View Issue Details
1870 [PacketFence] web admin minor always 2015-03-03 13:44 2015-03-04 15:05
ae3 Linux  
lmunro RHEL / CentOS  
low 6  
confirmed 4.5.0  
open  
none    
none  
   
Web admin page for switches has phantom second page
(This applies to PF 4.6.1, which isn't in the picklist yet.)
When PF has exactly 25 switches defined, the web admin switches page adds footer links for a second page of switches. Advancing to page 2 displays a blank space where switches should be listed, along with a button to add another switch. Deleting a switch (switch count 24) properly displays only one page again.
Create exactly 25 switches in PF 4.6.1, look at bottom of screen for link to second page.
I realize that this is mostly cosmetic, but figured that I should report it since I just spotted the problem.
Notes
(0003978)
lmunro   
2015-03-04 15:05   
Bug reproduced.
We'll see to it that it gets fixed.





View Issue Details
1826 [PacketFence] IDS crash sometimes 2014-09-26 02:30 2015-03-04 12:11
irish.cadague Linux  
lmunro RHEL / CentOS  
high 6  
resolved 4.2.2  
fixed  
none    
none  
   
Snort suddenly not starting but after a variable spelling change, it works.
Snort suddenly not working after a packetfence service restart. On /var/log/messages, it shows that it has a problem on a variable $DNS_SERVERS and When I run the cat /var/log/messages and got FATAL Error on snort as shown below:
 
   Sep 25 13:00:05 spfcn01 snort[26763]: FATAL ERROR: /usr/local/pf/conf/snort/emerging-trojan.rules(143) Undefined variable in the string: $DNS_SERVERS.
 
and the I run cat /usr/local/pf/conf/snort.conf and edit the:
 
    var DNS_SERVERS [%%dnsservers%%]
 
and changed to:
 
   var DNS_SERVERS [%%dns_servers%%]
 
and then restarted again the packetfence and the result, snort service is now running.
I think a constant restart of PAcketfence service.
for PF.JPG (96,434) 2014-09-26 02:30
https://www.packetfence.org/bugs/file_download.php?file_id=217&type=bug
Notes
(0003972)
lmunro   
2015-03-04 12:11   
Issue has been fixed in later releases.





View Issue Details
1829 [PacketFence] doc minor always 2014-10-08 09:51 2015-03-04 12:10
ae3 All  
lmunro All  
normal All  
acknowledged 4.4.0  
open  
none    
none  
   
Admin Guide 4.4.0 clarification on paper pages 31-32
On paper pages 31-32 (PDF pages 35-36), there seems to be confusion in the sample command line text boxes:

For Centos/RHEL:

(box)
# usermod -a -G wbpriv pf
(/box)

Finally, start winbind, and test the setup using ntlm_auth and radtest:

(box)
# service winbind start
# chkconfig --level 345 winbind on
(/box)


For Debian and Ubuntu:

(box)
# usermod -a -G winbindd_priv pf
# ntlm_auth --username myDomainUser
# radtest -t mschap -x myDomainUser myDomainPassword localhost:18120 12
 testing123
 Sending Access-Request of id 108 to 127.0.0.1 port 18120
 User-Name = "myDomainUser"
 NAS-IP-Address = 10.0.0.1
 NAS-Port = 12
 Message-Authenticator = 0x00000000000000000000000000000000
 MS-CHAP-Challenge = 0x79d62c9da4e55104
 MS-CHAP-Response =
 0x000100000000000000000000000000000000000000000000000091c843b420f0dec4228ed2f26bff07d5e49ad9a2974229e5
 rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108,
 length=20
(/box)

When following this through for CentOS/RHEL, you do not do the ntlm_auth or radtest tests...since it is only in the Debian/Ubuntu textbox!!!

ASSuming that the service and chkconfig work the same under Debian/Ubuntu (which I have personally never used), this order seems to make sense to me:

For Centos/RHEL:

(box)
# usermod -a -G wbpriv pf
(/box)

For Debian and Ubuntu:

(box)
# usermod -a -G winbindd_priv pf
(/box)

Start winbind:

(box)
# service winbind start
# chkconfig --level 345 winbind on
(/box)

Finally, test the setup using ntlm_auth and radtest:

(box)
# ntlm_auth --username myDomainUser
# radtest -t mschap -x myDomainUser myDomainPassword localhost:18120 12
 testing123
 Sending Access-Request of id 108 to 127.0.0.1 port 18120
 User-Name = "myDomainUser"
 NAS-IP-Address = 10.0.0.1
 NAS-Port = 12
 Message-Authenticator = 0x00000000000000000000000000000000
 MS-CHAP-Challenge = 0x79d62c9da4e55104
 MS-CHAP-Response =
 0x000100000000000000000000000000000000000000000000000091c843b420f0dec4228ed2f26bff07d5e49ad9a2974229e5
 rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108,
 length=20
(/box)

Open manual, bang head against wall. :-)
Maybe I'm mis-reading the page, but the suggested order above seems proper at least from the CentOS/RHEL perspective.
There are no notes attached to this issue.





View Issue Details
1841 [PacketFence] upstream minor have not tried 2014-10-30 09:37 2015-03-04 12:05
dwuelfrath  
dwuelfrath  
normal  
assigned  
open  
none    
none  
   
Issue with Nessus and Net::Nessus::XMLRPC
Some issues with Net::Nessus::XMLRPC upstream module may prevent Nessus scan succeed.

Impacts:
- Issue with SSL communication when a self-signed certificate is being used between PacketFence and the Nessus server (https)
- Issue when trying to export the report

Patch have been submitted but never merged.
See the following bug: https://rt.cpan.org/Public/Bug/Display.html?id=78274 [^]

Hi,
i am using Net-Nessus-XMLRPC in the PacketFence project and i need nbe
export. So i write the function to export in nbe format and in csv
format too.
For SSL i just add ssl_opts => { verify_hostname => 0 } to remove the
SSL problem.

Regards
Fabrice Durand

diff -ruN Net-Nessus-XMLRPC-0.30.ori/lib/Net/Nessus/XMLRPC.pm Net-Nessus-XMLRPC-0.30/lib/Net/Nessus/XMLRPC.pm
--- Net-Nessus-XMLRPC-0.30.ori/lib/Net/Nessus/XMLRPC.pm 2010-05-21 12:16:45.000000000 -0400
+++ Net-Nessus-XMLRPC-0.30/lib/Net/Nessus/XMLRPC.pm 2012-07-09 10:09:53.795285182 -0400
@@ -126,10 +126,16 @@
 =cut
 sub nessus_http_request {
     my ( $self, $uri, $post_data ) = @_;
- my $ua = $self->{_ua};
- # my $ua = LWP::UserAgent->new;
+ #my $ua = $self->{_ua};
+ my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
     my $furl = $self->nurl.$uri;
- my $r = POST $furl, $post_data;
+ my $r ='';
+ if (not defined($post_data)) {
+ $r = GET $furl;
+ }
+ else {
+ $r = POST $furl, $post_data;
+ }
     my $result = $ua->request($r);
     # my $filename="n-".time; open (FILE,">$filename");
     # print FILE $result->as_string; close (FILE);
@@ -941,6 +947,50 @@
     return $file;
 }
 
+=head2 report_filenbe_download ($report_id)
+
+returns NBE report identified by $report_id (Nessus NBE)
+=cut
+sub report_filenbe_download {
+ my ( $self, $uuid ) = @_;
+
+ my $post=[
+ "token" => $self->token,
+ "report" => $uuid,
+ ];
+
+ my $get = $self->nessus_http_request("file/xslt/?report=".$uuid."&xslt=nbe.xsl&token=".$self->token);
+ sleep 10;
+ if($get =~ /<meta http-equiv="refresh" content="5;url=\/(.*)"/) {
+ my $file = $self->nessus_http_request($1."&token=".$self->token."&step=2");
+ return $file;
+ }
+
+ return $get;
+}
+
+=head2 report_filecsv_download ($report_id)
+
+returns CSV report identified by $report_id (Nessus CSV)
+=cut
+sub report_filecsv_download {
+ my ( $self, $uuid ) = @_;
+
+ my $post=[
+ "token" => $self->token,
+ "report" => $uuid,
+ ];
+
+ my $get = $self->nessus_http_request("file/xslt/?report=".$uuid."&xslt=csv.xsl&token=".$self->token);
+ sleep 10;
+ if($get =~ /<meta http-equiv="refresh" content="5;url=\/(.*)"/) {
+ my $file = $self->nessus_http_request($1."&token=".$self->token."&step=2");
+ return $file;
+ }
+
+ return $get;
+}
+
 =head2 report_delete ($report_id)
 
 delete report identified by $report_id
There are no notes attached to this issue.





View Issue Details
1851 [PacketFence] web admin feature always 2015-01-13 10:05 2015-03-04 12:04
tristanrhodes All  
lmunro All  
low All  
acknowledged 4.5.0  
open  
none    
none  
   
When creating "Routed Networks" provide default values for DHCP leases
When creating a routed network, users are forced to specify DHCP lease times:

Default Lease Time:

Max Lease Time:

Most people will have no idea what values are good for this, so please provide default values. If someone wants a different value, it is very simple to change.
Notes
(0003631)
tristanrhodes   
2015-01-13 10:12   
While you are working on this, please also display the type of unit for lease times.

I am pretty sure this is expecting "seconds", but that needs to be obvious to the users.

Thanks!





View Issue Details
1857 [PacketFence] web admin feature always 2015-01-13 12:16 2015-03-04 11:30
tristanrhodes All  
lmunro All  
normal All  
acknowledged 4.5.0  
open  
none    
none  
   
Add the ability to detect the switch type using SNMP
Admins want a simple way to deploy Packetfence, with the least tweaking necessary to make it work. One way to accomplish this is to auto-detect the type of switch, based on SNMP response. (I believe this is similar to how "Uplink" and "VOIP" detection works.)

Packetfence should send an snmpget of 1.3.6.1.2.1.1.2.0 to the switch. This will return the sysOID of the switch. This number can then be looked up in a table that maps sysOID to device type. (There are several open source tools like (www.nedi.ch) and Observium.org that already have this table.)

Now Packetfence knows what kind of switch it is talking to, without required the admin to specify the type.

http://www.alvestrand.no/objectid/1.3.6.1.2.1.1.2.html [^]

Notes
(0003632)
tristanrhodes   
2015-01-13 18:22   
Here is one public table of these values:

http://discovery.bmc.com/confluence/display/Configipedia/List+of+discoverable+network+devices [^]
(0003968)
lmunro   
2015-03-04 11:30   
Interesting point.
We'll consider it in a future release.





View Issue Details
1842 [PacketFence] hardware modules minor always 2014-11-04 11:47 2015-03-04 11:28
ae3 All  
lmunro All  
normal All  
acknowledged 4.5.0  
open  
none    
none  
   
Implement RADIUS de-authentication for Meru Wireless Controllers
Per a post to the PF-users list by Tim DeNike on 6 March 2014, Meru has added RADIUS de-auth to their firmware starting with System Director 5.3.x. He even posted sample code to use the feature, which I can't use since the directory structure appears to have changed with PF 4.5. Long story short, the existing module keeps telling us to pressure the vendor to implement RADUIS de-auth. We have done our part. Tag, you're it... :-)
Tim's email to packetfence-users:

Date: March 6, 2014 at 10:20:46 AM EST
From: Tim DeNike <tim.denike@mcc.edu>
To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Per SSID VLAN - Meru Networks
Reply-To: <packetfence-users@lists.sourceforge.net>

Actually, looking through the code, no patch will be required for MAC-based SSID evaluation, its already there and should work (It already does with 802.1x)

We are on SD 5.3.xyz right now and RADIUS deauth does work.

Drop this in a file called /usr/local/pf/lib/pf/SNMP/Meru/MC_MCC.pm

Minus the cut lines obviously. In switch config, you'll have the option for Meru MC_MCC. It will do radius de-auths instead of the Telnet/SSH method. Much faster, much lighter weight.


^^^^^^^^^^^^^CUT^^^^^^^^^^^

package pf::SNMP::Meru::MC_MCC;

=head1 NAME

pf::SNMP::Meru::MC_MCC - Object oriented module to access MC series controllers

=head1 SYNOPSIS

Known to work with RADIUS deauth on System Director 5.3

=head1 STATUS

=cut

use strict;
use warnings;
use Log::Log4perl;

use base ('pf::SNMP::Meru');

sub description { 'Meru MC_MCC' }

sub deauthTechniques {
    my ($this, $method) = @_;
    my $logger = Log::Log4perl::get_logger( ref($this) );
    my $default = $SNMP::RADIUS;
    my %tech = (
        $SNMP::RADIUS => \&deauthenticateMacRadius,
    );

    if (!defined($method) || !defined($tech{$method})) {
        $method = $default;
    }
    return $method,$tech{$method};
}
sub deauthenticateMacRadius {
    my ( $self, $mac, $is_dot1x ) = @_;
    my $logger = Log::Log4perl::get_logger( ref($self) );

    if ( !$self->isProductionMode() ) {
        $logger->info("not in production mode... we won't perform deauthentication");
        return 1;
    }

    $logger->debug("deauthenticate $mac using RADIUS Disconnect-Request deauth method");
    return $self->radiusDisconnect($mac);
}
=head1 AUTHOR

Tim DeNike <tim.denike@mcc.edu>

=cut

1;


^^^^^^^^^^^^^CUT^^^^^^^^^^^
Notes
(0003967)
lmunro   
2015-03-04 11:28   
Will look into it.
There may now be an even easier way to do this than Tim's code.





View Issue Details
1853 [PacketFence] web admin feature always 2015-01-13 10:25 2015-03-04 11:24
tristanrhodes  
lmunro  
normal  
feedback 4.5.0  
open  
none    
none  
   
Provide the ability to view logs from the web interface
Packetfence has some very useful log files, including "packetfence.log", "radius.log", and others. These files are very helpful in understanding what is happening with Packetfence.

It would be very useful for users to be able to view these logs in the web interface. A static view of the file will provide this function. However, a real-time scrolling interface could really help admins understand exactly what happens when they plug in a port.
Notes
(0003966)
lmunro   
2015-03-04 11:24   
We will consider it, but admins might be better served by a dedicated logs interface à la splunk or kibana.
Scrolling logs are useless unless you can filter what scrolls.
That functionality could quickly balloon into it's own product and we may be better off focusing on making logs easily exportable/forwardable.





View Issue Details
1858 [PacketFence] web admin feature always 2015-01-13 18:16 2015-03-04 11:20
tristanrhodes All  
All  
low All  
acknowledged 4.5.0  
open  
none    
none  
   
Display description when adding Triggers to a Violation
"Configuration > Violations > Add > Triggers"
and
"Configuration > Violations > Edit > Triggers"

If the user clicks on the white-space, they currently get a pull-down list of all violations listed solely by violation ID.
For example = Detect::2001664
For example = OS::6

Please add the description to this pull-down list.
For example = Detect::2001664 "P2P (Gnutella)"
For example = OS::6 "Gaming Consoles"

These same descriptions should also be displayed when viewing configured "Triggers". I think it would make sense to have only one entry per line, and to use a scroll-bar if more lines are needed.

Current =
[OS::4] [OS::10] [Detect::1100006] [Detect::1100005]

Proposed =
[OS::4 "Routers and APs"]
[OS::10 "Storage Devices]
[Detect::1100006 "P2P Isolation (snort example)"]
[Detect::1100005 "Browser isolation example"]

Thanks!



There are no notes attached to this issue.





View Issue Details
1856 [PacketFence] web admin feature always 2015-01-13 11:45 2015-03-04 11:20
tristanrhodes  
 
normal  
acknowledged  
open  
none    
none  
   
Add the ability to test switch credentials (SNMP/CLI/HTTP) from web interface
When adding a switch ("Configuration > Switch") the admin wants to know if Packetfence can talk to the switch.

Add the ability to test the credentials entered:

SNMP
CLI (SSH/TELNET)
HTTP/HTTPS

Provide this type of feedback to the admin:

"Fail: No response from device"
"Fail: Wrong username or password"
"Success"
There are no notes attached to this issue.





View Issue Details
1855 [PacketFence] web admin feature always 2015-01-13 11:29 2015-03-04 11:20
tristanrhodes  
 
low  
acknowledged  
open  
none    
none  
   
When creating a new user, require the password be typed twice to prevent errors
"Users > Create" is used to create new users. There is a password field, but the admin is not required to type the password twice. This can cause issues when the user tries the password and the admin made a typo in this field.

Please add a second password field to confirm the entry.

(Note: This is already being done on the "Reset Password" function, when editing a user.)
There are no notes attached to this issue.





View Issue Details
1854 [PacketFence] web admin feature always 2015-01-13 10:32 2015-03-04 11:20
tristanrhodes  
 
low  
acknowledged  
open  
none    
none  
   
Add the ability to manage SSL cert from web interface
Packetfence can use HTTPS for web admin and for captive portals.

For production systems, admins need to provide a real SSL certificate. For non-Linux admins, this can be a difficult process.

Please add the ability to manage SSL cert from web interface. This can involve generating keys and CSR, and then allowing SSL certs to be upload or pasted.
There are no notes attached to this issue.





View Issue Details
1852 [PacketFence] web admin feature always 2015-01-13 10:16 2015-03-04 11:20
tristanrhodes  
 
normal  
acknowledged  
open  
none    
none  
   
Add the ability to send a "Test" email from the web interface
"Configuration > Alerting" is where users configure the email settings for alerts. However, there is no way to know if they set things up right.

Please provide a "Send Test Email" button that will do this.

(There is a similar function already provided under "Sources" for testing LDAP.)
There are no notes attached to this issue.





View Issue Details
1850 [PacketFence] web admin feature always 2015-01-12 18:34 2015-03-04 11:20
tristanrhodes  
 
low  
acknowledged 4.5.0  
open  
none    
none  
   
Show MAC addresses of Packetfence interfaces in web interface
When Packetfence is deployed in VMware (or other virtualized environment) the interfaces are given arbitrary names "Network Adapter 1". These names may or may not line up with Operating system names like "eth0".

It would be helpful if the web-interface displayed the MAC address of the interfaces of Packetfence in the "Configuration > Network > Interfaces" page.

There are no notes attached to this issue.





View Issue Details
1849 [PacketFence] web admin feature always 2015-01-12 16:16 2015-03-04 11:20
tristanrhodes  
 
low  
acknowledged 4.5.0  
open  
none    
none  
   
The web interface needs to add a "confirm" step in many areas
In many places in the web interface you can delete items with a single click; there is no confirmation. This means than a mistaken click can easily delete something you did not want to delete. This is even worse when the delete button is right next to another button, like the "Clone" button.

This problem exists in many areas, including:

Nodes > Delete
Switches > Delete
Status > Services > Restart (not deleting, but still needs confirmation)
Admin Roles > Delete
Floating devices > Delete
Firewall SSO > Delete
User Provisioners > Delete

Areas that do this correctly:

Portal Profiles
User Roles
User Sources
Violations

Please add a pop-up "Confirm" step to the problem areas listed above (and anything similar).
There are no notes attached to this issue.





View Issue Details
1848 [PacketFence] doc feature always 2015-01-12 16:00 2015-03-04 11:20
tristanrhodes All  
All  
low All  
acknowledged 4.5.0  
open  
none    
none  
   
Change docs to recommend using "spanning-tree portfast" or similar technology
I set up my first Packetfence install on a lab switch following the Packetfence documentation:

http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-4.5.1.pdf [^]

"On each interface:

switchport mode access
authentication order mab
authentication port-control auto
mab
dot1x pae authenticator"

I was using mac address bypass only, and my MacBook would give up on DHCP and self-assign 169.254.x.x address. In order to prevent this, we need to add one more command to each interface:

"spanning-tree portfast"

I recommend adding this to all your port configs, including the corresponding command for other switch vendors.
There are no notes attached to this issue.





View Issue Details
1145 [PacketFence] core feature N/A 2010-12-21 15:27 2015-03-04 11:18
fgaudreault  
lmunro  
low  
acknowledged  
open  
none    
none  
  long-term  
IPv6 Support
Since we all know that it's inevitable IPv6 will come into real production soon (well in 2 to 5 years), I guess it would be a wise idea to start looking at it, just to be ahead of the wave.
Notes
(0002475)
obilodeau   
2011-12-21 13:52   
places needing fixing:
pf::config's _fetch_virtual_ip()
(0002486)
chiwawa_42   
2011-12-29 08:32   
required IPv6 feature set :
- Implement NDP / RA filtering on switches supporting PACL but not RA-Guard (RFC 6105)
- Use NDPMon (similar to ARPWatch) for monitoring
- Enforce loose (counter-RA) or strict (+port shutdown) policy on rogue-RA detection
- Implement DHCPv6 snooping and/or stateless option server (coupled to 802.1x auth process)
- OS validation for IPv6 capabilities to eventually disable IPv6 trafic for incapable hosts (DHCPv6 only on 7 and Lion, RA-flood bug on XP...)
(0003344)
Xen0Phage   
2013-07-22 21:01   
Adding a ping here. IPv6 is a reality for some of us and our NAC solution needs to be v6 aware. Is there a roadmap for v6 support?
(0003493)
neptuneIS   
2014-01-24 11:33   
+1

We are now in active R&D phase for our new network control infrastructure, and pf is our 1st candidate.
However, the lack of ipv6 support is a serious issue for us.

We would be glad to contribute, if there is any ongoing tasks on the subject.
(0003844)
swittst   
2015-02-16 18:29   
Adding my 2cents. Packetfence is our NAC of the future... depending on an IPv6 solution. We've been monitoring and testing Packetfence since Dec. '09, the regular feature development work has been impressive. The lack of IPv6 information though is a head scratcher. IPv6 is gaining serous momentum in North America, now that the IPv4 space has been exhausted.





View Issue Details
1704 [PacketFence] guests major always 2013-09-03 07:32 2015-02-18 11:27
maikel  
jrouzier  
normal  
assigned 4.0.5  
open  
none    
none  
   
Guest expiration is not set using the temporary_password method
The default 31D expatiation of the password is never set in 4.0.5 code. It defaults to 0000-00-00 00:00:00

This makes the guest authentication per email fail, since it requires the expatriation date.

commenting the function in temporary_password.pm at line 309
    _update_field_for_action(
        $data,$actions,'expiration',
        'expiration',"0000-00-00 00:00:00"
    );

in temporary password.pm fixxes this issue and sets the default of 31 days
Notes
(0003437)
francis   
2013-09-04 15:06   
How do you create your users?

When you use the Web admin interface, the hardcoded default expiration of 31 days will never be used simply because the expiration must be specified when submitting the form.

Notice that what is called the "expiration" is the end date of the registration window.
(0003438)
maikel   
2013-09-05 11:33   
Users are created using the self registration method. Thats using a custom code block though to set the userid to the swich alias command.

So the user is actually succesfully added using the /activate/email cgi code

There indeed this is not set in the field thus not send. Noticed the only way to get the hardcoded 31D in there to remove the update_field_for_action code. Else the experation is not set





View Issue Details
1868 [PacketFence] configuration feature always 2015-02-17 22:47 2015-02-18 10:24
ah27 Linux  
jsemaan.inverse RHEL / CentOS  
normal 6  
assigned 4.5.0  
open  
none    
none  
   
Netgear M Series module does not handle up/down SNMP traps
There is no handling of up/down traps on the Netgear M Series module.

When it receives the trap, the following is written to the log:

Feb 17 19:33:29 pfsetvlan(12) WARN: SNMP trap handling not implemented for this type of switch. (pf::Switch::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 670.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string ne at /usr/local/pf/sbin/pfsetvlan line 678.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 689.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 698.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 709.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 713.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 716.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 719.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $switch_port in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(12) ERROR: Use of uninitialized value $trapType in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:29 pfsetvlan(1) WARN: unable to parse trapLine.. here's the line: 10.100.6.30||||||||| (main::startTrapHandlers)
Feb 17 19:33:29 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Feb 17 19:33:29 pfsetvlan(1) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:29 pfsetvlan(1) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:29 pfsetvlan(1) INFO: trap received on (10.100.6.30) ifindex which is not ethernetCsmacd (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:29 pfsetvlan(1) INFO: doWeActOnThisTrap returns false. Stop handling (main::handleTrap)
Feb 17 19:33:29 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
Feb 17 19:33:39 pfsetvlan(13) WARN: SNMP trap handling not implemented for this type of switch. (pf::Switch::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 670.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string ne at /usr/local/pf/sbin/pfsetvlan line 678.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 689.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 698.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 703.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 709.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 713.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 716.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in string eq at /usr/local/pf/sbin/pfsetvlan line 719.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $switch_port in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(13) ERROR: Use of uninitialized value $trapType in concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 729.
 (main::parseTrap)
Feb 17 19:33:39 pfsetvlan(3) WARN: unable to parse trapLine.. here's the line: 10.100.6.30||||||||| (main::startTrapHandlers)
Feb 17 19:33:39 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Feb 17 19:33:39 pfsetvlan(3) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:39 pfsetvlan(3) ERROR: Use of uninitialized value $ifType in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 138.
 (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:39 pfsetvlan(3) INFO: trap received on (10.100.6.30) ifindex which is not ethernetCsmacd (pf::vlan::doWeActOnThisTrap)
Feb 17 19:33:39 pfsetvlan(3) INFO: doWeActOnThisTrap returns false. Stop handling (main::handleTrap)
Feb 17 19:33:39 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)

For reference, here is the up trap it received:

2015-02-17|03:41:46|UDP: [10.100.6.30]:33669->[10.100.16.108]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (661683) 1:50:16.83|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1|.1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: up(1) END VARIABLEBINDINGS

and the down trap:

2015-02-17|03:42:30|UDP: [10.100.6.30]:33669->[10.100.16.108]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (666103) 1:51:01.03|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.3|.1.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1|.1.3.6.1.2.1.2.2.1.7.1 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.1 = INTEGER: down(2) END VARIABLEBINDINGS

These were both when working on port 1
-Enable link up/down traps on switch
-Plug/unplug device from port
This is also affecting the ability to use the location log and delete old devices on M-Series devices never close out the line for locations and show offline.

I've attached an image of what the location log looks like for this in the web interface.
locationlog.jpg (62,948) 2015-02-17 22:47
https://www.packetfence.org/bugs/file_download.php?file_id=221&type=bug
Notes
(0003845)
fdurand   
2015-02-18 10:24   
(edited on: 2015-02-18 10:24)
Hello,

can you add:

=item parseTrap

=cut

sub parseTrap {
    my ( $this, $trapString ) = @_;
    my $logger = Log::Log4perl::get_logger(__PACKAGE__);

    my $trapHashRef;

    # link up/down traps
    if ( $trapString =~
            /BEGIN\ VARIABLEBINDINGS\ [^|]+[|]\.
            1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 # SNMP notification
            \ =\ OID:\ \.
            1\.3\.6\.1\.6\.3\.1\.1\.5\.([34]) # link UP(4) DOWN(3) trap
            \|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) # ifIndex
            /x ) {
        $trapHashRef->{'trapType'} = ( ( $1 == 3 ) ? "down" : "up" );
        $trapHashRef->{'trapIfIndex'} = $2;
    }
    # unhandled traps
    else {
        $logger->debug("trap currently not handled");
        $trapHashRef->{'trapType'} = 'unknown';
    }

    return $trapHashRef;
}

in /usr/local/pf/lib/pf/Switch/Netgear/MSeries.pm

and restart pfsetvlan ?
Regards
Fabrice






View Issue Details
1864 [PacketFence] hardware modules minor have not tried 2015-02-08 18:06 2015-02-17 11:14
bwd_helpdesk All  
fdurand All  
normal All  
resolved 4.5.0  
fixed  
none    
none  
   
Compatibility of HP Access Points
Hi Packetfence,

I ned to confirm what AP's are supported for HP Procurve. On the product support page it only states HP procurve, nothing else. DOes this mean all models are supported?

At present we are looking at: HP 425 Wireless Dual Radio 802.11n (WW)
Notes
(0003650)
fdurand   
2015-02-09 09:14   
Hello,
with HP Access Point you need a controller like a MSM760 to be able to deauth a device.
Regards
Fabrice
(0003651)
bwd_helpdesk   
2015-02-09 17:59   
Thanks for that confirmation, on the supported devices webpage it mentions there are 2 ways in which to use packetfence:

One where a controller handles the Access Points (AP) and one where AP act individually.

"HP Procurve" is listed on the access point support section. Could you please confirm what AP's you support directly without a controller?

Additionally can you confirm if there needs to be switch support as well - or only AP support for WIFI control?
(0003652)
fdurand   
2015-02-09 20:44   
I can´t confirm exactly a list of access point that are supported without controller, we don´t have all the HP AP available at work.

In out of band mode we need to have a way to reevaluate the device access (per example after the registration on the portal) by disassociating the device to have a new radius request. The HP controller offer that with snmpwrite , xml api or ssh. Standalone AP allow to disassociate the device with cli (sometimes) so to verify if the AP is supported by PacketFence then try to connect with ssh and try to launch 'disassociate wireless client @mac' if it works then the AP is supported.

Regards
Fabrice





View Issue Details
1863 [PacketFence] web admin minor always 2015-02-02 16:58 2015-02-03 16:01
tristanrhodes  
jsemaan.inverse  
normal  
resolved 4.5.0  
fixed  
none    
none  
   
Trying to "Share unknown fingerprints" and got "Error! An error condition has occured. See server side logs for details."
httpd.admin.log shows this:

Feb 02 16:57:21 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:22 httpd.admin(12447) INFO: loading Net::MAC::Vendor cache from /usr/local/pf/conf/oui.txt (pf::util::load_oui)
Feb 02 16:57:23 httpd.admin(12447) ERROR: Caught exception in pfappserver::Controller::Configuration::Fingerprints->upload "Undefined subroutine &pfappserver::Controller::Configuration::Fingerprints::uri_escape called at /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm line 80." (pfappserver::Controller::Root::end)
Notes
(0003643)
ludovic   
2015-02-02 19:55   
If it's an easy fix, let's include it in 4.6.
(0003644)
jsemaan.inverse   
2015-02-02 20:03   
Yes I'll also push it to the maintenance.
Should be done tomorrow.
(0003645)
jsemaan.inverse   
2015-02-03 08:46   
Has been fixed in both maintenance/4.5 and devel

maintenance/4.5 : c66335e05543b0849f9ebb8ee14102ab5873fdba
devel : 9b4b827d9b30792532cad5ebf3a18d9db547e4a9

You can have this patch on 4.5 by running /usr/local/pf/addons/pf-maint.pl

Thanks!
(0003646)
tristanrhodes   
2015-02-03 13:45   
I got an error (see below). Did I update correctly?

[root@PacketFence-ZEN-4-5 pf]# /usr/local/pf/addons/pf-maint.pl
Currently at 566d2e3094e0c4375b53700ce47b67e5087de93f
** GET https://api.github.com/repos/inverse-inc/packetfence/branches/maintenance/4.5 [^] ==> 200 OK
Latest maintenance version is c66335e05543b0849f9ebb8ee14102ab5873fdba
** GET https://api.github.com/repos/inverse-inc/packetfence/compare/566d2e3094e0c4375b53700ce47b67e5087de93f...c66335e05543b0849f9ebb8ee14102ab5873fdba [^] ==> 200 OK (1s)

The following are going to be patched
  conf/chi.conf.example
  conf/radiusd/sql.conf.example
  html/captive-portal/lib/captiveportal.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm
  html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm
  html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm
  html/captive-portal/lib/captiveportal/PacketFence/View/HTML.pm
  html/captive-portal/lib/captiveportal/Role/Request.pm
  html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm
  html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm
  html/pfappserver/lib/pfappserver/Model/Node.pm
  html/pfappserver/lib/pfappserver/Model/Search/Node.pm
  html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm
  lib/pf/Authentication/Source.pm
  lib/pf/Authentication/Source/LDAPSource.pm
  lib/pf/CHI.pm
  lib/pf/Switch/Cisco/Catalyst_2950.pm
  lib/pf/activation.pm
  lib/pf/api.pm
  lib/pf/config.pm
  lib/pf/radius.pm
  lib/pf/services/manager/httpd.pm
  lib/pf/services/manager/pfdhcplistener.pm
  lib/pf/vlan.pm
  lib/pf/web/externalportal.pm
  sbin/pfdhcplistener
  sbin/pfsetvlan
  t/data/authentication.conf
  t/ldap-auth-cache.t

Continue y/n [y]: y
Downloading the patch........
** GET https://github.com/inverse-inc/packetfence/compare/566d2e3094e0c4375b53700ce47b67e5087de93f...c66335e05543b0849f9ebb8ee14102ab5873fdba.diff [^] ==> 200 OK (1s)
Applying the patch........
patching file conf/chi.conf.example
patching file conf/radiusd/sql.conf.example
patching file html/captive-portal/lib/captiveportal.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm
patching file html/captive-portal/lib/captiveportal/PacketFence/View/HTML.pm
patching file html/captive-portal/lib/captiveportal/Role/Request.pm
patching file html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm
patching file html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm
patching file html/pfappserver/lib/pfappserver/Model/Node.pm
patching file html/pfappserver/lib/pfappserver/Model/Search/Node.pm
patching file html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm
patching file lib/pf/Authentication/Source.pm
patching file lib/pf/Authentication/Source/LDAPSource.pm
patching file lib/pf/CHI.pm
patching file lib/pf/Switch/Cisco/Catalyst_2950.pm
patching file lib/pf/activation.pm
patching file lib/pf/api.pm
patching file lib/pf/config.pm
patching file lib/pf/radius.pm
patching file lib/pf/services/manager/httpd.pm
patching file lib/pf/services/manager/pfdhcplistener.pm
patching file lib/pf/vlan.pm
patching file lib/pf/web/externalportal.pm
patching file sbin/pfdhcplistener
patching file sbin/pfsetvlan
can't find file to patch at input line 990
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git a/t/data/authentication.conf b/t/data/authentication.conf
|index 22bf634..5c83364 100644
|--- a/t/data/authentication.conf
|+++ b/t/data/authentication.conf
--------------------------
File to patch:
(0003647)
jsemaan.inverse   
2015-02-03 13:52   
That's because someone made a mistake of adding a unit test to the maintenance branch. Just press enter twice and it will auto select the best approach (to ignore the file in this case)
(0003648)
tristanrhodes   
2015-02-03 15:41   
After updating and restarting all services, I have success! Thanks!

"Success! Thank you for submitting your fingerprints"
(0003649)
jsemaan.inverse   
2015-02-03 16:01   
You're welcome.

We got them so the whole process works.

Closing





View Issue Details
1844 [PacketFence] configuration block have not tried 2014-11-27 15:15 2015-01-27 20:07
Eduardo Pereira PacketFence-ZEN-4_5_1  
jsemaan.inverse CentOS  
high 6.6  
assigned  
open  
none    
none  
   
Config CISCO SF300 / SG 300
Hello ...

Installed and configured the server but now I'm having trouble with the models of Switches that have the doubt is there any configuration standard for CISCO equipment - Model SF300, SG300 Small Bussiness?

Read the guide but it only appears routers and switches I have are management.

Thank you ...
SG300.pm (2,110) 2014-11-28 09:42
https://www.packetfence.org/bugs/file_download.php?file_id=220&type=bug
Notes
(0003610)
ccaaajf   
2014-11-28 05:54   
We've got Packetfence running on Cisco SG300's.
(0003611)
Eduardo Pereira   
2014-11-28 06:10   
Hmmm cool ... but doing a quick survey, across the company more than 90% of switches are SF300 ... and this time looking at the PacketFense settings "Switches" I find the model specific and mainly how to make the PKF -ZEN do the reading, exchange and recording of MIB in this model SF300 therefore questioned whether there is a default setting?
(0003612)
ccaaajf   
2014-11-28 07:24   
we use the type "Cisco Catalyst 2950" if that's what you mean?
(0003613)
jsemaan   
2014-11-28 09:41   
(edited on: 2014-11-28 09:43)
We have an experimental module for the SG300.

I attached it to this ticket.

Place it in /usr/local/pf/lib/pf/Switch/Cisco/ and restart PacketFence

There is no official documentation for the moment but it's only a matter of enabling mac authentication and/or 802.1x and setup the RADIUS server to be PacketFence.

(0003629)
fdurand   
2014-12-22 20:03   
any feedback ?
(0003641)
jsemaan.inverse   
2015-01-27 20:07   
Unless there is a reply in the next week, I'll close this





View Issue Details
1860 [PacketFence] captive portal minor always 2015-01-19 08:51 2015-01-27 10:09
repitah All  
jsemaan.inverse All  
normal All  
assigned 4.5.0  
open  
none    
none  
   
Oauth2 methods do not populate User account fields
When registering with Facebook/Google/MicrosoftLive (others untested) account, the user details (names, email, etc) are not captured.
Log in to the captive portal with a Facebook/Google/Microsoft account that has not previously been used.

Check the newly created user account for the registered device.
Example JSON information received, from /html/captive-portal/lib/captiveportal/PacketFence/ControllerOauth2.pm :: oauth2Result, that can be populated:

Facebook:{"id":"101XXXX5391XXXX17","email":"repXXXX\u0040XXXXil.com","first_name":"myFirstname","gender":"male","last_name":"myLastname","link":"https:\/\/www.facebook.com\/app_scoped_user_id\/101XXXX5391XXXX17\/","locale":"en_GB","name":"myFirstname myLastname","timezone":2,"updated_time":"2014-04-01T14:29:08+0000","verified":true}

Google: {"id": "1104XXXX82237XXXX2302","email": "repXXXX@XXXXil.com", "verified_email": true,"name": "myFirstname myLastname","given_name": "myFirstname", "family_name": "myLastname", "link": "https://plus.google.com/1104XXXX82237XXXX2302", [^] "picture": "https://lh3.googleusercontent.com/URL/to/photo.jpg", [^] "gender": "male"}

Microsoft: {"id": "fa87XXXX16e7XXXX", "name": "myFirstname myLastname", "first_name": "myFirstname", "last_name": "myLastname", "link":"https://profile.live.com/","birth_day": [^] null,"birth_month": null,"birth_year": null,"gender": null,"emails": {"preferred": "repXXXX@XXXXil.com","account": "repXXXX@XXXXil.com","personal": null,"business": null},"phones": {"personal": null,"business": null,"mobile": null},"locale": "en_ZA","updated_time": "2015-01-17T14:00:59+0000"}
Notes
(0003636)
jsemaan.inverse   
2015-01-19 09:07   
I'll also do it for LinkedIn + Github.

We'll need to design it properly though.

Will add a link to the Github Pull request once done.
(0003637)
jsemaan.inverse   
2015-01-19 09:09   
I'll extend on the work done in
https://github.com/inverse-inc/packetfence/pull/282 [^]
(0003640)
jsemaan.inverse   
2015-01-27 10:09   
Development work done

See :
https://github.com/inverse-inc/packetfence/pull/319 [^]





View Issue Details
1830 [PacketFence] upgrade crash always 2014-10-08 13:13 2014-12-22 20:06
pfbug Linux  
lmunro Debian  
normal 7 (Wheezy)  
resolved 4.4.0  
fixed  
none    
none  
   
Packetfence does not start after upgrade
After upgrading from packetfence 4.3 to 4.4 via the inverse repository,
the following error message appears when

  /usr/local/pf/bin/pfcmd anyparameter

is executed:

Fatal error preventing configuration to load. Please review your configuration. Error: Sereal: Error in srl_decoder.c line 657 and char 1 of input: Bad Sereal header: Not a valid Sereal document. at /usr/share/perl5/Data/Serializer/Sereal.pm line 51. at /usr/local/pf/lib/pf/config.pm line 394
Compilation failed in require at /usr/local/pf/bin/pfcmd.pl line 84.
BEGIN failed--compilation aborted at /usr/local/pf/bin/pfcmd.pl line 84.

An

  apt-get --reinstall install packetfence

has been tried without success. Additionally,

  rm -fr /usr/local/pf/var/cache/*

has been executed as described in UPGRADE.asciidoc. The sereal Packages are installed:

# dpkg -l | grep sereal
ii libdata-serializer-sereal-perl 1.05-1 all Creates bridge between Data::Serializer and Sereal
ii libsereal-decoder-perl 3.001.003-1 amd64 fast, compact, powerful binary deserialization module
ii libsereal-encoder-perl 3.001.003-1 amd64 fast, compact, powerful binary serializationa module
Execute

  /etc/init.d/packetfence restart

after the upgrade from Packetfence 4.3.0.
Notes
(0003585)
lmunro   
2014-10-08 13:18   
pkill memcached and restart packetfence.
(0003586)
pfbug   
2014-10-08 16:43   
Thanks a lot, that solved the problem. Perhaps this should be added to the postinstall script?
(0003630)
fdurand   
2014-12-22 20:06   
Cache issue





View Issue Details
1678 [PacketFence] captive portal minor always 2013-08-02 09:13 2014-12-22 20:02
KimHagen  
fdurand  
normal  
resolved  
fixed  
none    
none  
   
Google oauth redirects back to captive portal before you can select yes/no to allow your site.
On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal.
(or first it will let you do your second-step authentication and then send you back to the captive portal page.)

If you then select the Google oauth again you will get on the page where you can accept your site to have access and if you select yes the network access progress-bar appears and you have access.

So you get 2 times the captive portal before you have access.
For the facebook oauth it is as you expect. (portal, login and then access)
Notes
(0003375)
KimHagen   
2013-08-02 09:15   
This was on an iphone 5 and samsung Galaxy S3
(0003376)
fdurand   
2013-08-02 09:25   
Hello,
it mean that one of the domain your device try to reach is forwarded to packetfence.
So sniff dns traffic between packetfence and your device and add the missing domains in the list of Authorized domains in your google authentication source.

Regards
Fabrice
(0003380)
KimHagen   
2013-08-02 11:42   
(edited on: 2013-08-02 11:46)
Hello,
I did sniff the dns traffic and i see what happens, i do not know if this is suppose to happen.

On iphone i select my wifi profile for packetfence and it opens a captive portal window (which i think always goes to www.apple.com)

I login with the google option, it goes to the google login, then it tries to go to www.apple.com instead of the google "accept this site" site.

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 75 Standard query A ssl.gstatic.com
8.8.8.8 10.0.0.59 DNS 91 Standard query response A 173.194.66.120
10.0.0.59 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.59 DNS 94 Standard query response A 173.194.66.94

10.0.0.59 8.8.8.8 DNS 73 Standard query A www.apple.com
8.8.8.8 10.0.0.59 DNS 89 Standard query response A 10.0.3.254

10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.59 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.59 DNS 98 Standard query response A 10.0.3.254
10.0.0.59 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.59 DNS 95 Standard query response A 67.205.85.245


From an android device you select the wifi, and then go to an url,
in my case www.tweakers.net and you get the captive portal,
i then use google auth and enter username and password.
Then the portal tries to go to www.tweakers.net before it goes to the google acceptance page.

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 79 Standard query A www.packetfence.org
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 67.205.85.245
10.0.0.67 8.8.8.8 DNS 84 Standard query A www.google-analytics.com
8.8.8.8 10.0.0.67 DNS 304 Standard query response CNAME www-google-analytics.l.google.com A 173.194.34.71 A 173.194.34.70 A 173.194.34.66 A 173.194.34.78 A 173.194.34.72 A 173.194.34.73 A 173.194.34.64 A 173.194.34.69 A 173.194.34.68 A 173.194.34.67 A 173.194.34.65
10.0.0.67 8.8.8.8 DNS 76 Standard query A mtalk.google.com
8.8.8.8 10.0.0.67 DNS 121 Standard query response CNAME mobile-gtalk.l.google.com A 173.194.78.188
10.0.0.67 8.8.8.8 DNS 74 Standard query A www.google.com
8.8.8.8 10.0.0.67 DNS 170 Standard query response A 173.194.66.99 A 173.194.66.104 A 173.194.66.147 A 173.194.66.103 A 173.194.66.105 A 173.194.66.106
10.0.0.67 8.8.8.8 DNS 79 Standard query A clients1.google.com
8.8.8.8 10.0.0.67 DNS 279 Standard query response CNAME clients.l.google.com A 173.194.34.78 A 173.194.34.69 A 173.194.34.68 A 173.194.34.71 A 173.194.34.65 A 173.194.34.64 A 173.194.34.67 A 173.194.34.73 A 173.194.34.66 A 173.194.34.70 A 173.194.34.72
10.0.0.67 8.8.8.8 DNS 84 Standard query A productforums.google.com
8.8.8.8 10.0.0.67 DNS 203 Standard query response CNAME groups.l.google.com A 173.194.66.100 A 173.194.66.113 A 173.194.66.139 A 173.194.66.102 A 173.194.66.138 A 173.194.66.101
10.0.0.67 8.8.8.8 DNS 75 Standard query A csi.gstatic.com
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 173.194.32.175
10.0.0.67 8.8.8.8 DNS 73 Standard query A www.google.nl
8.8.8.8 10.0.0.67 DNS 89 Standard query response A 173.194.66.94
10.0.0.67 8.8.8.8 DNS 78 Standard query A accounts.google.nl
8.8.8.8 10.0.0.67 DNS 135 Standard query response CNAME accounts-cctld.l.google.com A 173.194.66.94

10.0.0.67 8.8.8.8 DNS 75 Standard query A www.tweakers.nl
8.8.8.8 10.0.0.67 DNS 91 Standard query response A 10.0.3.254

10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 8.8.8.8 DNS 79 Standard query A accounts.google.com
8.8.8.8 10.0.0.67 DNS 95 Standard query response A 173.194.66.84
10.0.0.67 8.8.8.8 DNS 82 Standard query A mypacketfilterhost.dom
8.8.8.8 10.0.0.67 DNS 98 Standard query response A 10.0.3.254
10.0.0.67 10.0.3.254 HTTP 686 GET /access?destination_url=http%3A%2F%2Fwww.packetfence.org%2F HTTP/1.1

It looks like it redirects to the requested url before google acceptance page.

Regards,
Kim

(0003390)
KimHagen   
2013-08-12 06:04   
The problem i had is gone, i think it was because i used inline interface in dns instead of management interface.

Regards,
Kim
(0003616)
delta   
2014-11-29 08:28   
On the captive portal if you select Google ouath it will redirect you to the Google login, after this it will redirect you back to the captive portal
(0003617)
delta   
2014-11-29 08:28   
can help
(0003628)
fdurand   
2014-12-22 20:02   
Configuration issue





View Issue Details
1845 [PacketFence] captive portal minor always 2014-12-02 12:12 2014-12-17 13:15
delta All  
fdurand All  
normal All  
resolved  
fixed  
none    
none  
   
packetfence
I'm testing packetfence and get the following error message in
/usr/local/pf/logs/error_log

RSA server certificate CommonName (CN) '127.0.0.1' does not match server
name
thanks
I'm testing packetfence and get the following error message in
/usr/local/pf/logs/error_log

RSA server certificate CommonName (CN) '127.0.0.1' does not match server
name
thanks
I'm testing packetfence and get the following error message in
/usr/local/pf/logs/error_log

RSA server certificate CommonName (CN) '127.0.0.1' does not match server
name
thanks
Notes
(0003618)
delta   
2014-12-02 12:13   
can help
(0003624)
fdurand   
2014-12-17 13:14   
It´s not really an error, it just mean that the selsign certificate doesn´t match the apache fqdn.
Btw apache will run.





View Issue Details
1839 [PacketFence] core major always 2014-10-28 08:14 2014-12-17 08:48
caralo Linux  
fdurand Debian  
high 7 (Wheezy)  
resolved 4.4.0  
fixed  
none    
none  
   
364882d0d75b0191ab3e935db9d9592c11b03721
Re-evaluate access fails with undefined subroutine
After registration in portal, vlan _reevaluation fails when it calls subroutine &pf::api::locationlog_view_open_switchport_no_VoIP
Debian 7 and PF 4.4/4.5

These are the logs:

Oct 27 19:11:42 httpd.portal(21155) INFO: [00:44:54:85:f7:0c] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access)
Oct 27 19:11:42 httpd.portal(21155) INFO: [00:44:54:85:f7:0c] switch port is (10.0.1.4) ifIndex 10040 connection type: Wired SNMP (pf::enforcement::_vlan_reevaluation)
Oct 27 19:11:44 httpd.webservices(3662) ERROR: Undefined subroutine &pf::api::locationlog_view_open_switchport_no_VoIP call
ed at /usr/local/pf/lib/pf/api.pm line 251.
 (pf::WebAPI::JSONRPC::__ANON__)
Oct 27 19:12:21 httpd.portal(3622) INFO: [00:44:54:85:f7:0c] shouldn't reach here. Calling access re-evaluation. Make sure
your network device configuration is correct. (captiveportal::PacketFence::Controller::CaptivePortal::unknownState)
Notes
(0003602)
fdurand   
2014-10-28 08:29   
Hello,

can you change the line 251 of /usr/local/pf/lib/pf/api.pm to that:
my @locationlog = pf::locationlog::locationlog_view_open_switchport_no_VoIP( $switch->{_id}, $ifIndex );

and also add this function in api.pm:

sub node_determine_and_set_into_VLAN {
    my ( $mac, $switch, $ifIndex, $connection_type ) = @_;

    my $logger = Log::Log4perl->get_logger('pfsetvlan::handling');
    Log::Log4perl::MDC->put( 'tid', threads->self->tid() );

    my $vlan_obj = new pf::vlan::custom();

    my ($vlan,$wasInline) = $vlan_obj->fetchVlanForNode($mac, $switch, $ifIndex, $connection_type);

    $switch->setVlan(
        $ifIndex,
        $vlan,
        undef,
        $mac
    );
}

And retry.

Regards
Fabrice
(0003603)
caralo   
2014-10-28 10:50   
Good job !!! I retried and it is working now with your patch.

There is a new error but i suppose it is not that important. It is another undefined subroutine &pf::api::violation_view_open_desc

These are the logs:

Oct 28 15:39:39 httpd.webservices(0) INFO: [55:d0:2b:55:e1:84] PID: "carcalo", Status: reg. Returned VLAN: 710 (pf::vlan::fetchVlanForNode)
Oct 28 15:39:40 httpd.webservices(0) INFO: setting VLAN at 10.0.1.67 ifIndex 10009 from 719 to 710 (pf::Switch::setVlan)
Oct 28 15:39:41 httpd.webservices(0) ERROR: Undefined subroutine &pf::api::violation_view_open_desc called at /usr/local/pf/lib/pf/api.pm line 269.
 (pf::WebAPI::JSONRPC::__ANON__)
(0003604)
fdurand   
2014-10-28 10:54   
Ok so try this in the api.pm file:
my @violations = pf::violation::violation_view_open_desc($mac);
 at line 269
(0003605)
caralo   
2014-10-28 11:04   
Excellent!!! No more errors in the logs. You can close the bug.





View Issue Details
1840 [PacketFence] web admin minor always 2014-10-28 11:26 2014-11-26 09:17
caralo Linux  
jrouzier Debian  
normal 7 (Wheezy)  
resolved 4.4.0  
fixed  
none    
none +1  
   
4c51dbc36909407dc2d604086ebd9b833f09e857
Error applying role to multiple nodes
when you select multiple nodes and try to apply a role it does not work and you get "Success. Roles applied to 0 nodes"
You can only apply the role if you click the mac address link individually.

These are the logs from httpd.admin.log:

Oct 28 16:24:48 httpd.admin(8148) INFO: Redirecting to admin interface https://localhost:1443/admin [^] (pfappserver::Controller::Root::index)
Oct 28 16:24:48 httpd.admin(8148) ERROR: Argument "\x{37}\x{34}..." isn't numeric in numeric ne (!=) at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Node.pm line 768.
 (pfappserver::__ANON__)
Oct 28 16:24:48 httpd.admin(8148) ERROR: Unable to modify node because specified category doesn't exist (pf::node::node_modify)
Oct 28 16:24:49 httpd.admin(8148) ERROR: Use of uninitialized value $all_or_any in string eq at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm line 73.
 (pfappserver::__ANON__)

Notes
(0003606)
jmplumley   
2014-10-28 13:18   
Have same issue on version 4.5.0 on CentOS. I don't get all the above errors from log file, just this one "ERROR: Use of uninitialized value $all_or_any in string eq at /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm line 73.
 (pfappserver::__ANON__)"
(0003607)
jmplumley   
2014-11-10 14:17   
Just an update. Upgraded my system to 4.5.1 on CentOS but still have same issue with applying roles to multiple nodes.





View Issue Details
1838 [PacketFence] configuration minor have not tried 2014-10-25 18:23 2014-10-26 13:10
deco Linux  
RHEL / CentOS  
normal 6  
new 4.4.0  
open  
none    
none  
   
New firefox version blocks PF 4.5 Configurator
NOTE: *Not a bug with PF but how Firefox interacts with the install process*

Just did a fresh install of CentOS 6.5 and did a yum update && yum upgrade. This updated the Firefox Browser to 31.1.0. With this version of Firefox, it would not allow the configurator page to display. After some Googling I found this forum post on Firefox's support page:
https://support.mozilla.org/en-US/questions/1012765 [^]

Going into about:config and doing the following solved this issue:
setting "security.use_mozillapkix_verification" to 'true'

P.S. I couldn't select PF 4.5.0 As a product version in the drop down.

-Deco
Fresh install of CentOS & update and attempt to install PF.
Notes
(0003600)
erSitzt   
2014-10-26 12:49   
This is a general problem with firefox and self signed certificates.
In FF 33.0 "security.use_mozillapkix_verification" isnt't even available anymore.
(0003601)
deco   
2014-10-26 13:10   
I think the documentation should just put a !Note next to the configurator section that if you see this error to make the change in FF's config to enable seeing the page.





View Issue Details
1834 [PacketFence] upgrade minor always 2014-10-23 08:24 2014-10-24 09:27
erSitzt Linux x86_64  
fdurand Ubuntu  
normal 12.04  
resolved 4.4.0  
fixed  
none    
none  
   
packetfence upgrade held back because of missing libdatetime-format-rfc3339-perl
When upgrading from 4.4 to 4.5 via apt packetfence-pfcmd-suid updates but packetfence fails:


buehring@srv-pf2:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  packetfence
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
buehring@srv-pf2:~$ sudo apt-get install packetfence
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 packetfence : Depends: libdatetime-format-rfc3339-perl but it is not installable
E: Unable to correct problems, you have held broken packages.
buehring@srv-pf2:~$ dpkg -l | grep packetfence
ii packetfence 4.4.0 PacketFence network registration / worm mitigation system
ii packetfence-pfcmd-suid 4.5.0 C wrapper that replace perl-suid dependence
buehring@srv-pf2:~$
Notes
(0003590)
fdurand   
2014-10-23 11:32   
Hi,

i have just updated the repo, are you able to retry ?

Thanks
Fabrice
(0003591)
erSitzt   
2014-10-23 11:58   
Thanks, it's working now !





View Issue Details
1828 [PacketFence] doc minor always 2014-10-07 09:46 2014-10-07 09:54
ae3 All  
francis All  
normal All  
resolved 4.2.2  
fixed  
none    
none 4.5.0  
   
f25ea483236c8aaac557313a02b842ef892910cf
PF 4.4.0 ZEN manual URL error
On PDF page 10 (paper page 7), the following paragraph contains a URL that needs to be httpS:

Configuring your PacketFence environment
Before booting your VM, make sure the network cable coming from the TRUNK port for the demonstration
PC is correctly plugged in the switch and the PC and that the link is up.
Once powered, open a browser and point it to the configuration URL as stated by the VM login prompt
(ie. http://PF_IP:1443/configurator [^]). The configuration process is a five steps process at the end of which,
the VM will be a persistent working PacketFence environment.

Open PDF file, scroll down 10 pages. :-)
The product version picklist in this bug reporter ends at 4.2.2.
Notes
(0003584)
francis   
2014-10-07 09:54   
Fixed.





View Issue Details
1824 [PacketFence] refactoring minor always 2014-09-12 09:12 2014-09-12 09:12
juanvalencia Linux  
CentOS  
normal 6.5  
new  
open  
none    
none  
   
VoiP phones don't get complete information when they are autoreg for a different method than dhcp.
When you connect a VoIP phone and this is autoregister for a method like radius attributes, PF doesn't update OS info because when it detects that is a VoIP base on dhcp it is already register and PF rejects to do something. The same thing happens when is an autoregister violation created.
* Configure a switch to use MAB.
* Connect a Phone capable to send Radius attributes of VoIP.
* The VoIP is immediately autor-egistered because the Radius Attributes.
* The VoIP ask for DHCP, and PF detects that is form the category of VoIP Phones/Adapters.
* PF says the device is already auto-register do nothing.
PF should update the info of the node in every step that obtains info from the device, even if there is no action to do whit it. In this case the portion of the code, I think in pfsetvlan.pm that rejects to auto-register the device should obtain all the info and pushed into the node_info in the DB.
There are no notes attached to this issue.





View Issue Details
1655 [PacketFence] inline major always 2013-06-25 11:47 2014-09-11 04:29
JasonFell  
 
normal  
new 4.0.1  
open  
none    
none  
   
Inline Mode not forwarding after registration
After creating a user and using these credential for logging in, no forwarding occurs. The screen states that I should check the network settings and try again. But nothing I do will alow it through except for restarting all the services. After looking into the packetfence logs I have found the following entries.

Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:38:52 redir.cgi(0) INFO: Updating node 00:1c:7e:d6:50:25 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0' (pf::web::web_node_record_user_agent)
Jun 25 09:38:52 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init)
Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 redirected to authentication page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:38:52 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 redirected to authentication page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:06 register.cgi(0) INFO: 192.168.250.100 - 00:1c:7e:d6:50:25 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 25 09:39:06 register.cgi(0) INFO: performing node registration MAC: 00:1c:7e:d6:50:25 pid: guest10 (pf::web::_sanitize_and_register)
Jun 25 09:39:06 register.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (manage_register called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:06 register.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:06 register.cgi(0) INFO: 192.168.250.100 - 00:1c:7e:d6:50:25 on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jun 25 09:39:16 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:16 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:16 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:16 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:29 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:29 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) INFO: 00:1c:7e:d6:50:25 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: MAC 00:1c:7e:d6:50:25 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jun 25 09:39:56 redir.cgi(0) INFO: re-evaluating access for node 00:1c:7e:d6:50:25 (redir.cgi called) (pf::enforcement::reevaluate_access)
Jun 25 09:39:56 redir.cgi(0) WARN: Can't re-evaluate access for mac 00:1c:7e:d6:50:25 because no open locationlog entry was found (pf::enforcement::reevaluate_access).

I have tried this on a number of occasions and get the same issue. I have tried leaving packetfence (for more than an hour, to see if it is an issue with time), I have disconnected the workstation requiring acccess (for more than an hour), and finally I have tried rebooting the workstation (requiring access). None of this gave internet access.
As previously noted the only way access is given is by restarting all the packetfence services.
Current setup is as follows;
Inline enforcement
Packetfence
d-link unmanaged 4 port switch
Packetfence Output after secure redirect disable.txt (5,026) 2013-07-03 04:32
https://www.packetfence.org/bugs/file_download.php?file_id=178&type=bug
Packetfence-successful_activation.log (3,401) 2013-07-18 03:49
https://www.packetfence.org/bugs/file_download.php?file_id=180&type=bug
Notes
(0003330)
rivan   
2013-06-26 05:06   
I'm experiencing the same problem.
try to reboot the registered node.
but of course this is not a permanent solution.
(0003331)
JasonFell   
2013-07-02 06:15   
Forgot to add a couple of details:
Centos 6.4 minimal install.
clients tested with the same fault;
Win7
WinXP
Android 4.1.2

can you also let me know when there might be some movement on this issue?
(0003332)
rivan   
2013-07-02 22:28   
(edited on: 2013-07-02 22:29)
did you remove the secure redirect?

(0003333)
JasonFell   
2013-07-03 04:31   
Hi Rivan,
Removed the secure redirect, but still no joy.
Why would this make a difference to the forwarding of packets?
it seems more likely that the method for allowing access through packetfence does not update correctly (if I restart the services I get access)
(0003334)
rivan   
2013-07-04 23:01   
(edited on: 2013-07-04 23:01)
you have to restart the services after you reboot packetfence. It's a bug.

(0003335)
JasonFell   
2013-07-09 05:47   
(edited on: 2013-07-15 07:26)
That seemed like a silly run-a-round.
I have just re-installed pf and found that the secure redirect did not help me at all.
I still cannot get access from a workstation (or any other device) to the internet unless I restart the pf services (after the user has registered)! This is a major stumbling block as this would stop others from using the internet for the 60-120 seconds that the service is unavailable.....for every person who wants to register!!

(0003342)
JasonFell   
2013-07-18 03:48   
After waiting for some help with fixing this bug I can now inform you that I have made some progress, but it seems that the 'inline' functionality does not work the same as 'out-of-band' enforcement.
I made a leap of faith and installed both type of enforcement, even though I did not require both, and then 'created' 2 further (un-required) interfaces within the configurator for the 2 vlans (isolation & registration). I then proceeded to test further and found that all is working as it should be without issue.
I have taken a note of the packetfence.log file and will attached to this bug report.

on a side note I do find it amazing that the product is purported to support 'inline' enforcement (without implementing features that are not required), but it seems from my initial findings that this is not the case, and the support, or even advice, as been almost non-existent.
(0003360)
fdurand   
2013-07-31 20:13   
Hello,
is the captive portal you hit is on a inline interface ?
Can you paste me the result of ipset -L ?

Regards
Fabrice
(0003362)
jvlien   
2013-08-01 03:39   
Dear All,

I experience the same issue.
I have not tested rebooting the server but the client as suggested in the pf message to the client.

The ipsec -L before rebooting the client (IP 192.168.64.92 - MAC: 00:50:56:B5:8B:33):
Name: pfsession_Reg_192.168.64.0
Type: bitmap:ip,mac
Header: range 192.168.64.0-192.168.64.255
Size in memory: 4208
References: 1
Members:
192.168.64.83,54:26:96:A0:B9:F7
192.168.64.89,B8:F6:B1:AC:1B:56

The ipsec -L after rebooting the client (IP 192.168.64.92 - MAC: 00:50:56:B5:8B:33):
Name: pfsession_Reg_192.168.64.0
Type: bitmap:ip,mac
Header: range 192.168.64.0-192.168.64.255
Size in memory: 4208
References: 1
Members:
192.168.64.83,54:26:96:A0:B9:F7
192.168.64.89,B8:F6:B1:AC:1B:56
192.168.64.92,00:50:56:B5:8B:33

Before rebooting the client, packetfence.log shows:
Aug 01 10:25:03 redir.cgi(0) ERROR: Error while setting locale to en_US.utf8. (pf::Portal::Session::_initializeI18n)
Aug 01 10:25:03 redir.cgi(0) INFO: 00:50:56:b5:8b:33 being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 01 10:25:03 redir.cgi(0) INFO: Updating node 00:50:56:b5:8b:33 user_agent with useragent: 'Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0' (pf::web::web_node_record_user_agent)
Aug 01 10:25:03 redir.cgi(0) INFO: Static User-Agent lookup data initialized (pf::useragent::_init)
Aug 01 10:25:03 redir.cgi(0) INFO: MAC 00:50:56:b5:8b:33 shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 01 10:25:03 redir.cgi(0) INFO: re-evaluating access for node 00:50:56:b5:8b:33 (redir.cgi called) (pf::enforcement::reevaluate_access)
Aug 01 10:25:03 redir.cgi(0) INFO: Instantiate a new iptables modification method. pf::ipset (pf::inline::get_technique)

After rebooting the client:
ug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPREQUEST from 00:50:56:b5:8b:33 (192.168.64.92) (main::parse_dhcp_request)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: 00:50:56:b5:8b:33 requested an IP. DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp = 2013-08-01 10:28:08,computername = pos03,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPACK from 192.168.64.5 (00:50:56:b5:9b:ba) to host 00:50:56:b5:8b:33 (192.168.64.92) for 86400 seconds (main::parse_dhcp_ack)

Note:
192.168.64.5 is the pf server Inline interface IP.
(0003365)
fdurand   
2013-08-01 08:12   
Ok so ipset is working, is ip_forward enabled ?
Can you paste the iptables -L -n -v and iptables -L -n -v -t nat ?

Fabrice
(0003367)
jvlien   
2013-08-01 08:40   
#iptables -L -n -v
Chain INPUT (policy DROP 8842 packets, 866K bytes)
 pkts bytes target prot opt in out source destination
  587 1313K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
53092 70M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
 1620 79639 input-internal-inline-if all -- eth2 * 0.0.0.0/0 192.168.64.5
  605 175K input-internal-inline-if all -- eth2 * 0.0.0.0/0 255.255.255.255
    0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 192.168.65.211 tcp dpt:443
    9 476 input-management-if all -- eth1 * 0.0.0.0/0 0.0.0.0/0
    5 260 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

Chain FORWARD (policy DROP 1593 packets, 88109 bytes)
 pkts bytes target prot opt in out source destination
 2370 166K forward-internal-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0
  639 317K ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT 35265 packets, 7414K bytes)
 pkts bytes target prot opt in out source destination

Chain forward-internal-inline-if (1 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x3 match-set pfsession_passthrough dst,dst
  777 77790 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1

Chain forward-internal-vlan-if (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough dst,dst
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough src,src

Chain input-highavailability-if (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5405
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5407
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7788

Chain input-internal-inline-if (2 references)
 pkts bytes target prot opt in out source destination
    5 1717 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x3
  146 8491 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x3
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x2
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x2
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 mark match 0x1
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x1
    3 144 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x1
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x1
   19 912 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
   19 896 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

Chain input-internal-vlan-if (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

Chain input-management-if (1 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    8 420 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1443
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1812
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1812
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1813
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1813
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:162
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9392
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8834
    
# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 11776 packets, 1115K bytes)
 pkts bytes target prot opt in out source destination
 4767 457K prerouting-int-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 196 packets, 12121 bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 90 packets, 5600 bytes)
 pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 113 packets, 8001 bytes)
 pkts bytes target prot opt in out source destination
  142 9836 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
    0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x3
    0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x1
    0 0 postrouting-int-inline-if all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x2

Chain postrouting-inline-routed (0 references)
 pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain postrouting-int-inline-if (3 references)
 pkts bytes target prot opt in out source destination
    0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0

Chain prerouting-int-inline-if (1 references)
 pkts bytes target prot opt in out source destination
  146 8479 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x3
    0 0 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 mark match 0x2
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_passthrough dst,dst mark match 0x3
   19 912 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x3
    0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 mark match 0x2
   17 816 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x3
    0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 mark match 0x2

#ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:b5:b6:e0
          inet addr:192.168.60.13 Bcast:192.168.60.255 Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb5:b6e0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:63498 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3566 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4206524 (4.0 MiB) TX bytes:4622467 (4.4 MiB)

eth1 Link encap:Ethernet HWaddr 00:50:56:b5:3a:4c <--
          inet addr:192.168.65.211 Bcast:192.168.65.255 Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb5:3a4c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:49955 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34783 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:70775434 (67.4 MiB) TX bytes:3166477 (3.0 MiB)

eth2 Link encap:Ethernet HWaddr 00:50:56:b5:9b:ba
          inet addr:192.168.64.5 Bcast:192.168.64.255 Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:feb5:9bba/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:6999 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2347 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:756693 (738.9 KiB) TX bytes:749056 (731.5 KiB)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:871 errors:0 dropped:0 overruns:0 frame:0
          TX packets:871 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2183212 (2.0 MiB) TX bytes:2183212 (2.0 MiB)

Interfaces:
 * eth0 - Type: (None) - Comment: Interface on other LAN to allow remote access for management (I have added -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT in iptables.conf for this one)
 * eth1 - Type: Management
 - eth2 - Type: Inline
(0003368)
jvlien   
2013-08-01 08:41   
(edited on: 2013-08-01 10:04)
Note: no need to reboot the client computer after all. On Windows an "ipconfig /renew" does the trick. For Wifi a disconnect then reconnect from the Wi-Fi network also works (Access Point directly connected to Inline net)

(0003369)
fdurand   
2013-08-01 09:14   
And the iptables -L -n -v -t mangle too.
(0003370)
jvlien   
2013-08-01 10:03   
# iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 18149 packets, 4722K bytes)
 pkts bytes target prot opt in out source destination
 9936 993K prerouting-int-inline-if all -- eth2 * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 9734 packets, 2183K bytes)
 pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 7840 packets, 2440K bytes)
 pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 3694 packets, 3250K bytes)
 pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 10479 packets, 5632K bytes)
 pkts bytes target prot opt in out source destination

Chain prerouting-int-inline-if (1 references)
 pkts bytes target prot opt in out source destination
 9936 993K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x3
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Unreg_192.168.64.0 src,src MARK set 0x3
 3959 415K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Reg_192.168.64.0 src,src MARK set 0x1
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Isol_192.168.64.0 src,src MARK set 0x2
(0003371)
fdurand   
2013-08-01 15:40   
Hum it look good because : 3959 415K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set pfsession_Reg_192.168.64.0 src,src MARK set 0x1

have you checked /proc/sys/net/ipv4/ip_forward is equal to 1 ?

Fabrice
(0003374)
jvlien   
2013-08-02 02:57   
Yes, and once ipset -L shows the MAC/IP in the list the computer has access so it can't be this:
# cat /proc/sys/net/ipv4/ip_forward
1

It looks like something is not set when the client is logged in (auth is done via AD) and this same something is then triggered with the DHCP refresh:
Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement)

Would there be a way to trigger this event on the pf server to test if this is what is missing after login in but defore dhcp refresh?
(0003377)
fdurand   
2013-08-02 09:31   
Your setup look good, can you paste the routing table ?

Fabrice
(0003378)
jvlien   
2013-08-02 09:41   
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.65.210 0.0.0.0 UG 0 0 0 eth1
192.168.60.0 * 255.255.255.0 U 0 0 0 eth0
192.168.64.0 * 255.255.255.0 U 0 0 0 eth2
192.168.65.0 * 255.255.255.0 U 0 0 0 eth1
(0003384)
fdurand   
2013-08-05 11:16   
Your configuration looks correct, are you able to ping 192.168.65.210 from your device when your device is reg ?
(0003385)
jvlien   
2013-08-05 13:05   
When the computer is in the pfsession_Reg_192.168.64.0, yes I can ping 192.168.65.210.

As I said when I reboot/renew DHCPlease/disconnect & reconnect to Wireless network it shows this in the log:
Aug 01 10:28:08 pfdhcplistener(3356) INFO: DHCPREQUEST from 00:50:56:b5:8b:33 (192.168.64.92) (main::parse_dhcp_request)
Aug 01 10:28:08 pfdhcplistener(3356) INFO: MAC: 00:50:56:b5:8b:33 stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement)

And this seems to trigger the event that makes the computer to go from the pfsession_UnReg_192.168.64.0 to the pfsession_Reg_192.168.64.0 list but until this DHCPREQUEST the client stays in the Unreg list.
(0003386)
fdurand   
2013-08-05 13:56   
Ok so try this:
su - pf
and launch sudo ipset -L
If it doesn´t work it mean that there is a problem with sudoers file.
(0003387)
jvlien   
2013-08-06 03:11   
It looks like you're right!

# su - pf
$ /usr/sbin/ipset -L
ipset v6.12.1: Kernel error received: Operation not permitted

I have looked at the doc and unless I am mistaken I have not seen how to setup sudo (it is taken care of by the installation script?).
(0003434)
dranix   
2013-09-03 05:20   
I am having the same issue highlighted by JasonFell.
So after reading this bug, i realize that the issue revolves around ipset.

My setup is as follows:
-CentOS 6.4
-PacketFence 4.0.5-2

A "discovery" of the bug:
Scenario when new user authenticates:
1. When a new user successfully authenticates and registers, the wireless device would be stuck at the webpage that states, "Your network should be enabled within a minute or two. If it is not reboot your computer.".
2. The wireless client will never be able to access the Internet even though in the PacketFence portal, the device is registered correctly.
3. Upon checking the ipset, this device is not reflected in the pfsession_Reg_x.x.x.x ipset.
4. After performing "service packetfence restart", then only will the client be able to access the Internet.
5. Upon checking the ipset now, the device's IP and MAC is present in the pfsession_Reg_x.x.x.x ipset.

Scenario when a node is deregistered and deleted.
1. When a node is successfully registered it is able to access the Internet.
2. In the PacketFence portal, when the node is deregistered and removed, the node is still present in the pfsession_Reg_x.x.x.x ipset.
3. This means that a "non-registered" device would still be able to access the Internet.
4. After performing "service packetfence restart", then only will the client not be able to access the Internet.
5. Upon checking the ipset now, the device's IP and MAC is not in the pfsession_Reg_x.x.x.x ipset.

To add on the jvlien observation.
Executing "ipset -L" from user pf would give the Kernel error.
But executing the command "sudo ipset -L" works fine.

So it has something to do with ipset not being executed by the pf user when wireless clients are added or removed.

Hope this information helps.
Thanks.
(0003442)
dranix   
2013-09-11 23:14   
Updates to this bug.
Have tested with PacketFence 4.0.6.
Same problem still exists.
Newly registered wireless clients would not be able to access the Internet until PacketFence is restarted which "renews" the ipset list.
Thanks.
(0003451)
dranix   
2013-09-17 02:57   
Updates to this bug
Have updated to PacketFence 4.0.6-2.
Same problem still exists.

Have included the logs from packetfence.log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

##New Registration with bad password
Sep 17 14:33:46 register.cgi(0) INFO: 172.31.200.10 - aa:bb:cc:dd:ee:ff on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Sep 17 14:33:51 register.cgi(0) WARN: User cannot cn=test-staff,ou=people,dc=company,dc=com cannot bind from dc=company,dc=com on ldap-master.company.com:389 for source Staff (pf::Authentication::Source::LDAPSource::authenticate)
Sep 17 14:33:56 register.cgi(0) WARN: No entries found (0) with filter (cn=test-staff) from dc=intern,dc=company,dc=com on intern.company.com:389 for source Intern (pf::Authentication::Source::LDAPSource::authenticate)
##New Registration with good password
Sep 17 14:34:25 register.cgi(0) INFO: 172.31.200.10 - aa:bb:cc:dd:ee:ff on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Sep 17 14:34:30 register.cgi(0) INFO: Authentication successful for test-staff in source Staff (LDAP) (pf::authentication::authenticate)
Sep 17 14:34:35 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 17 14:34:35 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match)
Sep 17 14:34:41 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 17 14:34:41 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match)
Sep 17 14:34:46 register.cgi(0) INFO: Found a match (cn=test-staff,ou=people,dc=company,dc=com) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 17 14:34:46 register.cgi(0) INFO: Matched rule (Staff) in source Staff, returning actions. (pf::Authentication::Source::match)
Sep 17 14:34:46 register.cgi(0) INFO: performing node registration MAC: aa:bb:cc:dd:ee:ff pid: test-staff (pf::web::_sanitize_and_register)
Sep 17 14:34:46 register.cgi(0) INFO: creating person test-staff because it doesn't exist (pf::node::node_register)
Sep 17 14:34:46 register.cgi(0) INFO: person test-staff added (pf::person::person_add)
Sep 17 14:34:46 register.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (manage_register called) (pf::enforcement::reevaluate_access)
Sep 17 14:34:46 register.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Sep 17 14:34:55 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:34:55 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:34:55 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access)
Sep 17 14:34:55 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)
##Unable to access after rebooting wireless client
Sep 17 14:35:44 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:44 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:44 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access)
Sep 17 14:35:44 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)
Sep 17 14:35:51 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (default profile) (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:51 redir.cgi(0) INFO: MAC aa:bb:cc:dd:ee:ff shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Sep 17 14:35:51 redir.cgi(0) INFO: re-evaluating access for node aa:bb:cc:dd:ee:ff (redir.cgi called) (pf::enforcement::reevaluate_access)
Sep 17 14:35:51 redir.cgi(0) WARN: Can't re-evaluate access for mac aa:bb:cc:dd:ee:ff because no open locationlog entry was found (pf::enforcement::reevaluate_access)

##check ipset before restarting packetfence
[root@packetfence logs]# ipset -L
Name: pfsession_Unreg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

Name: pfsession_Reg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

Name: pfsession_Isol_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

##Executed packetfence restart
service packetfence restart

##check ipset after restarting packetfence
[root@packetfence logs]# ipset -L
Name: pfsession_Unreg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:

Name: pfsession_Reg_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:
172.31.200.10,aa:bb:cc:dd:ee:ff

Name: pfsession_Isol_172.31.200.0
Type: bitmap:ip,mac
Header: range 172.31.200.0-172.31.203.255
Size in memory: 16496
References: 1
Members:


##wireless client can surf the Internet without any issues


Hope the added information helps in the bug resolution.
Thanks.
(0003479)
showy   
2013-12-08 03:30   
Hi,
I'm new to packetfence and I've just ran into this problem with a minimal installation of debian wheezy. Have installed packetfence 4.0.6-2 via aptitude and configured for inline mode.

A quick fix of the problem is to replace in the reevaluate_access function of the enforcement.pm file the block after the call to isInlineEnforcementRequired:

if ($inline->isInlineEnforcementRequired($mac)) {

                # TODO avoidable load?
                my $trapSender = pf::SwitchFactory->getInstance()->instantiate('127.0.0.1');
                if ($trapSender) {
                    $logger->debug("sending a local firewallRequest trap to force firewall change");
                    $trapSender->sendLocalFirewallRequestTrap('127.0.0.1', $mac);
                } else {
                    

TO:

if ($inline->isInlineEnforcementRequired($mac)) {

$inline->performInlineEnforcement($mac);

} else {



PATCH <<

diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
index ebd975f..4cb863c 100644
--- a/lib/pf/enforcement.pm
+++ b/lib/pf/enforcement.pm
@@ -82,14 +82,7 @@ sub reevaluate_access {
             my $inline = new pf::inline::custom();
             if ($inline->isInlineEnforcementRequired($mac)) {
 
- # TODO avoidable load?
- my $trapSender = pf::SwitchFactory->getInstance()->instantiate('127.0.0.1');
- if ($trapSender) {
- $logger->debug("sending a local firewallRequest trap to force firewall change");
- $trapSender->sendLocalFirewallRequestTrap('127.0.0.1', $mac);
- } else {
- $logger->error("Can't instantiate switch 127.0.0.1! It's critical for internal messages!");
- }
+ $inline->performInlineEnforcement($mac);
 
             } else {
                 $logger->debug("MAC: $mac is already properly enforced in firewall, no change required");
(0003580)
jvlien   
2014-09-11 04:29   
Dear All,

It's been a while but I had the same issue again recently and finally found out that the issue was due to lack of RAM. The pfsetvlan service took all the available RAM leaving no free memory for all the other services. pfdhcplistener would not start and ipset would throw a Out of memory error. With 4GB of RAM for the pf machine I don't run into this issue any more (pfsetvlan takes 1GB alone).
This was not an easy find, despite the obvious errors at some point, as runing ipset as pf user lead to an other error (Kernel: operation not permitted) making me think of an sudoers/access right issue and also with a DHCP renew/reboot of the client it would trigger something that would make pf to work and give access at the end (which was a workaround used since then).
I did not came across such memory issue with "modern" OS since a while and that's also probably why I did not think of it at first.





View Issue Details
1823 [PacketFence] web admin minor always 2014-09-05 10:22 2014-09-05 10:22
jsemaan.inverse All  
All  
normal All  
new devel  
open  
none    
none  
   
The external script trigger for violations is broken in the admin ui
The creation of external script triggers in the admin ui creates invalid configuration.

It adds the trigger 'external' when the configuration expects
'external<some user defined id>'

Then the path to the script must be configured in pf.conf in
[paths.external<the decided id>]

It must also be added to documentation.conf or pf won't checkup.

We need to review the way we create these triggers or adapt the admin interface to the current way of doing it.

The feature still works when creating the configuration manually
There are no notes attached to this issue.





View Issue Details
1819 [PacketFence] radius minor always 2014-08-19 17:43 2014-08-19 18:50
cpross90 Linux  
RHEL / CentOS  
normal 6  
new 4.2.2  
open  
none    
none  
   
Cisco Aironet 1042N periods in MAC
When accounting data is sent to the pf server there are periods in the MAC.

Packetfence does not parse them properly causing bandwidth monitoring to not work correctly.
Use pf with Aironet 1042N.
Notes
(0003572)
fdurand   
2014-08-19 18:31   
Hi,

what do you mean by periods in the MAC ?

Fabrice
(0003573)
cpross90   
2014-08-19 18:47   
Aug 19 17:39:13 httpd.webservices(1699) INFO: [172.16.0.23] Returning ACCEPT with VLAN 2 and role (pf::Switch::returnRadiusAccessAccept)
Aug 19 17:41:14 httpd.webservices(1699) INFO: Unable to extract MAC from Called-Station-Id: 8875.56da.bf20 (pf::radius::extractApMacFromRadiusRequest)
Aug 19 17:41:14 httpd.webservices(1699) INFO: handling radius autz request: from switch_ip => 172.16.0.22, connection_type => Wireless-802.11-NoEAP,switch_mac => , mac => 38:aa:3c:22:ae:cf, port => 1496, username => 38aa3c22aecf (pf::radius::authorize)
Aug 19 17:41:14 httpd.webservices(1699) INFO: MAC: 38:aa:3c:22:ae:cf is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
(0003574)
cpross90   
2014-08-19 18:50   
It looks like the from /lib/pf/radius.pm sub extractApMacFromRadiusRequest only strips :'s or -'s.





View Issue Details
1766 [PacketFence] hardware modules minor always 2014-02-05 20:25 2014-07-25 10:53
aj14 Linux  
RHEL / CentOS  
normal 5  
resolved 4.0.3  
fixed  
none    
none  
   
PacketFence cannot receive SNMP traps from D-link DES3526 Switch
Before deploying PF to our network, we are testing its functionality with the switches that we have.

So far so good, but when it comes to the D-Link DES3526, we have had no luck. When I look into the module itself, it is basically a container for the main Dlink.pm.

Basically, nothing happens on the switch when we connect a host authorized or unauthorized to it. When looking at the packetfence log, it seems as if PF is not understanding the trap coming from the switch ("trap currently not hadled").

I have attached an excerpt of packetfence.log. You can see that the trap contains the MAC address of the machine that is being connected to the switch. I have also attached the switch configuration. Firmware is 5.00-B27.
Connect a machine to a port in the switch configured to send traps.
packetfence.log entries:

Feb 04 16:56:08 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-04|00:56:06|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1248956) 3:28:09.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:08 pfmon(1) INFO: running expire check (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking violations for expiration (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking accounting data for potential bandwidth abuse (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: getting violations triggers for accounting cleanup (pf::accounting::acct_maintenance)
Feb 04 16:56:08 pfmon(1) INFO: Calling node acct maintenance total with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
Feb 04 16:56:08 pfsetvlan(23) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-04|00:56:07|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249056) 3:28:10.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:08 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-04|00:56:08|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249157) 3:28:11.57|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:11 pfsetvlan(22) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:11 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-04|00:56:09|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249256) 3:28:12.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:11 pfsetvlan(21) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)



Switch entry in switches.conf:
[10.100.6.32]
mode=production
SNMPCommunityRead=frydmwrt
SNMPCommunityWrite=frydmwrt
SNMPVersionTrap=2c
type=Dlink::DES_3526
VoIPEnabled=N
SNMPVersion=2c
uplink=26
SNMPCommunityTrap=frydmwrt
SNMPEngineID=800000ab03001cf09d649a

des-3526-config (8,410) 2014-02-05 20:25
https://www.packetfence.org/bugs/file_download.php?file_id=198&type=bug
Dlink-aj14.pm (7,895) 2014-02-28 11:13
https://www.packetfence.org/bugs/file_download.php?file_id=201&type=bug
Dlink.pm (7,879) 2014-04-23 14:34
https://www.packetfence.org/bugs/file_download.php?file_id=206&type=bug
Notes
(0003500)
fdurand   
2014-02-06 09:49   
Hello,
let check in the Dlink.pm module, it look like the format of the trap has changed.

Change that to match your trap:
/BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.0\.3\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/

Fabrice
(0003501)
aj14   
2014-02-06 15:56   
Fabrice,

I am not sure what is that I need to change. Is it Dlink.pm or something in the switch?

That statement that you wrote in your comment is already on Dlink.pm, line 57

Can you please clarify?

Thanks
Adrian
(0003502)
fdurand   
2014-02-06 16:10   
Adrian,

what i have posted is a regexp that parse the trap your switch send.

So your trap look like:
.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45
So you have to rewrite the regexp in packetfence to match your trap and get the ifindex of the port and the mac address.

Regards
Fabrice
(0003508)
aj14   
2014-02-19 23:13   
Fabrice,

I am not an expert in RegExp. Please verify that the change is correct.

 =~ /BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.2\.0\.2\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.14\.1\.1\.1\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/

Why do I have to do this in the first place? Is there a specific firmware supported for the DES-3526? There is not mention of it in the documentation.

Regards
Adrian
(0003509)
aj14   
2014-02-20 21:03   
After making that change and restarting the packetfence service (do I need to do that when I change a module?), it still does not work. I get pretty much the same results:

---
Feb 20 17:56:55 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852616) 16 days, 4:28:46.16|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 20 17:56:56 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852659) 16 days, 4:28:46.59|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(21) WARN: We have received a trap from switch 10.128.240.44. This switch is UNREGISTERED. Flush the trap (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(22) WARN: We have received a trap from switch 10.128.208.38. This switch is UNREGISTERED. Flush the trap (main::parseTrap)
Feb 20 17:56:57 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 20 17:56:57 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-20|01:56:56|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852763) 16 days, 4:28:47.63|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:59 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: opening SNMP v2c read connection to 10.100.6.32 (pf::SNMP::connectRead)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0 (pf::SNMP::connectRead)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for ifType: 1.3.6.1.2.1.2.2.1.3.1 (pf::SNMP::getIfType)
Feb 20 17:56:59 pfsetvlan(3) INFO: down trap received on 10.100.6.32 ifIndex 1 (main::handleTrap)
Feb 20 17:56:59 pfsetvlan(3) INFO: setting 10.100.6.32 port 1 to MAC detection VLAN (main::handleTrap)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2 (pf::SNMP::getDot1dBasePortForThisIfIndex)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: dot1dBasePort corresponding to ifIndex 1 is 1 (pf::SNMP::getDot1dBasePortForThisIfIndex)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qPvid: 1.3.6.1.2.1.17.7.1.4.5.1.1.1 (pf::SNMP::getVlan)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qVlanStaticName: 1.3.6.1.2.1.17.7.1.4.3.1.1.4 (pf::SNMP::isDefinedVlan)
Feb 20 17:56:59 pfsetvlan(3) WARN: MAC detection VLAN 4 is not defined on switch 10.100.6.32 -> Do nothing (pf::SNMP::setVlan)
Feb 20 17:56:59 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: closing SNMP v2c read connection to 10.100.6.32 (pf::SNMP::disconnectRead)
---

The last entries seem to indicate that some traps do work, but not the one for the MAC address violation.

Regards
Adrian
(0003510)
aj14   
2014-02-28 10:33   
No word on this?

After analyzing the trap closely, this is what is missing from it:

= INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1

Will re-write the regexp accordingly, but the question remains the same, why is it that I need to (so drastically) modify the module.

Regards
Adrian
(0003511)
aj14   
2014-02-28 11:11   
This also was preventing a match:

([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})

I changed it to this:

([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})

Now the trap is a match, but I get the following error:

Feb 28 07:55:48 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-28|15:55:44|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (205364994) 23 days, 18:27:29.94|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62.
Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64.
Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73.
Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74.

I will upload the current Dlink.pm that I have.

I now need help from you guys.
(0003530)
ah27   
2014-04-23 14:34   
I have reapplied the changes that you originally told Adrian to apply after upgrading our server to 4.1.0

With your version of the fix I get:

Apr 23 11:20:41 pfsetvlan(24) INFO: ignoring unknown trap: 2014-04-23|18:20:38|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6144888) 17:04:08.88|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap)

With Adrian's I get:

Apr 23 11:27:43 pfsetvlan(21) INFO: ignoring unknown trap: 2014-04-23|18:27:41|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6187149) 17:11:11.49|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap)
Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62.
Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64.
Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73.
Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74

I will also attach the version of the Dlink.pm we now have.
(0003531)
lmunro   
2014-04-25 13:53   
It looks like the format for the dlink traps has changed significantly.
You are probably running a newer version of the firmware than what we tested with.

I can't really fix this without knowing more. It will take a rewrite of the parseTrap function to support the new trap format.
I will need to know what type of traps we are receiving and run a few live tests with someone on your end.
(0003571)
lmunro   
2014-07-25 10:52   
Fixed by new DES_3526 module.





View Issue Details
1814 [PacketFence] web admin minor always 2014-07-14 19:36 2014-07-15 12:58
hagenbucher i686  
Ubuntu Server  
normal 12.04.4 LTS  
new devel  
open  
none    
none  
   
Uplinks only allowed to be numeric
You untick the usage of dynamic uplinks (how does it work?)

The field "Uplink" is editable now but does not allow ports like: A1, A2, A3 or Trk1, Trk2

issue 1 a) Trk1, Trk2 ... are trunks (static) or link aggretaions (lacp) created manually on the switch CLI (do not confuse cisco usage of the word trunk) for 5400zl and 2910al series.

issue 1 b) A1 is the first port on modul A on HP ProCurve 5400zl series.

issue 2) If there is only one uplink port - which is perfectly fine with an lacp created link connected to a distributed trunk/multi chassis lag or if you don't care about redundancy - there should be the possibility of configuring one port only as uplink.
Menu Configuration - Switches:
- Click 'Add Switch'
- Fill any non-numerical value to the file "Uplink"
- The field and caption gets framed/written in red and you cannot save your edit.
Tested with 4.3.0-201407140016 and 4.3.0

You can workaround issue number two by filling in "1, 1" if your only uplink port is port number 1.
Running in VirtualBOX
Notes
(0003564)
fdurand   
2014-07-15 07:18   
Hello,

when you define an uplink port it mean that it´s the ifIndex which is an integer.

Regards
Fabrice
(0003565)
hagenbucher   
2014-07-15 12:58   
Hello Fabrice,

thank you very much for clarifying this issue. It did help me a lot.

for future reference:

ifIndices for HP5400zl (max. of 288 ports as 5412zl)

Trk1 is ifIndex 290
Trk2 is ifIndex 291
Trk3 is IfIndex 292

ifIndices for HP2910al (fixed port switch with 44 1000baseTX and 4 fiber ports)

Trk1 is ifIndex 54
Trk2 is ifIndex 55


Kind regards,
David





View Issue Details
1806 [PacketFence] captive portal block always 2014-06-05 09:21 2014-07-09 01:03
hudsonfas Linux  
Debian  
normal 7 (Wheezy)  
new 4.2.2  
open  
none    
none  
   
Your network should be enabled within a minute or two
In captive portal, after I put USERNAME and PASSWORD, and received the message:

"Your network should be enabled within a minute or two. If it is not reboot your computer"

... and nothing happens ....

In /usr/local/pf/logs/portal_error:

[Thu Jun 5 08:33:34 2014] -e: Use of uninitialized value $2 in uc at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm line 186
Debian GNU/Linux 7 (wheezy)
packetfence:
  Installed: 4.2.2
  Candidate: 4.2.2
  Version table:
 *** 4.2.2 0
        500 http://inverse.ca/downloads/PacketFence/debian/ [^] wheezy/wheezy amd64 Packages
Notes
(0003553)
fdurand   
2014-06-05 09:23   
What we need also is the packetfence.log when you reg your device.
(0003562)
rivanstudents   
2014-07-06 03:27   
it is actually happening if you use inline mode. I also have this kind of problem in the past. I forgot how to fix it.
(0003563)
rivanstudents   
2014-07-09 01:03   
(edited on: 2014-07-09 01:04)
I remember make sure that ip forward is enabled
vi /etc/sysctl.conf
look for net.ipv4.ip_forward = 0

make sure you make it 1
net.ipv4.ip_forward = 1

then exit

sysctl -p /etc/sysctl.conf

this is for Rhel/Centos
I don't know where is sysctl.conf in debian






View Issue Details
1813 [PacketFence] captive portal minor have not tried 2014-06-25 05:14 2014-07-07 12:36
sisu Linux  
Ubuntu  
normal 12.04  
new 4.2.2  
open  
none    
none  
   
Phone number check with regex
On Packetfence 4.1

In the File /pf/lib/pf/web/util.pm i changee the text form :


sub validate_phone_number {
    my ($phone_number) = @_;

    # north american regular expression
    if ($phone_number =~ /
        ^(?:\+?(1)[-.\s]?)? # optional 1 in front with -, ., space or nothing seperator
        \(?([2-9]\d{2})\)? # captures first 3 digits allows optional parenthesis
        [-.\s]? # separator -, ., space or nothing
        (\d{3}) # captures 3 digits
        [-.\s]? # separator -, ., space or nothing
        (\d{4})$ # captures last 4 digits
        /x) {
        return "$1$2$3$4" if defined($1);
        return "$2$3$4";
    }
    # rest of world regular expression
    if ($phone_number =~ /
        ^\+?\s? # optional + on front with optional space
        ((?:[0-9]\s?){6,14} # between 6 and 14 groups of digits seperated by spaces or not
        [0-9])$ # end with a digit
        /x) {
        # trim spaces
        my $return = $1;
        $return =~ s/\s+//g;
        return $return;
    }
    return;
}


to


sub validate_phone_number {
    my ($phone_number) = @_;

    $phone_number =~ s/\s+//g; # Leerzeichen rausnehmen
    $phone_number =~ s/\s-//g; # Minuszeichen rausnehmen
    $phone_number =~ s/^\+/00/; # + mit 00 ersetzen
    $phone_number =~ s/^0041/0/; # 0041 mit 0 ersetzen


    # Schweiz: ^07[5-9]\d{7}$

    #Frankreich ^00336(0(7|8)|3[0-2]|54|[6-8]\d{1})\d{6}$

    #Oesterreich ^00436(50|6(0|3|4)|7(6|8)|8(0|1|8)|99)\d{7}$

    #Deutschland ^00491(5(1|2|5|7|9)|6(0|2|3)|7)\d{8,9}$

    #Italien ^00393([2-4]\d{1}|6[0-8]|8\d{1}|9[0-3])\d{7}$

    #England ^00447(4|5|[7-9]|7624)\d{6,8}$


    if ($phone_number =~ /^07[5-9]\d{7}$|^00336(0(7|8)|3[0-2]|54|[6-8]\d{1})\d{6}$|^00491(5(1|2|5|7|9)|6(0|2|3)|7)\d{8,9}$|^00393([2-4]\d{1}|6[0-8]|8\d{1}|9[0-3])\d{7}$|^00447(4|5|[7-9]|7624)\d{6,8}$/) {
        return $phone_number;
    }
    return;
}


if I sign up with the number +49... the system sending sms to 0049....

On Packetfence 4.2 who i do the same if not send to 0049.... it sends to 49...


Thanks for help

Best Regards

Sisu
There are no notes attached to this issue.





View Issue Details
1811 [PacketFence] configuration major always 2014-06-13 15:14 2014-06-13 15:14
lmunro All  
All  
normal All  
new 4.2.2  
open  
none    
none  
   
fake_mac_enabled by default
The configurator always set fake_mac_enabled=enabled when doing VLAN enforcement.

This setting should only apply to inline enforcement.
Install PF, run the configurator and select VLAN enforcement.
There are no notes attached to this issue.





View Issue Details
1810 [PacketFence] web admin major always 2014-06-11 10:37 2014-06-11 15:14
pfbug Linux  
Debian  
normal 7 (Wheezy)  
resolved devel  
fixed  
none    
none  
   
ec3d6588084a5be371120aac4da9f4054357bf7e
IP Address saved as MAC Address in Switch configuration
When entering an IP address for a switch, e.g. 192.168.201.101 it is saved as MAC address 19:21:68:20:11:01 which renders the configuration unusable (the switch is not accessed from packetfence).

The bug was reproducible with Packetfence 4.2.2 and 4.3.0 (10062014). The same configuration was successful with Packetfence 4.2.0.
Add a switch via web interface, enter IP of the switch.
There are no notes attached to this issue.





View Issue Details
1809 [PacketFence] core minor always 2014-06-10 16:02 2014-06-10 16:03
dwuelfrath  
dwuelfrath  
normal  
resolved 4.2.2  
fixed  
none    
none 4.3.0  
  4.2.3  
b43eb94de55b0e452d8fadb8c233eb1cd3d2ab9d
allowed_device_types.txt file is not population the dropdown
On the device registration page, even if we have stuff in the allowed_device_types.txt file, there is no dropdown to select the type of the device.
Notes
(0003557)
dwuelfrath   
2014-06-10 16:03   
Fixed in devel (Will be available in next release)
Also available in 4.2 maintenance branch





View Issue Details
1805 [PacketFence] captive portal minor have not tried 2014-06-04 11:38 2014-06-10 15:49
francis  
dwuelfrath  
normal  
resolved 4.2.2  
fixed  
none    
none 4.3.0  
  4.2.3  
d1794798429942203277dd6ba41fbecf6adcc807
Device Registration: unreg date/access duration not used
When registering a device (aka gaming registration), neither the unreg date nor the access duration of the user is used.
https://github.com/inverse-inc/packetfence/blob/stable/html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm#L128 [^]
Notes
(0003556)
dwuelfrath   
2014-06-10 15:46   
Fixed in devel as of now
Available in 4.2 maintenance branch too.





View Issue Details
1807 [PacketFence] captive portal minor sometimes 2014-06-05 15:35 2014-06-05 15:35
jwesleyb LINUX  
CENT OS  
normal 6.3  
new 4.2.2  
open  
none    
none  
   
error registering device
Hi, i'm with the following problem. When I log on the network, packetfence registers the wrong mac address. Example: 00:00: BC: 62:00:0 A
With the correct MAC address: BF: F8: 48:0 D: 45: FA

How do I fix this error?

Thank you!
There are no notes attached to this issue.





View Issue Details
1804 [PacketFence] web admin feature have not tried 2014-06-03 09:51 2014-06-03 09:51
francis  
 
normal  
new 4.2.2  
open  
none    
none  
   
Allow to reorder SMS carriers
When defining a SMS authentication source, it would useful to easily reorder the list of carriers.
There are no notes attached to this issue.





View Issue Details
1603 [PacketFence] configuration tweak always 2012-11-13 09:37 2014-06-03 03:17
maikel  
 
normal  
new 3.6.0  
open  
none    
none  
   
Bandwith violations edit doesnt reload pfmon
When altering violations, in special as tested the bandwidth violations. These violations will not reload pfmon. Pfmon still listens to the old violations.conf. After restart of packetfence, the new violation rules are loaded and it works perfect. This minor tweak would be nice
There are no notes attached to this issue.





View Issue Details
1267 [PacketFence] captive portal trivial random 2011-09-14 16:31 2014-06-02 08:15
obilodeau  
fdurand  
high  
resolved  
fixed  
none    
none  
  general  
add template toolkit error reporting on all ->process calls
Just like I did here at revno: 49438888fdbade2110cb70324e34381245c1bf25

--- pf/lib/pf/web/guest.pm      0a9d7807c131a50376d474012b92a1a629d5e85c
+++ pf/lib/pf/web/guest.pm      44fa683d2c052e22eac0e0f12b25250469c5a1e3
@@ -228,7 +228,7 @@ sub generate_registration_page {
     #}

     my $template = Template->new({ INCLUDE_PATH => [$CAPTIVE_PORTAL{'TEMPLATE_DIR'}], });
-    $template->process($pf::web::guest::REGISTRATION_TEMPLATE, $vars);
+    $template->process($pf::web::guest::REGISTRATION_TEMPLATE, $vars) || $logger->error($template->error());
     
exit;
 }   



It helped out identify a nasty bug. It should be done by default on all the $template->process() calls.
Notes
(0002696)
obilodeau   
2012-05-03 13:45   
Something good to learn for you fdurand.





View Issue Details
1786 [PacketFence] upgrade minor always 2014-04-05 11:52 2014-06-02 08:15
huxiufei VMware  
fdurand RHEL i386  
normal 6.4  
resolved 4.1.0  
fixed  
none    
none  
   
software installation error
i followed "PacketFence_Administration_Guide-4.1.0" guild to install the packetfence. At the last step, when i execute the command "yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete"
there are some errors occur:
--> Finished Dependency Resolution
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: dhcp
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: ipset
Error: Package: perl-HTML-Tidy-1.08-5.el6.i686 (epel)
           Requires: libtidy-0.99.so.0
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: rrdtool
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: memcached
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl-rrdtool
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
Error: Package: perl-Email-Valid-0.184-1.of.el6.noarch (of)
           Requires: perl(Net::DNS)
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(GD)
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl(Net::DNS) = 0.65-4
 You could try using --skip-broken to work around the problem

 You could try running: rpm -Va --nofiles --nodigest

Could you tell me how to deal with this?
Thanks!
Notes
(0003525)
huxiufei   
2014-04-06 05:21   
i have found there are 23 steps to install the PL on RHEL 6.4,
but when i come to step 2,
 'yum install perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite'
it shows: no packet aviliable:
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
No package perl-Net-Telnet available.
No package perl-XML-Simple available.
No package perl-SOAP-Lite available.
Error: Nothing to do
what's wrong with this?
(0003526)
huxiufei   
2014-04-06 15:52   
i have loaded the rpm packet manaully, and almost of the errors are solved.
but there is still an error i can solve, can anybody help me?
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
(0003527)
huxiufei   
2014-04-07 04:52   
i have loaded the rpm packet manaully, and almost of the errors are solved.
but there is still an error i can't solve, can anybody help me?
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
(0003528)
huxiufei   
2014-04-08 05:28   
Anyone can help me?
(0003550)
fdurand   
2014-06-02 08:15   
It has been written in the doc:
https://github.com/inverse-inc/packetfence/blob/stable/docs/PacketFence_Administration_Guide.asciidoc#rhel-6x [^]





View Issue Details
1798 [PacketFence] captive portal minor have not tried 2014-05-25 08:07 2014-06-02 08:10
hbongers Linux  
fdurand RHEL / CentOS  
normal 6  
resolved 4.2.0  
fixed  
none    
none  
   
Captive Portal Exception in version 4.2.1
The Captive Portal Exception as reported in issue 0001794 still exists in 4.2.1 after upgrading from 4.1 in an inline setup
Upgrade from 4.1 to 4.2.1 in an inline setup.
Open captive portal
captiveportal on Catalyst 5_90011.htm (16,922) 2014-05-27 06:01
https://www.packetfence.org/bugs/file_download.php?file_id=209&type=bug
Notes
(0003543)
hbongers   
2014-05-27 06:03   
The error in 0001794 is not completely the same.

The error I'm getting is:
Caught exception in captiveportal::View::HTML->process "Can't use string ("0") as a HASH ref while "strict refs" in use at /usr/local/pf/lib/pf/Portal/ProfileFactory.pm line 52."

I've attached the complete html error page.





View Issue Details
1802 [PacketFence] hardware modules feature have not tried 2014-05-31 20:38 2014-06-02 08:08
jsuddarth TPLink  
OpenWRT firmware  
high any  
new 4.2.2  
open  
none    
none  
   
Add TPLink Access Point hardware/firmware support
Add support for TPLink AP's (running OpenWRT firmware) for ease of integration and low-cost option for medium-large scale deployments.

The customizability and features that come with OpenWRT make this a great option for hobbyists and people who want to deploy a solution on a budget.
Notes
(0003548)
fdurand   
2014-06-02 08:08   
Did you try hostapd module and this http://www.packetfence.org/news/2013/article/packetfence-now-supports-hostapd.html [^] ?

Regards
Fabrice





View Issue Details
1800 [PacketFence] captive portal minor always 2014-05-28 09:10 2014-06-02 08:07
jwesleyb 64bits  
fdurand CentOS  
normal 6.5  
resolved 4.2.0  
fixed  
none    
none  
   
Packetfence does not redirect to register
Hi, I'm having trouble with my PF because it is not redirecting to the captive portal. I have a network in inline mode with two interfaces (eth0 - inline / eth1 - management)
#vim /usr/local/pf/conf/pf.conf

[general]
domain=localhost
hostname = localhost
dnsservers = 10.1.1.1
dhcpservers = 10.1.1.1

[alerting]
emailaddr=j.wesley7@yahoo.com.br

[database]
pass=mypass

[captive_portal]
secure_redirect=disabled

[interface eth0]
enforcement=inline
type=internal
ip=192.168.1.1
mask=255.255.255.0

[interface eth1]
ip=10.1.1.58
gateway=10.1.1.1
type=management
mask=255.255.255.0

#vim /usr/local/pf/conf/networks.conf

[192.168.1.0]
netmask=255.255.255.0
gateway=192.168.1.1
next_hop=
domain-name=inline.localdomain
dns=8.8.8.8
dhcp_start=192.168.1.10
dhcp_end=192.168.1.120
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=inline
named=disabled
dhcpd=enabled

#vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
VLAN=yes

#vim /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
BOOTPROTO=dhcp
NETWORK=10.1.1.0
ONBOOT=yes
TYPE=Ethernet
Notes
(0003544)
jwesleyb   
2014-05-29 13:51   
I managed to solve, thank you!





View Issue Details
1801 [PacketFence] captive portal minor have not tried 2014-05-30 08:14 2014-06-01 16:22
sisu All  
fdurand Ubuntu  
normal 12.4.4 LTS  
resolved 4.2.0  
fixed  
none    
none 4.2.2  
   
Packetfence captive portal not function correct Product Version 4.2.2
With the new Packetfence release 4.2.2 I get the following error message (See Upload File) on Captive Portal landing page
Unbenannt.PNG (31,102) 2014-05-30 08:14
https://www.packetfence.org/bugs/file_download.php?file_id=211&type=bug
Error.txt (7,291) 2014-05-30 08:40
https://www.packetfence.org/bugs/file_download.php?file_id=212&type=bug
Notes
(0003545)
fdurand   
2014-05-30 11:44   
Hi Sisu,

i am be able to reproduce this error.
It´s a catalyst issue and you have to install libcatalyst-perl 5.90015-1.

Update /etc/apt/sources.list.d/PacketFence.list like that
#deb http://inverse.ca/downloads/PacketFence/debian [^] precise precise
deb http://inverse.ca/downloads/PacketFence/debian-devel [^] precise precise

and apt-get update
apt-get install libcatalyst-perl
bin/pfcmd configreload hard
and restart packetfence.

Let me know if it works for you.

Regards
Fabrice
(0003546)
sisu   
2014-05-31 06:05   
Thank you very much!

it works!

Best Reagrds

Sisu
(0003547)
fdurand   
2014-06-01 16:22   
Packaging fixed (Catalyst version)





View Issue Details
1700 [PacketFence] security minor always 2013-08-23 05:20 2014-05-29 11:45
olive35  
 
normal  
new  
open  
none    
none  
   
Mysql password and user passwords
Hi,

Here is my problem ... I see all password in clear text on my server.

In PF configuration : /usr/local/pf/conf/pf.conf
We can find the password of the MySQL database (ie pass=p@...).

I connect to the DB with this password.

Now i can see all the tables used in PF. And i can see all user passwords
in table 'temporary_password'.
Next i try to change the admin password in the DB and it works !

This is a security issue ? How to remedy this problem and replace passwords
by hashes ?

Regards,

Olive

PS : I already talk about this issue on the user mailing list
Here commands i used (non root) :
*
grep -E '(pass(word)?=).*' -nR --color /usr/local/pf/conf/

mysql -u pf -pp@... pf

SHOW TABLES;

SELECT * from temporary_password;

UPDATE temporary_password SET password='123456' WHERE pid='admin';*

and connect to the admin web interface.
1.html (410) 2014-05-29 11:45
https://www.packetfence.org/bugs/file_download.php?file_id=210&type=bug
Notes
(0003428)
olive35   
2013-08-23 05:24   
http://sourceforge.net/mailarchive/forum.php?thread_name=D60720A8-6946-416F-8A16-BEA039DC82CD%40inverse.ca&forum_name=packetfence-users [^]





View Issue Details
1799 [PacketFence] web admin minor have not tried 2014-05-26 17:20 2014-05-26 17:20
lpelet  
 
normal  
new 4.2.0  
open  
none    
none  
   
bulk removing nodes/users
that could be great if we can remove nodes or users by bulk
There are no notes attached to this issue.





View Issue Details
1794 [PacketFence] captive portal minor always 2014-05-08 11:15 2014-05-25 22:13
shikasensei Linux  
jrouzier Debian  
normal 7 (Wheezy)  
resolved 4.2.0  
fixed  
none    
none 4.2.1  
   
e10dfba5d840460df5858eb0ece4ee4cfc66e9f8
caught exeption on node registaration page, captive portal
When I want to register an a new device through captive portal I get a node registration page with messages (I provided them in Additional Information field) above normal page content (login/pass fields and etc.). Also after login attempt I get page, which is attached to the report.
Caught exception in captiveportal::Controller::Root->setupCommonStash "Undefined subroutine &captiveportal::PacketFence::Model::Portal::Session::enabled called at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm line 138."
Caught exception in captiveportal::Controller::Root->getLanguages "Undefined subroutine &captiveportal::PacketFence::Model::Portal::Session::enabled called at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm line 138."
Caught exception in captiveportal::Controller::Root->setupLanguage "Can't use string ("0") as an ARRAY ref while "strict refs" in use at /usr/local/pf/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm line 111."
captiveportal on Catalyst 5.90015.html (20,687) 2014-05-08 11:15
https://www.packetfence.org/bugs/file_download.php?file_id=208&type=bug
Notes
(0003540)
fdurand   
2014-05-08 11:36   
Hello,

can you run addons/pf-maint.pl, a patch has been made.

https://github.com/inverse-inc/packetfence/commit/decae56b420a275006e73a067f5c1c9c92534bdc [^]

Regards
Fabrice





View Issue Details
1793 [PacketFence] web admin minor always 2014-05-07 23:30 2014-05-15 23:06
shikasensei Linux  
fdurand Debian  
normal 7 (Wheezy)  
resolved  
fixed  
none    
none 4.2.1  
   
d335f587db373e4cc63d3711cffd47d3f6fb419d
web admin interface doesn't start after install
After install Packetfence admin web interface doesn't start.So I can't get access to configurator. Few days before all worked well.
* Please fire up your Web browser and go to https://@ip_packetfence:1443/configurator [^] to complete your PacketFence configuration.
* Please stop your iptables service if you don't have access to configurator.
service|command
memcached|start
httpd.admin|not started
Checking configuration sanity...
FATAL - please define exactly one management interface
FATAL - internal network(s) not defined!
FATAL - Unable to connect to your database. Please verify your connection settings in conf/pf.conf and make sure that it is started.
FATAL - networks.conf cannot be empty when services.dhcpd is enabled
WARNING - We have been unable to load your configuration. Are you sure you ran configurator ?
 
If needed here is httpd.admin.log

May 08 08:58:52 httpd.admin(5018) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup)
May 08 08:58:52 httpd.admin(5018) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before)
May 08 09:01:21 httpd.admin(5224) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup)
May 08 09:01:21 httpd.admin(5224) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before)
May 08 09:09:09 httpd.admin(5434) INFO: pfappserver powered by Catalyst 5.90015 (Catalyst::setup)
May 08 09:09:09 httpd.admin(5434) WARN: Deprecated 'static' config key used, please use the key 'Plugin::Static::Simple' instead (Class::MOP::Class:::before)
Notes
(0003538)
fdurand   
2014-05-08 07:53   
Hello,

Are you using debian wheezy ?
If it´s the case then remove libdata-alias-perl package.

Fabrice
(0003539)
shikasensei   
2014-05-08 10:00   
Thanks, this solved the issue.
(0003541)
fdurand   
2014-05-08 15:54   
Fixed in devel





View Issue Details
1797 [PacketFence] configuration minor have not tried 2014-05-14 16:12 2014-05-14 16:15
lpelet  
 
normal  
new 4.2.0  
open  
none    
none  
   
Renaming portal profile won't move files.
When we rename a portal profile in admin GUI, it does not move the files.

we should make the field for the name of the portal profile unwritable.
And log a message when we don't find the file in the portal profile and we fall-back to the default file.
There are no notes attached to this issue.





View Issue Details
1796 [PacketFence] security minor always 2014-05-12 06:00 2014-05-12 08:19
jochen Linux  
jrouzier RHEL / CentOS  
normal 6  
assigned 4.2.0  
fixed  
none    
none  
  4.2.1  
snort not started
Snort is no longer started by packetfence.

Reverting this change in pf/services/manager/roles/pf_conf_trapping_engine.pm fixed the issue for me:


# return $monitor_int && isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $self->name && $self->$orig(@_) ? 1 : 0;
    return $monitor_int && isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $self->name;
There are no notes attached to this issue.





View Issue Details
1795 [PacketFence] upgrade minor always 2014-05-12 05:12 2014-05-12 06:33
jochen Linux  
francis RHEL / CentOS  
normal 6  
resolved 4.2.0  
fixed  
none    
none 4.2.1  
   
4695a0b37d6ce49e5594f4edc4739eebfef33497
SQL Upgrade fails due to extra dashes in SQL script
db/upgrade-4.1.0-4.2.0.sql has some extra dashes causing syntax errors in the SQL script

FIX: s/---/--/g

Run upgrade script
There are no notes attached to this issue.





View Issue Details
1776 [PacketFence] web admin minor have not tried 2014-03-14 14:03 2014-05-08 06:31
francis  
francis  
normal  
resolved 4.1.0  
fixed  
none    
none 4.2.0  
  4.2.0  
40136b458f756920b81a353948a60fb1220d21c8
Default value of Access duration choices
Under "Admin registration" of the configuration page, the default value of the access duration choices should *not* be displayed as a placeholder since it becomes painful to modify it.
There are no notes attached to this issue.





View Issue Details
1789 [PacketFence] radius minor always 2014-04-28 18:26 2014-05-07 08:30
victor All  
fdurand All  
normal All  
resolved  
fixed  
none    
none  
   
Unable extract SSID on Cisco 1142

Cisco 1142 apparently sends multiple Cisco-AVPair records back to the radius server and trips over extractSsid sub.

tail -f logs/packetfence.log

Apr 28 08:13:46 pf::WebAPI(4307) INFO: Unable to extract SSID of Cisco-AVPair: ARRAY(0xbaf6fcc8) (pf::SNMP::Cisco::Aironet::extractSsid)


Output from /usr/sbin/radiusd -X -d /usr/local/pf/raddb/

        Cisco-AVPair = "ssid=TEST"
        Service-Type = Login-User
        Cisco-AVPair = "service-type=Login"




As a quick workaround I changed $radius_request->{'Cisco-AVPair'} into $radius_request->{'Cisco-AVPair'}[0] but a permanent fix should be better than that.
extractSsid.patch (978) 2014-05-05 14:49
https://www.packetfence.org/bugs/file_download.php?file_id=207&type=bug
Notes
(0003532)
victor   
2014-05-05 14:42   
Take a look at the patch below. extractSsid should be able to go through multiple Cisco-AVPair records to find the ssid.



--- packetfence-4.1.0/lib/pf/SNMP/Cisco/Aironet.pm 2013-12-11 12:40:14.000000000 -0700
+++ ../lib/pf/SNMP/Cisco/Aironet.pm 2014-05-05 06:27:44.115673527 -0600
@@ -203,11 +203,14 @@
     my $logger = Log::Log4perl::get_logger(ref($this));

     if (defined($radius_request->{'Cisco-AVPair'})) {
-
- if ($radius_request->{'Cisco-AVPair'} =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = "ssid=PacketFence-Secure"
- return $1;
- } else {
- $logger->info("Unable to extract SSID of Cisco-AVPair: ".$radius_request->{'Cisco-AVPair'});
+ foreach my $ciscoAVPair (@{$radius_request->{'Cisco-AVPair'}}) {
+ $logger->trace("Cisco-AVPair: ".$ciscoAVPair);
+
+ if ($ciscoAVPair =~ /^ssid=(.*)$/) { # ex: Cisco-AVPair = "ssid=PacketFence-Secure"
+ return $1;
+ } else {
+ $logger->info("Unable to extract SSID of Cisco-AVPair: ".$ciscoAVPair);
+ }
         }
     }
(0003533)
victor   
2014-05-05 14:49   
Copy-paste seems to wrecked formatting. The patch file is attached.
(0003535)
fdurand   
2014-05-06 08:18   
Hello Victor,

your patch has been included in the devel version so it will be available for the incoming 4.2 version.

https://github.com/inverse-inc/packetfence/commit/60a7e01bd0d20d0873e253b018ec19f260eeceab [^]

Fabrice
(0003537)
fdurand   
2014-05-07 08:30   
Available in pf 4.2 release





View Issue Details
1758 [PacketFence] core minor always 2014-01-15 12:06 2014-05-07 08:30
jochen Linux  
fdurand RHEL / CentOS  
normal 6  
resolved 4.1.0  
fixed  
none    
none  
   
perl-Moose-2.1200-1.of.el6 complains Class::MOP::load_class is deprecated at /usr/lib64/perl5/vendor_perl/Class/MOP.pm line 76.
Many components of packentfence complain about deprecated Class::MOP::load_class as soon as perl-Moose-2.1200-1.of.el6.x86_64.rpm is installed. Older version perl-Moose-2.1005-1.of.el6.x86_64.rpm works OK.
Install perl-Moose-2.1005-1.of.el6.x86_64.rpm
Execute /usr/local/pf/bin/pfcmd service pf watch
Notes
(0003534)
fdurand   
2014-05-06 07:54   
Hello,

it´s why we defined this in the spec file:
https://github.com/inverse-inc/packetfence/blob/devel/addons/packages/packetfence.spec#L226 [^]

Fabrice
(0003536)
fdurand   
2014-05-07 08:30   
In pf 4.2 we use only packetfence repo with the correct perl lib so you will never meet this issue again.





View Issue Details
1790 [PacketFence] web admin feature have not tried 2014-05-01 10:43 2014-05-01 12:33
francis  
francis  
normal  
resolved 4.1.0  
fixed  
none    
none 4.2.0  
   
207ea2a94c1fbf9ec26ce76c8ffdb9c0e9cd4d95
Nodes - search by OS
The simple and advanced search form should allow to search nodes by OS (DHCP).
There are no notes attached to this issue.





View Issue Details
1792 [PacketFence] web admin minor have not tried 2014-05-01 11:57 2014-05-01 11:58
francis  
 
normal  
new 4.1.0  
open  
none    
none  
   
Export search results to CSV
The results of a simple or advanced search on the Nodes or Users page should be exportable as a CSV file.
There are no notes attached to this issue.





View Issue Details
1791 [PacketFence] web admin feature have not tried 2014-05-01 11:48 2014-05-01 11:48
francis  
 
normal  
new 4.1.0  
open  
none    
none  
   
Searches: customizable number of results per page
We should allow the user to change the number of results per page, at least on the Nodes and Users pages.
There are no notes attached to this issue.





View Issue Details
1780 [PacketFence] web admin minor always 2014-03-27 15:52 2014-04-24 12:21
lzammit All  
francis All  
normal All  
resolved 4.1.1  
fixed  
none    
none 4.2.0  
   
99acc5e52d13a1f45c123136cb079221ab35b1ef
does not direct after a second authentication on the web admin
if you are on the node page like /admin/nodes and you will need to be authenticate again, after a successful authentication you will be redirected to /configuration and not /admin/nodes
There are no notes attached to this issue.





View Issue Details
1210 [PacketFence] error-handling minor always 2011-04-21 08:42 2014-04-24 11:58
jamest  
 
normal  
confirmed 2.1.0  
open  
none    
none  
  3.6.1  
Can't add/edit person with pfcmd if firstname or lastname have spaces in them
If you try and add a person with pfcmd person add pid and have an assignment of firstname or surname with the add, this will fail with grammar test failed if the name has a space in it. The same thing happens with edit.
There's nothing I could see in the admin guide saying that names with spaces in are invalid, they can be added directly into the database with no apparent ill effect.
I would suggest that either pfcmd is fixed to allow these names (as people do have them in real life), or the restriction is documented and pfcmd gives a more meaningful error message.
Some example output:
./pfcmd person add test5 firstname="space in the middle"
Command not understood. (pfcmd grammar test failed at line 223.)
Usage: pfcmd person <add|view|edit|delete> pid [assignments]

manipulate person entries

examples:
  pfcmd person view all
  pfcmd person add bjenkins notes="Bob Jenkins"
  pfcmd person delete bjenkins

./pfcmd person add test5 surname="space in the middle"
Command not understood. (pfcmd grammar test failed at line 223.)
Usage: pfcmd person <add|view|edit|delete> pid [assignments]

manipulate person entries

examples:
  pfcmd person view all
  pfcmd person add bjenkins notes="Bob Jenkins"
  pfcmd person delete bjenkins

./pfcmd person add test5 firstname="underscore_in_the_middle"
Notes
(0003000)
obilodeau   
2012-08-31 10:34   
This should be fixed now. I'll try to reproduce later in the lab and let you know.
(0003002)
obilodeau   
2012-08-31 10:48   
In stable this isn't fixed now but 0001523 should fix it. Let me check that.
(0003003)
obilodeau   
2012-08-31 10:58   
No it's not :(
(0003007)
obilodeau   
2012-08-31 15:13   
Debugging the parser, I don't really understand what's going on here..

I was able to make it work with:
pfcmd 'person add bjenkins notes="Bob Jenkins"'

I'll have to compare the parser debug results but this implies that it works from the Web Admin since it always single quotes all arguments together.
(0003175)
fgaudreault   
2012-10-19 13:48   
Need to see if it's fixed or not.
(0003237)
fgaudreault   
2012-10-24 10:04   
Still an issue. Tested on 3.6.0-devel.

[root@pf-3-centos6 pf]# ./bin/pfcmd person add test5 firstname="space in the middle"
Command not understood. (pfcmd grammar test failed at line 210.)
Usage: pfcmd person <add|view|edit|delete> pid [assignments]





View Issue Details
1775 [PacketFence] configuration block always 2014-03-13 10:08 2014-04-17 14:07
DanCreed Latest Packetfence Zen  
dwuelfrath N/A  
urgent N/A  
resolved 4.1.0  
fixed  
none    
none 4.2.0  
  4.2.0  
90cc0a1796a84fce5155284b49129bdc87efe3ff
Thread 1 terminated abnormally: Undefined subroutine &pf::SNMP::Cisco::Catalyst_2960::handleReAssignVlanTrapForWiredMacAuth call
Won't change VLAN's with PacketFence Zen (latest version)

Thread 1 terminated abnormally: Undefined subroutine &pf::SNMP::Cisco::Catalyst_2960::handleReAssignVlanTrapForWiredMacAuth called at /usr/local/pf/sbin/pfsetvlan line 1618

(switch is a Cisco 3750)
Problem changing VLAN's for any switch using the Catalyst_2960.pm as a base.
1775-temp_patch.diff (1,201) 2014-03-14 11:10
https://www.packetfence.org/bugs/file_download.php?file_id=205&type=bug
Notes
(0003520)
dwuelfrath   
2014-03-14 09:42   
Confirmed.
Will provide a "patch" for the moment to make it work but need some investigation on why it is happening.
(0003521)
dwuelfrath   
2014-03-14 11:11   
Please view attached file.
Like I mentioned, this is a temp patch and code should be reviewed to fix the issue.
But for the moment, that should allow you to work your way out.

Cheers
(0003529)
dwuelfrath   
2014-04-17 14:06   
Will be fixed in 4.2





View Issue Details
1787 [PacketFence] configuration minor always 2014-04-16 14:23 2014-04-16 16:08
lpelet Linux  
dwuelfrath RHEL / CentOS  
normal 6  
assigned 4.1.0  
open  
none    
none  
   
configurator breaks system network configuration
NETWORKING=yes HOSTNAME=pf.localdomain
GATEWAY=172.21.2.1

instead of
NETWORKING=yes
HOSTNAME=pf.localdomain
GATEWAY=172.21.2.1
if your gateway is set in /etc/sysconfig/network-scripts/ifcfg-ethx PacketFence configurator will rearrange your system network configuration
maybe we should keep the gateway in the /etc/sysconfig/network-scripts/ifcfg-ethx, if it has been already manually configured.
There are no notes attached to this issue.





View Issue Details
1785 [PacketFence] core major always 2014-04-04 08:04 2014-04-04 08:04
canepan Linux  
RHEL / CentOS  
normal 6  
new 4.1.0  
open  
none    
none  
   
When database is stoped, pfmon ends in an inconsistent state
To perform backup, we stop the database of PacketFence every night.
If pfmon tries to access the DB during the backup, it logs:
Apr 02 18:00:23 pfmon(0) INFO: running expire check (main::cleanup)
Apr 02 18:00:23 pfmon(0) INFO: checking registered nodes for expiration (main::cleanup)
Apr 02 18:00:23 pfmon(0) WARN: database query failed with: MySQL server has gone away. (errno: 2006), will try again (pf::db::db_query_execute)
Apr 02 18:00:23 pfmon(0) FATAL: unable to connect to database: Can't connect to MySQL server on '127.0.0.1' (111) at /usr/local/pf/lib/pf/node.pm line 888.
 (pf::db::db_connect)
Apr 02 18:00:23 pfmon(0) ERROR: Error restarting pfmon: unable to connect to database: Can't connect to MySQL server on '127.0.0.1' (111) at /usr/local/pf/lib/pf/node.pm line 888.
 (main::cleanup)

Also, pfmon results running with "ps", but "pfcmd service pfmon status" doesn't agree:
/usr/local/pf # ./bin/pfcmd service pfmon status
service|shouldBeStarted|pid
pfmon|1|0

so it's not possible to restart it without doing kill to the running process.

Nodes expired after this happening are not requested login again (they are registered forever), and so they do not expire
1) start PacketFence
2) stop database
3) wait a minute
There are no notes attached to this issue.





View Issue Details
1688 [PacketFence] captive portal minor always 2013-08-14 12:17 2014-04-03 14:01
KimHagen  
 
normal  
new  
open  
none    
none  
   
Captive portal access to common/network-access-detection.gif use lan ip.
In the Captive portal option to enter an ip for access to common/network-access-detection.gif it states that you can use your LAN ip here.

This is however fire-walled (in inline mode).



I made a patch to iptables.pm so it works.
is it safe to put this patch?

--- /usr/src/iptables.pm 2013-08-14 18:01:53.000000000 +0200
+++ /usr/local/pf/lib/pf/iptables.pm 2013-08-14 18:02:26.256478576 +0200
@@ -187,6 +187,7 @@
             $rules .= "-A INPUT --in-interface $dev -d $ip --jump $FW_FILTER_INPUT_INT_INLINE\n";
             $rules .= "-A INPUT --in-interface $dev -d 255.255.255.255 --jump $FW_FILTER_INPUT_INT_INLINE\n";
             $rules .= "-A INPUT --in-interface $dev -d $mgmt_ip --protocol tcp --match tcp --dport 443 --jump ACCEPT\n";
+ $rules .= "-A INPUT --in-interface $dev -d $mgmt_ip --protocol tcp --match tcp --dport 80 --jump ACCEPT\n";
             $rules .= "-A FORWARD --in-interface $dev --jump $FW_FILTER_FORWARD_INT_INLINE\n";
 
         # nothing? something is wrong

regards,
Kim
There are no notes attached to this issue.





View Issue Details
1784 [PacketFence] guests minor have not tried 2014-04-03 10:29 2014-04-03 10:30
francis  
 
normal  
new 4.1.0  
open  
none    
none  
   
Extend list of email-to-SMS gateways
We are missing a lot of carriers from Europe. We must find a reliable source.

Current list comes from http://gitorious.org/statusnet/mainline/blobs/raw/master/db/sms_carrier.sql [^]
There are no notes attached to this issue.





View Issue Details
1783 [PacketFence] dhcp minor have not tried 2014-04-02 18:37 2014-04-02 23:07
lpelet  
 
normal  
new  
open  
none    
none  
   
dhcpd no lease free
I had a mask mismatching between the centos configuration and the pf.conf and the network.
it could be interesting to have a error message telling us there is a mismatch.

thanks
Notes
(0003524)
francis   
2014-04-02 23:07   
Please provide an example. Thanks :)





View Issue Details
1782 [PacketFence] web admin minor always 2014-04-02 15:39 2014-04-02 17:16
bclaiborne  
francis  
normal  
feedback 4.1.0  
reopened  
none    
none 4.1.1  
   
7fa605f91765e9bdf7371dd87a3e07851219b19a
IP address column not populating
The IP address column on the 'Nodes' tab of Web Admin does not show an IP address for some nodes.
It looks like nodes with an end date, even when the end date is a future date, do not show the IP address of that node in the IP Address column. Therefore, nodes cannot be sorted effectively by IP address.
Notes
(0003522)
francis   
2014-04-02 15:41   
Already fixed earlier today.

https://github.com/inverse-inc/packetfence/commit/7fa605f91765e9bdf7371dd87a3e07851219b19a [^]
https://github.com/inverse-inc/packetfence/commit/d3d977f2a824d767f0e9e39564a22a786b907702 [^]
(0003523)
bclaiborne   
2014-04-02 17:16   
Made the edits posted in the notes. IP addresses do display but results that should show multiple pages do not show beyond the first page.





View Issue Details
1781 [PacketFence] core minor have not tried 2014-04-01 16:01 2014-04-01 16:02
dwuelfrath  
dwuelfrath  
normal  
assigned 4.1.0  
open  
none    
none  
   
Wrong workflow when trapping.registration is disabled
- Evaluation on whether registration feature is enabled or not (trapping.registration in pf.conf) is made in getRegistrationVlan and that is kind of wrong. That evaluation should be done (at this point) in fetchVlanForNode rather than going in getRegistrationVlan and exiting saying "we do not use registration" and then going in getNormalVlan.

- When we are not using registration feature (trapping.registration in pf.conf) and a new node is connecting on the network, no category/role is being assigned to that node so getNormalVlan is unable to successfully assign a VLAN based on that "no role".
There are no notes attached to this issue.





View Issue Details
1779 [PacketFence] core major always 2014-03-26 07:00 2014-03-26 08:56
lpelet  
francis  
normal  
resolved  
fixed  
none    
none 4.1.1  
   
5a788205a47ee54116eca01eeb8c06971647ad8c
pfmon unable to do maintenance if mac is without delimiter
If you are using network equipment like HP controller that sends to PacketFence a mac formatted without delimiter like d20019e59060. Pfmon by pfcmd will be unable to process the mac address and it will be unable to do the maintenance (unregistration) on it.
It's fixed in commit 5a788205a47ee54116eca01eeb8c06971647ad8c, by adding a simple clean_mac before sending the mac address to Pfmon.
There are no notes attached to this issue.





View Issue Details
1772 [PacketFence] addons minor always 2014-03-03 14:41 2014-03-20 21:13
mrobbert All  
francis All  
normal All  
resolved 4.1.0  
fixed  
none    
none 4.1.1  
   
8255430c40643b8f059f01c37f8acc00063c6db5
logrotate doesn't properly rotate logs due to syntax error
There is a duplicate file entry in the packetfence logrotate configuration file that is apparently causing it to not read the rest of the file, therefore it doesn't do the copytruncate. The logs get moved instead of copied and since there is no restart they continue to log to the old log files.
I have sent a pull request (0000125) on Github with a fix.
1. run logrotate
2. Observe that logs are getting written to old log files or use lsof/fuser to see that running processes still have old files open.
There are no notes attached to this issue.





View Issue Details
1665 [PacketFence] web admin feature always 2013-07-09 20:46 2014-03-20 21:08
Xen0Phage  
francis  
normal  
resolved 4.0.1  
fixed  
none    
none 4.1.0  
   
No way to add a node via the GUI
    With our current NAC system we can manually add new devices via the
GUI. We're able to add the MAC of the device, the role it should be in,
and a description. The description is incredibly useful for identifying
devices quickly.

    This doesn't appear to be possible in PF 4.0.1, though there is the CLI
method for adding a node, albeit without a description.
Notes
(0003519)
Xen0Phage   
2014-03-12 14:37   
This was fixed in 4.1 and can probably be closed now.





View Issue Details
1778 [PacketFence] security major always 2014-03-20 12:25 2014-03-20 21:07
lpelet All  
francis All  
high All  
resolved 4.0.0  
fixed  
none    
none 4.1.1  
   
27bd6016b8a13638b2c6c06061f4ad4ecf9588c1
admin user gain role default
In the database schema >= 4.0.0, we define the user admin with the category = 1.
It lets the user admin to gain the role default if authenticated on the captive portal.
Verify that your admin password is strong else users can guess it and register devices with role default.
If you don't use the user admin on the captive portal, remove this capability on the user tab in users properties for admin.
There are no notes attached to this issue.





View Issue Details
1777 [PacketFence] web admin feature N/A 2014-03-14 14:09 2014-03-14 14:09
lpelet All  
All  
normal All  
new 4.1.0  
open  
none    
none  
   
verify fingerbank version before share unknow fingerprints
We should warn the Administrator trying to share unknown fingerprints by saying that the fingerprint database currently installed is outdated and propose him to download the new one.
There are no notes attached to this issue.





View Issue Details
1774 [PacketFence] core feature always 2014-03-12 14:43 2014-03-12 14:43
Xen0Phage Linux  
RHEL / CentOS  
normal 6  
new 4.1.0  
open  
none    
none  
   
CLI should allow multiple formats for node identification
4.1 added the ability, in the web UI, to use multiple formats to identify a node. For instance, the standard colon notation, dotted notation, dashed notation, etc. The command line version of this (pfcmd lookup) doesn't seem to allow anything other than colon notation.
There are no notes attached to this issue.





View Issue Details
1773 [PacketFence] i18n minor always 2014-03-04 04:48 2014-03-06 09:09
liqiang i386  
CentOS  
high 6.5  
new 4.1.0  
open  
none    
none  
   
Why multi-language translation fails
I have translated some strings of file that I18N/en.po to Chinese, and change the file type to utf-8.
Part Content:
=============
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
=============
AND:
=============
# html/pfappserver/root/user/create.tt
msgid "Create Users"
msgstr "????"

# html/pfappserver/root/user/create.tt
msgid "Create local users that trigger specific actions."
msgstr "????????????"

# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm
# html/pfappserver/lib/pfappserver/Form/User.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm
# html/pfappserver/root/admin/login.tt
# html/pfappserver/root/configurator/admin.tt
# html/pfappserver/root/configurator/database.tt
# html/pfappserver/root/user/list_password.tt
# html/pfappserver/root/user/print.tt
msgid "Username"
msgstr "???"

# html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm
# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm
# html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm
# html/pfappserver/root/admin/login.tt
# html/pfappserver/root/authentication/source/type/AD.tt
# html/pfappserver/root/authentication/source/type/LDAP.tt
# html/pfappserver/root/configurator/admin.tt
# html/pfappserver/root/configurator/database.tt
# html/pfappserver/root/user/list_password.tt
# html/pfappserver/root/user/print.tt
# html/pfappserver/root/user/view.tt
msgid "Password"
msgstr "??"

# html/pfappserver/root/node/create.tt
# html/pfappserver/root/user/create.tt
msgid "Single"
msgstr "??"
=============

But after the restart the service,
WEB pages is not displayed correctly.

COMMAND:
/usr/local/pf/bin/pfcmd service httpd.admin restart

The WEB page have not button of submit.

WHY?

thanks,
Source Error.jpg (294,000) 2014-03-04 04:48
https://www.packetfence.org/bugs/file_download.php?file_id=202&type=bug
WEB Error..jpg (57,185) 2014-03-04 04:48
https://www.packetfence.org/bugs/file_download.php?file_id=203&type=bug
en.po (135,304) 2014-03-04 04:50
https://www.packetfence.org/bugs/file_download.php?file_id=204&type=bug
Notes
(0003513)
liqiang   
2014-03-04 04:51   
I have uploaded en.po and some pictures.
Please help me,

thanks,
(0003515)
francis   
2014-03-04 08:56   
(edited on: 2014-03-04 08:56)
Have you generated the .mo file?

We generate those files when we create the packages. See the .spec file:

https://github.com/inverse-inc/packetfence/blob/stable/addons/packages/packetfence.spec#L306 [^]

(0003516)
liqiang   
2014-03-04 20:38   
I have not created the *.mo file.
I modified the en.po in lib/pfappserver/I18N/en.po.

I find not relationship between conf/locale/$TRANSLATION/LC_MESSAGES/packetfence.po and WEB UI of admin.

Right?

thanks francis.
(0003517)
liqiang   
2014-03-06 09:09   
I have fixed the problem.

Because the catalyst encoding is not currect,and URL:
http://lists.scsys.co.uk/pipermail/catalyst/2007-August/014822.html [^]
http://wiki.catalystframework.org/wiki/tutorialsandhowtos/using_unicode.view#View:_TT_Templates [^]

pfaddserver.pm:
use Catalyst qw/ -Debug ConfigLoader Unicode::Encoding /;

View: TT Templates:
__PACKAGE__->config( {
    ENCODING => 'utf-8',
} );

OK,
thanks,
(0003518)
liqiang   
2014-03-06 09:09   
PLEASE close this bug, thanks.





View Issue Details
1762 [PacketFence] configuration major always 2014-01-25 08:26 2014-03-03 14:54
rishabh0510 Linux  
RHEL / CentOS  
normal 6  
new 4.1.0  
open  
none    
none  
   
epel error
unable to fix this error while installation


[root@localhost yum.repos.d]# yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of PacketFence-complete
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again


help to fix this issue
Notes
(0003512)
mrobbert   
2014-03-03 14:54   
It looks like your host may be having problems connecting to the internet. Can you try running these commands and send the output:

yum --enablerepo=epel clean all
yum --enablerepo=epel check-update





View Issue Details
1771 [PacketFence] web admin feature always 2014-02-27 14:58 2014-02-27 14:58
Leonel Bonito All  
All  
normal All  
new 4.1.0  
open  
none    
none  
   
Nodes - Add options to search
It would be nice if there was an option in the Advanced Search, to search for Status (registered/unregistered) and for Role.

Also, when I try to make a search to get all persons, I choose "Person name" / "is not" and leave the next field empty, and nothing returns to me.
There are no notes attached to this issue.





View Issue Details
1770 [PacketFence] hardware modules minor always 2014-02-26 12:58 2014-02-26 12:58
Jean-Noel Martineau HP Procurve 2530-24G  
All  
normal YA.15.12.0007  
new 4.1.0  
open  
none    
none  
   
pfsetvlan INFO: ignoring unknown trap
Hello,
a plug/unplug on HP 2530-24G port generate this snmp trap which seem to be ignored by pfsetvlan, debug trace here :

Feb 26 18:40:55 pfsetvlan(21) INFO: ignoring unknown trap: 2014-02-26|17:40:52|UDP: [10.200.201.135]:161->[10.50.76.113]|10.200.201.135|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.76 = STRING: I 02/26/14 18:40:54 00076 ports: port 7 is now on-line END VARIABLEBINDINGS (main::parseTrap)
Feb 26 18:40:55 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-26|17:40:52|UDP: [10.200.201.135]:161->[10.50.76.113]|10.200.201.135|BEGIN TYPE 3 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7|.1.3.6.1.2.1.2.2.1.7.7 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.7 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.2.7 = STRING: 7|.1.3.6.1.2.1.31.1.1.1.18.7 = STRING: END VARIABLEBINDINGS (main::parseTrap)

Can we customize packetfence to accept them ?
Thanks.
Jean-Noel
There are no notes attached to this issue.





View Issue Details
1769 [PacketFence] captive portal minor always 2014-02-11 07:31 2014-02-14 11:14
erSitzt Linux  
fdurand Ubuntu  
normal 12.04.3 LTS  
resolved 4.1.0  
fixed  
none    
none +1  
   
https://github.com/inverse-inc/packetfence/commit/57122f4dc4bdf4d73e64335f66519a1f0a889ce2 [^]
Proxy Interception : 503 Service Unavailable
I've enabled proxy interception for the default ports 8080 and 3128 and seems to work with regard to the log entries and the url changing to the packetfence fqdn.

But instead of the captive portal i get a
503 Service Unavailable Error

/etc/hosts has 127.0.0.1 for the fqdn of packetfence
reverse_reproxy_error_log (681,741) 2014-02-11 07:49
https://www.packetfence.org/bugs/file_download.php?file_id=199&type=bug
proxy_error_log (2,432) 2014-02-11 07:49
https://www.packetfence.org/bugs/file_download.php?file_id=200&type=bug
Notes
(0003504)
erSitzt   
2014-02-11 07:45   
Just noticed that there are new logfiles:

proxy_error_log:
[Mon Feb 10 16:38:56 2014] [warn] proxy: No protocol handler was valid for the URL 127.0.0.1:444. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

I've attached the error-logs as well
(0003505)
erSitzt   
2014-02-11 07:50   
In reverse_reproxy_error_log it looks like packetfence is trying to connect to 127.0.0.1:443 but nobody is listening there...

netstat -anp | grep 127.0.0.1
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1368/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1162/memcached
tcp 0 0 127.0.0.1:444 0.0.0.0:* LISTEN 23968/apache2
tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN 23931/apache2
tcp 0 0 127.0.0.1:48460 127.0.0.1:11211 ESTABLISHED 24007/pfsetvlan
tcp 0 0 127.0.0.1:48448 127.0.0.1:11211 ESTABLISHED 23931/apache2
tcp 0 0 127.0.0.1:11211 127.0.0.1:48450 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48462 127.0.0.1:11211 ESTABLISHED 24049/pfdhcplistene
tcp 0 0 127.0.0.1:11211 127.0.0.1:48463 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48463 127.0.0.1:11211 ESTABLISHED 24048/pfdhcplistene
tcp 0 0 127.0.0.1:48535 127.0.0.1:11211 ESTABLISHED 23918/apache2
tcp 0 0 127.0.0.1:48457 127.0.0.1:11211 ESTABLISHED 23988/pfdns
tcp 0 0 127.0.0.1:11211 127.0.0.1:48454 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48480 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48448 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48450 127.0.0.1:11211 ESTABLISHED 23948/apache2
tcp 0 0 127.0.0.1:48461 127.0.0.1:11211 ESTABLISHED 24050/pfdhcplistene
tcp 0 0 127.0.0.1:48444 127.0.0.1:11211 ESTABLISHED 23909/apache2
tcp 0 0 127.0.0.1:48454 127.0.0.1:11211 ESTABLISHED 23968/apache2
tcp 0 0 127.0.0.1:11211 127.0.0.1:48460 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48461 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48536 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48444 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48536 127.0.0.1:11211 ESTABLISHED 23924/apache2
tcp 0 0 127.0.0.1:11211 127.0.0.1:48457 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48462 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:11211 127.0.0.1:48535 ESTABLISHED 1162/memcached
tcp 0 0 127.0.0.1:48480 127.0.0.1:11211 ESTABLISHED 24084/perl
udp 0 0 127.0.0.1:18120 0.0.0.0:* 23996/freeradius
udp 0 0 127.0.0.1:11211 0.0.0.0:* 1162/memcached
udp 0 0 127.0.0.1:161 0.0.0.0:* 1447/snmpd
(0003506)
fdurand   
2014-02-11 11:47   
Hello,
i have just tested and in fact you have to change in /etc/hosts file to resolv on the ip address where the portal is listening and not 127.0.0.1.

I will change the documentation.

Regards
Fabrice
(0003507)
erSitzt   
2014-02-14 04:34   
Changed the fqdn in /etc/hosts to the ip of packetfence in the registration network and it works just fine now.
Thanks





View Issue Details
1768 [PacketFence] web admin feature unable to reproduce 2014-02-11 05:29 2014-02-11 05:29
wvalkering All  
All  
normal All  
new 4.0.5-2  
open  
none    
none  
   
Can't delete nodes whilst 'active'
When you want to delete a user which has a node with an old location log open you can't remove the node and so you can not remove the user.

An option to close the location log of a node would be nice so you won't have to close it manually on the server. Would save time and would be more user-friendly.
There are no notes attached to this issue.





View Issue Details
1750 [PacketFence] captive portal minor have not tried 2013-12-03 10:41 2014-02-10 13:39
tech All  
win  
high sevem  
new 4.0.6-2  
open  
none    
none  
   
Guest registration page doesn't show any submit button
V 4.0.6-2

Hello all, i am setting up a guest registration page using Packet fence. However i have what seems to be a common problem, the guest registration page doesn't show any submit button. i was wondering if anyone has fixed it yet, any help on this would be great.

many thanks

ian
s1.png (30,620) 2013-12-03 11:08
https://www.packetfence.org/bugs/file_download.php?file_id=191&type=bug
Screenshot.png (182,872) 2013-12-04 05:48
https://www.packetfence.org/bugs/file_download.php?file_id=193&type=bug
Screenshot-1.png (187,978) 2013-12-04 05:48
https://www.packetfence.org/bugs/file_download.php?file_id=194&type=bug
login page.png (48,886) 2013-12-09 05:31
https://www.packetfence.org/bugs/file_download.php?file_id=195&type=bug
Notes
(0003474)
francis   
2013-12-03 13:20   
Can you show the content of conf/profiles.conf?
(0003475)
tech   
2013-12-04 05:49   
are these the right files?
(0003477)
francis   
2013-12-05 08:48   
On the login page (not the self-registration page), do you have a "Sign up" button?
(0003480)
tech   
2013-12-09 05:31   
that's a screen shot of the login in page, I could not find a sign up button.
(0003503)
francis   
2014-02-10 13:39   
Would you be able to test the latest stable release (4.1.0)?





View Issue Details
1759 [PacketFence] web admin minor always 2014-01-16 05:39 2014-02-07 11:13
erSitzt Linux  
francis Ubuntu  
normal 12.04.3  
resolved 4.1.0  
fixed  
none    
none 4.1.1  
   
f1e234847617a17665e70670e3c7b215ad983e8c
Can't set webadmin access level when creating a new user
When creating a new user and adding the action "Set access level of web admin" no field to select the access level is displayed.

If a user is edited this works.
create_user_webadmin_accesslevel.PNG (33,310) 2014-01-16 05:39
https://www.packetfence.org/bugs/file_download.php?file_id=197&type=bug
There are no notes attached to this issue.





View Issue Details
1729 [PacketFence] web admin minor have not tried 2013-10-10 10:09 2014-02-03 08:32
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
   
f0660655caeb7205555bc22c9dd88b8aadbc8910
Can't add rules to a freshly created authentication source
After having created an authentication source, it's impossible to add rules to it.
There are no notes attached to this issue.





View Issue Details
1763 [PacketFence] web admin trivial always 2014-01-31 13:00 2014-02-03 05:33
maikel All  
All  
normal All  
new 4.1.0  
open  
none    
none  
   
3.6 web based status and reports are missing from pf 4
All the stats are still there with the old way of pfcmd, though missing
Still from the web the reports and status should get back as also reported on the mail list today.
Most needed is a list of all open violations. I can make a feature request also of all missing 3.6 reports in differant bug ids.
Notes
(0003497)
francis   
2014-01-31 13:24   
Please list in the this ticket the reports you would like to have back in PF4. Thanks!
(0003498)
maikel   
2014-02-03 05:33   
Will do. Need to compare it good.
What i found sofar in 3.6:
Reports

IP - MAC History
Location History (switch)
Location History (MAC)
Accounting (switch)
Accouting (MAC)
Accouting (User)
Active
Inactive
Registered
Unregistered
OS
OS Class
Unknown Fingerprints
Unknown User-Agents
Open Violations
Probable Static IPs
Connection-Type (All)
Connection-Type (Registered)
SSID


graphs:
Unregistered Nodes
Violations
Total Nodes
Accounting (Switch)
Accounting (MAC)
Accounting (User)
SNMP Traps


Most needed is the old violation tab in the UI
Always did pcmd violation view all
Now you always have to go trough a node to find an open violation or do it command line.

Will update this ticket also if some stuff is infact already in 4.





View Issue Details
1764 [PacketFence] addons minor N/A 2014-02-02 14:30 2014-02-02 14:30
mmcgrath All  
All  
low All  
new +0  
open  
none    
none  
   
Audit log for registrations
We have 60+ student workers working the help desk. Every now and then when one of them manually registers a device, they do it wrong. They don't put an unreg date, they don't put a role, etc, etc, etc...

Would it be possible to keep some kind of audit log, that is viewable via the web interface, of who registered a node (either the user themselves via the portal or secure connection or a helpdesk worker via the admin interface)?
I'm not sure if this is the proper place for enhancement requests...or if I've filled the form out properly. Please let me know.
There are no notes attached to this issue.





View Issue Details
1745 [PacketFence] error-handling major always 2013-11-04 02:31 2014-01-30 12:03
rnaveed x86  
RHEL  
high 6.2  
new 4.0.6-2  
open  
none    
none  
   
unable to install
we are trying to install the PacketFence for testing purpose, we follow the Administration guide, but unable to install & receive following error.

An early response to resolve this issue will be highly appreciated.


---> Package perl-Net-DNS.x86_64 0:0.66-1.of.el6 will be installed
--> Processing Dependency: perl(Net::IP) >= 1.2 for package: perl-Net-DNS-0.66-1.of.el6.x86_64
---> Package perl-PadWalker.x86_64 0:1.93-1.of.el6 will be installed
---> Package perl-Thread-Serialize.noarch 0:0.11-1.el6.rf will be installed
--> Finished Dependency Resolution
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: rrdtool
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
           Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS::Nameserver) = 835
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
           Installing: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS::Nameserver) = 835
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: memcached
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: dhcp
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl-rrdtool
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS) = 0.65-4
           Installing: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS) = 0.66
Error: Package: perl-HTML-Tidy-1.08-5.el6.x86_64 (epel)
           Requires: libtidy-0.99.so.0()(64bit)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::DNS) = 0.65-4
           Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS) = 0.66
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: ipset
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(GD)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: zlib-devel
Error: Package: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
           Requires: perl(Net::IP) >= 1.2
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@PF ~]#
Notes
(0003478)
evargas   
2013-12-05 20:15   
I'm running into the same issue.

2.6.32-220.23.1.el6.x86_64 0000001 SMP Mon Jun 18 18:58:52 BST 2012 x86_64 x86_64 x86_64 GNU/Linux

--> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch
---> Package xorg-x11-font-utils.x86_64 1:7.2-11.el6 will be installed
--> Processing Dependency: libfontenc.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.2-11.el6.x86_64
--> Processing Dependency: libXfont.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.2-11.el6.x86_64
--> Running transaction check
---> Package ORBit2.x86_64 0:2.14.17-3.1.el6 will be installed
--> Processing Dependency: libIDL-2.so.0()(64bit) for package: ORBit2-2.14.17-3.1.el6.x86_64
---> Package libXfont.x86_64 0:1.4.1-2.el6_1 will be installed
---> Package libfontenc.x86_64 0:1.0.5-2.el6 will be installed
---> Package packetfence.noarch 0:4.0.6-2.el6 will be installed
--> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch
---> Package sgml-common.noarch 0:0.6.3-32.el6 will be installed
--> Running transaction check
---> Package libIDL.x86_64 0:0.8.13-2.1.el6 will be installed
---> Package packetfence.noarch 0:4.0.6-2.el6 will be installed
--> Processing Dependency: ipset for package: packetfence-4.0.6-2.el6.noarch
--> Finished Dependency Resolution
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: ipset
(0003494)
ccaaajf   
2014-01-30 08:50   
Dito

--> Finished Dependency Resolution
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(GD)
Error: Package: packetfence-4.1.0-1.el6.noarch (PacketFence)
           Requires: perl(Net::DNS::Nameserver) = 749
           Available: perl-Net-DNS-0.66-1.of.el6.x86_64 (of)
               perl(Net::DNS::Nameserver) = 835
           Installed: perl-Net-DNS-0.65-4.el6.x86_64 (@rhel-6-server-rpms)
               Not found
           Available: perl-Net-DNS-0.65-2.el6.x86_64 (rhel-6-server-rpms)
               Not found
           Available: perl-Net-DNS-0.65-5.el6.x86_64 (rhel-6-server-rpms)
               Not found
Error: Package: perl-GD-SecurityImage-1.70-1.el6.noarch (epel)
           Requires: perl(Image::Magick)
(0003495)
ccaaajf   
2014-01-30 11:53   
yum install --enablerepo=* perl-GD

Enabling all the RHEL repo's gets me down to one error....

having an issue with perl-Net-DNS...
(0003496)
ccaaajf   
2014-01-30 12:03   
yum erase perl-Net-DNS
yum install perl-Net-DNS-0.65-4.el6.x86_64
yum install --enablerepo=* perl-Net-DNS-Nameserver

&
yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete

WORKED!





View Issue Details
1761 [PacketFence] captive portal minor always 2014-01-20 11:16 2014-01-20 11:16
caralo Linux  
Debian  
normal 7 (Wheezy)  
new 4.1.0  
open  
none    
none  
   
Captive Portal needs packetfence restart to show locale characters right
All the special locale characters (accented vowels,..) are shown as "?" unless you restart packetfence. It seems that the init.d script needs to source the locale LANG variable.
It works if you add something like this to /etc/init.d/packetfence:
if [ -f /etc/default/locale ]; then
    . /etc/default/locale
    export LANG
fi
Or you could add a locale LANG variable in /etc/default/packetfence.
There are no notes attached to this issue.





View Issue Details
1760 [PacketFence] web admin trivial always 2014-01-18 17:05 2014-01-20 09:14
mmcgrath Linux  
francis RHEL / CentOS  
normal 6  
resolved 4.1.0  
fixed  
none    
none 4.1.1  
   
c5a95038199edcb0e7640104ce2987a8487df053
Unable to save searches under Nodes
Unable to save custom searches under Nodes (both Simple and Advanced searches). The Save Search box appears, I fill in a name and click Save -- nothing happens. I can click Save as many times as I want. The Close button properly closes the save box.
Go to Nodes and try to save a search.
I have tried Chrome 32, Firefox 26 and IE 10.
Notes
(0003492)
francis   
2014-01-20 09:14   
This has been fixed two weeks ago.





View Issue Details
1757 [PacketFence] web admin minor always 2014-01-13 10:24 2014-01-14 10:27
caralo Linux  
francis Debian  
normal 7 (Wheezy)  
resolved 4.1.0  
fixed  
none    
none 4.1.1  
   
dff8c1fbc9ff850cd50f7d705af36eb97f3e29c9
httpd.admin Error when applied role in nodes action menu
 When you select a node in the Nodes tab and try to apply a new role in the action menu, the node role gets changed but it doesnt evaluate the new role. So it doesnt change the vlan if it has to.
 If you examine packetfence.log, you can see:

 httpd.admin(0) ERROR: Odd number of elements in hash assignment at /usr/local/pf/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm line 30.
 (pfappserver::__ANON__)

If you change the node role directly pressing in the mac, everything works as expected.
Web gui -> Nodes Tab -> select one or more nodes
Action menu -> Apply role -> Select any Role
Notes
(0003486)
dbsanch   
2014-01-13 19:01   
Resolved: the my.conf file had been changed to force a recovery and never changed back to the default value ('0').

[mysqld]
innodb_force_recovery = 4

As a safety measure, InnoDB prevents users from performing INSERT, UPDATE, or DELETE operations when innodb_force_recovery is greater than 0.
--------------------------------------------------------------------------------
Resolution:

[mysqld]
innodb_force_recovery = 0
(0003487)
caralo   
2014-01-14 03:50   
I have connected to mysql database and the system variable innodb_force_recovery was 0. Just in case it was not right, I have forced "innodb_force_recovery = 0" in my.cnf but I still get the same error.
(0003488)
fdurand   
2014-01-14 07:57   
Hello,
if you want to be able to reévaluate the vlan after changing the role then you can apply this patch:
https://github.com/inverse-inc/packetfence/pull/117/files [^]

Fabrice
(0003489)
caralo   
2014-01-14 08:54   
I have applied the patch and but it doesnt work. I think that the problem is previous to reevaluation. It has to do with:

 httpd.admin(0) ERROR: Odd number of elements in hash assignment at /usr/local/pf/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm line 30.
 (pfappserver::__ANON__)

The role change (and reevaluation) works perfectly if you change the role in the menu that opens when you press the mac of a node. But in this case you have to change the role one by one. If you want to change the role of many nodes at the same time, you should use the action menu but it doesnt work (changes the role but not the vlan)





View Issue Details
1756 [PacketFence] error-handling block always 2014-01-07 09:37 2014-01-08 12:44
dbsanch Linux  
RHEL / CentOS  
high 6  
new 4.0.6-2  
open  
none    
none  
   
Configuration Wizard: Unable to proceed past Administration Tab
Cannot proceed past Administration Tab in Configuration Wizard. Will not allow modification of password or use of current password to Continue. Did not work with admin / admin either.
1. Fill out tabs in Configuration Wizard
2. Get to Administration Tab
3. Use default admin / admin
4. Try to enter new password - example pfuseradmiN and press modify
5. Press 'Continue'
error: Verify configuration - cannot proceed with install. Would like to know if there is a work-around to the GUI interface.
steps.docx (1,123,596) 2014-01-08 12:44
https://www.packetfence.org/bugs/file_download.php?file_id=196&type=bug
Notes
(0003484)
lmunro   
2014-01-07 09:47   
Hi David,
Can you confirm that the database is running?

Usually issues like that are related to DB access.
(0003485)
dbsanch   
2014-01-07 10:17   
Yes - MySql has been up for awhile. Uptime: 2321437 Threads: 1 Questions: 406 Slow queries: 0 Opens: 75 Flush tables: 1 Open tables: 33 Queries per second avg: 0.0





View Issue Details
1685 [PacketFence] web admin minor always 2013-08-14 06:17 2013-12-17 09:32
muhlig  
francis  
normal  
resolved 4.0.4  
fixed  
none    
none 4.1.1  
   
66139bb516f17c579ae06aadb0a4b445e90aa7e3
connections number wrong on Connections Types report page
After quite not heavy use of PacketFence Wired 802.1x connections number shown on web page is 12728 (Wired MAC Auth connections number is also too high - 1166). However, database queries show accordingly 158 and 17 connections which are real numbers (see below).

So looks like connections number is wrong on Connections Types report page.

mysql> select count(*) from locationlog where connection_type = "Ethernet-EAP";
+----------+
| count(*) |
+----------+
| 158 |
+----------+
1 row in set (0.00 sec)

mysql> select count(*) from locationlog where connection_type = "WIRED_MAC_AUTH";
+----------+
| count(*) |
+----------+
| 17 |
+----------+
1 row in set (0.00 sec)

mysql>
PF_connection_types.png (27,105) 2013-08-14 09:06
https://www.packetfence.org/bugs/file_download.php?file_id=185&type=bug
Notes
(0003406)
francis   
2013-08-14 08:35   
The SQL queries to extract the number of wired and wireless connections for the past week look like this :

        SELECT count(*) AS nb FROM (
          SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
          FROM locationlog
          WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type NOT LIKE 'Wireless%' GROUP BY start_day, mac
        ) AS wired_count

        SELECT count(*) AS nb FROM (
          SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
          FROM locationlog
          WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type LIKE 'Wireless%' GROUP BY start_day, mac
        ) AS wireless_count
(0003407)
muhlig   
2013-08-14 09:06   
So we have 5 and 0 (see below). Why the page displays thousands wired connections then (see attached file)?

mysql> use pf
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SELECT count(*) AS nb FROM (
    -> SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
    -> FROM locationlog
    -> WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type NOT LIKE 'Wireless%' GROUP BY start_day, mac
    -> ) AS wired_count;
+----+
| nb |
+----+
| 5 |
+----+
1 row in set (0.00 sec)

mysql> SELECT count(*) AS nb FROM (
    -> SELECT mac, DATE_FORMAT(start_time,"%Y/%m/%d") AS start_day
    -> FROM locationlog
    -> WHERE start_time > '2013-08-07 00:00:00' AND start_time < '2013-08-14 23:59:59' AND connection_type LIKE 'Wireless%' GROUP BY start_day, mac
    -> ) AS wireless_count ;
+----+
| nb |
+----+
| 0 |
+----+
1 row in set (0.00 sec)

mysql>
(0003409)
francis   
2013-08-14 09:44   
The queries I posted were for the dashboard. I'll have a look at the queries for the connection types report.
(0003481)
francis   
2013-12-17 09:30   
Fixed by counting distinct MAC addresses.

BEFORE:

mysql> SELECT connection_type, COUNT(*) AS connections,
    ->             ROUND(COUNT(*)/
    ->                 (SELECT COUNT(*)
    ->                     FROM locationlog
    ->                     WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->                 )*100,1
    ->             ) AS percent
    ->         FROM locationlog
    ->         WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->        GROUP BY connection_type
    -> ;
+-----------------------+-------------+---------+
| connection_type       | connections | percent |
+-----------------------+-------------+---------+
| Ethernet-NoEAP        |        1215 |     1.6 |
| Inline                |       35377 |    47.7 |
| Wireless-802.11-EAP   |        5851 |     7.9 |
| Wireless-802.11-NoEAP |       31670 |    42.7 |
+-----------------------+-------------+---------+


AFTER:

mysql> SELECT connection_type, COUNT(DISTINCT mac) AS connections,
    ->             ROUND(COUNT(DISTINCT mac)/
    ->                 (SELECT COUNT(DISTINCT mac)
    ->                     FROM locationlog
    ->                     WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->                 )*100,1
    ->             ) AS percent
    ->         FROM locationlog
    ->         WHERE start_time BETWEEN '2013-01-01' AND '2013-01-31'
    ->        GROUP BY connection_type
    -> ;
+-----------------------+-------------+---------+
| connection_type       | connections | percent |
+-----------------------+-------------+---------+
| Ethernet-NoEAP        |         350 |     6.8 |
| Inline                |        3155 |    61.2 |
| Wireless-802.11-EAP   |         737 |    14.3 |
| Wireless-802.11-NoEAP |        3866 |    75.0 |
+-----------------------+-------------+---------+





View Issue Details
1753 [PacketFence] hardware modules feature N/A 2013-12-12 09:59 2013-12-12 10:01
chami  
 
normal  
new  
open  
none    
none  
   
compatibility of switch
I have a request about of the compatibility of switch and PacketFance.
This switch is not in your list of "supported network devices".

Us is the following equipment for disposal
ProSafe 24-PORT GIGABIT SMART SWITCH GS724T-300

best regards
There are no notes attached to this issue.





View Issue Details
1752 [PacketFence] scanning minor always 2013-12-04 14:18 2013-12-04 14:25
thedeco Linux  
francis RHEL / CentOS  
low 6  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
   
7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1
Fresh Snort install fails to start after rules update script is run
After a fresh install of Snort and running the update_rules.pl script, Snort cannot start up by default.

Checking /var/log/messages show the following error:

FATAL ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-virus.rules": No such file or directory.

It appears the update_rules script failed to install this one rule set in conf/snort directory even though it is present in the violations.conf file by default.
Fresh install of PacketFence 4.0.6-2

service packetfence stop
yum install snort
run the rules update located /usr/local/pf/addons/snort/update_rules.pl
service packetfence start
service snortd status
I was able to start Snort after removing the emerging-virus.rules from the list of Snort rules in violations.conf file
Notes
(0003476)
francis   
2013-12-04 14:25   
Fixed two months ago.

https://github.com/inverse-inc/packetfence/commit/7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1 [^]
https://github.com/inverse-inc/packetfence/commit/02160bac4ee9dddc928b85279bb70707e2daef9c [^]





View Issue Details
1749 [PacketFence] web admin minor have not tried 2013-12-02 22:27 2013-12-02 22:29
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
  4.1.0  
7e8eea8cd15b3b0a687036c5b4938195340ae7f9
Can't assign rules to an authentication source
When assigning rules to an authentication source whose name matches the beginning of another source's name, the rules are never saved to the configuration file authentication.conf even though there's no error message.
There are no notes attached to this issue.





View Issue Details
1155 [PacketFence] web admin feature N/A 2011-01-18 14:52 2013-11-27 08:10
obilodeau  
 
normal  
new  
open  
none    
none  
  long-term  
Roles should be fetchable from LDAP in Web Admin
When using access control in the web admin (conf/admin.perm), what user is using what role should be fetched from LDAP.

ex: users in pfTech are assigned the helpdesk role, users in pfAdmin are assigned the admin role
There are no notes attached to this issue.





View Issue Details
1747 [PacketFence] web admin feature always 2013-11-19 10:48 2013-11-19 10:48
francis  
 
normal  
new 4.0.6-2  
open  
none    
none  
   
Dynamic attributes in LDAP authentication source
The current list of LDAP attributes available when defining a condition in a rule is limited to the list defined in the method "available_attributes" of pf::Authentication::Source::LDAPSource. It would be nice to be able to configure additional attributes in the current LDAP source.
This happens as soon as the LDAP directory is extended with custom schemas.
There are no notes attached to this issue.





View Issue Details
1744 [PacketFence] configuration minor always 2013-10-30 16:02 2013-11-15 15:47
Xen0Phage Linux  
francis RHEL / CentOS  
normal 6  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
   
f0660655caeb7205555bc22c9dd88b8aadbc8910
Unable to add new rule to existing authentication source via the GUI
After adding a new rule to an existing authentication source, the new rule is apparently not saved. Add the new rule and then go back into the authentication source. Rule is not there.

This occurs whether you save just the new rule, or if you also save the authentication source itself.

I am unable to find any errors in the logs indicating a problem. On the contrary, I see this :

Oct 30 15:56:12 httpd.admin(0) DEBUG: Database statements not prepared, preparing... (pf::db::db_query_execute)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Preparing pf::nodecategory database queries (pf::nodecategory::nodecategory_db_prepare)
Oct 30 15:56:12 httpd.admin(0) DEBUG: function pf::db::get_db_handle is calling db_connect (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: checking handle (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: (Re)Connecting to MySQL (thread id: 0) (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: connected (pf::db::db_connect)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source local (pf::Authentication::Source::SQLSource) (pf::authentication::writeAuthenticationConfigFile)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source set_role (pf::Authentication::Source::LDAPSource) (pf::authentication::writeAuthenticationConfigFile)
Oct 30 15:56:12 httpd.admin(0) DEBUG: Writing source file1 (pf::Authentication::Source::HtpasswdSource) (pf::authentication::writeAuthenticationConfigFile)

Which seems to indicate that the write succeeded. In this example. I'm specifically making changes to the set_role source.
1) Go to configuration->sources
2) Choose an existing authentication source
3) Click the "Add Rule" button
4) Enter the details for the new rule
5) Click Save
Notes
(0003470)
Xen0Phage   
2013-10-31 12:39   
Louis suggested restarting memcached. Restarting that appears to have resolved this problem for the time being. I'm able to add/remove rules now.
(0003471)
erSitzt   
2013-11-01 10:50   
Same here, restarting memcached resolved the problem temporarily.
(0003473)
francis   
2013-11-15 15:47   
There's a patch available here for 4.0.6-2 :

https://github.com/inverse-inc/packetfence/commit/5d4bfc2883e6f66bb1938a79c3e677c9c53c3854 [^]





View Issue Details
1716 [PacketFence] error-handling minor always 2013-09-19 10:11 2013-11-06 07:11
fmts  
 
normal  
new 4.0.6-2  
open  
none    
none  
  4.1.0  
Insecure dependency on service start
After an upgrade from 4.0.5-2 i got the following error at service start:

httpd.admin|start
Checking configuration sanity...
service|command
config files|start
iptables|start
pfdns|start
Insecure dependency in sprintf while running with -T switch at /usr/local/pf/lib/pf/services.pm line 398.
Service started again,
when i added following lines to the service.pm (right before line 398):

$launcher =~ /^(.*)$/;
$launcher = $1;

Seems to be like a simliar problem as in 0001575.
Notes
(0003472)
aderumier   
2013-11-06 07:11   
Hi,

I have exactly the same bug since upgrade to upgrade from 4.0.5-2.

$launcher =~ /^(.*)$/;
$launcher = $1;

fix the problem for me





View Issue Details
1746 [PacketFence] captive portal minor always 2013-11-04 10:51 2013-11-04 10:51
jochen Linux  
RHEL / CentOS  
normal 6  
new 4.0.6-2  
open  
none    
none  
   
RADIUSSource doesn't match username
match_in_subclass() doesn't process any source specific conditions.

Some code like this is missing:

    foreach my $condition (@{ $own_conditions }) {
      if ($condition->{'attribute'} eq "username") {
        if ( $condition->matches("username", $params->{'username'}) ) {
          push(@{ $matching_conditions }, $condition);
        }
      }
    }
Create RADIUS Source
Create condition matching username
Log in using this username

=> The condition does not match
There are no notes attached to this issue.





View Issue Details
1672 [PacketFence] web admin feature always 2013-07-12 14:13 2013-10-30 15:12
Xen0Phage  
 
normal  
new 4.0.1  
open  
none    
none  
   
Switches configuration should include an alias/name
The switch configuration should allow a name or alias to be entered. The IP is required, of course, to identify the switch. However, humans are somewhat better at remembering names, especially since we can name things based on where they're located.

Can a name/alias field be added to the switch configuration?
Notes
(0003469)
Xen0Phage   
2013-10-30 15:12   
This appears to have been added at some point between the time I reported it and the current release. Thanks! This can be closed as a result. :)





View Issue Details
1743 [PacketFence] core minor always 2013-10-28 04:27 2013-10-29 06:31
erSitzt Linux  
Ubuntu  
normal 12.04  
new 4.0.6-2  
open  
none    
none  
   
Service watchdog not able to restart all services
"pfcmd service pf start" and the watchdog if it tries to restart services that are not running produces this error

Insecure dependency in sprintf while running with -T switch at /usr/local/pf/lib/pf/services.pm

Needs to be untainted :

sub launchService {
    my ($daemon,@launcher_args) = @_;
    my $launcher = $service_launchers{$daemon};
    if ($launcher) {
        my $logger = Log::Log4perl::get_logger('pf::services');
### untaint launcher ###
        $launcher =~ /^(.*)$/;
        $launcher = $1;
########################
        my $cmd_line = sprintf($launcher, @launcher_args);
        $logger->info("Starting $daemon with '$cmd_line'");
        if ($cmd_line =~ /^(.+)$/) {
            $cmd_line = $1;
            my $t0 = Time::HiRes::time();
            my $return_value = system($cmd_line);
            my $elapsed = Time::HiRes::time() - $t0;
            $logger->info(sprintf("Daemon %s took %.3f seconds to start.", $daemon, $elapsed));
            return $return_value;
        }
    }
    return;
}
Notes
(0003468)
francis   
2013-10-29 06:31   
The upcoming pull of the "service refactor" branch will fix this problem.

See https://github.com/inverse-inc/packetfence/pull/104 [^]





View Issue Details
1742 [PacketFence] captive portal major always 2013-10-24 19:44 2013-10-25 14:48
fdurand All  
fdurand All  
normal All  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
  +1  
523f11a7f9372740e521564f1e01b933df7a42f7
Wispr doesn´t work
We fetch from the cgi object the username and password but for wispr we never use cgi.
We have to use $req->param("username") and $req->param("password") in the wispr.pm file.
 
There are no notes attached to this issue.





View Issue Details
1740 [PacketFence] web admin feature always 2013-10-24 03:53 2013-10-24 03:53
MavLam All  
All  
normal All  
new 4.0.6-2  
open  
none    
none  
   
Node details not populating for 802.1x clients
I am currently deploying Packetfence in a VLAN enforcement mode and the DHCP server runs on an external server. The machines auto registers with 802.1x auth against AD and automatically get a role assigned. All works great!

Is it possible to make the Computer Name field editable via the UI? At the moment becuase the way I have implimented it Packetfence does not pull the node information. I am editing the name via MySQL which is not ideal when I hand over to support.

And obviously if there was a way to still pull the node information this would be ideal.
There are no notes attached to this issue.





View Issue Details
1739 [PacketFence] IDS minor always 2013-10-22 13:50 2013-10-22 13:50
francis  
 
normal  
new 4.0.6-2  
open  
none    
none  
  4.1.0  
Move snort_rules from violations.conf to pf.conf
The snort_rules parameter is defined in the 'defaults' of violations.conf. However, it should be moved to pf.conf under a new 'IDS' section.
There are no notes attached to this issue.





View Issue Details
1738 [PacketFence] web admin minor have not tried 2013-10-18 12:00 2013-10-18 12:05
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
  4.1.0  
5ddb92d1cce25fc3b43c8f46644aa300532afca2
Advanced search results of users: Can't sort by telephone nor by nodes count
When performing an advanced search on users, it's impossible to sort by telephone number of nodes count.
There are no notes attached to this issue.





View Issue Details
1737 [PacketFence] captive portal minor have not tried 2013-10-18 11:22 2013-10-18 11:36
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
  4.1.0  
6b47384c3f273f96cabf8a8f7c78db35f03ee444
An matches/regexp condition in an LDAP source doesn't test all values
A regexp condition in an LDAP source only tests the first value of the attribute.
There are no notes attached to this issue.





View Issue Details
1735 [PacketFence] guests feature have not tried 2013-10-11 14:46 2013-10-11 14:46
dwuelfrath  
 
normal  
new 4.0.6-2  
open  
none    
none  
   
Allow localdomain for email registration should use a different value than general.domain
We offer the possibility to allow/deny the use of a localdomain address when using email guest self-registration.
We check that the email is matching against the configured domain of PacketFence. Most of the time, that configured domain is not the same as the company use for their email addresses so we should probably use a new "configuration parameter" to specify the email addresses domain.
There are no notes attached to this issue.





View Issue Details
1732 [PacketFence] radius minor have not tried 2013-10-10 14:46 2013-10-10 14:47
dwuelfrath  
dwuelfrath  
normal  
assigned 4.0.6-2  
open  
none    
none  
   
Using NAS-IP-Address for managing RADIUS equipment
We are currently validating is a network equipment is managed by PacketFence (IP is part of switches list) by using the NAS-IP-Address in the RADIUS request. We are using the incoming IP of the Access-Request to do the secret check (which is OK) but after that, we use the NAS-IP-Address to refer to that network equipment.
NAS-IP-Address should not be used to initiate communication with network equipment. We should base ourselves on the incoming IP address used for the Access-Request at all time.
Will have to "refactor" the flow of RADIUS to make the correct distinguition between the two.
There are no notes attached to this issue.





View Issue Details
1731 [PacketFence] web admin minor have not tried 2013-10-10 14:14 2013-10-10 14:14
francis  
francis  
normal  
assigned 4.0.6-2  
open  
none    
none  
  4.1.0  
Show additional columns in nodes module
Some users have expressed the desire to see more/other columns in the nodes module. For example, the registration date and the detection date.
There are no notes attached to this issue.





View Issue Details
1730 [PacketFence] web admin minor have not tried 2013-10-10 10:12 2013-10-10 10:12
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
   
69812df81b26649aeb4d1f46d1f779bffbe9688a
Authentication rules can't include dashes in their name
If a rule name contains a dash, only the part before the dash is considered.
There are no notes attached to this issue.





View Issue Details
1727 [PacketFence] radius major always 2013-10-09 12:45 2013-10-09 12:45
carrots Linux  
RHEL / CentOS  
high 6  
new 4.0.6-2  
open  
none    
none  
   
Addition of perl module in the sites-enabled/default file causes error Failed to find "perl" in the "modules" section.
Whenever following the instructions in Appendix B of the admin guide for manual configuration of FreeRADIUS version 2 an error is given for the addition of the perl module as follows:-

Error: /usr/local/pf/raddb//sites-enabled/default[200]: Failed to find "perl" in the "modules" section.
Error: /usr/local/pf/raddb//sites-enabled/default[69]: Errors parsing authorize section.
Error: Failed to load virtual server <default>

Contents of some of the configuration files are as follows:-

/usr/local/pf/conf/radiusd/radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = %%install_dir%%/var
sbindir = /usr/sbin
logdir = %%install_dir%%/logs
raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}
run_dir = ${localstatedir}/run

db_dir = ${raddbdir}

libdir = /usr/lib%%arch%%/freeradius
pidfile = ${run_dir}/${name}.pid

user = pf
group = pf

max_request_time = 30
cleanup_delay = 5
max_requests = 1024

listen {
        type = auth
        ipaddr = %%management_ip%%
        port = 0
        virtual_server = packetfence
}

listen {
        ipaddr = %%management_ip%%
        port = 0
        type = acct
        virtual_server = packetfence
}

hostname_lookups = no
allow_core_dumps = no

regular_expressions = yes
extended_expressions = yes

log {
        destination = files
        file = ${logdir}/radius.log
        syslog_facility = daemon
        stripped_names = no
        auth = yes
        auth_badpass = yes
        auth_goodpass = yes
}

checkrad = ${sbindir}/checkrad

security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
}

proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf

thread pool {
        start_servers = 5
        max_servers = 32
        min_spare_servers = 3
        max_spare_servers = 10
        max_requests_per_server = 0
}

modules {
        $INCLUDE ${confdir}/modules/
        $INCLUDE eap.conf
        $INCLUDE sql.conf
}

instantiate {
        exec
        expr
        expiration
        logintime
}

$INCLUDE policy.conf
$INCLUDE sites-enabled/

authorize {
        eap
        files
}

authenticate {
        eap
}



/usr/local/pf/raddb/sites-enabled/default - perl entry lines shown...
authorize {

<sic>
        #
        # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
        # authentication.
        #
        # It also sets the EAP-Type attribute in the request
        # attribute list to the EAP type from the packet.
        #
        # As of 2.0, the EAP module returns "ok" in the authorize stage
        # for TTLS and PEAP. In 1.x, it never returned "ok" here, so
        # this change is compatible with older configurations.
        #
        # The example below uses module failover to avoid querying all
        # of the following modules if the EAP module returns "ok".
        # Therefore, your LDAP and/or SQL servers will not be queried
        # for the many packets that go back and forth to set up TTLS
        # or PEAP. The load on those servers will therefore be reduced.
        #
        eap {
                ok = return
        }

<sic>

        #
        # The ldap module will set Auth-Type to LDAP if it has not
        # already been set
# ldap

        #
        # Enforce daily limits on time spent logged in.
# daily

        #
        # Use the checkval module
# checkval

        expiration
        logintime
        perl



<sic>

# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
post-auth {
        # Get an address from the IP Pool.
# main_pool
        perl
        #
        # If you want to have a log of authentication replies,
        # un-comment the following line, and the 'detail reply_log'
        # section, above.
# reply_log


If the perl configuration is remvoed from the default file then the errors also show for inner-tunnel until they are also removed. Once there is no reference to perl then everything starts fine.

Install packetfence 4.0.3 or 4.0.6 on CentOS 6.3 and make changes in Appendix B of the admin guide.
I've noticed that there are double slashes in the folder path to /sites-enabled but this seems to be accepted as it works fine without the "perl" entries.

I was also unsure about the {confdir} within the radius.conf as it seems to reference the var folder but there is no radiusd or modules folder in the /usr/local/pf/var directory:-

raddbdir = %%install_dir%%/var/radiusd
radacctdir = %%install_dir%%/logs/radacct

name = radiusd

confdir = ${raddbdir}

There are no notes attached to this issue.





View Issue Details
1715 [PacketFence] scanning minor have not tried 2013-09-18 09:28 2013-10-09 09:46
maikel  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
   
7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1
Snort
emerging-virus.rules is no longer available for snort. Oinkmaster also cannot grab this file. Because violations.conf still has this requirement listed (as in you cannot remove it YET from the webinterface) snort will always fail to start.
ATAL ERROR: Unable to open rules file "/usr/local/pf/var/conf//usr/local/pf/conf/snort/emerging-virus.rules": No such file or directory.

remove it from violations.conf and snort worksgood again.
There are no notes attached to this issue.





View Issue Details
1725 [PacketFence] core major always 2013-10-08 14:44 2013-10-08 15:07
lpelet Linux  
RHEL / CentOS  
high 6  
new 4.0.5-2  
open  
none    
none  
  4.1.0  
not using mail relay server
email and sms activation mail don't pass through the relay server specified in the menu tab Alerting
ask in PacketFence to register as guest by email. then you will see the mail to activate your access is not sent using the mail relay server
There are no notes attached to this issue.





View Issue Details
1717 [PacketFence] packaging block always 2013-09-24 21:02 2013-10-08 14:46
serjao  
 
normal  
new 4.0.6-2  
open  
none    
none  
   
Dependências CentOS 6
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Authentication::Credential::HTTP)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Plack)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Controller::HTML::FormFu)
Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)
           Requires: perl(MooseX::Types::LoadableClass) >= 0.006
Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)
           Requires: perl(Moose) >= 2.0007
           Installed: perl-Moose-1.15-1.el6.x86_64 (@epel)
               perl(Moose) = 1.15
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Plugin::Authentication)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Net::OAuth2)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Plack::Middleware::ReverseProxy)
Error: Package: perl-HTML-FormHandler-0.40013-1.centos6.noarch (PacketFence)
           Requires: perl(MooseX::Types::LoadableClass)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Plugin::Session::Store::File)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Moo) >= 1.0
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(Catalyst::Authentication::Store::Htpasswd)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(CHI::Driver::Memcached)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(CHI)
Error: Package: packetfence-4.0.6-2.el6.noarch (PacketFence)
           Requires: perl(MooseX::Types::LoadableClass)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@heimdall yum.repos.d]# ls
CentOS-Base.repo CentOS-Media.repo epel.repo mirrors-rpmforge mirrors-rpmforge-testing PacketFence.repo
CentOS-Debuginfo.repo CentOS-Vault.repo epel-testing.repo mirrors-rpmforge-extras openfusion.repo rpmforge.repo


Notes
(0003458)
lpelet   
2013-10-08 14:46   
Hello,
can you post the command you have run to try to install PacketFence.

Regards,
Loick





View Issue Details
1657 [PacketFence] configuration major always 2013-06-27 11:22 2013-10-08 14:38
Raphux  
francis  
normal  
resolved 4.0.1  
fixed  
none    
none 4.0.2  
   
51f206fe78353b3201ac3380ca1533bec68ddd31
LDAP test routine doesn't use "port" information
In the configuration page, users => Sources => Add AD source.

On the page, you can configure the port you want to query. But this parameter is not used when you click the «test» button. It queries 389 (LDAP) by default, event if, for example, you set 3268 (AD Global Catalog Default port), resulting in permanent error.
I made a small patch, hope that it will be useful.
LDAPSource.pm.patch (517) 2013-06-27 11:22
https://www.packetfence.org/bugs/file_download.php?file_id=177&type=bug
There are no notes attached to this issue.





View Issue Details
1724 [PacketFence] web admin minor have not tried 2013-10-07 22:14 2013-10-07 22:24
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
  4.1.0  
da53748a78a85c527ef211ebd1cbba0fe59f74f1
Help from documentation.conf is truncated
When a parameter description extends to multiple lines, only the first line is displayed on the web interface.
There are no notes attached to this issue.





View Issue Details
1712 [PacketFence] hardware modules block always 2013-09-16 09:08 2013-10-06 16:53
alessiol  
 
normal  
resolved 4.0.6  
fixed  
none    
none 4.1.0  
   
https://github.com/inverse-inc/packetfence/commit/f5cfd3344bd1fd9f70c50ecb3f66230fb2bd1be5 [^]
Argument "noSuchObject" isn't numeric in numeric eq
I use an HP 4100 (J4121A) Switch but packetFence 4.0.6-2 can not get the MAC address by SNMP. This is the log:

Sep 16 14:38:07 pfsetvlan(4) INFO: up trap received on 10.0.0.150 ifIndex 41 (main::handleTrap)
Sep 16 14:38:07 pfsetvlan(4) INFO: setting 10.0.0.150 port 41 to MAC detection VLAN (main::handleTrap)
Argument "noSuchObject" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP.pm line 985.
Sep 16 14:38:07 pfsetvlan(4) WARN: old VLAN noSuchObject is not a managed VLAN -> Do nothing (pf::SNMP::setVlan)
Sep 16 14:38:07 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:09 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:11 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:13 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:16 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:18 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:20 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:22 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:24 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:26 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:28 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:30 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:33 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:35 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:37 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:39 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:41 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:43 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Sep 16 14:38:45 pfsetvlan(4) WARN: couldn't get MAC at ifIndex 41. This is a problem. (pf::SNMP::_getMacAtIfIndex)
This is fixed.

The message "Argument "noSuchObject" isn't numeric in numeric eq (==)" will no longer happen

You can find the patch here.

https://github.com/inverse-inc/packetfence/commit/f5cfd3344bd1fd9f70c50ecb3f66230fb2bd1be5 [^]
Notes
(0003449)
francis   
2013-09-16 10:16   
Show your configuration file switches.conf.
(0003450)
alessiol   
2013-09-16 10:47   
#
# Copyright 2006-2008 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html [^]
[default]
description=Switches Default Values
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=no
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=

[192.168.0.1]
description=Test Switch
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24

[10.0.0.149]
mode=production
description=TEST iPECS
type=LG::ES4500G
VoIPEnabled=N
uplink=1
radiusSecret=tele
ospitiVlan=1
ladelziaVlan=2
SNMPVersionTrap=2c
SNMPVersion=2c
macDetectionVlan=1
isolationVlan=30
voiceVlan=50
inlineVlan=60
ospitiRole=1
ladelziaRole=2
registrationVlan=1

[10.0.0.150]
mode=production
ospitiVlan=1
description=HP 4000
type=HP::Procurve_4100
VoIPEnabled=N
ladelziaVlan=2
uplink=1
ospitiRole=1
ladelziaRole=2
radiusSecret=tele
macDetectionVlan=1
isolationVlan=30
registrationVlan=1
voiceVlan=50
inlineVlan=60
SNMPVersionTrap=2c
SNMPVersion=2c
#SNMPVersion = 3
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
#SNMPVersionTrap = 3
#SNMPUserNameTrap = readUser
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread





View Issue Details
1723 [PacketFence] core block always 2013-10-03 09:03 2013-10-03 09:03
alessiol Linux  
RHEL / CentOS  
high 6  
new 4.0.6-2  
open  
none    
none  
   
WARN: couldn't get MAC at ifIndex 33. This is a problem.
Apply the git patch introduced with issue 0001712 but when I connect a device to HP 4100 Switch Packetfence can not change the vlan.... please check the log
This is the /usr/local/pf/logs/packetfence.log :

Oct 03 14:51:39 pfsetvlan(24) INFO: ignoring unknown trap: 2013-10-03|12:51:37|UDP: [10.0.0.150]:161->[10.0.0.148]|10.0.0.150|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.76 = STRING: I 10/03/13 12:51:44 ports: port E1 is now on-line END VARIABLEBINDINGS (main::parseTrap)
Oct 03 14:51:39 pfsetvlan(11) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Oct 03 14:51:39 pfsetvlan(11) INFO: up trap received on 10.0.0.150 ifIndex 33 (main::handleTrap)
Oct 03 14:51:39 pfsetvlan(11) INFO: setting 10.0.0.150 port 33 to MAC detection VLAN (main::handleTrap)
Use of uninitialized value $vlan in concatenation (.) or string at /usr/local/pf/lib/pf/SNMP.pm line 612.
Oct 03 14:51:40 pfsetvlan(11) WARN: old VLAN is not a managed VLAN -> Do nothing (pf::SNMP::setVlan)
Oct 03 14:51:40 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:42 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:42 pfdhcplistener(8860) INFO: DHCPREQUEST from 00:15:65:2b:b6:b0 (10.0.0.153) (main::parse_dhcp_request)
Oct 03 14:51:42 pfdhcplistener(8860) INFO: Unknown DHCP fingerprint: 1,2,3,4,6,7,12,15,28,42,66,67,43,120 (DHCP Message Type: DHCPREQUEST) (main::process_fingerprint)
Oct 03 14:51:42 pfdhcplistener(8860) INFO: 00:15:65:2b:b6:b0 requested an IP. Unknown DHCP fingerprint. Modified node with last_dhcp = 2013-10-03 14:51:42,computername = ,dhcp_fingerprint = 1,2,3,4,6,7,12,15,28,42,66,67,43,120 (main::listen_dhcp)
Oct 03 14:51:45 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:47 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:49 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:52 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:54 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:57 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:51:59 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:01 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:04 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:06 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:09 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:11 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:13 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:16 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:18 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:21 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:23 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:25 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:28 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:30 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:33 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:35 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:37 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:40 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:42 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:45 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:47 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:49 pfsetvlan(11) WARN: couldn't get MAC at ifIndex 33. This is a problem. (pf::SNMP::_getMacAtIfIndex)
Oct 03 14:52:49 pfsetvlan(11) WARN: Tried to grab MAC address at ifIndex 33 on switch 10.0.0.150 30 times and failed (main::handleTrap)
Oct 03 14:52:49 pfsetvlan(11) INFO: cannot find MAC (maybe we found a VoIP, but they don't count here). Do nothing (main::handleTrap)
Oct 03 14:52:49 pfsetvlan(11) INFO: finished (main::cleanupAfterThread)
There are no notes attached to this issue.





View Issue Details
1722 [PacketFence] captive portal minor have not tried 2013-10-02 13:47 2013-10-02 14:02
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
  4.1.0  
764f63ba5a345101a39dd35d586ff3242ecdb218
Local users can't login on expiration date
A user won't be able to register a new device on the expiration date specified in the temporary_password.

We should accept registration until the last minute of the expiration date (23:59).
There are no notes attached to this issue.





View Issue Details
1721 [PacketFence] web admin minor have not tried 2013-10-02 13:19 2013-10-02 13:31
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
  4.1.0  
6879e9bb2868514be4570cfa40b929635f785e64
Error when creating users with no "set role" action
From the Web admin interface, creating one or multiple users without specifying a role returns an error.

The message displayed in the Web interface is "Unexpected error. See server-side logs for details.".

In the log file, we have :

WARN: database query failed with: Column 'category' cannot be null. (errno: 1048), will try again (pf::db::db_query_execute)
ERROR: Database issue: We tried 3 times to serve query temporary_password_add_sql called from pf::db::db_data and we failed. Is the database running? (pf::db::db_query_execute)
WARN: something went wrong creating a new temporary password for pouetpouet (pf::temporary_password::generate)
Notes
(0003457)
francis   
2013-10-02 13:31   
Must alter the temporary_password table. See db/upgrade-4.0.0-4.1.0.sql





View Issue Details
1668 [PacketFence] web admin minor always 2013-07-11 05:54 2013-10-02 11:37
roadracer96  
 
normal  
new 4.0.1  
open  
none    
none  
   
Unable to manually add device in web UI
Need to be able to manually add a device in the web UI instead of waiting for it to be detected.
There are no notes attached to this issue.





View Issue Details
1720 [PacketFence] captive portal text always 2013-10-01 14:12 2013-10-01 14:12
Xen0Phage  
 
normal  
new 4.0.6-2  
open  
none    
none  
   
Misleading error message
There is a misleading error message that pops up when a user is not put into a valid role. ie, there is no matching role. In that case, authentication passes, but the user is presented with a message indicating that they have too many devices registered. This appears in the node.pm file.

This should be changed to indicate that there is a role issue, but a max devices issue.
There are no notes attached to this issue.





View Issue Details
1718 [PacketFence] scanning major always 2013-09-25 04:22 2013-09-25 08:30
erSitzt  
 
normal  
new 4.0.6-2  
open  
none    
none  
   
OpenVAS XML-Respone can only be read if order and spaces are exactly as expectet by PacketFence
The XML response returned by omp is parsed via regex like this one :

/<get_reports_response\ status="([0-9]+)" [^\<]+[\<][^\>]+[\>] ([a-zA-Z0-9\=]+)/x

In my case omp returns this XML

<get_reports_response status_text="OK" status="200"><report id="15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a" format_id="6c248850-1f62-11e1-b082-406186ea4fc5" extension="html" type="scan" content_type="text/html">

As you can see "status_text" and "status" are in a different order than pf expects them.

I think the way the XML responses are evaluated is prone to errors and should be changed. Regex is not the way to go here.

I have asked (in #openvas) if the order of elements is fixed in the xml and it is not...


Ubuntu 12.04
OpenVAS 5

ii libopenvas5 5.0.4-1
ii openvas-administrator 1.2.1-1ubuntu1~precise
ii openvas-check-setup 2.2.0-0ubuntu1~precise
ii openvas-cli 1.1.5-1ubuntu1~precise
ii openvas-client 2.0.5-1ubuntu1
ii openvas-manager 3.0.6-0ubuntu1~precise
ii openvas-scanner 3.3.1-1ubuntu1~precise
openvas.pm (11,603) 2013-09-25 05:22
https://www.packetfence.org/bugs/file_download.php?file_id=187&type=bug
Notes
(0003454)
erSitzt   
2013-09-25 04:24   
I've removed the Base64 encoded part of the response here to keep the post readable.
(0003455)
erSitzt   
2013-09-25 05:19   
I suggest using XML::Simple, this returns an easy to use hash.

$VAR1 = {
          'report' => {
                      'format_id' => '6c248850-1f62-11e1-b082-406186ea4fc5',
                      'extension' => 'html',
                      'content_type' => 'text/html',
                      'content' => 'BASE64ENCODEDCONTENT',
                      'type' => 'scan',
                      'id' => '15ce0c2d-bf8c-4972-a0f6-fe1e75bb298a'
                    },
          'status' => '200',
          'status_text' => 'OK'
        };

This is what it looks like in openvas.pm

    my $xml = new XML::Simple;
    my $response = $xml->XMLin($output);
    my $status = $response->{'status'};
    my $escalator_id = $response->{'id'};

    # Fetch response status and escalator id
    # Scan escalator successfully created
    if ( defined($status) && $status eq $RESPONSE_RESOURCE_CREATED ) {
        $logger->info("Scan escalator named $name successfully created with id: $escalator_id");
        $this->{_escalatorId} = $escalator_id;
        return $TRUE;
    }

I've renamed $response to $status, because thats what it is.

I'll attach my version of the file.
(0003456)
erSitzt   
2013-09-25 08:30   
I needed to untaint the result of the $command executed by pf_run in util.pm

From line 983:

    } else {
        # scalar context
        `$command` =~ /^(.*)$/;
        $result = $1;
        return $result if ($CHILD_ERROR == 0);
    }





View Issue Details
1714 [PacketFence] captive portal minor have not tried 2013-09-17 11:04 2013-09-17 11:05
francis  
francis  
normal  
resolved 4.0.6-2  
fixed  
none    
none 4.1.0  
   
ff1f1cf69a5cee7b2b582a459b24370b8bb10c11
Htpasswd source doesn't respect username
A Htpasswd authentication source always matches the username.
The method fetchPass of the Apache::Htpasswd module returns 0 when the user is not found while the HtpasswdSource tests if the returned value is defined.
There are no notes attached to this issue.





View Issue Details
1711 [PacketFence] web admin minor have not tried 2013-09-13 15:19 2013-09-13 15:19
francis  
francis  
normal  
resolved 4.0.6  
fixed  
none    
none 4.0.6-2  
   
a761ec4998b2f34ea86e30a99a6b7a230e33ee4d
caching issue when creating an authentication source
Adding a rule to a newly created source can return an error depending on which httpd process answers the request.
There are no notes attached to this issue.





View Issue Details
1710 [PacketFence] core minor have not tried 2013-09-13 11:13 2013-09-13 11:14
francis  
francis  
normal  
resolved 4.0.6  
fixed  
none    
none 4.0.6-2  
   
6d1d6a8131a05e6a1b05b14978c54180af5786b8
Unable to stop services via pfcmd
I seem to be unable to stop services via pfcmd after upgrading to 4.0.6. The command runs and I get the normal output indicating that the services should be stopping, but if I check service status, the only service that has actually stopped is pfdhcplistener.
Reported by Jason Frisvold <xenophage@godshell.com> on the mailing list
There are no notes attached to this issue.





View Issue Details
1676 [PacketFence] radius major have not tried 2013-08-01 16:11 2013-09-13 11:10
dgreer  
francis  
normal  
resolved 4.0.1  
fixed  
none    
none 4.0.4  
   
4861189ba7faf680eef257d5b1c157d7260fe0de
In 4.0.3, RADIUS stopped authenticating
Not sure what I did to trigger this, but had a problem with RADIUS authentication, specifically the following error message:
"Error: rlm_perl: No or invalid reply in SOAP communication with server. Check server side logs for details."

Digging down, I found this was coming from the call of pf/raddb/packetfence.pm, and in that I figured out that I could dump return contents to the radius.log, so I did that and got this:

"Thu Aug 1 14:37:44 2013 : Info: rlm_perl: curl_return_code: 0
Thu Aug 1 14:37:44 2013 : Info: rlm_perl: <?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" [^] xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" [^] xmlns:xsd="http://www.w3.org/2001/XMLSchema" [^] soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" [^] xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:Fault><faultcode>soap:Client</faultcode><faultstring>Content-Type [^] must be 'text/xml,' 'multipart/*,' 'application/soap+xml,' 'or 'application/dime' instead of 'application/x-www-form-urlencoded'</faultstring></soap:Fault></soap:Body></soap:Envelope>
"

Doing some Googling brought me to this article on StackExchange:
http://stackoverflow.com/questions/9062121/send-a-http-post-requestxml-data-using-wwwcurl-in-perl [^]

So I plugged in the CURLOPT_HTTPHEADER() line to force it to use "text/xml" and problem is fixed.

Here's the patch:

]# diff -U2 /root/backup/usr/local/pf/raddb/packetfence.pm packetfence.pm
--- /root/backup/usr/local/pf/raddb/packetfence.pm 2013-07-22 14:30:34.000000000 -0500
+++ packetfence.pm 2013-08-01 15:01:57.000000000 -0500
@@ -174,4 +174,5 @@
     my $response_body;
     $curl->setopt(CURLOPT_HEADER, 0);
+ $curl->setopt(CURLOPT_HTTPHEADER(), ['Content-Type: text/xml; charset=UTF-8']);
     $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' [^] . SOAP_PORT); # TODO: See note1
 # $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' [^] . $Config{'ports'}{'soap'}); # TODO: See note1
@@ -184,5 +185,6 @@

     # For debugging purposes
- #&radiusd::radlog($RADIUS::L_INFO, "curl_return_code: $curl_return_code");
+# &radiusd::radlog($RADIUS::L_INFO, "curl_return_code: $curl_return_code");
+# &radiusd::radlog($RADIUS::L_INFO, "$response_body");

     # Looking at the results...
Notes
(0003373)
fdurand   
2013-08-01 21:12   
Hello,
you are right but to late ;-)
https://github.com/inverse-inc/packetfence/commit/4861189ba7faf680eef257d5b1c157d7260fe0de [^]

Fabrice





View Issue Details
1709 [PacketFence] 802.1x minor have not tried 2013-09-13 11:03 2013-09-13 11:03
francis  
francis  
normal  
resolved 4.0.6  
fixed  
none    
none 4.0.6-2  
   
92e9339121f16d7b6d328f149fcb4b4c07944d73
802.1x error in RADIUS authorize
RADIUS is authenticating fine, but the WebAPI no like...

Sep 10 08:26:38 pf::WebAPI(29881) INFO: handling radius autz request: from switch_ip => 1.2.3.4, connection_type => Wireless-802.11-EAP mac => c8:6f:1d:40:96:6e, port => 4097, username => tim.denike (pf::radius::authorize)
Sep 10 08:26:38 pf::WebAPI(29881) INFO: autoregister a node that is already registered, do nothing. (pf::node::node_register)
Sep 10 08:26:38 pf::WebAPI(29881) INFO: Found a match (CN=Tim DeNike,ETC ETC ETC) (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 10 08:26:38 pf::WebAPI(29881) INFO: Matched rule (W_Netshare) in source Employee, returning actions. (pf::Authentication::Source::match)
Sep 10 08:26:38 pf::WebAPI(29881) ERROR: radius authorize failed with error: panic: attempt to copy freed scalar 7f1471d513d8 to 7f1470e25ac8 at /usr/local/pf/lib/pf/authentication.pm line 498.
 (PFAPI::radius_authorize)
 (main::__ANON__)
 (main::__ANON__)
Reported by Tim DeNike <tim.denike@mcc.edu> on the mailing list.
There are no notes attached to this issue.





View Issue Details
1634 [PacketFence] captive portal minor always 2013-04-10 10:08 2013-09-13 10:58
lmunro  
francis  
normal  
resolved 3.6.1  
fixed  
none    
none 4.0.4  
   
8944d5b31f898073ec393fed73da2b2d46a4c65b
Guest email self registration assumes pid is an email address
When using guest self registration using email, the pid is used as email address to send the validation email to.

Yet the PacketFence administrator has the option to select which field to use as pid with guests_self_registration.guest_pid.

If guests_self_registration.guest_pid is set to something else than "email" and guest self registration using email is attempted, it will fail because the "TO" address will be invalid.
Notes
(0003448)
francis   
2013-09-13 10:58   
Ref: https://github.com/inverse-inc/packetfence/commit/8944d5b31f898073ec393fed73da2b2d46a4c65b#L2L122 [^]





View Issue Details
1705 [PacketFence] configuration block always 2013-09-09 11:03 2013-09-13 10:14
alessiol  
francis  
normal  
resolved 4.0.5  
fixed  
none    
none 4.0.6-2  
   
e88eb947b98323287dbec750d65b5ee062354314
PacketFence 4.0.6 Ubuntu 10.04.3 dependency problem
Packetfence won't install on Ubuntu 10.04.3 (fresh install)
because of missing: libterm-ansicolor-perl.
Notes
(0003439)
jraby   
2013-09-09 12:59   
Is that on 12.04 or 10.04 ?

That dependency problem should be fixed, pf shouldn't depend on libterm-ansicolor-perl since Term::ANSIColor is a core perl module.

https://github.com/inverse-inc/packetfence/commit/e88eb947b98323287dbec750d65b5ee062354314 [^]
(0003440)
alessiol   
2013-09-09 13:21   
sorry, Ubuntu Server LTS 12.04.3
(0003441)
erSitzt   
2013-09-11 11:06   
There is another perl package that is causing problems with Ubuntu 12.04.3

packetfence : Depends: libmoo-perl (>= 1.0) but 0.009013-1 is installed.

I was not sure if it made sense to create an issue for this, as both are perl-related dependency problems.
(0003443)
francis   
2013-09-12 13:42   
We've packaged this module some time ago:

http://www.packetfence.org/downloads/PacketFence/debian/pool/precise/libm/libmoo-perl/ [^]
(0003445)
erSitzt   
2013-09-13 04:00   
What do you mean by packaged ?

Is this still correct ?
http://www.packetfence.org/support/faqs/article/how-to-install-packetfence-on-ubuntu.html [^]
Here this url is listed
deb http://inverse.ca/downloads/PacketFence/debian [^] precise precise
Install fails with Error:
( packetfence : Depends: libterm-ansicolor-perl but it is not installable )

but the administration guide lists another source
deb http://inverse.ca/downloads/PacketFence/ubuntu [^] precise precise
Install fails with Error:
( packetfence : Depends: libterm-ansicolor-perl but it is not installable )


With both its not possible to install packetfence on a freshly installed ubuntu 12.04.3
(0003447)
francis   
2013-09-13 08:27   
Please read all comments carefully. In brief:

- libterm-ansicolor-perl: should not be a dependancy, fixed in devel, minor release (4.0.6-2) coming soon.
- libmoo-perl >= 1.0: available in our repo.





View Issue Details
1683 [PacketFence] captive portal major have not tried 2013-08-13 09:27 2013-09-13 10:08
Sylvain  
francis  
normal  
resolved 4.0.5  
fixed  
none    
none 4.0.6  
   
Self-registration page shown even if no external source exists
When updating from 4.0.1 to 4.0.5-2 there is a new feature :
"Self-registration is now enabled when a profile has at least one external authentication source" introduced in 4.0.4

I have no external source, but still get the guest/self-registration page.
I was feeling lucky and tried creating then removing external sources, or simply creating new internal sources, but it didn't work either.

I tried to add sources to the profile but was blocked by another bug : http://www.packetfence.org/bugs/view.php?id=1682 [^]

This bug is tricky as I also encouter this one :
http://www.packetfence.org/bugs/view.php?id=1681 [^]

Best regards,

Sylvain
Notes
(0003395)
Sylvain   
2013-08-13 09:39   
Relevant lines in packetfence.log:

Aug 13 15:06:33 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 13 15:06:33 redir.cgi(0) INFO: aa:bb:cc:dd:ee:ff redirected to guests self registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 13 15:06:33 redir.cgi(0) INFO: generate_selfregistration_page (pf::web::guest::generate_selfregistration_page)
Aug 13 15:06:33 redir.cgi(0) ERROR: No source of type 'SMS' defined for profile 'default' (pf::Portal::Profile::getSourceByType)

This line also seems to be linked in portal_error_log (it appears at the same time):

Use of uninitialized value in subroutine entry at /usr/local/pf/lib/pf/web/dispatcher.pm line 68.
(0003417)
Sylvain   
2013-08-19 10:59   
After solving http://www.packetfence.org/bugs/view.php?id=1682, [^] I can say it happens only when no authentication source is selected.

Therefore the problem was caused by bug 1682.

Here, there's no important problem (it works fine if you have selected a source), but we can think about the behaviour of the captive portal when no authentication source is selected.
(0003418)
Sylvain   
2013-08-19 10:59   
By the way, I can't decrease severity ;)





View Issue Details
1706 [PacketFence] configuration minor always 2013-09-09 11:43 2013-09-11 16:15
Xen0Phage  
francis  
normal  
resolved 4.0.5  
fixed  
none    
none 4.1.0  
   
3b282102bfdb6d6841e28edf032f2714e7cb21a8
Freeradius config files overwritten on RPM upgrade
Some of the Freeradius configuration files are overwritten on an upgrade, causing issues with the overall system as a result. Specifically, the config files in raddb/modules are overwritten with the default install files. This is specifically an issue with LDAP 802.1x authentication as the ldap file is defaulted, removing the needed LDAP access to validate 802.1x logins.
There are no notes attached to this issue.





View Issue Details
1365 [PacketFence] captive portal tweak always 2012-01-12 12:14 2013-09-04 14:42
maikel  
francis  
normal  
resolved devel  
fixed  
none    
none  
  general  
Captive portal - email activation - Name the network by its catagorie
When using the self registration meganism, per default the category guest is used. But if in the config another category is used. It would be nicer to name the network instead off guest, the actual name.
So in email_activation.cgi send the catagory to this function:
pf::web::guest::generate_activation_confirmation_page

then the template and i18n message can be altered automatically
Notes
(0003251)
fgaudreault   
2012-10-26 16:24   
Can you elaborate? You mean, you want to send a different template depending of the category name?
(0003436)
maikel   
2013-09-03 07:28   
Looks like this function is now there with the portal profiles and functions there. thankx! lets close this ticket





View Issue Details
1702 [PacketFence] captive portal text always 2013-08-30 13:17 2013-09-03 08:10
Xen0Phage  
francis  
normal  
resolved 4.0.5  
fixed  
none    
none 4.0.6  
   
1363fda9125f233c27cdb3af873441a179e21766
Text string not in locales file
I received a request to change the text string displayed when a user failed to authenticate on the captive portal. I looked through the locale file, but was unable to find it. I finally found it via a grep of the packetfence files.

/usr/local/pf/lib/pf/authentication.pm line 467.

This line should exist in the locale file and not be hard-coded into the library.
There are no notes attached to this issue.





View Issue Details
1630 [PacketFence] security feature N/A 2013-02-12 09:55 2013-09-03 05:35
bemosior  
ludovic  
normal  
assigned  
open  
none    
none  
  +1  
Username Registration Blacklist
We see value in the addition of a username blacklist feature in order to prevent certain AD/LDAP registrations from occurring.

Use Case:
An individual may no longer register his/her own devices on the network (due to violations), but he/she may still use public lab machines. Disabling the AD/LDAP account is not an option, as the individual must still be able to access other services using AD/LDAP for authentication.

Workflow (my understanding of it, at least):
User attempts internet access and is redirected to the registration page. User enters username. PF compares username against blacklist, failing the process on match (with a user-facing error). In this case, no LDAP query is made/executed.
Notes
(0003298)
bemosior   
2013-02-12 09:57   
I am assuming this blacklist is maintained independently by the local PF administrators and is simply a list of disallowed usernames.
(0003299)
ludovic   
2013-02-13 19:27   
Would be easy to do in PF v4 with a per-source blacklist of IDs.
(0003435)
dranix   
2013-09-03 05:35   
I have made a script where wireless devices (MAC) are banned upon attempting to brute-force password guess (LocalDB or LDAP account).
The script runs in the background and listens to the /usr/local/pf/log/packetfence.log and keep track of failed attempts.
After 10 failed attempts, the MAC is placed in the iptables and all packets will be dropped from accessing the inline interface.

Would the developers be interested in the script?





View Issue Details
1701 [PacketFence] web admin feature N/A 2013-08-28 02:22 2013-08-29 21:07
fmts  
francis  
normal  
resolved 4.0.5  
fixed  
none    
none 4.0.6  
   
daeda0bf839735067befece306d1e6a34b600f5c, 680099611a5a39f9a2a0dfdf5e5d0d2f49dde1e6
Search through notes
It would be nice if there was an option in the advanced search, to search for notes (in Users and Nodes).

So for example you could filter for auto registred devices.
There are no notes attached to this issue.





View Issue Details
1693 [PacketFence] web admin major always 2013-08-18 02:49 2013-08-22 14:29
muhlig  
francis  
normal  
resolved 4.0.4  
fixed  
none    
none  
   
portal uses source which is undefined there
There are three External Sources defined in my PacketFence server: sms, email & sponsor. My portal profile has two sources defined: (own internal) LDAP and email. Please note it doesn't contain sms. However packetfence.log shows:

Aug 16 12:52:18 pf::WebAPI(17002) INFO: Matched rule (catchall) in source sms, returning actions. (pf::Authentication::Source::match)

Looks like PacketFence uses source sms which it shouldn't use. It works, because sms rule is the same as email rule, but proper source (one of these defined in portal) should be taken info account.
Notes
(0003423)
muhlig   
2013-08-21 07:14   
Actually this happens also for internal sources. I defined PF_RADIUS and PF_LDAP as sources, but only PF_LDAP is defined as source in portal profile. However in packetfence.log I get:

Aug 21 11:53:15 register.cgi(0) INFO: Matched rule (default) in source PF_RADIUS, returning actions. (pf::Authentication::Source::match)
Aug 21 11:53:19 pf::WebAPI(30930) INFO: Matched rule (default) in source PF_RADIUS, returning actions. (pf::Authentication::Source::match)
(0003427)
francis   
2013-08-22 14:29   
This has been fixed in subsequent versions.





View Issue Details
1698 [PacketFence] web admin minor always 2013-08-21 07:20 2013-08-21 09:13
muhlig  
 
normal  
acknowledged 4.0.5  
open  
none    
none  
   
unable to define logo in profile other than default
There is no possibility to define logo in profile other than default.
Notes
(0003424)
francis   
2013-08-21 08:12   
This is by design. If you want to change the logo in a custom portal profile, simply replace the "logo" template variable of the header template by the path of the image you want to use.
(0003425)
muhlig   
2013-08-21 09:13   
OK, understood, thx :-)





View Issue Details
1695 [PacketFence] configuration major always 2013-08-20 13:51 2013-08-20 13:54
muhlig  
francis  
normal  
resolved 4.0.5  
fixed  
none    
none 4.0.6  
   
dcc1f6d2758e1f92329311b678d71ea79d7bdc5c
Apache error for guest: You don't have permission to access /cgi-perl/email_activation.cgi on this server.
./lib/pf/services/apache.pm

line 94:

    my $guest_regist_allowed = $guest_self_registration{'enabled'};

However, $guest_self_registration{'enabled'} is undefined. The effect is:

line 95:

    if ($guest_regist_allowed && isenabled.............................

and line 102:

    if ($guest_regist_allowed && ($email_enabled.....................

conditions are not fulfilled and ./var/conf/captive-portal-common.conf is not properly generated and some URIs are not allowed from all, thus bringing WWW error:

   “You don't have permission to access /cgi-perl/email_activation.cgi on this server.”
I'd advice simply get rid of $guest_regist_allowed variable and accordingly modify these two conditions. Otherwise you need to define $guest_self_registration{'enabled'} somewhere.
Notes
(0003422)
francis   
2013-08-20 13:54   
Fixed a few days ago.





View Issue Details
1667 [PacketFence] web admin minor always 2013-07-11 05:53 2013-08-20 09:01
roadracer96  
francis  
normal  
resolved 4.0.1  
fixed  
none    
none 4.0.2  
   
8835549747e4a0a0136e360140a33e58f83dc91b
Unable to edit notes in Web UI
Unable to edit notes for a deviec in web UI
Interesting one. It was possible in 3.X but removed in 4.X.
Can you open a feature request : http://packetfence.org/bugs [^]

Cheers!
dw.

--
dwuelfrath@inverse.ca :: +1.514.447.4918 (x110) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)



On 2013-06-28, at 12:42 PM, Tim DeNike <tim.denike@mcc.edu> wrote:

> Agreed. U would like to make more use of notes/details as well.
> Manual creation would be helpful too.
>
> Sent from my iPhone
>
> On Jun 28, 2013, at 12:41 PM, Jason Frisvold <xenophage@godshell.com> wrote:
>
>> Greetings,
>>
>> With our current NAC system we can manually add new devices via the
>> GUI. We're able to add the MAC of the device, the role it should be in,
>> and a description. The description is incredibly useful for identifying
>> devices quickly.
>>
>> This doesn't appear to be possible in PF 4.0.1, though there is the CLI
>> method for adding a node, albeit without a description. What would it
>> take to have this functionality added to PF?
>>
>> Thanks,
>>
>> --
>> ---------------------------
>> Jason 'XenoPhage' Frisvold
>> xenophage@godshell.com
>> ---------------------------
>>
>> "Any sufficiently advanced magic is indistinguishable from technology.\"
>> - Niven's Inverse of Clarke's Third Law
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Windows:
>>
>> Build for Windows Store.
>>
>> http://p.sf.net/sfu/windows-dev2dev [^]
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users [^]
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev [^]
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users [^]


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev [^]
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users [^]
There are no notes attached to this issue.





View Issue Details
1694 [PacketFence] web admin minor always 2013-08-19 15:22 2013-08-20 08:51
muhlig  
francis  
normal  
resolved 4.0.4  
fixed  
none    
none 4.0.6  
   
cff7c1426c2dc8f760134afd4226b53badb5c87e
pre-registration confirmation mail - %s not replaced by domain name
There is a message in PacketFence:

msgid "%s: Guest access confirmed!"

which is used as a subject of confirmation mail in case of pre-registration. A guest receives this mail, but in the subject "%s" is not replaced by domain name of PacketFence system.

It's worth noting all the other mails from PacketFence have "%s" correctly replaced - just this one particular mail has this issue.
Notes
(0003421)
muhlig   
2013-08-20 02:32   
Fix: /usr/local/pf/html/captive-portal/email_activation.cgi

line 113

is

'subject' => i18n("%s: Guest access confirmed!", $Config{'general'}{'domain'}),

should be

'subject' => i18n_format("%s: Guest access confirmed!", $Config{'general'}{'domain'}),





View Issue Details
1681 [PacketFence] captive portal major always 2013-08-13 09:13 2013-08-19 20:56
Sylvain  
francis  
normal  
resolved 4.0.5  
fixed  
none    
none 4.0.6  
   
a0cc0dae4aaa30f4ef2247a06df0f556b32469fb
Guest registration page doesn't show any submit button
Version 4.0.5-2

That's quite simple : the guest registration page doesn't show any submit button.
Tried filling fields and scroll the "use policy", but didn't help.
Please find a screenshot attached.

Best regards,

Sylvain
screenshot.png (198,895) 2013-08-13 09:13
https://www.packetfence.org/bugs/file_download.php?file_id=183&type=bug
Notes
(0003394)
francis   
2013-08-13 09:16   
Is there a registration/external authentication source associated to your default portal profile?
(0003396)
Sylvain   
2013-08-13 09:48   
No, actually I forgot to mention this page displays because of this bug :
http://www.packetfence.org/bugs/view.php?id=1683 [^]

And I cannot edit the sources of the portal profiles because of this one :
http://www.packetfence.org/bugs/view.php?id=1682 [^]
(0003419)
Sylvain   
2013-08-19 11:00   
After solving http://www.packetfence.org/bugs/view.php?id=1682, [^] [^] I can say it happens only when no authentication source is selected.

Therefore the problem was caused by bug 1682.

Here, there's no important problem (it works fine if you have selected a source), but we can think about the behaviour of the captive portal when no authentication source is selected.

Severity can be decreased.
(0003420)
francis   
2013-08-19 11:06   
I've already improved the Web page when no source is selected on the default portal profile :

https://github.com/inverse-inc/packetfence/commit/131496903ad30fa19341197c4b660f07f9d2a594#L3R53 [^]

(With no source specified, all internal sources will be used.)

And there's already at least one internal source: the "local" SQL source.





View Issue Details
1690 [PacketFence] web admin major always 2013-08-17 03:49 2013-08-17 21:47
muhlig  
francis  
normal  
resolved 4.0.4  
fixed  
none    
none 4.0.6  
   
a08b5b63bba1504a29894617f45632dec737971d
duration missing from Guest Network Access Information mail
Mail excerpt:

This username and password will be valid starting 2013-08-18. Once authenticated the access will be valid for .

So, duration is missing from the line although registration window is defined for guest from 2013-08-18 to 2013-08-22.
There are no notes attached to this issue.





View Issue Details
1691 [PacketFence] web admin major always 2013-08-17 04:02 2013-08-17 21:02
muhlig  
francis  
normal  
resolved 4.0.4  
fixed  
none    
none 4.0.6  
   
5a18b25f56cde34cceef32c402e78af550544275
unable to add/edit user telephone number
Display admin/users page. Click user. There is no form field for Telephone.
There are no notes attached to this issue.





View Issue Details
1692 [PacketFence] web admin minor sometimes 2013-08-17 04:05 2013-08-17 20:58
muhlig  
francis  
normal  
resolved 4.0.4  
fixed  
none    
none 4.0.6  
   
8c3b78a95504bc8aac808861ed1c66c5f584c994
user display: ERROR: Use of uninitialized value in concatenation
Display admin/users page. Click user. If some fields aren't filled, packetfence.log shows:

Aug 17 10:02:38 httpd.admin(0) ERROR: Use of uninitialized value in concatenation (.) or string at /usr/local/pf/html/pfappserver/lib/pfappserver/Form/Widget/Field/Span.pm line 28.
There are no notes attached to this issue.





View Issue Details
1684 [PacketFence] scanning major always 2013-08-13 11:02 2013-08-13 11:02
Sylvain  
 
normal  
new 4.0.1  
open  
none    
none  
   
OpenVAS - "Bogus command name" when creating escalator
It occurs under version 4.0.1, but I couldn't test under 4.0.5 because of some other bugs (which aren't related to this one).
As i didn't see anything either in changelogs and in issues reported... here it is.

This happen when launching a OpenVAS scan.

Right after registration, the pre-configured "System Scan" violation (1200001) is triggered.
The captive portal tells that scan is in progress.
Once the progress bar is filled, it tells that the machine is still being scanned since a given hour.
It will keep telling that (and here the problem begins).

In packetfence.log can be found:
There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator)

The scanned machine can be sent to the default vlan, by acknowledging the "System Scan" violation (1200001), as expected. But of course bypassing scan is not the best approach ;)

Here is the whole relevant output from packetfence.log:

Aug 09 17:05:30 release.pm(0) INFO: scanning 192.168.1.1 by calling /usr/local/pf/bin/pfcmd schedule now 192.168.1.1 1>/dev/null 2>&1 (pf::web::release::handler)
Aug 09 17:05:30 release.pm(0) INFO: violation for mac aa:bb:cc:dd:ee:ff vid 1200001 modified (pf::violation::violation_modify)
Aug 09 17:05:33 pfcmd.pl(10765) INFO: New ID generated: 137606073317f486 (pf::util::generate_id)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Instantiate a new vulnerability scanning engine object of type pf::scan::openvas. (pf::scan::instantiate_scan_engine)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan target named 137606073317f486 for host 192.168.1.1 (pf::scan::openvas::createTarget)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Scan target named 137606073317f486 successfully created with id: 0162c1eb-e374-4e39-8e16-faddab0d58e9 (pf::scan::openvas::createTarget)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan escalator named 137606073317f486 (pf::scan::openvas::createEscalator)
Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan escalator named 137606073317f486, here's the output: <omp_response status="400" status_text="Bogus command name"></omp_response> (pf::scan::openvas::createEscalator)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Creating a new scan task named 137606073317f486 (pf::scan::openvas::createTask)
Aug 09 17:05:36 pfcmd.pl(10765) WARN: There was an error creating scan task named 137606073317f486, here's the output: <create_task_response status="400" status_text="Bogus element: escalator"></create_task_response> (pf::scan::openvas::createTask)
Aug 09 17:05:36 pfcmd.pl(10765) INFO: Starting scan task named 137606073317f486 (pf::scan::openvas::startTask)
Aug 09 17:05:37 pfcmd.pl(10765) WARN: There was an error starting the scan task named 137606073317f486, here's the output: <start_task_response status="404" status_text="Failed to find task ''"></start_task_response> (pf::scan::openvas::startTask)

Best regards,

Sylvain
Notes
(0003402)
Sylvain   
2013-08-13 11:02   
In the report above I only wrote about SNMP linkUp/Down VLAN enforcement and "standard" registration.
I was initially testing with 802.1x auto-registration and enforcement, but couldn't get any information about the problem.
Actually when using 802.1x there were no log about the failed OpenVAS scan.

I have gathered informations about this lack of log, should I post them here or in a separate ticket ?




View Issue Details
1680 [PacketFence] captive portal major always 2013-08-12 06:09 2013-08-12 11:40
KimHagen