Here we go : https://github.com/inverse-inc/packetfence/commit/b172ef0003ac6e8d808276f1942b2ee8634ef7b7.diff
Le 2015-05-08 08:34, Fabrice DURAND a écrit :
> Hello,
>
> In fact the issue is not really in /lib/pf/Authentication/Source.pm but
> in lib/pf/Authentication/Source/RADIUSSource.pm. (match_in_subclass).
> Your patch is working but prefer to patch in the correct function
> I will do a patch and let you know.
>
> Regards
> Fabrice
>
>
>
> The function
> Le 2015-05-08 08:24, Nicola Canepa a écrit :
>> Thank you very much.
>> I forgot to mention the PF version: it's 4.7.
>> Your patch solved the problem.
>>
>> Nicola
>>
>> Il 08/05/15 13:34, Nathan, Josh ha scritto:
>>> I ran into that problem too. Here's how I fixed it:
>>>
>>> The problem was in /lib/pf/Authentication/Source.pm
>>>
>>> At line #58, it starts defining "common_attributes" for the
>>> conditions, but it does NOT have an entry for "username".
>>>
>>> This causes the "if" statement at line #133 to fail, and
>>> apparently the "elseif" process does not ever bring the code to
>>> the point where it actually checks the conditions specified.
>>> So... if the value is "username", it will apparently ALWAYS fail
>>> to assign the proper role.
>>>
>>> My subroutine ended up looking like this:
>>>
>>> sub common_attributes {
>>> my $self = shift;
>>> return [
>>> { value => 'SSID', type => $Conditions::SUBSTRING },
>>> { value => 'current_time', type => $Conditions::TIME },
>>> { value => 'connection_type', type =>
>>> $Conditions::CONNECTION },
>>> { value => 'computer_name', type =>
>>> $Conditions::SUBSTRING },
>>> *{ value => 'username', type => $Conditions::SUBSTRING },*
>>> ];
>>> }
>>>
>>>
>>> Thanks,
>>> Joshua Nathan
>>> IT Administrator
>>> Black Forest Academy
>>> +49 (0) 7626-916123
>>>
>>>
>>> On Fri, May 8, 2015 at 11:47 AM, Nicola Canepa <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> Hello.
>>> I'm trying to activate RADIUS authentication for admin users.
>>> I have configured the source, and the users are quthenticated, as per
>>> httpd.admin.log:
>>> > May 08 10:00:39 httpd.admin(7875) INFO: Authentication
>>> successful for
>>> > canepan in source XXX (RADIUS) (pf::authentication::authenticate)
>>> But if I enable a Rule with a Condition, it never matches.
>>> I tried configuring the following:
>>> - if "any" of the following conditions are met
>>> - "username" "matches regexp" ".*"
>>> - "username" "equals" "canepan"
>>> - "username" "contains" "canepan"
>>>
>>> But I always end with this log (I enabled DEBUG in httpd.admin):
>>> > May 08 09:59:23 httpd.admin(7875) DEBUG: Match called with
>>> parameters
>>> > username => canepan (pf::authentication::match)
>>> If I leave the Rule without Conditions, the user can log in (with the
>>> configured roles).
>>>
>>> What am I doing wrong?
>>>
>>> Thank you for your answers.
>>>
>>> Nicola
>>>
>>> --
>>>
>>> Nicola Canepa
>>> Tel: +39-0522-399-3474
>>> [email protected] <mailto:[email protected]>
>>> ---
>>> Il contenuto della presente comunicazione è riservato e destinato
>>> esclusivamente ai destinatari indicati. Nel caso in cui sia
>>> ricevuto da persona diversa dal destinatario sono proibite la
>>> diffusione, la distribuzione e la copia. Nel caso riceveste la
>>> presente per errore, Vi preghiamo di informarci e di distruggerlo
>>> e/o cancellarlo dal Vostro computer, senza utilizzare i dati
>>> contenuti. La presente comunicazione (comprensiva dei documenti
>>> allegati) non avrà valore di proposta contrattuale e/o
>>> accettazione di proposte provenienti dal destinatario, nè
>>> rinuncia o riconoscimento di diritti, debiti e/o crediti, nè sarà
>>> impegnativa, qualora non sia sottoscritto successivo accordo da
>>> chi può validamente obbligarci. Non deriverà alcuna
>>> responsabilità precontrattuale a ns. carico, se la presente non
>>> sia seguita da contratto sottoscritto dalle parti.
>>>
>>> The content of the above communication is strictly confidential
>>> and reserved solely for the referred addressees. In the event of
>>> receipt by persons different from the addressee, copying,
>>> alteration and distribution are forbidden. If received by mistake
>>> we ask you to inform us and to destroy and/or delete from your
>>> computer without using the data herein contained. The present
>>> message (eventual annexes inclusive) shall not be considered a
>>> contractual proposal and/or acceptance of offer from the
>>> addressee, nor waiver recognizance of rights, debts and/or
>>> credits, nor shall it be binding when not executed as a
>>> subsequent agreement by persons who could lawfully represent us.
>>> No pre-contractual liability shall apply to us when the present
>>> communication is not followed by any binding agreement between
>>> the parties.
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across
>>> Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable
>>> Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> One dashboard for servers and applications across Physical-Virtual-Cloud
>>> Widest out-of-the-box monitoring support with 50+ applications
>>> Performance metrics, stats and reports that give you Actionable Insights
>>> Deep dive visibility with transaction tracing using APM Insight.
>>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> --
>>
>> Nicola Canepa
>> Tel: +39-0522-399-3474
>> [email protected]
>> ---
>> Il contenuto della presente comunicazione è riservato e destinato
>> esclusivamente ai destinatari indicati. Nel caso in cui sia ricevuto da
>> persona diversa dal destinatario sono proibite la diffusione, la
>> distribuzione e la copia. Nel caso riceveste la presente per errore, Vi
>> preghiamo di informarci e di distruggerlo e/o cancellarlo dal Vostro
>> computer, senza utilizzare i dati contenuti. La presente comunicazione
>> (comprensiva dei documenti allegati) non avrà valore di proposta
>> contrattuale e/o accettazione di proposte provenienti dal destinatario, nè
>> rinuncia o riconoscimento di diritti, debiti e/o crediti, nè sarà
>> impegnativa, qualora non sia sottoscritto successivo accordo da chi può
>> validamente obbligarci. Non deriverà alcuna responsabilità precontrattuale a
>> ns. carico, se la presente non sia seguita da contratto sottoscritto dalle
>> parti.
>>
>> The content of the above communication is strictly confidential and reserved
>> solely for the referred addressees. In the event of receipt by persons
>> different from the addressee, copying, alteration and distribution are
>> forbidden. If received by mistake we ask you to inform us and to destroy
>> and/or delete from your computer without using the data herein contained.
>> The present message (eventual annexes inclusive) shall not be considered a
>> contractual proposal and/or acceptance of offer from the addressee, nor
>> waiver recognizance of rights, debts and/or credits, nor shall it be
>> binding when not executed as a subsequent agreement by persons who could
>> lawfully represent us. No pre-contractual liability shall apply to us when
>> the present communication is not followed by any binding agreement between
>> the parties.
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>>
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
