search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.37k stars 289 forks source link

Ubiquiti Unifi Radius Parse DA message failed, dropping request ... #8065

Open flipmode45 opened 7 months ago

flipmode45 commented 7 months ago

Packetfence 13.1. Unifi AP firmware 6.6.55.

We've noticed that deauth is no longer working.

On the AP log I see:

Thu Apr 4 16:19:53 2024 user.info : radius-da-dispatcher[2131]: radius-da-dispatcher.on_receive_request(): parse DA message failed, dropping request ...

In the Packetfence GUI, the request shows malformed, not sure if this is a gui display issue or if the message really is malformed:

Calling-Station-Id = 98-B2-79-61-71-F9 " NAS-Identifier = ",

flipmode45 commented 7 months ago

After further testing, this issue occurs only when deleting a node. When a registered node that is currently connected is deleted in the Packetfence GUI, a malformed radius disconnect is sent to the AP which fails.

To reproduce:

Register a node in Packetfence Connect it to the network In the gui, select Nodes > the registered node > Delete

In Auditing the request shows malformed and the request fails on the AP:

Packetfence GUI: Calling-Station-Id = 98-B2-79-61-71-F9 " NAS-Identifier = "

AP Log:

Thu Apr 4 16:19:53 2024 user.info : radius-da-dispatcher[2131]: radius-da-dispatcher.on_receive_request(): parse DA message failed, dropping request ...

fdurand commented 7 months ago

can you connect on the database and do a:

 select * from locationlog where mac="98:b2:79:61:71:f9"\G

and paste the output ?