Hello I have a small problem, when I connect a device using 802.1x on its network card to a switch on which 802.1X with MAC authentication Bypass is enabled, the PacketFence logs show that the connection type is "ethernet-noEAP", as if the station was using mac authentication (it should be using 802.1x)
Moreover, we can see in the following logs that it also uses the 802.1x profile, as if it was using two types of connection. Any ideas? Thanks Apr 14 10:07:34 TPI-PF1 packetfence: pfperl-api(1617) INFO: Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Apr 14 10:07:34 TPI-PF1 packetfence: pfperl-api(1617) INFO: All cluster members are running the same configuration version (pf::pfcron::task::cluster_check::run) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] handling radius autz request: from switch_ip => (192.168.137.200), connection_type => Ethernet-NoEAP,switch_mac => (00:1d:b3:b9:29:6d), mac => [2c:44:fd:65:ab:27], port => 19, username => "2c44fd65ab27" (pf::radius::authorize) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Found authentication source(s) : 'local,file1,MonDomaine' for realm 'null' (pf::config::util::filter_authentication_sources) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 489. (pf::role::getRegisteredRole) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] PID: "default", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 609. (pf::Switch::getVlanByName) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 612. (pf::Switch::getVlanByName) Apr 14 10:07:47 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] No parameter Vlan found in conf/switches.conf for the switch 192.168.137.200 (pf::Switch::getVlanByName) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] handling radius autz request: from switch_ip => (192.168.137.200), connection_type => Ethernet-EAP,switch_mac => (00:1d:b3:b9:29:60), mac => [2c:44:fd:65:ab:27], port => 19, username => "host/client.tpi.local" (pf::radius::authorize) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] is doing machine auth with account 'host/client.tpi.local'. (pf::radius::authorize) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Found authentication source(s) : 'MonDomaine' for realm 'tpi.local' (pf::config::util::filter_authentication_sources) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Role has already been computed and we don't want to recompute it. (pf::role::getNodeInfoForAutoReg) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Found authentication source(s) : 'MonDomaine' for realm 'tpi.local' (pf::config::util::filter_authentication_sources) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Role has already been computed and we don't want to recompute it. Getting role from node_info (pf::role::getRegisteredRole) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 489. (pf::role::getRegisteredRole) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) INFO: [mac:2c:44:fd:65:ab:27] PID: "default", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 609. (pf::Switch::getVlanByName) Apr 14 10:08:06 TPI-PF1 packetfence_httpd.aaa: httpd.aaa(1226) WARN: [mac:2c:44:fd:65:ab:27] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 612. (pf::Switch::getVlanByName)
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
