Hello Matteo, to be remove from the mailing list you can scroll down your mouse.
Regards Fabrice Le 2014-12-23 08:59, Matteo Pidalà a écrit : > Remove from mail list me please > > > regards > > 2014-12-23 14:41 GMT+01:00 Fabrice DURAND <[email protected] > <mailto:[email protected]>>: > > Hello Josh, > > the better thing to do is to test with pftest and see if the rules > match. > > Regards > Fabrice > > Le 2014-12-22 10:35, Nathan, Josh a écrit : > > Anymore thoughts about this? I tested the login with the condition > > "Current Time is after 01:00" and that worked, but trying to do > > anything with the username seems to always fail. > > > > Thanks, > > Joshua Nathan > > IT Administrator > > Black Forest Academy > > +49 (0) 7626-916123 <tel:%2B49%20%280%29%207626-916123> > > > > On Thu, Dec 11, 2014 at 9:45 AM, Nathan, Josh > > <[email protected] <mailto:[email protected]> > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > Thanks for your reply Juan, > > > > But if you look, you should see from the excerpt of my conf file > > that I do, indeed, have a role. The role is "staff". > Further, it > > does correctly assign the role if I remove any conditions I have > > regarding the username (I'll admit that I haven't tried other > > types of conditions as those aren't pertinent to my goal). From > > the logs, you can see that the username I tried to authenticate > > with was "jnathan", and even in the most basic condition I tried > > (the condition of the username being "jnathan"), it then > fails to > > assign the role... as if the condition always fails. > > > > So as it stands, the Rule itself works (sees that I have a legit > > username and password, and assigns the proper role). However, > > when I assign a Condition to the rule, it fails. Maybe I'm > typing > > it in wrong? I've tried with no quotes, single quotes, double > > quotes... When looking at the conf file in Vim, I don't see any > > erroneous characters or extra whitespace... > > > > The end goal is to have a single Radius database that houses all > > usernames and passwords, where our username pattern determines > > which role someone is assigned. > > > > Thanks, > > Joshua Nathan > > IT Administrator > > Black Forest Academy > > +49 (0) 7626-916123 <tel:%2B49%20%280%29%207626-916123> > <tel:%2B49%20%280%29%207626-916123> > > > > On Wed, Dec 10, 2014 at 6:43 PM, Juan Camilo Valencia > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > Hi Josh, > > > > Take a look to this log line > > "Dec 10 10:42:14 httpd.portal(10615) WARN: No role specified > > or found for pid jnathan (MAC 00:1d:72:35:1b:15); assume > > maximum number of registered nodes is reached > > (pf::node::is_max_reg_nodes_reached)" > > > > That means that you don´t have a role assigned for the user > > that you are using, you can assigned when you create the > rule > > and assign that role to a vlan id in your switch, the > problem > > is that without a role PF assume that you reach a maximum of > > devices authorized for the pid and doesn´t assign a > functional > > vlan, I think that your rule is corrected created except for > > the role, try to create a role and that should solve the > problem. > > > > I hope that this help you solve the problem. > > > > Best Regards, > > > > On Wed, Dec 10, 2014 at 5:09 AM, Nathan, Josh > > <[email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>>> > > wrote: > > > > OK, I've also discovered the in httpd.admin.log file: > > > > Dec 10 10:41:14 httpd.admin(6919) INFO: > > [00:1d:72:35:1b:15] re-evaluating access (node_modify > > called) (pf::enforcement::reevaluate_access) > > Dec 10 10:41:14 httpd.admin(6919) INFO: Instantiate > a new > > iptables modification method. pf::ipset > > (pf::inline::get_technique) > > _/*Dec 10 10:41:15 httpd.admin(6919) ERROR: Use of > > uninitialized value $all_or_any in string eq at > > > /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Search/Node.pm > > line 73. > > (pfappserver::__ANON__)*/_ > > Dec 10 10:41:34 httpd.admin(6919) INFO: status 200 > > (pfappserver::Controller::Configuration::pf_section) > > Dec 10 10:41:59 httpd.admin(6919) INFO: set_role > > > (pfappserver::Base::Form::Authentication::Action::validate) > > Dec 10 10:41:59 httpd.admin(6919) INFO: > > set_access_duration > > > (pfappserver::Base::Form::Authentication::Action::validate) > > > > Thanks, > > Joshua Nathan > > IT Administrator > > Black Forest Academy > > +49 (0) 7626-916123 > <tel:%2B49%20%280%29%207626-916123> > <tel:%2B49%20%280%29%207626-916123> > > > > On Wed, Dec 10, 2014 at 10:46 AM, Nathan, Josh > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > OK, here're the packetfence logs for my login > with NO > > conditions set (works... user gains Internet > access): > > > > Dec 10 10:37:31 httpd.portal(6988) INFO: > > Authentication successful for jnathan in source > > RadiusTest (RADIUS) > (pf::authentication::authenticate) > > Dec 10 10:37:31 httpd.portal(6988) INFO: Matched > rule > > (RadiusStaff) in source RadiusTest, returning > actions. > > (pf::Authentication::Source::match) > > Dec 10 10:37:31 httpd.portal(6988) INFO: Matched > rule > > (RadiusStaff) in source RadiusTest, returning > actions. > > (pf::Authentication::Source::match) > > Dec 10 10:37:31 httpd.portal(6988) INFO: person > > jnathan modified to jnathan > (pf::person::person_modify) > > Dec 10 10:37:31 httpd.portal(6988) INFO: > > [00:1d:72:35:1b:15] re-evaluating access > > (manage_register called) > > (pf::enforcement::reevaluate_access) > > Dec 10 10:37:31 httpd.portal(6988) INFO: > Instantiate a > > new iptables modification method. pf::ipset > > (pf::inline::get_technique) > > Dec 10 10:37:31 httpd.webservices(6992) INFO: > > Instantiate a new iptables modification method. > > pf::ipset (pf::inline::get_technique) > > Dec 10 10:37:32 httpd.webservices(6992) INFO: > > [00:1d:72:35:1b:15] stated changed, adapting > firewall > > rules for proper enforcement > > (pf::inline::performInlineEnforcement) > > > > Here're the logs when ANY condition I've tried > is set > > (doesn't work... user NOT granted Internet access): > > > > Dec 10 10:42:14 httpd.portal(10615) INFO: > > Authentication successful for jnathan in source > > RadiusTest (RADIUS) > (pf::authentication::authenticate) > > Dec 10 10:42:14 httpd.portal(10615) WARN: No role > > specified or found for pid jnathan (MAC > > 00:1d:72:35:1b:15); assume maximum number of > > registered nodes is reached > > (pf::node::is_max_reg_nodes_reached) > > > > > > For the sake of testing, I set a very simple rule. > > Here's the entry from my Authentication.conf file: > > > > [RadiusTest] > > description=FreeRadius Server > > secret=<my secret> > > port=1812 > > type=RADIUS > > host=<my radius server> > > > > [RadiusTest rule RadiusStaff] > > description=Check if Staff Account > > match=all > > action0=set_role=staff > > action1=set_access_duration=1W > > condition0=username,equals,jnathan > > > > Ultimately, I'd like to use a regular expression > > rather than an "equals". I'd like to use something > > akin to: [a-zA-Z]$ > > > > Thanks, > > Joshua Nathan > > IT Administrator > > Black Forest Academy > > +49 (0) 7626-916123 > <tel:%2B49%20%280%29%207626-916123> > <tel:%2B49%20%280%29%207626-916123> > > > > On Tue, Dec 9, 2014 at 9:31 PM, Nathan, Josh > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > I know it works without the condition. I > did test > > that. And I can see in the PacketFence logs > that > > the username and password do authenticate > > correctly. I'd send you the mentioned log > files, > > but for my time zone, I'm already home. I can > > send those tomorrow. > > > > But... I tested it without any conditions, > and it > > worked fine. Even with the condition, it > all says > > that authentication was successful, it just > > follows it up with the warning that there is no > > "role" assignment. > > > > Thanks, > > Joshua Nathan > > IT Administrator > > Black Forest Academy > > +49 (0) 7626-916123 > <tel:%2B49%20%280%29%207626-916123> > > <tel:%2B49%20%280%29%207626-916123> > > > > On Tue, Dec 9, 2014 at 4:43 PM, Louis Munro > > <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > On 2014-12-09, at 9:04 , "Nathan, Josh" > > <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > > Hello, > > > > > > I'm trying to authenticate users against a > > Radius database, but if I add a condition to > > the rule, I keep getting this message in the > > logs along with the "Sorry!" page: > > > > > > httpd.portal(6978) WARN: No role specified > > or found for pid jnathan (MAC > > 00:1d:72:35:1b:15); assume maximum number of > > registered nodes is reached > > (pf::node::is_max_reg_nodes_reached) > > > > > > I would like to set it as a regular > > expression so that if the username ends > with a > > letter, they have one role, and if they end > > with a number they have a different role. > > > > > > However, right now even setting it so that > > if the "username" either "contains" or > > "equals" 'jnathan', I get this message, let > > alone trying to use a regular expression. > > > > > > Any help? How do I get these conditions > > working? > > > > > > Hi Joshua, > > Before diving into conditions it helps > to make > > sure the authentication actually > succeeds and > > the source is well configured. > > Can you post the contents of your > > conf/authenticaton.conf file (stripped of > > passwords and such), especially the section > > that defines the RADIUS source? > > > > You also need to check to see what else > is in > > the logs. Clearly your rule was not matched, > > but that's not enough information to go on. > > > > Try defining a catchall rule first. > > Don't add any conditions. > > If your rule is still not matched then the > > problem is not with the rule itself. > > > > Regards, > > -- > > Louis Munro > > [email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>> > > :: www.inverse.ca > <http://www.inverse.ca> <http://www.inverse.ca> > > +1.514.447.4918 x125 > <tel:%2B1.514.447.4918%20x125> > > <tel:%2B1.514.447.4918%20x125> :: +1 (866) > > 353-6153 x125 > > <tel:%2B1%20%28866%29%20353-6153%20x125> > > Inverse inc. :: Leaders behind SOGo > > (www.sogo.nu <http://www.sogo.nu> > <http://www.sogo.nu>) and > > PacketFence (www.packetfence.org > <http://www.packetfence.org> > > <http://www.packetfence.org>) > > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free > > Enterprise-Grade BIRT Server > > from Actuate! Instantly Supercharge Your > > Business Reports and Dashboards > > with Interactivity, Sharing, Native Excel > > Exports, App Integration & more > > Get technology previously reserved for > > billion-dollar corporations, FREE > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > > <mailto:[email protected] > <mailto:[email protected]>> > > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free > Enterprise-Grade BIRT > > Server > > from Actuate! Instantly Supercharge Your Business > Reports > > and Dashboards > > with Interactivity, Sharing, Native Excel Exports, App > > Integration & more > > Get technology previously reserved for billion-dollar > > corporations, FREE > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > > > > > -- > > > > *“Choose a job you love, and you will never have to work > a day > > in your life”* > > > > > > ------------------------------------------------------------------------------ > > Download BIRT iHub F-Type - The Free Enterprise-Grade > BIRT Server > > from Actuate! Instantly Supercharge Your Business > Reports and > > Dashboards > > with Interactivity, Sharing, Native Excel Exports, App > > Integration & more > > Get technology previously reserved for billion-dollar > > corporations, FREE > > > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > <mailto:[email protected] > <mailto:[email protected]>> > > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Fabrice Durand > [email protected] <mailto:[email protected]> :: +1.514.447.4918 > <tel:%2B1.514.447.4918> (x135) :: www.inverse.ca > <http://www.inverse.ca> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and > PacketFence (http://packetfence.org) > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot > Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and > more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > _______________________________________________ > PacketFence-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
