Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit log: profile has an empty value when doing Ethernet/Wireless-NoEAP #5977

Closed
nqb opened this issue Nov 12, 2020 · 3 comments · Fixed by #6020
Closed

Audit log: profile has an empty value when doing Ethernet/Wireless-NoEAP #5977

nqb opened this issue Nov 12, 2020 · 3 comments · Fixed by #6020
Assignees
@nqb
Labels
Priority: Medium Type: Bug
Milestone
+1 (patch release)

Comments

@nqb
Copy link
Contributor

nqb commented Nov 12, 2020

Describe the bug
When PacketFence received a RADIUS request with Ethernet/Wireless-NoEAP, even if request hits a specific connection profile, this information is not saved in DB. In place we have a N/A.

Behavior is the same if your device is registered or unregistered.

To Reproduce
Steps to reproduce the behavior:

  1. Create a Mac Auth RADIUS request
  2. Check "Profile" value on RADIUS Audit log menu
  3. Check packetfence.log for this RADIUS request:

=> You can find a instantiate profile NAME_OF_PROFILE log

Expected behavior
Profile should be save in radius_audit_log table for such requests.

Additional context
I put FreeRADIUS in debug and I noticed that PacketFence doesn't return a PacketFence-Profile RADIUS attribute to FreeRADIUS. Consequently, FreeRADUS save a N/A in DB according to queries.conf

(81) Wed Nov 11 10:11:21 2020: Debug: rest: Processing response header
(81) Wed Nov 11 10:11:21 2020: Debug: rest:   Status : 100 (Continue)
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Continuing...
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Processing response header
(81) Wed Nov 11 10:11:21 2020: Debug: rest:   Status : 200 (OK)
(81) Wed Nov 11 10:11:21 2020: Debug: rest:   Type   : json (application/json)
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-IfIndex"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 8
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 8
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-IfIndex := "8"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Mac"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 00:03:00:11:11:01
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 00:03:00:11:11:01
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Mac := "00:03:00:11:11:01"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Switch-Id"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 44:38:39:00:00:12
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 44:38:39:00:00:12
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Switch-Id := "44:38:39:00:00:12"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-UserName"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 000300111101
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 000300111101
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-UserName := "000300111101"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "Tunnel-Private-Group-Id"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 100
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 100
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Tunnel-Private-Group-Id := "100"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Eap-Type"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 0
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 0
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Eap-Type := "0"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Request-Time"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 1605107481
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 1605107481
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Request-Time := 1605107481
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Role"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND headless_device
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> headless_device
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Role := "headless_device"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Authorization-Status"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND allow
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> allow
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Authorization-Status := "allow"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "Tunnel-Medium-Type"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 6
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 6
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Tunnel-Medium-Type := IEEE-802
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Status"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND reg
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> reg
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Status := "reg"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Switch-Mac"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 44:38:39:00:00:12
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 44:38:39:00:00:12
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Switch-Mac := "44:38:39:00:00:12"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "Tunnel-Type"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 13
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 13
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Tunnel-Type := VLAN
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-AutoReg"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND 0
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> 0
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-AutoReg := "0"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-IsPhone"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-IsPhone := ""
(81) Wed Nov 11 10:11:21 2020: Debug: rest: Parsing attribute "control:PacketFence-Connection-Type"
(81) Wed Nov 11 10:11:21 2020: Debug: rest: EXPAND Ethernet-NoEAP
(81) Wed Nov 11 10:11:21 2020: Debug: rest:    --> Ethernet-NoEAP
(81) Wed Nov 11 10:11:21 2020: Debug: rest: PacketFence-Connection-Type := "Ethernet-NoEAP"
@nqb nqb added the Type: Bug label Nov 12, 2020
@nqb nqb added this to the +1 (patch release) milestone Nov 12, 2020
@nqb nqb self-assigned this Nov 12, 2020
@nqb
Copy link
Contributor Author

nqb commented Nov 12, 2020

According to my debug, portal information is missing when saving node in DB.

That's not the case when doing auto-registration.

The portal information is stored in $args but it looks like we never merge this information with $node_obj like we did for the auto-registration workflow using getNodeInfoForAutoReg function.

@nqb
Copy link
Contributor Author

nqb commented Nov 23, 2020

@julsemaan and @fdurand, my proposal is to add portal as an arg of the RADIUS request in place of a node (see https://github.com/inverse-inc/packetfence/compare/fix/5977). Before going further, I would like to get your point of view.

@julsemaan
Copy link
Collaborator

@julsemaan and @fdurand, my proposal is to add portal as an arg of the RADIUS request in place of a node (see https://github.com/inverse-inc/packetfence/compare/fix/5977). Before going further, I would like to get your point of view.

I'm good with that personally

This was referenced Dec 7, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nqb nqb

Labels
Priority: Medium Type: Bug
Projects
None yet
Milestone
+1 (patch release)
Development

Successfully merging a pull request may close this issue.

add profile name as args attribute inverse-inc/packetfence
2 participants
@julsemaan @nqb