Hi Alan,
Try this:
Create a second profile and make it match only wired MAC authentication
requests.
Point that profile to the guest source.
Remove the rule that matches on the connection type from the guest
authentication source (at least temporarily so we can debug this).
Your WIRED_MAC_AUTH traffic should then be sent to that source only which will
make troubleshooting this easier.
Try again and let us know how that works. Please post relevant log excerpts.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
> On Feb 4, 2016, at 20:03 , Alan Shoop <[email protected]> wrote:
>
> Louis,
>
> In this case, I am using just the one, singular default profile with all
> sources selected.
>
> I have attached the authentication.conf and profiles.conf files as requested.
>
> Thank you so much for your kind assistance!
>
> Alan Shoop
> Senior Network Engineer
> Office of Information Technology
> Wilson College
>
> From: Louis Munro [mailto:[email protected] <mailto:[email protected]>]
> Sent: Thursday, February 04, 2016 5:38 PM
> To: [email protected]
> <mailto:[email protected]>
> Subject: Re: [PacketFence-users] Issue with Rules in Email External Source
>
> Hi Alan,
> Could you post the contents of your conf/authentication.conf and
> conf/profiles.conf files (suitably scrubbed from any passwords…)
>
> As a guess, and without more details, I would just like to remind you that
> profiles decide which authentication sources will be used.
> Make sure the portal profile is correctly defined (which we should be able to
> tell from the contents of the profiles.conf).
>
> Keep on posting, we’ll get you there...
>
> Regards,
> --
> Louis Munro
> [email protected] <mailto:[email protected]> :: www.inverse.ca
> <http://www.inverse.ca/>
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
> PacketFence (www.packetfence.org <http://www.packetfence.org/>)
>
> On Feb 4, 2016, at 17:15 , Alan Shoop <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hello,
>
> I am using PacketFence Version 5.5.2.
>
> I am having an issue with the Rules within Sources > External Sources >
> Rules. Particularly with applying Conditions.
>
> If I create a single rule with no Conditions, and Actions that set a Role and
> Access Duration, everything works as expected.
>
> I am trying to create rules and conditions that will place users logging in
> from our Wired network into one Role, and users logging in from our Wireless
> Network into a different Role.
>
> If I set a condition where “Connection type” “is” and choose
> “WIRED_MAC_AUTH”, (with the same actions) then PacketFence errors with “Got
> no role for username…”
>
> The RADIUS request is passing the connection type correctly as
> “connection_type => WIRED_MAC_AUTH”
>
> Here is a snippet from the log files:
>
> handling radius autz request: from switch_ip => (10.1.0.20), connection_type
> => WIRED_MAC_AUTH,switch_mac => (Unknown), mac => [00:22:64:52:f7:cb], port
> => 1, username => "00226452f7cb" (pf::radius::authorize)
> is of status unreg; belongs into registration VLAN
> (pf::vlan::getRegistrationVlan)
> (10.1.0.20) Added VLAN 10 to the returned RADIUS reply
> (pf::Switch::returnRadiusAccessAccept)
> (10.1.0.20) Returning ACCEPT with VLAN 10 and role
> (pf::Switch::returnRadiusAccessAccept)
> Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
> Memory configuration is not valid anymore for key
> resource::authentication_sources in local cached_hash
> (pfconfig::cached::is_valid)
> nstantiate profile default (pf::Portal::ProfileFactory::_from_profile)
> Memory configuration is not valid anymore for key
> resource::authentication_lookup in local cached_hash
> (pfconfig::cached::is_valid)
> Validating mandatory and custom fields for 'Guest-Email' based
> self-registration
> (captiveportal::PacketFence::Controller::Signup::validateMandatoryFields)
> Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
> Memory configuration is not valid anymore for key
> resource::authentication_sources in local cached_hash
> (pfconfig::cached::is_valid)
> Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
> Memory configuration is not valid anymore for key
> resource::authentication_lookup in local cached_hash
> (pfconfig::cached::is_valid)
> Validating mandatory and custom fields for 'Guest-Email' based
> self-registration
> (captiveportal::PacketFence::Controller::Signup::validateMandatoryFields)
> registering 00:22:64:52:f7:cb guest by email
> (captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration)
> Got no role for username "*redacted*@*redacted*.com"
> (captiveportal::PacketFence::Controller::Authenticate::setRole)
>
> Any thoughts?
>
> Alan Shoop
> Senior Network Engineer
> Office of Information Technology
> Wilson College
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
>
> <http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________>
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> <authentication.conf><profiles.conf>------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
>
> <http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________>
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
