search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.27k stars 274 forks source link

Re-evaluate access from the web admin for wired connection does not work #5852

Closed lzammit closed 3 years ago

lzammit commented 3 years ago

If I try to re-evaluate an access for a Wired EAP TLS connection I got:

Sep 28 12:51:08 pf-testing.inverse.ca packetfence[24600]: pfperl-api(24600) INFO: re-evaluating access (admin_modify called) (pf::enforcement::reevaluate_access)
Sep 28 12:51:08 pf-testing.inverse.ca packetfence[24600]: pfperl-api(24600) INFO: Instantiate profile Wired-EAP-TLS (pf::Connection::ProfileFactory::_from_profile)
Sep 28 12:51:08 pf-testing.inverse.ca packetfence[24600]: pfperl-api(24600) INFO: VLAN reassignment is forced. (pf::enforcement::_should_we_reassign_vlan)
Sep 28 12:51:08 pf-testing.inverse.ca packetfence[24600]: pfperl-api(24600) INFO: switch port is (192.168.126.253) ifIndex 10111connection type: Wired 802.1x (pf::enforcement::_vlan_reevaluation)
Sep 28 12:51:08 pf-testing.inverse.ca packetfence[24600]: pfperl-api(24600) ERROR: call not implemented
                                                           (Mojolicious::Plugin::DefaultHelpers::_development)

Locationlog:

[root@pf-testing pf]# mysql -p******* pf -e"select * from locationlog where mac='00:e0:4c:68:09:e3'"
+-----------+-------------------+-----------------+-------+------+-------+-----------------+---------------------+----------------+------+---------------------+---------------------+-----------------+---------------+-------------------+--------------------+-------+------------+-----------------------+------+
| tenant_id | mac               | switch          | port  | vlan | role  | connection_type | connection_sub_type | dot1x_username | ssid | start_time          | end_time            | switch_ip       | switch_ip_int | switch_mac        | stripped_user_name | realm | session_id | ifDesc                | voip |
+-----------+-------------------+-----------------+-------+------+-------+-----------------+---------------------+----------------+------+---------------------+---------------------+-----------------+---------------+-------------------+--------------------+-------+------------+-----------------------+------+
|         1 | 00:e0:4c:68:09:e3 | 192.168.126.253 | 10111 | 0    | staff | Ethernet-EAP    | 13                  | lzammit        |      | 2020-09-28 12:49:25 | 0000-00-00 00:00:00 | 192.168.126.253 |    3232268029 | 5c:50:15:c2:eb:0b | lzammit            | null  | 2d9d79     | GigabitEthernet1/0/11 | no   |
+-----------+-------------------+-----------------+-------+------+-------+-----------------+---------------------+----------------+------+---------------------+---------------------+-----------------+---------------+-------------------+--------------------+-------+------------+-----------------------+------+

A re-evaluate on a wireless authentication works.

nqb commented 3 years ago

Duplicate of #5816