Louis,
Your suggestion worked brilliantly!
Thanks!
Alan Shoop
Senior Network Engineer
Office of Information Technology
Wilson College
From: Louis Munro [mailto:[email protected]]
Sent: Friday, February 05, 2016 10:12 AM
To: [email protected]
Subject: Re: [PacketFence-users] Issue with Rules in Email External Source
Hi Alan,
Try this:
Create a second profile and make it match only wired MAC authentication
requests.
Point that profile to the guest source.
Remove the rule that matches on the connection type from the guest
authentication source (at least temporarily so we can debug this).
Your WIRED_MAC_AUTH traffic should then be sent to that source only which will
make troubleshooting this easier.
Try again and let us know how that works. Please post relevant log excerpts.
Regards,
--
Louis Munro
[email protected]<mailto:[email protected]> ::
www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
On Feb 4, 2016, at 20:03 , Alan Shoop
<[email protected]<mailto:[email protected]>> wrote:
Louis,
In this case, I am using just the one, singular default profile with all
sources selected.
I have attached the authentication.conf and profiles.conf files as requested.
Thank you so much for your kind assistance!
Alan Shoop
Senior Network Engineer
Office of Information Technology
Wilson College
From: Louis Munro [mailto:[email protected]]
Sent: Thursday, February 04, 2016 5:38 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] Issue with Rules in Email External Source
Hi Alan,
Could you post the contents of your conf/authentication.conf and
conf/profiles.conf files (suitably scrubbed from any passwords…)
As a guess, and without more details, I would just like to remind you that
profiles decide which authentication sources will be used.
Make sure the portal profile is correctly defined (which we should be able to
tell from the contents of the profiles.conf).
Keep on posting, we’ll get you there...
Regards,
--
Louis Munro
[email protected]<mailto:[email protected]> ::
www.inverse.ca<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and
PacketFence (www.packetfence.org<http://www.packetfence.org/>)
On Feb 4, 2016, at 17:15 , Alan Shoop
<[email protected]<mailto:[email protected]>> wrote:
Hello,
I am using PacketFence Version 5.5.2.
I am having an issue with the Rules within Sources > External Sources > Rules.
Particularly with applying Conditions.
If I create a single rule with no Conditions, and Actions that set a Role and
Access Duration, everything works as expected.
I am trying to create rules and conditions that will place users logging in
from our Wired network into one Role, and users logging in from our Wireless
Network into a different Role.
If I set a condition where “Connection type” “is” and choose “WIRED_MAC_AUTH”,
(with the same actions) then PacketFence errors with “Got no role for username…”
The RADIUS request is passing the connection type correctly as “connection_type
=> WIRED_MAC_AUTH”
Here is a snippet from the log files:
handling radius autz request: from switch_ip => (10.1.0.20), connection_type =>
WIRED_MAC_AUTH,switch_mac => (Unknown), mac => [00:22:64:52:f7:cb], port => 1,
username => "00226452f7cb" (pf::radius::authorize)
is of status unreg; belongs into registration VLAN
(pf::vlan::getRegistrationVlan)
(10.1.0.20) Added VLAN 10 to the returned RADIUS reply
(pf::Switch::returnRadiusAccessAccept)
(10.1.0.20) Returning ACCEPT with VLAN 10 and role
(pf::Switch::returnRadiusAccessAccept)
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Memory configuration is not valid anymore for key
resource::authentication_sources in local cached_hash
(pfconfig::cached::is_valid)
nstantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Memory configuration is not valid anymore for key
resource::authentication_lookup in local cached_hash
(pfconfig::cached::is_valid)
Validating mandatory and custom fields for 'Guest-Email' based
self-registration
(captiveportal::PacketFence::Controller::Signup::validateMandatoryFields)
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Memory configuration is not valid anymore for key
resource::authentication_sources in local cached_hash
(pfconfig::cached::is_valid)
Instantiate profile default (pf::Portal::ProfileFactory::_from_profile)
Memory configuration is not valid anymore for key
resource::authentication_lookup in local cached_hash
(pfconfig::cached::is_valid)
Validating mandatory and custom fields for 'Guest-Email' based
self-registration
(captiveportal::PacketFence::Controller::Signup::validateMandatoryFields)
registering 00:22:64:52:f7:cb guest by email
(captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration)
Got no role for username "*redacted*@*redacted*.com"
(captiveportal::PacketFence::Controller::Authenticate::setRole)
Any thoughts?
Alan Shoop
Senior Network Engineer
Office of Information Technology
Wilson College
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<authentication.conf><profiles.conf>------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
