Menu
▾
▴
Re: [PacketFence-users] PF 9.3.0 and connection profiles and recomputing of roles - not working
|
From: Durand f. <fd...@in...> - 2020-02-13 01:46:27
|
Hello Nadim, there is no source associate to the sc-eduroam-profile profile, try that: # # Copyright (C) 2005-2019 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] autoregister=enabled sources=MSAD [sc-eduroam-profile] filter_match_style=all locale= description=Springfield College local eduroam connections filter=ssid:eduroam sources=MSAD [incoming-eduroam-connections] locale= sources=US-Eduroam-Servers filter=realm:eduroam description=Incoming Eduroam Connections # # Copyright (C) 2005-2019 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html let me know if it's ok now. Regards Fabrice Le 20-02-12 à 08 h 11, Nadim El-Khoury a écrit : > Hi Fabrice, > > Please note that I sanitized the authentication.conf file and removed > the shared Radius key and the password to connect to our MS LDAP. > Everything else is intact. > > Thank you very much for all your help and for looking at this issue. > > Best, > > Nadim > > On Tue, Feb 11, 2020 at 9:02 PM Durand fabrice <fd...@in... > <mailto:fd...@in...>> wrote: > > It's still the same in the logs. > > Can you share your prifiles.conf and authentication.conf file ? > > Regards > > Fabrice > > > Le 20-02-11 à 12 h 02, Nadim El-Khoury a écrit : >> Hi Fabrice, >> >> I am sorry to report that nothing works. I am still seeing the >> same behavior. >> I deleted all the connection profiles and just left the default >> one and still nothing. >> >> I am attaching the packetfence.log file. >> >> Best, >> >> Nadim >> >> On Tue, Feb 11, 2020 at 8:31 AM Fabrice Durand >> <fd...@in... <mailto:fd...@in...>> wrote: >> >> Ok so assign the default realm in the authentication source >> and/or the realm springfieldcollege.edu >> <http://springfieldcollege.edu>. >> >> Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit : >>> Hi Fabrice, >>> >>> I want to thank you for taking the time to look into the log >>> file. >>> Yes, we have AD configured as an authentication source. I >>> added it to the source in the connection profile and will >>> test it in the morning and report back. >>> >>> Best, >>> >>> Nadim >>> >>> On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice >>> <fd...@in... <mailto:fd...@in...>> wrote: >>> >>> Hello Nadim, >>> >>> here what happen: >>> >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >>> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] handling >>> radius autz request: from switch_ip => (10.2.75.11), >>> connection_type => Wireless-802.11-EAP,switch_mac => >>> (5c:5b:35:a8:10:33), mac => [a4:e9:75:4e:95:5d], port => >>> 0, username => "nel...@sp..." >>> <mailto:nel...@sp...>, ssid => >>> eduroam (pf::radius::authorize) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >>> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] >>> Instantiate profile non-sc-eduroam-users >>> (pf::Connection::ProfileFactory::_from_profile) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >>> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] Found >>> authentication source(s) : '' for realm >>> 'springfieldcollege.edu <http://springfieldcollege.edu>' >>> (pf::config::util::filter_authentication_sources) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >>> httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d] No >>> category computed for autoreg >>> (pf::role::getNodeInfoForAutoReg) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >>> httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d] Switch >>> type 'pf::Switch::Generic' does not support >>> MABFloatingDevices (pf::SwitchSupports::__ANON__) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: >>> httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] Found >>> authentication source(s) : '' for realm >>> 'springfieldcollege.edu <http://springfieldcollege.edu>' >>> (pf::config::util::filter_authentication_sources) >>> >>> PacketFence instantiate the profile non-sc-eduroam-users >>> but is not able to find any sources to compute the rules. >>> >>> My assumption is that you enabled auto registration on >>> the connection profile but you didn't defined any sources. >>> >>> So edit the connection profile and assign an >>> authentication source on it (you probably have an AD one). >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit : >>>> Hi Fabrice, >>>> >>>> Please find attached the packetfence.log file. >>>> The username is nel...@sp... >>>> <mailto:nel...@sp...> >>>> >>>> Best, >>>> >>>> Nadim >>>> >>>> On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via >>>> PacketFence-users >>>> <pac...@li... >>>> <mailto:pac...@li...>> wrote: >>>> >>>> Hello Nadim >>>> >>>> Le 20-02-05 à 02 h 19, Nadim El-Khoury via >>>> PacketFence-users a écrit : >>>>> Hi Everyone, >>>>> >>>>> It does not look like that PF 9.3.0 is able to >>>>> assign the right connection profile once a user is >>>>> authenticated. >>>>> >>>>> Question 1) Why is the right connection profile >>>>> not being picked up based on the created filter? >>>> probably a wrong filter >>>>> Question 2) Can the default connection profile be >>>>> disabled? >>>> no >>>>> Question 3) Why is the system not entering the >>>>> right owner for the registered device after >>>>> successful authentication? >>>> No profile , so no source, so no user. >>>>> Question 4) Why is the connection profile is set >>>>> to N/A when it does not properly match a profile? >>>> because packetfence is not able to compute the >>>> connection profile. >>>>> >>>>> When running the /usr/local/pf/bin/pftest >>>>> authentication username "" >>>>> The command returns the right AD group the user is >>>>> part of. >>>>> >>>>> Recomputing of roles does not seem to be working >>>>> if a device is successfully registered with >>>>> another user or owner. So, if a new user uses the >>>>> same device the role is not recomputed and the new >>>>> user using the same old registered device ends up >>>>> with the same previous role as the previous user. >>>>> >>>>> Question 1) How can we change the above behavior? >>>>> >>>> share your packetfence.log file when the device >>>> connect and we will have the answer. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>>> Your help is very much appreciated. >>>>> >>>>> Best, >>>>> >>>>> Nadim >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> Pac...@li... <mailto:Pac...@li...> >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> Pac...@li... >>>> <mailto:Pac...@li...> >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >> -- >> Fabrice Durand >> fd...@in... <mailto:fd...@in...> :: +1.514.447.4918 (x135) ::www.inverse.ca <http://www.inverse.ca> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) >> |
