Sometimes pf::LDAP does not expire properly connection on an error

[jrouzierinverse]

No description provided.

[fdurand]

Here an example:

Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] handling radius autz request: from switch_ip => (127.0.0.1), connection_type => Wireless-802.11-EAP,switch_mac => (01:23:45:67:89:01), mac => [02:00:00:00:00:01], port => 0, username => "secadmin", ssid => PACKETFENCE-DOT1X (pf::radius::authorize)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Instantiate profile wireless_8021x_peap (pf::Portal::ProfileFactory::_from_profile)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Realm source undef is configured in the realm NULL but is not in the portal profile. Ignoring it and using the portal profile sources. (pf::config::util::get_user_sources)
Oct 06 15:12:13 httpd.aaa(3185) WARN: [mac:02:00:00:00:00:01] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Using sources ActiveDirectory_wireless_secure_peap_user, ActiveDirectory_wireless_secure_peap_machine for matching (pf::authentication::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Matched rule (User_exception) in source ActiveDirectory_wireless_secure_peap_user, returning actions. (pf::Authentication::Source::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Using sources ActiveDirectory_wireless_secure_peap_user, ActiveDirectory_wireless_secure_peap_machine for matching (pf::authentication::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Matched rule (User_exception) in source ActiveDirectory_wireless_secure_peap_user, returning actions. (pf::Authentication::Source::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] autoregister a node that is already registered, do nothing. (pf::node::node_register)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Realm source undef is configured in the realm NULL but is not in the portal profile. Ignoring it and using the portal profile sources. (pf::config::util::get_user_sources)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Using sources ActiveDirectory_wireless_secure_peap_user, ActiveDirectory_wireless_secure_peap_machine for matching (pf::authentication::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Matched rule (User_exception) in source ActiveDirectory_wireless_secure_peap_user, returning actions. (pf::Authentication::Source::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Using sources ActiveDirectory_wireless_secure_peap_user, ActiveDirectory_wireless_secure_peap_machine for matching (pf::authentication::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Matched rule (User_exception) in source ActiveDirectory_wireless_secure_peap_user, returning actions. (pf::Authentication::Source::match)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Username was defined "secadmin" - returning role 'default' (pf::role::getRegisteredRole)
Oct 06 15:12:13 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] PID: "secadmin", Status: reg Returned VLAN: (undefined), Role: default (pf::role::fetchRoleForNode)
Oct 06 15:12:13 httpd.aaa(3185) WARN: [mac:02:00:00:00:00:01] No parameter defaultVlan found in conf/switches.conf for the switch 127.0.0.1 (pf::Switch::getVlanByName)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] handling radius autz request: from switch_ip => (127.0.0.1), connection_type => Wireless-802.11-EAP,switch_mac => (01:23:45:67:89:01), mac => [02:00:00:00:00:01], port => 0, username => "secadmin", ssid => PACKETFENCE-DOT1X (pf::radius::authorize)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Instantiate profile wireless_8021x_peap (pf::Portal::ProfileFactory::_from_profile)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Memory configuration is not valid anymore for key resource::authentication_sources in local cached_hash (pfconfig::cached::is_valid)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Realm source undef is configured in the realm NULL but is not in the portal profile. Ignoring it and using the portal profile sources. (pf::config::util::get_user_sources)
Oct 06 15:12:14 httpd.aaa(3185) WARN: [mac:02:00:00:00:00:01] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Using sources ActiveDirectory_wireless_secure_peap_user, ActiveDirectory_wireless_secure_peap_machine for matching (pf::authentication::match)
Oct 06 15:12:14 httpd.aaa(3185) ERROR: [mac:02:00:00:00:00:01] Error binding 'Connexion ré-initialisée par le correspondant' (pf::LDAP::bind)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Matched rule (deny_all) in source ActiveDirectory_wireless_secure_peap_user, returning actions. (pf::Authentication::Source::match)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Using sources ActiveDirectory_wireless_secure_peap_user, ActiveDirectory_wireless_secure_peap_machine for matching (pf::authentication::match)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Matched rule (deny_all) in source ActiveDirectory_wireless_secure_peap_user, returning actions. (pf::Authentication::Source::match)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] autoregister a node that is already registered, do nothing. (pf::node::node_register)
Oct 06 15:12:14 httpd.aaa(3185) INFO: [mac:02:00:00:00:00:01] Realm source undef is configured in the realm NULL but is not in the portal profile. Ignoring it and using the portal profile sources. (pf::config::util::get_user_sources)

[jrouzierinverse]

This cannot be a patch release as it requires a new module.