Menu
▾
▴
Re: [PacketFence-users] PF 9.3.0 and connection profiles and recomputing of roles - not working
|
From: Fabrice D. <fd...@in...> - 2020-02-11 13:31:05
|
Hello Nadim, it depend of the filter and the order. The default one will always be the last one and after that the first match win. Regards Fabrice Le 20-02-10 à 22 h 49, Nadim El-Khoury a écrit : > Hi Fabrice, > > I have another question for you. > How does PF choose which connection profile to use? We have 3 defined. > 1) default which comes with the system. > 2) sc-eduroam for local users > 3) non-sc-eduroam for visitors. > > Best, > > Nadim > > On Mon, Feb 10, 2020 at 10:42 PM Nadim El-Khoury > <nel...@sp... <mailto:nel...@sp...>> wrote: > > Hi Fabrice, > > I want to thank you for taking the time to look into the log file. > Yes, we have AD configured as an authentication source. I added it > to the source in the connection profile and will test it in > the morning and report back. > > Best, > > Nadim > > On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice <fd...@in... > <mailto:fd...@in...>> wrote: > > Hello Nadim, > > here what happen: > > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) > INFO: [mac:a4:e9:75:4e:95:5d] handling radius autz request: > from switch_ip => (10.2.75.11), connection_type => > Wireless-802.11-EAP,switch_mac => (5c:5b:35:a8:10:33), mac => > [a4:e9:75:4e:95:5d], port => 0, username => > "nel...@sp..." > <mailto:nel...@sp...>, ssid => eduroam > (pf::radius::authorize) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) > INFO: [mac:a4:e9:75:4e:95:5d] Instantiate profile > non-sc-eduroam-users > (pf::Connection::ProfileFactory::_from_profile) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) > INFO: [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : > '' for realm 'springfieldcollege.edu > <http://springfieldcollege.edu>' > (pf::config::util::filter_authentication_sources) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) > WARN: [mac:a4:e9:75:4e:95:5d] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) > WARN: [mac:a4:e9:75:4e:95:5d] Switch type > 'pf::Switch::Generic' does not support MABFloatingDevices > (pf::SwitchSupports::__ANON__) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) > INFO: [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : > '' for realm 'springfieldcollege.edu > <http://springfieldcollege.edu>' > (pf::config::util::filter_authentication_sources) > > PacketFence instantiate the profile non-sc-eduroam-users but > is not able to find any sources to compute the rules. > > My assumption is that you enabled auto registration on the > connection profile but you didn't defined any sources. > > So edit the connection profile and assign an authentication > source on it (you probably have an AD one). > > Regards > > Fabrice > > > Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit : >> Hi Fabrice, >> >> Please find attached the packetfence.log file. >> The username is nel...@sp... >> <mailto:nel...@sp...> >> >> Best, >> >> Nadim >> >> On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via >> PacketFence-users <pac...@li... >> <mailto:pac...@li...>> wrote: >> >> Hello Nadim >> >> Le 20-02-05 à 02 h 19, Nadim El-Khoury via >> PacketFence-users a écrit : >>> Hi Everyone, >>> >>> It does not look like that PF 9.3.0 is able to assign >>> the right connection profile once a user is authenticated. >>> >>> Question 1) Why is the right connection profile not >>> being picked up based on the created filter? >> probably a wrong filter >>> Question 2) Can the default connection profile be disabled? >> no >>> Question 3) Why is the system not entering the right >>> owner for the registered device after successful >>> authentication? >> No profile , so no source, so no user. >>> Question 4) Why is the connection profile is set to N/A >>> when it does not properly match a profile? >> because packetfence is not able to compute the connection >> profile. >>> >>> When running the /usr/local/pf/bin/pftest authentication >>> username "" >>> The command returns the right AD group the user is part of. >>> >>> Recomputing of roles does not seem to be working if a >>> device is successfully registered with another user or >>> owner. So, if a new user uses the same device the role >>> is not recomputed and the new user using the same old >>> registered device ends up with the same previous role as >>> the previous user. >>> >>> Question 1) How can we change the above behavior? >>> >> share your packetfence.log file when the device connect >> and we will have the answer. >> >> Regards >> >> Fabrice >> >> >>> Your help is very much appreciated. >>> >>> Best, >>> >>> Nadim >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> Pac...@li... <mailto:Pac...@li...> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> _______________________________________________ >> PacketFence-users mailing list >> Pac...@li... >> <mailto:Pac...@li...> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> -- Fabrice Durand fd...@in... :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) |
