OK, I've also discovered the in httpd.admin.log file:
Dec 10 10:41:14 httpd.admin(6919) INFO: [00:1d:72:35:1b:15] re-evaluating
access (node_modify called) (pf::enforcement::reevaluate_access)
Dec 10 10:41:14 httpd.admin(6919) INFO: Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
*Dec 10 10:41:15 httpd.admin(6919) ERROR: Use of uninitialized value
$all_or_any in string eq at
/usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm line
73. (pfappserver::__ANON__)*
Dec 10 10:41:34 httpd.admin(6919) INFO: status 200
(pfappserver::Controller::Configuration::pf_section)
Dec 10 10:41:59 httpd.admin(6919) INFO: set_role
(pfappserver::Base::Form::Authentication::Action::validate)
Dec 10 10:41:59 httpd.admin(6919) INFO: set_access_duration
(pfappserver::Base::Form::Authentication::Action::validate)
Thanks,
Joshua Nathan
IT Administrator
Black Forest Academy
+49 (0) 7626-916123
On Wed, Dec 10, 2014 at 10:46 AM, Nathan, Josh <[email protected]>
wrote:
> OK, here're the packetfence logs for my login with NO conditions set
> (works... user gains Internet access):
>
> Dec 10 10:37:31 httpd.portal(6988) INFO: Authentication successful for
> jnathan in source RadiusTest (RADIUS) (pf::authentication::authenticate)
> Dec 10 10:37:31 httpd.portal(6988) INFO: Matched rule (RadiusStaff) in
> source RadiusTest, returning actions. (pf::Authentication::Source::match)
> Dec 10 10:37:31 httpd.portal(6988) INFO: Matched rule (RadiusStaff) in
> source RadiusTest, returning actions. (pf::Authentication::Source::match)
> Dec 10 10:37:31 httpd.portal(6988) INFO: person jnathan modified to
> jnathan (pf::person::person_modify)
> Dec 10 10:37:31 httpd.portal(6988) INFO: [00:1d:72:35:1b:15] re-evaluating
> access (manage_register called) (pf::enforcement::reevaluate_access)
> Dec 10 10:37:31 httpd.portal(6988) INFO: Instantiate a new iptables
> modification method. pf::ipset (pf::inline::get_technique)
> Dec 10 10:37:31 httpd.webservices(6992) INFO: Instantiate a new iptables
> modification method. pf::ipset (pf::inline::get_technique)
> Dec 10 10:37:32 httpd.webservices(6992) INFO: [00:1d:72:35:1b:15] stated
> changed, adapting firewall rules for proper enforcement
> (pf::inline::performInlineEnforcement)
>
> Here're the logs when ANY condition I've tried is set (doesn't work...
> user NOT granted Internet access):
>
> Dec 10 10:42:14 httpd.portal(10615) INFO: Authentication successful for
> jnathan in source RadiusTest (RADIUS) (pf::authentication::authenticate)
> Dec 10 10:42:14 httpd.portal(10615) WARN: No role specified or found for
> pid jnathan (MAC 00:1d:72:35:1b:15); assume maximum number of registered
> nodes is reached (pf::node::is_max_reg_nodes_reached)
>
>
> For the sake of testing, I set a very simple rule. Here's the entry from
> my Authentication.conf file:
>
> [RadiusTest]
> description=FreeRadius Server
> secret=<my secret>
> port=1812
> type=RADIUS
> host=<my radius server>
>
> [RadiusTest rule RadiusStaff]
> description=Check if Staff Account
> match=all
> action0=set_role=staff
> action1=set_access_duration=1W
> condition0=username,equals,jnathan
>
> Ultimately, I'd like to use a regular expression rather than an "equals".
> I'd like to use something akin to: [a-zA-Z]$
>
> Thanks,
> Joshua Nathan
> IT Administrator
> Black Forest Academy
> +49 (0) 7626-916123
>
> On Tue, Dec 9, 2014 at 9:31 PM, Nathan, Josh <[email protected]>
> wrote:
>
>> I know it works without the condition. I did test that. And I can see
>> in the PacketFence logs that the username and password do authenticate
>> correctly. I'd send you the mentioned log files, but for my time zone, I'm
>> already home. I can send those tomorrow.
>>
>> But... I tested it without any conditions, and it worked fine. Even with
>> the condition, it all says that authentication was successful, it just
>> follows it up with the warning that there is no "role" assignment.
>>
>> Thanks,
>> Joshua Nathan
>> IT Administrator
>> Black Forest Academy
>> +49 (0) 7626-916123
>>
>> On Tue, Dec 9, 2014 at 4:43 PM, Louis Munro <[email protected]> wrote:
>>
>>> On 2014-12-09, at 9:04 , "Nathan, Josh" <[email protected]>
>>> wrote:
>>>
>>> > Hello,
>>> >
>>> > I'm trying to authenticate users against a Radius database, but if I
>>> add a condition to the rule, I keep getting this message in the logs along
>>> with the "Sorry!" page:
>>> >
>>> > httpd.portal(6978) WARN: No role specified or found for pid jnathan
>>> (MAC 00:1d:72:35:1b:15); assume maximum number of registered nodes is
>>> reached (pf::node::is_max_reg_nodes_reached)
>>> >
>>> > I would like to set it as a regular expression so that if the username
>>> ends with a letter, they have one role, and if they end with a number they
>>> have a different role.
>>> >
>>> > However, right now even setting it so that if the "username" either
>>> "contains" or "equals" 'jnathan', I get this message, let alone trying to
>>> use a regular expression.
>>> >
>>> > Any help? How do I get these conditions working?
>>>
>>>
>>> Hi Joshua,
>>> Before diving into conditions it helps to make sure the authentication
>>> actually succeeds and the source is well configured.
>>> Can you post the contents of your conf/authenticaton.conf file (stripped
>>> of passwords and such), especially the section that defines the RADIUS
>>> source?
>>>
>>> You also need to check to see what else is in the logs. Clearly your
>>> rule was not matched, but that's not enough information to go on.
>>>
>>> Try defining a catchall rule first.
>>> Don't add any conditions.
>>> If your rule is still not matched then the problem is not with the rule
>>> itself.
>>>
>>> Regards,
>>> --
>>> Louis Munro
>>> [email protected] :: www.inverse.ca
>>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
>>> www.packetfence.org)
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more
>>> Get technology previously reserved for billion-dollar corporations, FREE
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>
>>
>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
