Hello, In fact the issue is not really in /lib/pf/Authentication/Source.pm but in lib/pf/Authentication/Source/RADIUSSource.pm. (match_in_subclass). Your patch is working but prefer to patch in the correct function I will do a patch and let you know.
Regards
Fabrice
The function
Le 2015-05-08 08:24, Nicola Canepa a écrit :
> Thank you very much.
> I forgot to mention the PF version: it's 4.7.
> Your patch solved the problem.
>
> Nicola
>
> Il 08/05/15 13:34, Nathan, Josh ha scritto:
>> I ran into that problem too. Here's how I fixed it:
>>
>> The problem was in /lib/pf/Authentication/Source.pm
>>
>> At line #58, it starts defining "common_attributes" for the
>> conditions, but it does NOT have an entry for "username".
>>
>> This causes the "if" statement at line #133 to fail, and
>> apparently the "elseif" process does not ever bring the code to
>> the point where it actually checks the conditions specified.
>> So... if the value is "username", it will apparently ALWAYS fail
>> to assign the proper role.
>>
>> My subroutine ended up looking like this:
>>
>> sub common_attributes {
>> my $self = shift;
>> return [
>> { value => 'SSID', type => $Conditions::SUBSTRING },
>> { value => 'current_time', type => $Conditions::TIME },
>> { value => 'connection_type', type =>
>> $Conditions::CONNECTION },
>> { value => 'computer_name', type =>
>> $Conditions::SUBSTRING },
>> *{ value => 'username', type => $Conditions::SUBSTRING },*
>> ];
>> }
>>
>>
>> Thanks,
>> Joshua Nathan
>> IT Administrator
>> Black Forest Academy
>> +49 (0) 7626-916123
>>
>>
>> On Fri, May 8, 2015 at 11:47 AM, Nicola Canepa <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> Hello.
>> I'm trying to activate RADIUS authentication for admin users.
>> I have configured the source, and the users are quthenticated, as per
>> httpd.admin.log:
>> > May 08 10:00:39 httpd.admin(7875) INFO: Authentication
>> successful for
>> > canepan in source XXX (RADIUS) (pf::authentication::authenticate)
>> But if I enable a Rule with a Condition, it never matches.
>> I tried configuring the following:
>> - if "any" of the following conditions are met
>> - "username" "matches regexp" ".*"
>> - "username" "equals" "canepan"
>> - "username" "contains" "canepan"
>>
>> But I always end with this log (I enabled DEBUG in httpd.admin):
>> > May 08 09:59:23 httpd.admin(7875) DEBUG: Match called with
>> parameters
>> > username => canepan (pf::authentication::match)
>> If I leave the Rule without Conditions, the user can log in (with the
>> configured roles).
>>
>> What am I doing wrong?
>>
>> Thank you for your answers.
>>
>> Nicola
>>
>> --
>>
>> Nicola Canepa
>> Tel: +39-0522-399-3474
>> [email protected] <mailto:[email protected]>
>> ---
>> Il contenuto della presente comunicazione è riservato e destinato
>> esclusivamente ai destinatari indicati. Nel caso in cui sia
>> ricevuto da persona diversa dal destinatario sono proibite la
>> diffusione, la distribuzione e la copia. Nel caso riceveste la
>> presente per errore, Vi preghiamo di informarci e di distruggerlo
>> e/o cancellarlo dal Vostro computer, senza utilizzare i dati
>> contenuti. La presente comunicazione (comprensiva dei documenti
>> allegati) non avrà valore di proposta contrattuale e/o
>> accettazione di proposte provenienti dal destinatario, nè
>> rinuncia o riconoscimento di diritti, debiti e/o crediti, nè sarà
>> impegnativa, qualora non sia sottoscritto successivo accordo da
>> chi può validamente obbligarci. Non deriverà alcuna
>> responsabilità precontrattuale a ns. carico, se la presente non
>> sia seguita da contratto sottoscritto dalle parti.
>>
>> The content of the above communication is strictly confidential
>> and reserved solely for the referred addressees. In the event of
>> receipt by persons different from the addressee, copying,
>> alteration and distribution are forbidden. If received by mistake
>> we ask you to inform us and to destroy and/or delete from your
>> computer without using the data herein contained. The present
>> message (eventual annexes inclusive) shall not be considered a
>> contractual proposal and/or acceptance of offer from the
>> addressee, nor waiver recognizance of rights, debts and/or
>> credits, nor shall it be binding when not executed as a
>> subsequent agreement by persons who could lawfully represent us.
>> No pre-contractual liability shall apply to us when the present
>> communication is not followed by any binding agreement between
>> the parties.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across
>> Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable
>> Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> <mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
>
> Nicola Canepa
> Tel: +39-0522-399-3474
> [email protected]
> ---
> Il contenuto della presente comunicazione è riservato e destinato
> esclusivamente ai destinatari indicati. Nel caso in cui sia ricevuto da
> persona diversa dal destinatario sono proibite la diffusione, la
> distribuzione e la copia. Nel caso riceveste la presente per errore, Vi
> preghiamo di informarci e di distruggerlo e/o cancellarlo dal Vostro
> computer, senza utilizzare i dati contenuti. La presente comunicazione
> (comprensiva dei documenti allegati) non avrà valore di proposta contrattuale
> e/o accettazione di proposte provenienti dal destinatario, nè rinuncia o
> riconoscimento di diritti, debiti e/o crediti, nè sarà impegnativa, qualora
> non sia sottoscritto successivo accordo da chi può validamente obbligarci.
> Non deriverà alcuna responsabilità precontrattuale a ns. carico, se la
> presente non sia seguita da contratto sottoscritto dalle parti.
>
> The content of the above communication is strictly confidential and reserved
> solely for the referred addressees. In the event of receipt by persons
> different from the addressee, copying, alteration and distribution are
> forbidden. If received by mistake we ask you to inform us and to destroy
> and/or delete from your computer without using the data herein contained. The
> present message (eventual annexes inclusive) shall not be considered a
> contractual proposal and/or acceptance of offer from the addressee, nor
> waiver recognizance of rights, debts and/or credits, nor shall it be binding
> when not executed as a subsequent agreement by persons who could lawfully
> represent us. No pre-contractual liability shall apply to us when the present
> communication is not followed by any binding agreement between the parties.
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
