Hallo Fabrice,
Below is the logs as requested..
Regards,
Kehinde
---------- Forwarded message ----------
From: *Akala Kehinde* <[email protected]
<mailto:[email protected]>>
Date: Wed, Jun 14, 2017 at 6:22 PM
Subject: Re: WMI prereg and reg scans fail when user connects
To: Fabrice Durand <[email protected] <mailto:[email protected]>>
Cc: [email protected]
<mailto:[email protected]>
Hallo Fabrice,
Had to do a service pf restart to activate the scan engine in the
profile. Below is the new logs i get when user is in Reg mode.
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO:
[mac:00:50:ff:50:11:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO:
[mac:00:50:ff:50:11:00] grace expired on violation 1200005 for node
00:50:ff:50:11:00 (pf::violation::violation_add)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO:
[mac:00:50:ff:50:11:00] violation 1200005 added for 00:50:ff:50:11:00
(pf::violation::violation_add)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO:
[mac:00:50:ff:50:11:00] executing action 'log' on class 1200005
(pf::action::action_execute)
Jun 14 18:06:26 pfence pfqueue: pfqueue(6613) INFO:
[mac:00:50:ff:50:11:00] /usr/local/pf/logs/violation.log 2017-06-14
18:06:26: Pre Reg System Scan (1200005) detected on node
00:50:ff:50:11:00 (172.16.98.11) (pf::action::action_log)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) INFO:
[mac:00:50:ff:50:11:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) INFO:
[mac:00:50:ff:50:11:00] New ID generated: 1497456387161100
(pf::util::generate_id)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) ERROR:
[mac:00:50:ff:50:11:00] Error rule wmi rule 'WinRAR_Process_Running':
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
(pf::scan::wmi::rules::test)
Jun 14 18:06:27 pfence pfqueue: pfqueue(6613) WARN:
[mac:00:50:ff:50:11:00] WMI scan didnt start (pf::scan::wmi::startScan)
Seems violation id 1200005 triggers the wmi violation id 150001. But
seems user access is denied to scan the host.
When I test from PF i get the same error:
[root@pfence ~]# wmic -Uadminuser%pass //172.16.98.11
<http://172.16.98.11/> "select * from Win_Process"
[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind
to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed
NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
[root@pfence ~]#
I enabled already DCOM access on the user PC but still get the same error.
Regards,
Kehinde
On Wed, Jun 14, 2017 at 5:31 PM, Akala Kehinde <[email protected]
<mailto:[email protected]>> wrote:
Hi Frabice,
Also, the portal redirect feature still doesn't work.
Always have to refresh page. Doesn't redirect automatically.
Regards,
Kehinde
On Wed, Jun 14, 2017 at 3:46 PM, Akala Kehinde
<[email protected] <mailto:[email protected]>> wrote:
Hallo Fabrice,
Below the logs..
Jun 14 15:38:06 pfence pfqueue: Unknown vendor attribute 9/252
for unpack()
Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] handling radius autz request:
from switch_ip => (172.16.100.4), connection_type =>
Ethernet-EAP,switch_mac => (aa:bb:cc:00:05:21), mac =>
[00:50:ff:50:11:00], port => 7, username => "kakala"
(pf::radius::authorize)
Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] is of status unreg; belongs into
registration VLAN (pf::role::getRegistrationRole)
Jun 14 15:38:07 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 98 to
the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 14 15:39:04 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] handling radius autz request:
from switch_ip => (172.16.100.4), connection_type =>
Ethernet-EAP,switch_mac => (aa:bb:cc:00:05:21), mac =>
[00:50:ff:50:11:00], port => 7, username => "kakala"
(pf::radius::authorize)
Jun 14 15:39:04 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:04 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] is of status unreg; belongs into
registration VLAN (pf::role::getRegistrationRole)
Jun 14 15:39:05 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 98 to
the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 14 15:39:29 pfence packetfence_httpd.portal:
httpd.portal(4607) INFO: [mac:unknown] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:29 pfence packetfence_httpd.portal:
httpd.portal(4607) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:29 pfence packetfence_httpd.portal:
httpd.portal(4607) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:29 pfence packetfence_httpd.portal:
httpd.portal(4607) INFO: [mac:00:50:ff:50:11:00] Updating node
user_agent with useragent: 'Mozilla/4.0 (compatible; MSIE 8.0;
Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET
CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)'
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)
Jun 14 15:39:29 pfence packetfence_httpd.portal:
httpd.portal(4607) INFO: [mac:00:50:ff:50:11:00] Static
User-Agent lookup data initialized (pf::useragent::_init)
Jun 14 15:39:37 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:unknown] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:37 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:37 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:37 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:unknown] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:37 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:37 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:58 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:unknown] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:58 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:39:59 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00]
Authenticating user using sources : Win_AD
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] [Win_AD]
Authentication successful for kakala
(pf::Authentication::Source::LDAPSource::authenticate)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00]
Authentication successful for kakala in source Win_AD (AD)
(pf::authentication::authenticate)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] User kakala
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Successfully
authenticated kakala
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence pfqueue: pfqueue(4518) INFO:
[mac:unknown] Already did a person lookup for kakala
(pf::lookup::person::lookup_person)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] User kakala
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) WARN: [mac:00:50:ff:50:11:00] Calling match
with empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Using sources
Win_AD for matching (pf::authentication::match)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Matched rule
(kehinde_rule) in source Win_AD, returning actions.
(pf::Authentication::Source::match)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] User kakala
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) WARN: [mac:00:50:ff:50:11:00] Calling match
with empty/invalid rule class. Defaulting to 'authentication'
(pf::authentication::match)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Using sources
Win_AD for matching (pf::authentication::match)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Matched rule
(kehinde_rule) in source Win_AD, returning actions.
(pf::Authentication::Source::match)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Found source
Win_AD in session. (Class::MOP::Class:::around)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] User kakala
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] User kakala
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] User kakala
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] User kakala
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] violation
1300003 force-closed for 00:50:ff:50:11:00
(pf::violation::violation_force_close)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4609) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:unknown] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:03 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:04 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Releasing
device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Jun 14 15:40:04 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] User default
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:04 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:04 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] re-evaluating
access (manage_register called)
(pf::enforcement::reevaluate_access)
Jun 14 15:40:04 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] is currentlog
connected at (172.16.100.4) ifIndex 7 registration
(pf::enforcement::_should_we_reassign_vlan)
Jun 14 15:40:04 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:04 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Using sources
Win_AD for matching (pf::authentication::match2)
Jun 14 15:40:05 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Matched rule
(kehinde_rule) in source Win_AD, returning actions.
(pf::Authentication::Source::match)
Jun 14 15:40:05 pfence pfqueue: pfqueue(4518) INFO:
[mac:unknown] Already did a person lookup for kakala
(pf::lookup::person::lookup_person)
Jun 14 15:40:05 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] Username was
defined "kakala" - returning role 'staff'
(pf::role::getRegisteredRole)
Jun 14 15:40:05 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] PID:
"kakala", Status: reg Returned VLAN: (undefined), Role: staff
(pf::role::fetchRoleForNode)
Jun 14 15:40:05 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] VLAN
reassignment required (current VLAN = 98 but should be in VLAN
4) (pf::enforcement::_should_we_reassign_vlan)
Jun 14 15:40:05 pfence packetfence_httpd.portal:
httpd.portal(4610) INFO: [mac:00:50:ff:50:11:00] switch port
is (172.16.100.4) ifIndex 7 connection type: Wired 802.1x
(pf::enforcement::_vlan_reevaluation)
Jun 14 15:40:06 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:unknown] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:06 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:06 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] User default
has authenticated on the portal. (Class::MOP::Class:::after)
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Reevaluating
access of device.
(captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state)
Jun 14 15:40:07 pfence pfqueue: pfqueue(5283) INFO:
[mac:00:50:ff:50:11:00] deauthenticating
(pf::Switch::Cisco::Catalyst_2960::radiusDisconnect)
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] re-evaluating
access (manage_register called)
(pf::enforcement::reevaluate_access)
Jun 14 15:40:07 pfence pfqueue: pfqueue(5283) WARN:
[mac:00:50:ff:50:11:00] Unknown vendor attribute 9/252 for
unpack()
(Net::Radius::Packet::unpack)
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] is currentlog
connected at (172.16.100.4) ifIndex 7 registration
(pf::enforcement::_should_we_reassign_vlan)
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Instantiate
profile SNS (pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Using sources
Win_AD for matching (pf::authentication::match2)
Jun 14 15:40:07 pfence pfqueue: Unknown vendor attribute 9/252
for unpack()
Jun 14 15:40:07 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Matched rule
(kehinde_rule) in source Win_AD, returning actions.
(pf::Authentication::Source::match)
Jun 14 15:40:08 pfence pfqueue: pfqueue(4517) INFO:
[mac:unknown] Already did a person lookup for kakala
(pf::lookup::person::lookup_person)
Jun 14 15:40:08 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] Username was
defined "kakala" - returning role 'staff'
(pf::role::getRegisteredRole)
Jun 14 15:40:08 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] PID:
"kakala", Status: reg Returned VLAN: (undefined), Role: staff
(pf::role::fetchRoleForNode)
Jun 14 15:40:08 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] VLAN
reassignment required (current VLAN = 98 but should be in VLAN
4) (pf::enforcement::_should_we_reassign_vlan)
Jun 14 15:40:08 pfence packetfence_httpd.portal:
httpd.portal(4966) INFO: [mac:00:50:ff:50:11:00] switch port
is (172.16.100.4) ifIndex 7 connection type: Wired 802.1x
(pf::enforcement::_vlan_reevaluation)
Jun 14 15:40:08 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] handling radius autz request:
from switch_ip => (172.16.100.4), connection_type =>
Ethernet-EAP,switch_mac => (aa:bb:cc:00:05:21), mac =>
[00:50:ff:50:11:00], port => 7, username => "kakala"
(pf::radius::authorize)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Instantiate profile SNS
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Using sources Win_AD for
matching (pf::authentication::match2)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
ERROR: [mac:00:50:ff:50:11:00] Error binding 'Unexpected EOF'
(pf::LDAP::bind)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
WARN: [mac:00:50:ff:50:11:00] LDAP connection expired
(pf::LDAP::expire_if)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Matched rule (kehinde_rule) in
source Win_AD, returning actions.
(pf::Authentication::Source::match)
Jun 14 15:40:09 pfence pfqueue: pfqueue(4518) INFO:
[mac:unknown] Already did a person lookup for kakala
(pf::lookup::person::lookup_person)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Username was defined "kakala" -
returning role 'staff' (pf::role::getRegisteredRole)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] PID: "kakala", Status: reg
Returned VLAN: (undefined), Role: staff
(pf::role::fetchRoleForNode)
Jun 14 15:40:09 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 4 to
the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 14 15:40:10 pfence pfqueue: pfqueue(5285) INFO:
[mac:00:50:ff:50:11:00] deauthenticating
(pf::Switch::Cisco::Catalyst_2960::radiusDisconnect)
Jun 14 15:40:10 pfence pfqueue: pfqueue(5285) WARN:
[mac:00:50:ff:50:11:00] Unknown vendor attribute 9/252 for
unpack()
(Net::Radius::Packet::unpack)
Jun 14 15:40:10 pfence pfqueue: Unknown vendor attribute 9/252
for unpack()
Jun 14 15:40:10 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] handling radius autz request:
from switch_ip => (172.16.100.4), connection_type =>
Ethernet-EAP,switch_mac => (aa:bb:cc:00:05:21), mac =>
[00:50:ff:50:11:00], port => 7, username => "kakala"
(pf::radius::authorize)
Jun 14 15:40:10 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Jun 14 15:40:10 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Using sources local, file1,
RADIUS, LDAP, Win_AD, Win_AD2 for matching
(pf::authentication::match2)
Jun 14 15:40:11 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] Username was defined "kakala" -
returning role 'staff' (pf::role::getRegisteredRole)
Jun 14 15:40:11 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] PID: "kakala", Status: reg
Returned VLAN: (undefined), Role: staff
(pf::role::fetchRoleForNode)
Jun 14 15:40:11 pfence packetfence_httpd.aaa: httpd.aaa(4406)
INFO: [mac:00:50:ff:50:11:00] (172.16.100.4) Added VLAN 4 to
the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Thanks..
Regards,
Kehinde
On Wed, Jun 14, 2017 at 2:23 PM, Fabrice Durand
<[email protected] <mailto:[email protected]>> wrote:
Hello Kehinde,
do you have the log when a user authenticate on the portal ?
Regards
Fabrice
Le 2017-06-13 à 09:56, Akala Kehinde a écrit :
Hello guys,
Need help uirgently with this..
Have an OOB setup which works. Want to integrate WMI
prereg and reg scans with it. Below is my defined config:
*_WMI Rule_*
*_
_*
[WinRAR_Process_Running]
namespace=ROOT\cimv2
request=select Name from Win32_Process
action= <<EOT
[WinRAR]
attribute = Name
operator = match
value = WinRAR.exe
[1:WinRAR]
action=trigger_violation
action_param = mac = $mac, tid = 789123, type = INTERNAL
EOT
on_tab=1
*_WMI Scan_*
[WMI_SCAN_ENGINE]
wmi_rules=WinRAR_Process_Running
duration=20s
categories=guest,staff
registration=1
username=Administrator
domain=egelsbach.mawoh.de <http://egelsbach.mawoh.de/>
post_registration=1
password=Oy3m1cant0
pre_registration=1
oses=1
type=wmi
_*Violation *_
[1500001]
priority=1
trigger=detect::789123
actions=reevaluate_access,log
window=
desc=WinRAR process check
enabled=Y
template=system_scan
auto_enable=N
delay_by=
grace=2m
redirect_url=http://www.mawoh.de <http://www.mawoh.de/>
*_Connection profile_*
[SNS]
locale=
filter=vlan:98
description=SNS PROFILE
sources=Win_AD
redirecturl=http://www.mawoh.de <http://www.mawoh.de/>
logo=/common/mawoh.png
root_module=SNS_PORTAL
scans=WMI_SCAN_ENGINE
Nothing works when user is in prereg or reg modes. Even
though scan engine is included in profile, seems not
detected when user connects.
Am I doing something wrong?
Regards,
Kehinde
--
Fabrice Durand
[email protected] <mailto:[email protected]> ::+1.514.447.4918
<tel:%28514%29%20447-4918> (x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
