Menu
▾
▴
Re: [PacketFence-users] PF 9.3.0 and connection profiles and recomputing of roles - not working
|
From: Durand f. <fd...@in...> - 2020-02-12 02:02:20
|
It's still the same in the logs. Can you share your prifiles.conf and authentication.conf file ? Regards Fabrice Le 20-02-11 à 12 h 02, Nadim El-Khoury a écrit : > Hi Fabrice, > > I am sorry to report that nothing works. I am still seeing the same > behavior. > I deleted all the connection profiles and just left the default one > and still nothing. > > I am attaching the packetfence.log file. > > Best, > > Nadim > > On Tue, Feb 11, 2020 at 8:31 AM Fabrice Durand <fd...@in... > <mailto:fd...@in...>> wrote: > > Ok so assign the default realm in the authentication source and/or > the realm springfieldcollege.edu <http://springfieldcollege.edu>. > > Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit : >> Hi Fabrice, >> >> I want to thank you for taking the time to look into the log file. >> Yes, we have AD configured as an authentication source. I added >> it to the source in the connection profile and will test it in >> the morning and report back. >> >> Best, >> >> Nadim >> >> On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice >> <fd...@in... <mailto:fd...@in...>> wrote: >> >> Hello Nadim, >> >> here what happen: >> >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] handling >> radius autz request: from switch_ip => (10.2.75.11), >> connection_type => Wireless-802.11-EAP,switch_mac => >> (5c:5b:35:a8:10:33), mac => [a4:e9:75:4e:95:5d], port => 0, >> username => "nel...@sp..." >> <mailto:nel...@sp...>, ssid => eduroam >> (pf::radius::authorize) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] Instantiate >> profile non-sc-eduroam-users >> (pf::Connection::ProfileFactory::_from_profile) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] Found >> authentication source(s) : '' for realm >> 'springfieldcollege.edu <http://springfieldcollege.edu>' >> (pf::config::util::filter_authentication_sources) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >> httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d] No category >> computed for autoreg (pf::role::getNodeInfoForAutoReg) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >> httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d] Switch type >> 'pf::Switch::Generic' does not support MABFloatingDevices >> (pf::SwitchSupports::__ANON__) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] Found >> authentication source(s) : '' for realm >> 'springfieldcollege.edu <http://springfieldcollege.edu>' >> (pf::config::util::filter_authentication_sources) >> >> PacketFence instantiate the profile non-sc-eduroam-users but >> is not able to find any sources to compute the rules. >> >> My assumption is that you enabled auto registration on the >> connection profile but you didn't defined any sources. >> >> So edit the connection profile and assign an authentication >> source on it (you probably have an AD one). >> >> Regards >> >> Fabrice >> >> >> Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit : >>> Hi Fabrice, >>> >>> Please find attached the packetfence.log file. >>> The username is nel...@sp... >>> <mailto:nel...@sp...> >>> >>> Best, >>> >>> Nadim >>> >>> On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via >>> PacketFence-users <pac...@li... >>> <mailto:pac...@li...>> wrote: >>> >>> Hello Nadim >>> >>> Le 20-02-05 à 02 h 19, Nadim El-Khoury via >>> PacketFence-users a écrit : >>>> Hi Everyone, >>>> >>>> It does not look like that PF 9.3.0 is able to assign >>>> the right connection profile once a user is authenticated. >>>> >>>> Question 1) Why is the right connection profile not >>>> being picked up based on the created filter? >>> probably a wrong filter >>>> Question 2) Can the default connection profile be disabled? >>> no >>>> Question 3) Why is the system not entering the right >>>> owner for the registered device after successful >>>> authentication? >>> No profile , so no source, so no user. >>>> Question 4) Why is the connection profile is set to N/A >>>> when it does not properly match a profile? >>> because packetfence is not able to compute the >>> connection profile. >>>> >>>> When running the /usr/local/pf/bin/pftest >>>> authentication username "" >>>> The command returns the right AD group the user is part of. >>>> >>>> Recomputing of roles does not seem to be working if a >>>> device is successfully registered with another user or >>>> owner. So, if a new user uses the same device the role >>>> is not recomputed and the new user using the same old >>>> registered device ends up with the same previous role >>>> as the previous user. >>>> >>>> Question 1) How can we change the above behavior? >>>> >>> share your packetfence.log file when the device connect >>> and we will have the answer. >>> >>> Regards >>> >>> Fabrice >>> >>> >>>> Your help is very much appreciated. >>>> >>>> Best, >>>> >>>> Nadim >>>> >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> Pac...@li... <mailto:Pac...@li...> >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> _______________________________________________ >>> PacketFence-users mailing list >>> Pac...@li... >>> <mailto:Pac...@li...> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> > -- > Fabrice Durand > fd...@in... <mailto:fd...@in...> :: +1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) > |
