PacketFence
Bug Tracking System
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001816PacketFence802.1xpublic2014-07-25 13:352015-03-04 12:20
Reporterjpfmagalhaes 
Assigned Tolmunro 
PriorityhighSeverityblockReproducibilityalways
StatusclosedResolutionfixed 
PlatformLinuxOSRHEL / CentOSOS Version6
Product Version 
Target VersionFixed in Version 
Summary0001816: Problem with the dissociation of a wireless 802.1x user (pfcmd_vlan - Cannot allocate memory)
DescriptionI'm new to PF and I'm facing a strange problem with the dissociation of a wireless 802.1x user.

The user is authenticated successfully against the Radius Server. After authentication he is moved to the Registration Vlan and the captive portal is presented. After the authentication in the captive portal the deauthentication process fails with the following message:

WARN: Problem trying to run command: /usr/local/pf/bin/pfcmd_vlan -deauthenticateDot1x -switch 192.168.100.5 -mac 90:72:40:9e:c5:ef called from handleTrap. OS Error: Cannot allocate memory (pf::util::pf_run)

However, if a run the command directly on the command line, it is executed normally (the client is registered and moved to the Normal Vlan) .

/usr/local/pf/bin/pfcmd_vlan -deauthenticateDot1x -switch 192.168.100.5 -mac 90:72:40:9e:c5:ef
echo $?
0

Environment:
- PF running over VMWare ESXi
- HP procurve 2524
- AP Cisco 1131AG standalone version

Please help me because I've no idea of what I'm missing?!?
Additional Information==> packetfence.log <==
Jul 25 18:07:31 httpd.webservices(2737) INFO: Unable to extract MAC from Called-Station-Id: 0022.90c5.0710 (pf::radius::extractApMacFromRadiusRequest)
Jul 25 18:07:31 httpd.webservices(2737) INFO: handling radius autz request: from switch_ip => 192.168.100.5, connection_type => Wireless-802.11-EAP,switch_mac => , mac => 90:72:40:9e:c5:ef, port => 276, username => userB (pf::radius::auth
Jul 25 18:07:31 httpd.webservices(2737) INFO: MAC: 90:72:40:9e:c5:ef is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jul 25 18:07:31 httpd.webservices(2737) WARN: Role-based Network Access Control is not supported on network device type pf::Switch::Cisco::Aironet_1130. (pf::Switch::supportsRoleBasedEnforcement)
Jul 25 18:07:31 httpd.webservices(2737) INFO: [192.168.100.5] Returning ACCEPT with VLAN 2 and role (pf::Switch::returnRadiusAccessAccept)

==> radius.log <==
Fri Jul 25 18:07:31 2014 : Auth: rlm_perl: Returning vlan 2 to request from 90:72:40:9e:c5:ef port 276
Fri Jul 25 18:07:31 2014 : Auth: Login OK: [userB] (from client 192.168.100.5 port 276 cli 9072.409e.c5ef)

==> packetfence.log <==
Jul 25 18:07:37 httpd.portal(2727) INFO: mac : 90:72:40:9e:c5:ef (captiveportal::PacketFence::Controller::CaptivePortal::validateMac)
Jul 25 18:07:37 httpd.portal(2727) INFO: Updating node 90:72:40:9e:c5:ef user_agent with useragent: 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257' (captiveportal::PacketFen
Jul 25 18:07:37 httpd.portal(2727) INFO: Static User-Agent lookup data initialized (pf::useragent::_init)
Jul 25 18:07:37 httpd.portal(2727) INFO: 90:72:40:9e:c5:ef redirected to default (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Jul 25 18:07:37 httpd.portal(2727) INFO: 90:72:40:9e:c5:ef redirected to authentication page (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Jul 25 18:08:26 httpd.portal(3034) INFO: mac : 90:72:40:9e:c5:ef (captiveportal::PacketFence::Controller::CaptivePortal::validateMac)
Jul 25 18:08:26 httpd.portal(3034) INFO: Authentication successful for userA in source local (SQL) (pf::authentication::authenticate)
Jul 25 18:08:26 httpd.portal(3034) INFO: person userA modified to userA (pf::person::person_modify)
Jul 25 18:08:26 httpd.portal(3034) INFO: re-evaluating access for node 90:72:40:9e:c5:ef (manage_register called) (pf::enforcement::reevaluate_access)
Jul 25 18:08:26 httpd.portal(3034) INFO: switch port for 90:72:40:9e:c5:ef is 192.168.100.5 ifIndex 276 connection type: WiFi 802.1X (pf::enforcement::_vlan_reevaluation)
Jul 25 18:08:27 httpd.portal(3034) INFO: trying to dissociate a wireless 802.1x user, this might not work depending on hardware support. If its your case please file a bug (pf::enforcement::_vlan_reevaluation)
Jul 25 18:08:31 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch 192.168.100.5 (main::parseTrap)
Jul 25 18:08:32 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Jul 25 18:08:32 pfsetvlan(1) INFO: desAssociate trap received on 192.168.100.5 for wireless client 90:72:40:9e:c5:ef (main::handleTrap)
Jul 25 18:08:32 pfsetvlan(1) WARN: Problem trying to run command: /usr/local/pf/bin/pfcmd_vlan -deauthenticateDot1x -switch 192.168.100.5 -mac 90:72:40:9e:c5:ef called from handleTrap. OS Error: Cannot allocate memory (pf::util::pf_run)
Jul 25 18:08:32 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0003973)
lmunro (administrator)
2015-03-04 12:20

 Fixed in later release.

Please use the mailing list for support questions.

- Issue History
Date Modified Username Field Change
2014-07-25 13:35 jpfmagalhaes New Issue
2015-03-04 12:20 lmunro Note Added: 0003973
2015-03-04 12:20 lmunro Status new => closed
2015-03-04 12:20 lmunro Assigned To => lmunro
2015-03-04 12:20 lmunro Resolution open => fixed

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker