Re: [PacketFence-users] PF 4.1 registration allows only one authentication source?

Fri, 17 Jan 2014 08:21:02 -0800 

Hi Tim,
i didn´t do this code, but the change are:

A second search for memberof in the directory
Fix the bug with multi attribute (like memberof appear more that one time but packetfence only check the first one). 

Fabrice


Le 2014-01-17 11:08, Palmer, Tim a écrit :

Hi Fabrice,


To be honest, I have been focused on high-availability and hadn't 
looked closely at the LDAP/AD changes in 4.1. I was using my 
authentication.conf from 4.0.6. As I look now, there are quite a few 
new choices to work with in the rule matching, especially since 4.0.5, 
if I remember.


Is the documentation for these changes still mostly in the code?

Thank you,

tim

From: Fabrice DURAND <[email protected] <mailto:[email protected]>>

Reply-To: <[email protected] 
<mailto:[email protected]>>

Date: Fri, 17 Jan 2014 08:08:37 -0500

To: <[email protected] 
<mailto:[email protected]>>
Subject: Re: [PacketFence-users] PF 4.1 registration allows only one 
authentication source?


Hello Tim,


We redefined the way to match group membership in the LDAP/AD style 
sources.
So can you capture the ldap traffic and check if the ldap search is 
correct ?


Regards
Fabrice

Le 2014-01-16 14:27, Palmer, Tim a écrit :

Good day all,

PF 4.1, upgraded from 4.0.6
CentOS 6.5


This is a refinement of my less that specific email from this morning 
-- my problem involves registration, and multiple AD sources.



I have several AD sources defined, all matching on 'memberof' filters 
with no nested groups. When a client connects, the login works as 
expected - radius reports "Login OK", access is not immediately 
denied, correct role is assigned, device is flipped to correct vlan, 
and all is well



If the device is not registered,  if the user registering is matched 
by the first source in the list (whether assigned to a profile or 
not), all is well.



If the user would match a source after the first, it does not match, 
the user is showed the error.html page with "Sorry You have reached 
maximum number of devices...",

and the logs show:

Jan 16 13:30:45 register.cgi(0) WARN: No role specified or found for 
pid pf.testtwo (MAC xx:xx:xx:xx:xx:xx); assume maximum number of 
registered nodes is reached (pf::node::is_max_reg_nodes_reached)



I've changed the order of a couple of authentication sources and the 
situation remains the same -- first source is allowed to register, no 
others are.



I have used some custom.pm settings in the past, but removed them all 
in this testing


Bug? Feature? My misunderstanding or mistake somewhere?

Thank you for your time,

Tim




------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk


_______________________________________________
PacketFence-users mailing list
[email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
[email protected]  ::  +1.514.447.4918 (x135) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

------------------------------------------------------------------------------ 
CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why 
More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, 
Development Environments & Everything In Between. Get a Quote or Start 
a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk_______________________________________________ 
PacketFence-users mailing list [email protected] 
<mailto:[email protected]> 
https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
[email protected] ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to