PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001656PacketFencecaptive portalpublic2013-06-27 06:012015-02-18 11:07
Reportermuhlig 
Assigned Tolmunro 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Versiondevel 
Target VersionFixed in Version 
Summary0001656: node doesn't get registered (Unable to perform RADIUS authentication)
DescriptionSnapshot packetfence-4.0.2-0.20130627.el6.noarch.rpm. After clicking "Login", captive portal writes: "Invalid username/password for all authentication sources".

Additional InformationHowever user gets 802.1x authentication ok. See radius.log:

Thu Jun 27 11:40:37 2013 : Auth: Login OK: [user@dom.ain] (from client packetfence port 0)

Nevertheless user node isn't registered. See packetfence.log:

Jun 27 11:40:37 register.cgi(0) ERROR: Unable to perform RADIUS authentication on any server: EBADAUTH (pf::Authentication::Source::RADIUSSource::authenticate)

Additionally, there is portal error. See portal_error_log (2 kinds of error message):

Use of uninitialized value in subroutine entry at /usr/local/pf/lib/pf/web/dispatcher.pm line 56.
[Thu Jun 27 11:41:59 2013] -e: Use of uninitialized value in subroutine entry at /usr/local/pf/lib/pf/web/dispatcher.pm line 56.
Use of uninitialized value in subroutine entry at /usr/local/pf/lib/pf/web/dispatcher.pm line 56.

 
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Fileslog file icon radius.log [^] (2,500 bytes) 2013-08-07 06:55

- Relationships

-  Notes
(0003357)
fdurand (administrator)
2013-07-31 20:06

Hello,
did you try tcmdump to see radius traffic ?
Also the error Use of uninitialized value in subroutine entry at /usr/local/pf/lib/pf/web/dispatcher.pm line 56 is just a warning that mean there is no referer in the http headers.

Regards
Fabrice
(0003361)
muhlig (reporter)
2013-08-01 02:03

It seems to me radius.log entry "Auth: Login OK" says radius server was found and responded correctly - while register.cgi doesn't see any radius server. And this was inconsistent, wasn't it?

Warning, you say? I found it in portal_error.log and there was no indication of "warning" so I assumed this is an error :-)

However this is rather old issue and the snapshot is outdated already. I'm going to try this once more after 4.0.4 is released.
(0003366)
fdurand (administrator)
2013-08-01 08:21

I think in your setup you added a radius authentication source.
First you receive a radius request from your switch/access point and after on the captive portal packetfence try to check your username and password on your authentication source EBADAUTH.
So the problem is between packetfence and EBADAUTH it why i told you to sniff the radius traffic packetfence end EBADAUTH.

Fabrice
(0003389)
muhlig (reporter)
2013-08-07 07:00
edited on: 2013-08-07 07:24

Radius authentication source is there indeed. Communication between packetfence and radius server also is correct. Real problem is packetfence rejecting otherwise previously correctly authenticated user. See attached log excerpt (in Attached Files).

+++[packetfence] returns reject
++- if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) returns reject

Looks like not-EAP message is invalid here. Any hint?

Best regards,
MU

(0003954)
lmunro (administrator)
2015-02-18 11:07

Not a bug.
Don't use unsuported versions.

- Issue History
Date Modified Username Field Change
2013-06-27 06:01 muhlig New Issue
2013-07-31 20:06 fdurand Note Added: 0003357
2013-08-01 02:03 muhlig Note Added: 0003361
2013-08-01 08:21 fdurand Note Added: 0003366
2013-08-07 06:55 muhlig File Added: radius.log
2013-08-07 07:00 muhlig Note Added: 0003389
2013-08-07 07:24 muhlig Note Edited: 0003389
2015-02-18 11:07 lmunro Note Added: 0003954
2015-02-18 11:07 lmunro Status new => closed
2015-02-18 11:07 lmunro Assigned To => lmunro
2015-02-18 11:07 lmunro Resolution open => fixed


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker