inverse-inc / packetfence Goto Github PK

When you try to share a new user agent, you get :

"Error! An error condition has occured. See server side logs for details."

Tested on debian 7 and Packetfence 4.6.2

I've configured a floating device and started to change the ProCurve 2920 switch module to support floating devices, but i never got any messages in the log from the functions that should have been called when a floating devices mac was seen on a port.

I've then changes the switch capabilities back to not support floating devices in which case i expected to get a log entry that my device does not support floating devices, but that did not happen either...

I'm still on 4.5.1

Install devel version on centos6, try to use the configurator and when you reach 'Change the admin password' it won't work.

The database password of the user pf is set to his default 'packet', change pf password from configurator do not apply.

If i am a non sponsor user and i try to validate the sponsor access then PacketFence will not verify if i am a sponsor user and will allow the access.

Refactor the SwitchFactory to use the new tied hash interface to access %SwitchConfig

Self explanatory, innit?

When we install Packetfence from devel repo on centos, we must specify radius version else he is trying to install 3.0.1 and we need something < 3.0 for the installation. The install process is trying to install freeradius from base repo where we need it to install from pf repo.

[This is a copy of issue 0001866 in mantis]
Ref: http://packetfence.org/bugs/view.php?id=1866

SSLv3 is enabled by default in Apache config files. Not a best common practice with POODLE on the loose.

SSLv3 is being deprecated by all vendors as it is unfixable.
We should remove support for it.
Our default install should strive for security by default when practical. If the PF admin wants SSLv2 he should enable it.

Title says it all.

Correct that message please.

lib/pf/config/util.pm
lib/pfconfig/empty_string.pm
lib/pfconfig/log.pm
t/prepare-pfconfig.t
addons/dev-helpers/exported-subs.pl

Integration with the new Fingerbank API and PacketFence for violations and OS detection.

While using saved search,

if you have a saved search and you removing the conditions of this one, all your saved search conditions are removed. Not saving anything.

Just remove the conditions of one saved search and select another saved search to recreate the bug.

Everything is back in order if you reload the page.
(Centos 6.6)

Inline triggers are not used.

Let's remove that code.

Add LDAP Source option to select based on parent group in LDAP.

When a role is created, and a VLAN value is assigned to that role for a switch, updating that node role will simply remove the field from the switch role list (but will keep it in switches.conf) and replace it with the new role with an empty value.

How to reproduce:

• Create a role
• Go into a switch and assign a VLAN for that role
• Rename the role
• Go back in the switch config.

Expected behavior:
The role name should be changed... Otherwise, you will have to go through all the config and replicate the change.

Right now we only have one global namespace for the api under which we're implementing all the methods.

We should split them into different namespaces

We should be able to bind the PF server to an Active Directory using the admin interface.

There may be some cases where nodes are displayed twice in the node tab of the web gui.
Is it a problem with locationlog entries ? Display problem ?

The traplog table is completely useless.

Let remove it.

A same node (MAC address) will be displayed more than once in the 'node' tab if more than one iplog entry is opened for that same MAC.

With the new way iplog works, it may occurs and it is a 'normal' behavior to have 'more than one iplog entry for a same MAC'.

The only thing that is different in the listing is the 'current IP' which refers to each opened iplog entries.

Expected behavior:

• We shouldn't have more than one entry in the 'Node' tab for a MAC, even if there's more than one iplog entry opened.

packetfence 4.4.0 with Mysql5.1 have very much slow query in a big environment have 2000 machine

Count: 8 Time=176.57s (1412s) Lock=0.00s (0s) Rows=22.9 (183), pf[pf]@localhost
SELECT o.description, n.dhcp_fingerprint, COUNT(DISTINCT n.mac) AS count, ROUND(COUNT(DISTINCT n.mac)/(SELECT COUNT(_) FROM node)_N,N) AS percent
FROM (node n, iplog i)
LEFT JOIN dhcp_fingerprint d ON n.dhcp_fingerprint = d.fingerprint
LEFT JOIN os_type o ON o.os_id = d.os_id
WHERE n.mac = i.mac AND i.start_time BETWEEN 'S' AND 'S'
GROUP BY o.description
ORDER BY percent desc

Count: 204 Time=37.06s (7560s) Lock=0.00s (0s) Rows=0.0 (0), pf[pf]@localhost
update iplog set end_time = adddate(now(), interval 'S' second) where mac='S' and ip='S' and (end_time = N or end_time > now())

Count: 330 Time=35.32s (11654s) Lock=0.00s (0s) Rows=0.0 (0), pf[pf]@localhost
insert into iplog(mac,ip,start_time,end_time) values('S','S',now(),adddate(now(), interval 'S' second))

Count: 4 Time=25.07s (100s) Lock=0.00s (0s) Rows=1.5 (6), pf[pf]@localhost
SELECT ssid, COUNT(DISTINCT locationlog.mac) AS nodes, ROUND(COUNT(DISTINCT locationlog.mac)/
(SELECT COUNT(DISTINCT locationlog.mac)
FROM locationlog
INNER JOIN node ON node.mac = locationlog.mac AND locationlog.end_time IS NULL
INNER JOIN iplog ON node.mac = iplog.mac
WHERE ssid != "S" AND iplog.start_time BETWEEN 'S' AND 'S'
)*N,N) AS percent
FROM locationlog
INNER JOIN node ON node.mac = locationlog.mac AND locationlog.end_time IS NULL
INNER JOIN iplog ON node.mac = iplog.mac
WHERE ssid != "S" AND iplog.end_time BETWEEN 'S' AND 'S'
GROUP BY ssid
ORDER BY nodes

Count: 500211 Time=20.87s (10439818s) Lock=0.00s (15s) Rows=0.0 (0), pf[pf]@localhost
update iplog set end_time=now() where ip='S' and (end_time=N or end_time > now())

Count: 2 Time=20.32s (40s) Lock=0.00s (0s) Rows=0.0 (0), pf[pf]@localhost
update iplog set end_time=now() where ip='S' and end_time=N

Count: 83595 Time=19.97s (1669210s) Lock=0.00s (6s) Rows=0.0 (0), pf[pf]@localhost
delete from iplog where unix_timestamp(end_time) < (unix_timestamp(now()) - 'S') and end_time!=N

Count: 2 Time=18.55s (37s) Lock=0.00s (0s) Rows=0.0 (0), pf[pf]@localhost
UPDATE node SET
mac='S', pid='S', category_id='S', status='S', voip='S', bypass_vlan='S',
detect_date='S', regdate='S', unregdate='S', lastskip='S', time_balance=NULL, bandwidth_balance=NULL,
user_agent='S', computername='S', dhcp_fingerprint='S',
last_arp='S', last_dhcp='S',
notes=NULL, autoreg='S', sessionid='S'
WHERE mac='S'

Count: 4 Time=17.89s (71s) Lock=0.00s (0s) Rows=1.0 (4), pf[pf]@localhost
SELECT COUNT(*) as count FROM node LEFT JOIN node_category on node_category.category_id = node.category_id LEFT JOIN dhcp_fingerprint on dhcp_fingerprint.fingerprint = node.dhcp_fingerprint LEFT JOIN iplog on iplog.mac = node.mac AND ( iplog.end_time = 'S' OR iplog.end_time > NOW() ) LEFT JOIN os_type using( os_id ) WHERE ( iplog.ip LIKE 'S' )

Refactor the access to the config hashes using the new tied interface. Will only cover the read portion of the configuration hashes and the ConfigStore should be left in place to handle the write on the ini files + for httpd.admin

We have the code. I will create a PR.

Please add an option to select how many results are displayed.

Hi

New to packet fence
This looks awesome!
Loving the captive portal - just installing some strawberry perl to get me going.. hope i can change it so it looks a bit more simple..
I don't receive any sms's, is there any specific config for this? There are no UK mobile phone providers listed, can I update this?
for emails - do I need to start and SMTP service on the packetfence server? I'm using the zero effort 4.7.. the captive portal is working..

Searching for nodes with a specific date range in nodes throws up an
“An error occured while contacting the server” in the admin.

The generated query is invalid because it refers to a table in the "where" that is not in the "from" clause.

E.g.
SELECT
COUNT(*) as count
FROM
node
LEFT JOIN
node_category ON node_category.category_id = node.category_id
LEFT JOIN
dhcp_fingerprint ON dhcp_fingerprint.fingerprint = node.dhcp_fingerprint
LEFT JOIN
iplog ON iplog.mac = node.mac
AND (iplog.end_time = '0000-00-00 00:00:00'
OR iplog.end_time > NOW ())
LEFT JOIN
os_type USING (os_id)
LEFT JOIN
(select DISTINCT
mac, switch
from
locationlog) as locationlog_distinct ON locationlog_distinct.mac = node.mac

WHERE
(node.mac LIKE '%95:f4')
and locationlog.start_time >= '2015-01-17'
and (locationlog.end_time <= '2015-02-16'
or locationlog.end_time IS NULL)

Will cause an error: "ERROR 1054 (42S22): Unknown column 'locationlog.start_time' in 'where clause'.

pfsetvlan does not allow monitoring what is in the SNMP traps queue.
Let's add that feature when we rewrite pfsetvlan.

Fix in fix/email-sponsor_registered_template

When doing a search (in this case, for switches) then clicking on a result to modify it, search filter is cleared on "save" or "cancel" of the modification.

Search filters should be persistent until explicit clearing (or changing page) for at least, switches and nodes.

Write the current database schema version into the database after every schema update. When the
admin console logs in, have it display a big, red, flashing error box if
the �DB schema and current PF version are not compatible.

Logs are often full of spurious messages such as undefined values errors, especially catalyst logs.
Let's clean this up.

This is a meta issue. We should ideally open an issue for each spurious message.

I'm use packetfence in china, the version is packetfence 4.4.0;

1:I can't input non-Englishin create user dialog for firstname and lastname
etc. in chinese and can save correct, ;
2: I can't use non-English in USERS/ Source/AD's Base DN;
3: I can't use non-English in Rule's condition;

Is packetfence 4.4.0 and above support Mysql 5.6 ?

Currently we are using the ascii protocol which could lead to some keys not being saved in memcached

Our current httpd SSL config may be vulnerable to CVE-2015-0204.
Fix the allowed ciphers to prevent a downgrade to vulnerable ciphers.

See PR #410 .

Not sure whether it's normal or not. IMO it should reevaluate the access.

Per example if on the portal we enabled en_US and fr_CA (in this order) and the browser is fr_FR then the language selected by PacketFence should be fr_CA and not en_US. See branch fix/portal_locales .

sudo snippets for Debian can be placed in /etc/sudoers.d. It is the logical place and makes more sense than mangling /etc/sudoers.

The debian/packetfence.postinst should reference a file like:

/etc/sudoers.d/packetfence.

In devel, if you add a portal profile and setup filters for it, the filters you add are gonna be replace by a hash value of it.

The code smells are so bad it makes me want to throw up.
Il will take care of it unless someone else feels as strongly about it.

MAC address should be cleaned in the admin interface as it's used as the hash key in the configuration

Seen with a client, LC_CTYPE=en_US.UTF-8 breaks installation because the post install script tries to access the following files:

/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo
/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo
/usr/share/locale/en_US/LC_MESSAGES/coreutils.m
/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo
/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo
/usr/share/locale/en/LC_MESSAGES/coreutils.mo
/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo
/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo
/usr/share/locale/en_US/LC_MESSAGES/libc.mo
/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo
/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo
/usr/share/locale/en/LC_MESSAGES/libc.mo

Perhaps we should temporarily override the LC_CTYPE in the post install script (i.e. LC_CTYPE=C)?

Right now they are not in pf.conf.

If you check the reuse dot1x credentials, only the nullauth source should be available.

Now we display all the sources installed on the portal profile.

reuse dot1x credentials checked + facebook = not working correctly.

like chinese or japanese can't input to firstname lastname Company etc. filed.

Multiple instances of pfconfig can be started.

The super class method parseTrap in pf::Switch breaks pfsetvlan because it doesn't return a trapType

See http://packetfence.org/bugs/view.php?id=1868

Resolution in #362

See PR #404 .

VLAN ids can be any string.
We should have more tests for that case.