long-term  
fixed in git revision:
fixed in mtn revision:
Summary: Maximum number of register devices - Offer unreg option
Description: When a user registers a device, if he has already registered 3 devices and the limit is set to 3 and he's about to register a 4th one, we only tell the user he can't do it because he reached the maximum number of registered devices.

What would be nice is, after making sure the username/password is valid, to show the user the list of devices he can actually unregister. That could happen for example when one changes laptop or cellphone. We could show a list similar to this:

MAC OS fingerprint Reg date
[aa:bb:cc:dd] [Android Phone] [13/06/2011] [ UNREGISTER ]
[ee:bb:cc:dd] [Windows 7] [15/07/2010] [ UNREGISTER ]
[ff:ee:cc:dd] [Apple iPad] [19/04/2012] [ UNREGISTER ]

At this point, the user would have to unregister a device to complete his registration process.

We could extend this for SMS-based registration. For example, we could one the user types back the PIN, present the same page mentioned above.

We could also extend this for email-based registration. For example, when the user opens the link in the email, that page could be presented before the registration process completes.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002886)
obilodeau   
2012-08-06 16:43   
great idea !





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1479 [PacketFence] core tweak N/A 2012-07-05 10:07 2012-08-06 14:43
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision: 485cb72ef198569f2d064019c260c29ca40b0c5e
fixed in mtn revision:
Summary: Add control-socket support to our RADIUS
Description: When we will be ready to merge the RADIUS configuration into the PF directory, we should also add the control-socket support. This will allow to debug a live server without having to do radiusd -X and disrupt the service.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002843)
fgaudreault   
2012-07-19 10:15   
Fixed in feature/managed-radius. Will be merged in devel soon...
(0002874)
obilodeau   
2012-08-06 14:43   
added doc in bf2096fd7d5e93013a804e5eeb2ee324a66a5dbd

pull request: https://github.com/inverse-inc/packetfence/pull/40 [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1464 [PacketFence] core minor sometimes 2012-06-11 12:27 2012-08-06 13:24
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.4.0  
    Target Version: 3.4.0  
fixed in git revision: 375c5ab
fixed in mtn revision:
Summary: process management issues (pid misuse in listing and killing daemons)
Description: Processes started with perl ... instead of specifying directly the executable name wouldn't be listed in status (which relies on pidof) and wouldn't be killed (which relies on pkill).

It's not 100% straightforward to reproduce but anything started under the debugger (perl -d ...) is simply not properly managed (killed or listed in status) which definitely causes problems when trying to investigate odd crashes.

Also, I think this could be related to the double processes started when pfsetvlan was restarted from the Web admin and could also explain the core dumps. I remember seeing that perl was explicitly mentionned in the `ps -ef` output.

Attempted workarounds:
- Using `pkill -f` matches the entire command line of the process and fixed the killing problems. However it doesn't work on listing statuses which relies on pidof.
- Setting $0 works for pidof but sometimes didn't work with pkill but I'm not too sure now (done that last Friday before leaving..)

We could either:
- implement both changes (re-validate in lab)
- implement -f pkill fix and use `pgrep -f` instead of pidof for status (warning: output format differs slightly)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002756)
obilodeau   
2012-06-12 14:37   
Re-tested the stuff properly and we can avoid the risky `pkill -f` if we set $0 ($PROGRAM_NAME) to basename($0) in all daemons. I'm taking that route.
(0002757)
obilodeau   
2012-06-12 14:48   
fix available in branch fix/process-management-1464. Will hit stable before the next stable release.
(0002772)
obilodeau   
2012-06-14 12:16   
fix released in 3.4.0 yesterday
(0002848)
fgaudreault   
2012-07-19 11:18   
Regression. We lost the arguments in the ps line.
(0002872)
obilodeau   
2012-08-06 13:24   
I marked this one as resolved as the underlying issue has been resolved. I'll update the related 0001478 in a second with a target and proper priority.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
773 [PacketFence] error-handling minor have not tried 2009-08-11 11:57 2012-08-06 12:18
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 1.9.3  
fixed in git revision:
fixed in mtn revision:
Summary: need better error message when two violations have the same id
Description: right now it crashes horribly when two violations share the same id

this problem should be detected and a proper error message given to the user
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002871)
fgaudreault   
2012-08-06 12:18   
See 0000749





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1476 [PacketFence] core tweak N/A 2012-06-21 10:57 2012-07-31 14:39
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.5.0  
    Target Version:  
fixed in git revision: 2e399c41e56ddc99c73fa37e53f812d5c09acbd4
fixed in mtn revision:
Summary: Close violation when release_date is reached
Description: Just like node unregdate, we should be able to automatically close a violation after a defined period of time.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002818)
fgaudreault   
2012-06-21 12:26   
In stable branch, was minor fix.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1475 [PacketFence] core tweak N/A 2012-06-21 10:46 2012-07-19 11:09
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: low OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Refactor the Bandwidth accounting violation process
Description: Instead of using sliding window, we should be more precise in the way we calculate the time interval for the bandwidth usage.

Example.
If I define a violation to trap user that are doing more than 20GB/month of bandwidth transfer. Say I hit that limit after 3 days. It should block the user until day 1 of next month if auto-enable if disabled or if auto-enable is enabled, it should start the bandwidth calculation from the violation release date instead of the beginning of the month for the next violation.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002846)
fgaudreault   
2012-07-19 11:09   
Fixed in acct_violations branch. Will be merged shortly.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1470 [PacketFence] i18n minor have not tried 2012-06-14 19:17 2012-06-18 08:31
Reporter: pb1dft Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: feedback Product Version: 3.4.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: error in guest.pm
Description: on line 271 i18n($_) should be i18n()

Otherwise translations for the field names wil not work
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002802)
obilodeau   
2012-06-15 15:17   
line 271? the closest i18n() call in pf::web::guest is 290 and is:
return ( $FALSE, $GUEST::ERROR_MISSING_MANDATORY_FIELDS, [ join(", ", map { i18n($_) } @missing_fields) 
] );


is this you are talking about?

If so, I don't understand the mistake. map assigns each array member into $_ and we pass it through i18n which returns it translated and it's joined afterwards.

Pretty sure that if you remove $_ nothing will happen. Can you elaborate?

Thanks
(0002808)
pb1dft   
2012-06-17 22:05   
in my case when i removed $_ it translated as it should with it would not translate. I can retry as the language file i'm using is one big mess and i'm halfway translating it again. In other word i started from scratch to make the text more sensible. I would have to test it again when i'm finished.
(0002809)
obilodeau   
2012-06-18 08:31   
Will need to attempt to reproduce in lab. Before then if you can try again it will be appreciated.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
750 [PacketFence] core minor have not tried 2009-07-17 14:22 2012-06-15 10:01
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: confirmed Product Version:  
Product Build: Resolution: reopened  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: general  
fixed in git revision:
fixed in mtn revision:
Summary: telnet / ssh logging timeouts
Description: It seems that telnet / ssh connection handling is not the same everywhere. On linksys IIRC we had a timeout problem that was quite annoying to troubleshoot (no logging output).

It seems that it is doing the right thing at most places so comparing the Linksys' telnet implementation with the other ones would be a good place to start.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001345)
rbalzard   
2009-10-15 16:26   
We close the ticket for now. See comments in 0000797 for details
(0001347)
obilodeau   
2009-10-16 10:58   
This is _not_ a Linksys issue. Its about handling timeouts / errors for ssh/telnet consistently.

Right now, some modules provide hard-coded timeout values others not, etc.

We need to review all modules using telnet / ssh and make sure they are consistent. Regroup timeout values and credentials, etc.
(0001372)
obilodeau   
2009-10-26 16:13   
not a blocker for 1.8.5





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1466 [PacketFence] web admin major sometimes 2012-06-13 19:55 2012-06-15 09:20
Reporter: barryq Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.3.2  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version: 3.4.0  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Changing node category produces error
Description: When changing the node category either from "No Category" to a defined category, or from a defined category to "No Category" the following error is produced:

Error: Problems executing 'PFCMD node edit a0:6c:ec:d2:a8:81 pid="<hidden>", category="guest", status="reg", bypass_vlan="", voip="no", detect_date="2012-06-13 16:47:07", regdate="2012-06-13 16:47:12", unregdate="", last_arp="", last_dhcp="2012-06-13 16:47:28", lastskip="", notes="AUTO-REGISTERED"'

Command not understood. (pfcmd grammar test failed at line 209.)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002768)
obilodeau   
2012-06-14 09:16   
I would assume there's an illegal character in pid. Sorry for the obscure error message.

These are allowed:

&=?()/,0-9a-zA-Z_*.-:;@ +!^[]|#

Before 3.4.0 backslashes weren't allowed. That was fixed in 3.4.0. All characters that could be interpreted in the shell need to be quoted.

If you are sure that it isn't this let me know and I'll tell you how to turn on the parser debugger.
(0002783)
barryq   
2012-06-14 13:20   
That would explain why the problem doesn't occur every time. I think you are right about the backslashes in the PID. I will get the to the upgrade today or tomorrow and let you know.
(0002784)
obilodeau   
2012-06-14 14:07   
sounds good
(0002793)
barryq   
2012-06-14 20:36   
I've updated to 3.4.0 and I can't reproduce the error. But I couldn't produce it consistently before anyway. I guess we should just close this and if it pops up again I can open a new ticket.
(0002794)
obilodeau   
2012-06-15 09:20   
Sounds good. Thanks!





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1409 [PacketFence] zen tweak always 2012-03-28 13:34 2012-04-18 10:03
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 3.2.0  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.3.0  
    Target Version: 3.3.0  
fixed in git revision:
fixed in mtn revision:
Summary: Missing some small things (802.1X user and host entry)
Description: Need to add :

- demouser Cleartext-password := demouser (in raddb/users)
- pf-zen 127.0.0.1 (in /etc/hosts)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002645)
fgaudreault   
2012-04-13 11:46   
Fixed in Zen 3.3.0





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1375 [PacketFence] captive portal tweak have not tried 2012-02-03 15:24 2012-02-03 15:37
Reporter: fgaudreault Platform:  
Assigned To: OS:  
Priority: low OS Version:  
Status: feedback Product Version: 3.1.0  
Product Build: Resolution: open  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Activation link appears to be valid even if node did not confirm within the proper time period
Description: It appears that the activation link sent to self-registering node is still valid even if the node did not confirm within the determined time frame (default 10min)

Registering at 13:49
Unreg by pfmon at 13:59
...
Feb 03 14:13:18 email_activation.cgi(0) INFO: Activation code sent to email xxxx successfully verified! Node authorized: xxx (pf::email_activation::validate_code)
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002566)
obilodeau   
2012-02-03 15:37   
activation codes are valid for 31 days by default.

Not sure if this is something we want to change or not. After all the device is properly unregistered after 10 minutes.. If he still has access to the activation link (from another device or from registration VLAN with a fat mail client) why shouldn't he be able to click on it?

So this is definitely confirmed but not an 'issue' IMO. If anyone think it should be fixed let us know why with a good reason and we'll fix it.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
991 [PacketFence] upstream minor have not tried 2010-05-25 11:13 2011-12-30 23:49
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 1.8.7  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: php-pear-Log problem
Description: We received an anonymous bug report:

Error Message: : Assigning the return value of new by reference is deprecated in /usr/share/pear/Log.php on line 169.

Looks like an upstream problem caused by the deprecation of something in php.

Deprecation is Introduced in php 5.3 maybe? http://www.php.net/manual/en/language.references.php#93292 [^]

I would hope that latest pear Log doesn't have this problem. For now, our target platform is not affected so this won't be a priority fix. We will just wait for this to settle by themselves.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001746)
obilodeau   
2010-11-02 12:37   
current debian stable is also not running 5.3.x
(0001967)
fgaudreault   
2011-03-18 16:23   
Regarding this bug : http://pear.php.net/bugs/bug.php?id=16743 [^]

 [2009-12-27 18:57 UTC] jon (Jon Parise)
-Status: Feedback +Status: Closed
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/ [^]

It has been filed for PEAR/Log version 1.11.5. CentOS 5.5 is using version 1.9.13. Maybe we should install the package using pear instead of the deprecated RPM?


Not tested tho.
(0001987)
fgaudreault   
2011-03-24 10:00   
- EPEL 5.5 now use php-pear-log 1.11.6, and EPEL 6 use php-pear-log 1.12.5

This bug should be resolved in those two packages.
(0001988)
obilodeau   
2011-03-24 10:03   
Our package pulls down php-pear-Log (capital L) not php-pear-log and they originate from different repos. See 0000804.

So it is not fixed upstream unless we switch to php-pear-log but can we just do that?
(0001989)
fgaudreault   
2011-03-24 10:08   
Its the same name from both repos, we just need to install EPEL and we are done:

Installed Packages
Name : php-pear-Log
Arch : noarch
Version : 1.9.13
Release : 1.el5.centos
Size : 204 k
Repo : installed
Summary : Abstracted logging facility for PHP
URL : http://pear.php.net/package/Log [^]
License : PHP
Description: The Log framework provides an abstracted logging system.
           : It supports logging to console, file, syslog, SQL, Sqlite, mail, and mcal
           : targets. It also provides a subject - observer mechanism.
           :
           : php-pear-Log can optionally use package "php-pear-DB" (version >= 1.3)
           : and "php-pear-MDB2" (version >= 2.0.0RC1).

Available Packages
Name : php-pear-Log
Arch : noarch
Version : 1.11.6
Release : 1.el5
Size : 56 k
Repo : epel
Summary : Abstracted logging facility for PHP
URL : http://pear.php.net/package/Log [^]
License : MIT
Description: The Log framework provides an abstracted logging system.
           : It supports logging to console, file, syslog, SQL, Sqlite, mail, and mcal
           : targets. It also provides a subject - observer mechanism.
           :
           : php-pear-Log can optionally use package "php-pear-DB" (version >= 1.3)
           : and "php-pear-MDB2" (version >= 2.0.0RC1).
(0001990)
obilodeau   
2011-03-24 10:14   
See our admin guide, for RHEL EPEL is mandatory but for CentOS I thought that everything was provided in CentOS-Extras?

So we would need to add EPEL to our CentOS installation process, correct?

Again is this really worth the effort? Right now as said in the bug description our target platform (CentOS / RHEL) works just fine without any changes..
(0001991)
fgaudreault   
2011-03-24 10:21   
No need to push that, unless someone would abosolutely want to use php 5.3 on a CentOS install. EPEL doesn't provide the php package. CentOS 6 will ship with php 5.3, but with proper php-pear-Log module as well.

So I guess we should just keep this bug as a reference.
(0002194)
fgaudreault   
2011-09-09 16:13   
Let's close this one.

In CentOS 5, this bug doesn't apply.
In CentOS 6, the distro ships with 5.3 and a working php-pear-Log package.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1159 [PacketFence] upstream minor have not tried 2011-01-19 16:33 2011-12-30 23:39
Reporter: obilodeau Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: perl-SOAP-Lite requires perl-version but doesn't depend on it
Description: I faced the issue on a dedicated RADIUS Server. On a normal PacketFence server, something else probably installed the package correctly.

I should provide a patch to rpmforge's perl-SOAP-Lite's packager. This bug is to track the issue.

Workaround: install perl-version by hand with `yum install perl-version` (you need the rpmforge repo enabled)
Steps To Reproduce:
Additional Information: A link where I had a clue to look in that direction:
http://confluence.atlassian.com/display/CROWDKB/Apache+Integration+Fails+Due+to+Missing+version.pm+File [^]
Attached Files:
Notes
(0001840)
fgaudreault   
2011-01-27 14:31   
(edited on: 2011-01-27 14:33)
According to deplist :

  dependency: perl(version)
   provider: perl-version.i386 0.72.3-1.el5.rf
   provider: perl-version.i386 0.74-1.el5.rf
   provider: perl-version.i386 0.76-1.el5.rf
   provider: perl-version.i386 0.82-1.el5.rf
   provider: perl-version.i386 0.83-1.el5.rf
   provider: perl-version.i386 0.85-1.el5.rf
   provider: perl-version.i386 0.86-1.el5.rf

Looks like it is in the dependancy list.
(0001944)
fgaudreault   
2011-03-17 18:18   
Still missing.
(0001971)
fgaudreault   
2011-03-22 11:29   
Changes commited upstream today :

Requires: perl(constant)
Requires: perl(version)
Requires: perl >= 5.006

Will be released on the next packaging cycle.
(0001992)
fgaudreault   
2011-03-25 09:39   
This is resolved upstream, the new package have been released in RPMForge with the proper dependencies :

perl-SOAP-Lite-0.712-3.el5.rf.noarch.rpm 24-Mar-2011 12:46 349K RHEL5 and CentOS-5 noarch





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1241 [PacketFence] upstream major always 2011-07-26 11:54 2011-07-27 09:25
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: high OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: RPMForge repository segfaulting on yum update
Description: Even if this is not a PF issue, I think it is interesting to post the bug here so we can track it since we heavily rely on rpmforge.

Doing a yum update will not work, rpmforge will make yum quit with a segfault.

[root@CentOS5/chroot]$ yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: centos.mirror.iweb.ca
 * extras: centos.mirror.iweb.ca
 * rpmforge: apt.sw.be
 * updates: centos.mirror.iweb.ca
rpmforge: [#################### ] 891/10953Segmentation fault

We do not know any way to fix the issue for now.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0002115)
fgaudreault   
2011-07-27 09:25   
Everything should be back to normal. RPMForge fixed their repository last night.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
752 [PacketFence] upstream crash random 2009-07-20 14:26 2011-05-04 11:50
Reporter: obilodeau Platform:  
Assigned To: OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: unable to reproduce  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Sometimes Net::Appliance::Session depends on Devel::StackTrace >= 1.2 which is not explicitly required
Description: problem found on a perl install 5.8.8

Cisco Catalyst 2860 depends on Net::Appliance::Session which in turn depends on Devel::StackTrace >= 1.20 which was not pulled in by installer.pl or by Net::Appliance:Session itself.

Net::Appliance::Session version was 1.36.

I will need to try to reproduce.

I will also need to verify that this is not an upstream bug: Net::Appliance::Session not correctly asking for Devel::StackTrace >= 1.20 when installed from cpan.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001295)
obilodeau   
2009-07-20 14:32   
Either fix upstream or add it as a defnitive dep in installer.pl
(0001323)
rbalzard   
2009-10-13 10:16   
to be tested with 1.8.5 rpm
(0001370)
obilodeau   
2009-10-26 16:00   
Couldn't reproduce and also I don't see any use Devel::StackTrace in Net::Appliance::Session's code. Pulling the plug on this one.

Feel free to re-open if you can reproduce.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1164 [PacketFence] upstream minor N/A 2011-01-27 13:06 2011-04-26 10:26
Reporter: fgaudreault Platform:  
Assigned To: obilodeau OS:  
Priority: low OS Version:  
Status: resolved Product Version: 2.0.0  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Depsolving problem on yum update with perl-IO-Compress
Description: When updating your CentOS, you may have this error :

perl-IO-Compress-2.024-1.el5.rf.noarch from installed has depsolving problems
  --> Missing Dependency: perl(Compress::Raw::Zlib) = 2.024 is needed by package perl-IO-Compress-2.024-1.el5.rf.noarch (installed)
perl-IO-Compress-2.024-1.el5.rf.noarch from installed has depsolving problems
  --> Missing Dependency: perl(Compress::Raw::Bzip2) = 2.024 is needed by package perl-IO-Compress-2.024-1.el5.rf.noarch (installed)
perl-Module-Install-0.92-1.el5.rf.noarch from installed has depsolving problems
  --> Missing Dependency: perl(Archive::Tar) >= 1.44 is needed by package perl-Module-Install-0.92-1.el5.rf.noarch (installed)
Error: Missing Dependency: perl(Archive::Tar) >= 1.44 is needed by package perl-Module-Install-0.92-1.el5.rf.noarch (installed)
Error: Missing Dependency: perl(Compress::Raw::Bzip2) = 2.024 is needed by package perl-IO-Compress-2.024-1.el5.rf.noarch (installed)
Error: Missing Dependency: perl(Compress::Raw::Zlib) = 2.024 is needed by package perl-IO-Compress-2.024-1.el5.rf.noarch (installed)

This is likely to have been triggered by a change in an upstream package.
Steps To Reproduce:
Additional Information: A quick workaround :

rpm -e --nodeps perl-IO-Compress
yum update

This will update perl-Compress-Raw-Bzip2 and perl-Compress-Raw-Zlib properly.
Attached Files:
Notes
(0002040)
obilodeau   
2011-04-26 10:26   
if you are bitten by this, perform the work-around





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1194 [PacketFence] upstream major always 2011-02-25 17:01 2011-03-22 10:06
Reporter: user201 Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: devel  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: Perl SOAP Lite dependency error
Description: dependency error with package perl-SOAP-Lite-0.712-1.el5.rf.noarch.rpm

Must install manually this package to resolve this issue: perl-Class-Inspector-1.24-1.el5.rf.noarch.rpm ( yum install perl-Class-Inspector.noarch )
Steps To Reproduce:
Additional Information: package: perl-SOAP-Lite-0.712-1.el5.rf.noarch.rpm, perl-Class-Inspector-1.24-1.el5.rf.noarch.rpm

Name : perl-SOAP-Lite Relocations: (not relocatable)
Version : 0.712 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ [^]
Release : 1.el5.rf Build Date: Wed 23 Feb 2011 10:43:42 AM EST

an email have been sent to dag repo regarding this...
Attached Files:
Notes
(0001887)
obilodeau   
2011-02-25 17:11   
Added perl-Class-Inspector to our package dependencies as a work-around for now.
(0001943)
obilodeau   
2011-03-17 18:07   
(edited on: 2011-03-17 18:07)
since it was fixed upstream, remove perl(Class::Inspector) from our dependencies and mark as resolved
(0001945)
fgaudreault   
2011-03-17 18:19   
In the .spec in the SVN, but not reflected on the current package version.
(0001946)
obilodeau   
2011-03-18 09:36   
Did you do a yum clean metadata before the install?
(0001969)
fgaudreault   
2011-03-22 10:06   
Fixed Upstream.

Installing:
 perl-SOAP-Lite noarch 0.712-2.el5.rf rpmforge 349 k
Installing for dependencies:
 perl-Class-Inspector noarch 1.24-1.el5.rf rpmforge 30 k
 perl-Compress-Zlib x86_64 1.42-1.fc6 base 52 k
 perl-FCGI x86_64 0.68-1.el5.rf rpmforge 91 k
 perl-HTML-Parser x86_64 3.55-1.fc6 base 92 k
 perl-HTML-Tagset noarch 3.10-2.1.1 base 15 k
 perl-IO-Socket-SSL noarch 1.01-1.fc6 base 49 k
 perl-Net-SSLeay x86_64 1.30-4.fc6 base 192 k
 perl-Task-Weaken noarch 1.03-1.el5.rf rpmforge 17 k
 perl-URI noarch 1.35-3 base 116 k
 perl-XML-Parser x86_64 2.34-6.1.2.2.1 base 210 k
 perl-libwww-perl noarch 5.805-1.1.1 base 376 k





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1124 [PacketFence] upstream major have not tried 2010-11-25 12:10 2011-02-28 14:47
Reporter: fgaudreault Platform:  
Assigned To: fgaudreault OS:  
Priority: normal OS Version:  
Status: resolved Product Version: 1.9.1  
Product Build: Resolution: won't fix  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 2.0.2  
fixed in git revision:
fixed in mtn revision:
Summary: Snort is not killed by pfcmd
Description: Seen on CentOS 5.5 x86_64, SNORT is not able to be killed using the "pfcmd service snort stop" command while it's working with the same RPM package on CentOS 5.5 i386. Even after compiling the x86_64 RPM, the problem persists.

This implies some drawbacks, especially when you are in a HA cluster. PacketFence won't be able to stop properly, so the failover will never happen. It's a major problem. The issue is not related to PacketFence, but to snort.

A potential workaround is to modify the code to issue a "pkill -9 snort" instead of the standard "pkill snort".
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001888)
fgaudreault   
2011-02-28 14:47   
Cannot reproduce on fresh CentOS 5.5 installation.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1033 [PacketFence] upstream minor have not tried 2010-07-20 11:20 2011-02-25 16:52
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: high OS Version:  
Status: resolved Product Version: 1.9.0  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: RPM dependency error with perl(Archive::Tar)
Description: Errors started to show up on our nightly builds:

--> Finished Dependency Resolution
perl-Module-Install-0.92-1.el5.rf.noarch from installed has depsolving problems
  --> Missing Dependency: perl(Archive::Tar) >= 1.44 is needed by package perl-Module-Install-0.92-1.el5.rf.noarch (installed)
Error: Missing Dependency: perl(Archive::Tar) >= 1.44 is needed by package perl-Module-Install-0.92-1.el5.rf.noarch (installed)
 You could try using --skip-broken to work around the problem
 You could try running: package-cleanup --problems
                        package-cleanup --dupes
                        rpm -Va --nofiles --nodigest

Looks upstream since we haven't changed anything.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001605)
rbalzard   
2010-07-20 11:23   
Obviously DAG has updated perl-Module-Install but has forgotten to update its dependency perl-Archive-Tar...
:(

A temporary easy fix is to tell YUM to skip perl-Module-Install by adding the following line in /etc/yum.conf:
exclude=perl-Module-Install
(0001610)
obilodeau   
2010-07-22 11:02   
Just noticed that our 64 bit nightly doesn't have this problem so I checked if perl-Module-Install is required / used by PacketFence and it's not.

So if you ever experience this problem, run:
# yum erase perl-Module-Install

Which will get rid of perl-Module-Install and perl-Test-Base both of which are not required by PacketFence (currently at least).

Ran smoke test suite and they all pass.
(0001886)
obilodeau   
2011-02-25 16:52   
just hit the dep problem again while trying to do some Catalyst testing.. this guy has an interesting solution:

http://www.imminentweb.com/technologies/yum-complains-about-package-installed-has-depsolving-problems [^]





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1152 [PacketFence] upstream minor random 2011-01-13 12:43 2011-01-18 09:54
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: not fixable  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: FreeRADIUS hangs in our perl module with: Modification of a read-only value .../DBI.pm line 563
Description: Error: rlm_perl: perl_embed:: module = /etc/raddb/rlm_perl_packetfence.pl , func = post_auth exit status= Modification of a read-only value attempted at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/DBI.pm line 563.

Launching db connection in FreeRADIUS' CLONE {...} then re-connecting only if necessary should mitigate the issue. Here's a patch for those interested:

--- pf/addons/802.1X/rlm_perl_packetfence.pl	c967f44b9c3e832b4c2189e5792b47c1006872cd
+++ pf/addons/802.1X/rlm_perl_packetfence.pl	4c5b8f74db3f0770ba542f020d98a1e74ffa1371
@@ -37,6 +37,7 @@ use vars qw(%RAD_REQUEST %RAD_REPLY %RAD
 use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
 #use Data::Dumper;
 
+our $mysql_connection;
 # This is hash wich hold original request from radius
 #my %RAD_REQUEST;
 # In this hash you add values that will be returned to NAS.
@@ -221,6 +222,22 @@ sub log_request_attributes {
         }
 }
 
+sub CLONE {
+    db_connect();
+}         
+
+sub db_connect {
+        
+    $mysql_connection = DBI->connect("dbi:mysql:dbname=".DB_NAME.";host=".DB_HOSTNAME,

+                                        DB_USER, DB_PASS, {PrintError => 0});
+        
+    if (!defined($mysql_connection)) {
+      openlog("rlm_perl_packetfence", "perror,pid","user");
+      syslog("info", "Can't connect to the database.");
+      closelog();
+    }     
+}         
+
 # Here is the decision process:
 # 
 # registered, guest, secure                      => disconnect (-1)
@@ -250,14 +267,16 @@ sub getVlan {
     
     openlog("rlm_perl_packetfence", "perror,pid","user");
     syslog("info", "getVlan called with switch_ip $switch_ip, mac $mac, is_eap_request 
$is_eap_request");
-    
-    # create database connection
-    my $mysql_connection = DBI->connect("dbi:mysql:dbname=".DB_NAME.";host=".DB_HOSTNAME, 

-                                        DB_USER, DB_PASS, {PrintError => 0});
+          
+    if (!defined($mysql_connection) || !$mysql_connection->ping() ) { 
+      syslog("info", "Database connection seems down.. Reconnecting...");
+      db_connect();
 
-    if (!defined($mysql_connection)) { 
-      syslog("info", "Can't connect to the database.");
-      return undef;
+      if (!defined($mysql_connection) || !$mysql_connection->ping() ) {
+        syslog("info", "Database still down... Bailing out for this request.");

+        closelog();
+        return;
+      }
     }
 
     # check if mac exists already in database
@@ -402,7 +421,6 @@ sub getVlan {
     # return the correct VLAN, close resources
     syslog("info", "returning VLAN $correctVlan for $mac");
     closelog();
-    $mysql_connection->disconnect();
     return $correctVlan;
 }
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001809)
obilodeau   
2011-01-13 12:44   
Our code is no longer doing database access so this issue will not occur with anything > 2.0.

Issue was filed only for reference.
(0001812)
obilodeau   
2011-01-18 09:54   
by the way the CLONE { ... } above suggestion did not work.

Look into
https://github.com/alandekok/freeradius-server/blob/master/doc/bugs [^]
for more in-depth FreeRADIUS troubleshooting.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1132 [PacketFence] upstream major random 2010-12-01 12:05 2011-01-11 09:49
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: normal OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: no change required  
Projection: none      
ETA: none Fixed in Version:  
    Target Version: 2.1.0  
fixed in git revision:
fixed in mtn revision:
Summary: Mac OS X DHCP issues after a VLAN change on wireless networks
Description: Based on the setup we are sometimes able to reproduce the problem 100% of the time or not at all.

The issue: Mac OS X after a wireless deauthentication (desassociation) doesn't do a DHCP Discover.

What happens:
- we deauth the Mac OS X client
- Mac OS X client reconnects, get a different VLAN assigned
- it waits for its DHCP lease to expire
- it then does DHCP Request on the server where it obtained it's last IP
- a default DHCP server configuration will not reply to that DHCP Request thinking it's not for him (wrong IP information on wrong interface)
- after a couple of minutes the Mac OS X client abandon the DHCP Requests and do a DHCP Discover
- DHCP Server responds
- Mac OS X client has an IP in the right VLAN

Because of the lease expiry delays and the DHCP Request timeout delays, it takes several minutes to gain network access. This is unacceptable. On Windows, everything works fine.

Expected:
- we deauth the Mac OS X client
- Mac OS X client reconnects, get a different VLAN assigned
- Mac OS X issues a DHCP Discover (it's in a new network after all!)
- it gets an IP in the good VLAN

Workarounds:
We are working on workarounds which involves sending a DHCP NAK (non-acknowledge) if we see a DHCP Request coming with the wrong IPs on the wrong interface. This way we reduce the delay window only to the dhcp lease timeout. Here's the flow with the workaround:
- we deauth the Mac OS X client
- Mac OS X client reconnects, get a different VLAN assigned
- it waits for its DHCP lease to expire
- it then does DHCP Request on the server where it obtained it's last IP
- DHCP Server sends a DHCP NAK to the client
- Mac OS X client does a DHCP Discover
- DHCP Server responds
- Mac OS X client has an IP in the right VLAN
 
As stated earlier, some setups are affected some aren't so we aren't sure where the interaction changes. Here's a list of variables to look after:
- ip-helpers based or not (vs bridged layer2 to dhcp)
- DHCP Server based on Windows or Linux
- Using a Controller or fat Access Points

We are investigating on this but any findings would help us a lot!
Steps To Reproduce:
Additional Information: workarounds:

- in bridged mode (no ip-helpers)
run a DHCP Server per interface with -pf (pid file) and -cf (different config) in that config put deny all on subnets you should never see on that VLAN

- in ip-helpers mode
we are still discussing this one (one ip-helper on eth0 doing the right thing or several)
Attached Files:
Notes
(0001784)
obilodeau   
2010-12-01 14:47   
We tested and were no longer able to reproduce under Mac OS 10.6.5. It was probably fixed under "Improves reliability of Ethernet connections." according to http://support.apple.com/kb/HT4250 [^]
(0001802)
obilodeau   
2011-01-11 09:49   
Update your Mac OS X to 10.6.5.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
882 [PacketFence] upstream minor always 2009-12-17 10:51 2010-12-15 11:37
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: high OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: not fixable  
Projection: none      
ETA: none Fixed in Version: 2.0.0  
    Target Version: 2.0.0  
fixed in git revision:
fixed in mtn revision:
Summary: perl-SOAP-Lite needs LWP::UserAgent but it isn't declared in package
Description: short term fix: specify it in the RPM spec

longer term fix: submit packaging bug upstream
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001447)
obilodeau   
2009-12-17 14:13   
workaround for those experiencing the issue:

yum install perl-LWP-UserAgent-Determined
(0001448)
obilodeau   
2009-12-17 14:15   
fixed in monotone branch 1.8 rev no: 67a323f60614bbe89d6b830ba11d54baec753466
will be propagated to 1.9 branch

will leave open until I get time to report packaging bug upstream
(0001662)
obilodeau   
2010-09-15 11:18   
I think two new versions of SOAP-Lite came out since then. I know that I'm already looking into building the latest one from source to see if it fixes 0001010. I'll take the time to look at the deps while I'm at it.
(0001688)
obilodeau   
2010-09-22 16:50   
this report is bogus, LWP::UserAgent is provided by perl on CentOS..

perl-LWP-UserAgent-Determined is a subclass of LWP::UserAgent that is more 'determined' at obtaining what it wants..

Also, the SOAP-Lite package does specify LWP::UserAgent as a dependency.
http://svn.rpmforge.net/svn/trunk/rpms/perl-SOAP-Lite/perl-SOAP-Lite.spec [^]

Closing issue and I will remove LWP-UserAgent-Determined dep from our package.





View Issue Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
1020 [PacketFence] upstream major always 2010-06-24 15:45 2010-06-24 16:03
Reporter: obilodeau Platform:  
Assigned To: obilodeau OS:  
Priority: none OS Version:  
Status: resolved Product Version:  
Product Build: Resolution: not fixable  
Projection: none      
ETA: none Fixed in Version:  
    Target Version:  
fixed in git revision:
fixed in mtn revision:
Summary: VoIP support is broken in port-security mode with 3560 IOS 12.2(25r)
Description: For some reason when securing a MAC address the switch loses an important portion of its config. The line:

switchport port-security maximum 1 vlan access

disappears. Then, things cannot work.

This is a Cisco bug, nothing much we can do.

An updated IOS is available. You should upgrade.

There was a discussion about it on the -users mailing list.
Steps To Reproduce:
Additional Information:
Attached Files:
Notes
(0001585)
obilodeau   
2010-06-24 16:03   
It probably affects a lot of Catalyst (2960, 3550, 2970, etc.) since they share a lot.