Hello Eugene,

i suppose you apply the PR 2735 on github.

I have push 2 new commits so can you try to apply them and make another
try ?

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
| patch -p1

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff
| patch -p1

Regards
Fabrice

Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit :
>
> There’s another challenge in the endless string of them…
>
> My PEAP connection from Windows based supplicant lands on the
> connection profile and wheels start rotating, i.e. the profile uses
> the authentication source
>
> The connection and authentication completes but there’s no role
> assignment and I see that my conditions are not matched.
>
> Here’s an extract from packetfence.log
>
>  
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] handling radius autz request: from
> switch_ip => (172.19.254.2), connection_type =>
> Wireless-802.11-EAP,switch_mac => (
>
> 24:a4:3c:5e:c1:00), mac => [70:1a:04:2c:52:ff], port => 0, username =>
> "OPTIONS\test", ssid => SecStaff (pf::radius::authorize)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> ERROR: [mac:70:1a:04:2c:52:ff] */Can't bind : IO::Socket::INET:
> connect: Connection refused/*
>
> (pf::ip4log::_get_lease_from_omapi)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Instantiate profile
> Staff-connection-profile (pf::Connection::ProfileFactory::_from_profile)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Found authentication source(s) :
> 'OPTIONS-AD-SOURCE' for realm 'default'
> (pf::config::util::filter_authentication_sour
>
> ces)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] */Calling match with empty/invalid rule
> class. Defaulting to 'authentication' (pf::authentication::match2)/*
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Using sources OPTIONS-AD-SOURCE for
> matching (pf::authentication::match2)
>
> Mar  5 07:43:32 PacketFence-ZEN pfqueue: pfqueue(16161) INFO:
> [mac:unknown] undefined source id provided
> (pf::lookup::person::lookup_person)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Can't find provisioner for
> 70:1a:04:2c:52:ff since we don't have it's OS
> (pf::Connection::Profile::findProvisioner)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Use of uninitialized value in string eq
> at /usr/local/pf/lib/pf/role.pm line 728.
>
> (pf::role::_check_bypass)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Connection type is WIRELESS_MAC_AUTH.
> Getting role from node_info (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Use of uninitialized value $role in
> concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 476.
>
> (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Username was NOT defined or unable to
> match a role - returning node based role '' (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] PID: "OPTIONS\test", Status: reg
> Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] violation 1300003 force-closed for
> 70:1a:04:2c:52:ff (pf::violation::violation_force_close)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> ERROR: [mac:70:1a:04:2c:52:ff] Can't bind : IO::Socket::INET: connect:
> Connection refused
>
> (pf::ip4log::_get_lease_from_omapi)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Instantiate profile
> Staff-connection-profile (pf::Connection::ProfileFactory::_from_profile)
>
> Mar  5 07:43:33 PacketFence-ZEN pfqueue: pfqueue(16150) ERROR:
> [mac:34:17:eb:de:f0:b4] Can't bind : IO::Socket::INET: connect:
> Connection refused
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>  
>
> Why do I see all those errors? Why do I see the connection is refused,
> e.g. Can't bind : IO::Socket::INET: connect: Connection refused
>
> Why there’s no matching, e.g. Calling match with empty/invalid rule class
>
>  
>
> Here’s an extract from authentication.conf file
>
>  
>
> [OPTIONS-AD-SOURCE]
>
> cache_match=0
>
> read_timeout=10
>
> realms=default
>
> password=IloveU#007
>
> scope=base
>
> binddn=CN=ADintegrator,CN=Users,DC=options,DC=bc,DC=ca
>
> port=389
>
> description=Options-AD-Source
>
> write_timeout=5
>
> type=AD
>
> basedn=CN=Users,DC=options,DC=bc,DC=ca
>
> set_access_level_action=
>
> usernameattribute=sAMAccountName
>
> connection_timeout=5
>
> stripped_user_name=no
>
> encryption=none
>
> host=adserver.options.bc.ca
>
> email_attribute=mail
>
>  
>
> [OPTIONS-AD-SOURCE rule Staff-WiFi]
>
> action0=set_role=Staff
>
> condition0=memberOf,equals,CN=Staff-WiFi,CN=Users,DC=options,DC=bc,DC=ca
>
> match=any
>
> class=authentication
>
> action1=set_unreg_date=2019-12-31
>
> description=Evaluates Staff-WiFi AD group membership
>
>  
>
> Eugene
>
>  
>
>  
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to