PacketFence - BTS - PacketFence | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001816 | PacketFence | 802.1x | public | 2014-07-25 13:35 | 2015-03-04 12:20 |
| Reporter | jpfmagalhaes | ||||
| Assigned To | lmunro | ||||
| Priority | high | Severity | block | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | Linux | OS | RHEL / CentOS | OS Version | 6 |
| Product Version | |||||
| Target Version | Fixed in Version | ||||
| fixed in git revision | |||||
| fixed in mtn revision | |||||
| Summary | 0001816: Problem with the dissociation of a wireless 802.1x user (pfcmd_vlan - Cannot allocate memory) | ||||
| Description | I'm new to PF and I'm facing a strange problem with the dissociation of a wireless 802.1x user. The user is authenticated successfully against the Radius Server. After authentication he is moved to the Registration Vlan and the captive portal is presented. After the authentication in the captive portal the deauthentication process fails with the following message: WARN: Problem trying to run command: /usr/local/pf/bin/pfcmd_vlan -deauthenticateDot1x -switch 192.168.100.5 -mac 90:72:40:9e:c5:ef called from handleTrap. OS Error: Cannot allocate memory (pf::util::pf_run) However, if a run the command directly on the command line, it is executed normally (the client is registered and moved to the Normal Vlan) . /usr/local/pf/bin/pfcmd_vlan -deauthenticateDot1x -switch 192.168.100.5 -mac 90:72:40:9e:c5:ef echo $? 0 Environment: - PF running over VMWare ESXi - HP procurve 2524 - AP Cisco 1131AG standalone version Please help me because I've no idea of what I'm missing?!? | ||||
| Steps To Reproduce | |||||
| Additional Information | ==> packetfence.log <== Jul 25 18:07:31 httpd.webservices(2737) INFO: Unable to extract MAC from Called-Station-Id: 0022.90c5.0710 (pf::radius::extractApMacFromRadiusRequest) Jul 25 18:07:31 httpd.webservices(2737) INFO: handling radius autz request: from switch_ip => 192.168.100.5, connection_type => Wireless-802.11-EAP,switch_mac => , mac => 90:72:40:9e:c5:ef, port => 276, username => userB (pf::radius::auth Jul 25 18:07:31 httpd.webservices(2737) INFO: MAC: 90:72:40:9e:c5:ef is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) Jul 25 18:07:31 httpd.webservices(2737) WARN: Role-based Network Access Control is not supported on network device type pf::Switch::Cisco::Aironet_1130. (pf::Switch::supportsRoleBasedEnforcement) Jul 25 18:07:31 httpd.webservices(2737) INFO: [192.168.100.5] Returning ACCEPT with VLAN 2 and role (pf::Switch::returnRadiusAccessAccept) ==> radius.log <== Fri Jul 25 18:07:31 2014 : Auth: rlm_perl: Returning vlan 2 to request from 90:72:40:9e:c5:ef port 276 Fri Jul 25 18:07:31 2014 : Auth: Login OK: [userB] (from client 192.168.100.5 port 276 cli 9072.409e.c5ef) ==> packetfence.log <== Jul 25 18:07:37 httpd.portal(2727) INFO: mac : 90:72:40:9e:c5:ef (captiveportal::PacketFence::Controller::CaptivePortal::validateMac) Jul 25 18:07:37 httpd.portal(2727) INFO: Updating node 90:72:40:9e:c5:ef user_agent with useragent: 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257' (captiveportal::PacketFen Jul 25 18:07:37 httpd.portal(2727) INFO: Static User-Agent lookup data initialized (pf::useragent::_init) Jul 25 18:07:37 httpd.portal(2727) INFO: 90:72:40:9e:c5:ef redirected to default (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister) Jul 25 18:07:37 httpd.portal(2727) INFO: 90:72:40:9e:c5:ef redirected to authentication page (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister) Jul 25 18:08:26 httpd.portal(3034) INFO: mac : 90:72:40:9e:c5:ef (captiveportal::PacketFence::Controller::CaptivePortal::validateMac) Jul 25 18:08:26 httpd.portal(3034) INFO: Authentication successful for userA in source local (SQL) (pf::authentication::authenticate) Jul 25 18:08:26 httpd.portal(3034) INFO: person userA modified to userA (pf::person::person_modify) Jul 25 18:08:26 httpd.portal(3034) INFO: re-evaluating access for node 90:72:40:9e:c5:ef (manage_register called) (pf::enforcement::reevaluate_access) Jul 25 18:08:26 httpd.portal(3034) INFO: switch port for 90:72:40:9e:c5:ef is 192.168.100.5 ifIndex 276 connection type: WiFi 802.1X (pf::enforcement::_vlan_reevaluation) Jul 25 18:08:27 httpd.portal(3034) INFO: trying to dissociate a wireless 802.1x user, this might not work depending on hardware support. If its your case please file a bug (pf::enforcement::_vlan_reevaluation) Jul 25 18:08:31 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 192.168.100.5 (main::parseTrap) Jul 25 18:08:32 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jul 25 18:08:32 pfsetvlan(1) INFO: desAssociate trap received on 192.168.100.5 for wireless client 90:72:40:9e:c5:ef (main::handleTrap) Jul 25 18:08:32 pfsetvlan(1) WARN: Problem trying to run command: /usr/local/pf/bin/pfcmd_vlan -deauthenticateDot1x -switch 192.168.100.5 -mac 90:72:40:9e:c5:ef called from handleTrap. OS Error: Cannot allocate memory (pf::util::pf_run) Jul 25 18:08:32 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) | ||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2014-07-25 13:35 | jpfmagalhaes | New Issue | |||
| 2015-03-04 12:20 | lmunro | Note Added: 0003973 | |||
| 2015-03-04 12:20 | lmunro | Status | new => closed | ||
| 2015-03-04 12:20 | lmunro | Assigned To | => lmunro | ||
| 2015-03-04 12:20 | lmunro | Resolution | open => fixed | ||
| Notes | |||||
|
|
|||||
|
|
||||