Re: [PacketFence-users] 4.0.1 and AD configuration

[Berlin, Amanda - Information Systems]

Just for future reference, I had to put in the full path for binddn. I
was just using username@domain.local before. J

 

 

 

Amanda Berlin

 

From: Berlin, Amanda - Information Systems
[mailto:berl...@firelands.com] 
Sent: Wednesday, June 26, 2013 9:36 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] 4.0.1 and AD configuration

 

Nada, same error:

 

This is the only thing I can find in the logs, and it isn't from the
last time I tried, so it may just be a one-off error. I searched the
entire logs directory.

 

Jun 25 09:22:40 register.cgi(0) INFO: Invalid LDAP search query
((sAMAccountName=berlintest)).
(pf::Authentication::Source::LDAPSource::authenticate)

 

The end of the log is this:

 

Jun 26 09:29:13 pfdhcplistener(19621) INFO: d4:be:d9:bf:7f:bf requested
an IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server
2008). Modified node with last_dhcp = 2013-06-26 09:29:13,computername =
berlina-dev,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43
(main::listen_dhcp)

Jun 26 09:29:13 pfdhcplistener(19621) DEBUG: sending VENDORMAC::13942489
trigger (pf::node::node_mac_wakeup)

Jun 26 09:29:13 pfdhcplistener(19621) DEBUG: violation not added, no
trigger found for vendormac::13942489 or violation is disabled
(pf::violation::violation_trigger)

Jun 26 09:29:13 pfdhcplistener(19621) DEBUG: sending
MAC::233916162080703 trigger (pf::node::node_mac_wakeup)

Jun 26 09:29:13 pfdhcplistener(19621) DEBUG: violation not added, no
trigger found for mac::233916162080703 or violation is disabled
(pf::violation::violation_trigger)

Jun 26 09:29:13 pfdhcplistener(19621) INFO: DHCPACK from 10.9.1.10
(00:50:56:8e:1b:88) to host d4:be:d9:bf:7f:bf (10.9.1.11) for 30 seconds
(main::parse_dhcp_ack)

Jun 26 09:29:13 pfdhcplistener(19621) DEBUG: 10.9.1.11 &&
d4:be:d9:bf:7f:bf (main::update_iplog)

Jun 26 09:29:13 pfdhcplistener(19621) DEBUG: updating end_time for
(d4:be:d9:bf:7f:bf - 10.9.1.11) (pf::iplog::iplog_open)

 

 

 

Amanda Berlin

 

From: Ray Cannon [mailto:ray.can...@syb.com] 
Sent: Tuesday, June 25, 2013 1:29 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] 4.0.1 and AD configuration

 

I believe your condition should include the full ldap path and look
something like this:

 

condition0=memberOf,equals,CN=PacketFence,OU=Security
Groups,OU=Groups,DC=syb,DC=net

 

 

From: Berlin, Amanda - Information Systems
[mailto:berl...@firelands.com] 
Sent: Tuesday, June 25, 2013 10:59 AM
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] 4.0.1 and AD configuration

 

Hello All,

 

I've been trying to get this to work for some time now and I'm not
getting anywhere. I have version 4.0.1 running and I'm trying to get two
separate sources setup. 

 

Source 1: Internal, AD

 

Source 2: External, Email sponsor

 

 

Here is my authentication.conf

 

[local]

description=Local Users

type=SQL

 

[VendorAccess_Source]

description=VendorAccess_Source

email_activation_timeout=20m

type=Email

allow_localdomain=1

 

[firelands.localAD]

description=Firelands.local AD

password=mypasswordhere

scope=sub

binddn=myuserhere@firelands.local

basedn=DC=firelands,DC=local

usernameattribute=sAMAccountName

encryption=none

port=389

type=AD

host=firelands.local

 

[VendorAccess_Source rule VendorAccess_Rule]

description=VendorAccess_Rule

match=all

action0=set_role=VendorAccess

 

[firelands.localAD rule EmployeeAccessRule]

description=EmployeeAccessRule

match=all

action0=set_role=EmployeeAccess

action1=set_access_duration=1h

condition0=memberOf,equals,PacketFence

 

 

On my switch I have the VendorAccess and EmployeeAccess set to go to
different Vlans. The error I get whenever I try and login with a user
that is member of the PacketFence group in AD is "Username/Password
incorrect for all authentication sources". When I test my source it
comes back saying that the test was successful. I'm combing through the
logs, but I haven't found anything yet. Thoughts? Suggestions? I'm stuck
L

 

 

 

Amanda Berlin

 

 

Email transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive
late or contain viruses. 
The sender, therefore, does not accept liability for any errors or
omissions in the contents of this message, which arise as a result of
email transmission.

The information in this email is confidential, may be privileged, and is
intended solely for the addressee. Access to this email by anyone else
is unauthorized. 
If you are not the intended recipient or a person authorized to deliver
it to the named addressee, do not read, copy, retain, or disseminate
this message or any 
attachment. If you have received this email in error, please reply to
the message immediately to inform the sender that the message was
misdirected. 
After replying, please delete the message from your computer system.

 


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users