Eugene,

On the note of patch application;  Are you sure you applied the entire
patch? The output of your patching below indicates 3 hunks that still need
to be manually applied.

cheers,
Ian

 [root@PacketFence-ZEN pf]# patch -p1 <
./34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff
 patching file lib/pf/config.pm
 Hunk #1 succeeded at 326 (offset 5 lines).
 Hunk #2 FAILED at 947.
 1 out of 2 hunks FAILED -- saving rejects to file lib/pf/config.pm.rej


 [root@PacketFence-ZEN pf]# patch -p1 <
1eef967ad1ee589136a097166c440cb30107ddfb.diff
 patching file lib/pf/enforcement.pm
 Reversed (or previously applied) patch detected!  Assume -R? [n] n
 Apply anyway? [n] y
 Hunk #1 FAILED at 43.
 Hunk #2 FAILED at 169.
 2 out of 2 hunks FAILED -- saving rejects to file lib/pf/enforcement.pm.rej

On Sun, Mar 11, 2018 at 6:44 PM, E.P. via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> And also this issue still bothers me, Fabrice.
>
> I applied the patch but it is all about deauthentication
>
> What does it have to do with role assignment and not matching conditions
> in the authentication source?
>
> Is there any other logs or outputs to analyze to find the root cause ?
>
>
>
> Eugene
>
>
>
> *From:* Fabrice Durand [mailto:fdur...@inverse.ca]
> *Sent:* Thursday, March 08, 2018 11:30 AM
>
> *To:* E.P. <ype...@gmail.com>; packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] No roles assignment and no rules
> matching in the authentication source
>
>
>
> cd /usr/local/pf
>
> patch -p1 ....
>
>
>
> Le 2018-03-08 à 13:57, E.P. a écrit :
>
> And what file are we patching ?
>
>
>
> *patch -p1 < 1eef967ad1ee589136a097166c440cb30107ddfb.diff*
>
> *can't find file to patch at input line 5*
>
> *Perhaps you used the wrong -p or --strip option?*
>
> *The text leading up to this was:*
>
> *--------------------------*
>
> *|diff --git a/lib/pf/enforcement.pm <http://enforcement.pm>
> b/lib/pf/enforcement.pm <http://enforcement.pm>*
>
> *|index 8ff56b4252b..05589bba682 100644*
>
> *|--- a/lib/pf/enforcement.pm <http://enforcement.pm>*
>
> *|+++ b/lib/pf/enforcement.pm <http://enforcement.pm>*
>
> *--------------------------*
>
> *File to patch:*
>
>
>
>
>
>
>
> *From:* Fabrice Durand [mailto:fdur...@inverse.ca <fdur...@inverse.ca>]
> *Sent:* Thursday, March 08, 2018 5:28 AM
> *To:* E.P. <ype...@gmail.com> <ype...@gmail.com>; packetfence-users@lists.
> sourceforge.net
> *Subject:* Re: [PacketFence-users] No roles assignment and no rules
> matching in the authentication source
>
>
>
> https://github.com/inverse-inc/packetfence/pull/2735/commits/
> 1eef967ad1ee589136a097166c440cb30107ddfb.diff is suppose to return that:
>
>
>
> diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
>
> index 8ff56b4252b..05589bba682 100644
>
> --- a/lib/pf/enforcement.pm
>
> +++ b/lib/pf/enforcement.pm
>
> @@ -43,6 +43,7 @@ use pf::config qw(
>
>      %connection_type_explained
>
>      $WIRED
>
>      $WIRELESS
>
> +    $WEBAUTH
>
>  );
>
>  use pf::inline::custom $INLINE_API_LEVEL;
>
>  use pf::iptables;
>
> @@ -169,7 +170,7 @@ sub _vlan_reevaluation {
>
>                  $client->notify( 'ReAssignVlan', %data );
>
>              }
>
>          }
>
> -        elsif ( ( $conn_type & $WIRELESS ) == $WIRELESS ) {
>
> +        elsif ( ( ( $conn_type & $WIRELESS ) == $WIRELESS ) || ( ( 
> $conn_type & $WEBAUTH ) == $WEBAUTH ) ) {
>
>              $logger->debug("Calling API with desAssociate request on switch 
> (".$switch_id.")");
>
>              if ($cluster_deauth) {
>
>                  $client->notify( 'desAssociate_in_queue', %data );
>
>
>
> And it work on my side, so do wget instead and after patch -p1 <
> 1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Same for the other patch.
>
> Regards
>
> Fabrice
>
>
>
>
>
>
>
> Le 2018-03-08 à 00:48, E.P. a écrit :
>
> Am I applying this patch in the wrong way ?
>
>
>
> [root@PacketFence-ZEN conf]# curl https://github.com/inverse-
> inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440c
> b30107ddfb.diff | patch -p1
>
>
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>
>                                  Dload  Upload   Total   Spent    Left
> Speed
>
> 100   161    0   161    0     0    241      0 --:--:-- --:--:-- --:--:--
>  242
>
> patch unexpectedly ends in middle of line
>
> *patch: **** Only garbage was found in the patch input.*
>
>
>
> [root@PacketFence-ZEN conf]# curl https://github.com/inverse-
> inc/packetfence/pull/2735/commits/34405d44b203ce2fd4a4dac435ff62
> d69c4ed00f.diff | patch -p1
>
>  % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>
>                                  Dload  Upload   Total   Spent    Left
> Speed
>
> 100   161    0   161    0     0    218      0 --:--:-- --:--:-- --:--:--
> 218
>
> patch unexpectedly ends in middle of line
>
> *patch: **** Only garbage was found in the patch input*
>
>
>
> wget seems to fetch this file
>
>
>
> [root@PacketFence-ZEN conf]# wget https://github.com/inverse-
> inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440c
> b30107ddfb.diff
>
> --2018-03-08 05:45:34--  https://github.com/inverse-
> inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440c
> b30107ddfb.diff
>
> Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
>
> Connecting to github.com (github.com)|192.30.253.113|:443... connected.
>
> HTTP request sent, awaiting response... 302 Found
>
> Location: https://github.com/inverse-inc/packetfence/commit/
> 1eef967ad1ee589136a097166c440cb30107ddfb.diff [following]
>
> --2018-03-08 05:45:35--  https://github.com/inverse-
> inc/packetfence/commit/1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Reusing existing connection to github.com:443.
>
> HTTP request sent, awaiting response... 200 OK
>
> Length: unspecified [text/plain]
>
> Saving to: '1eef967ad1ee589136a097166c440cb30107ddfb.diff'
>
>     [ <=>
>
>                                                          ] 831
> --.-K/s   in 0s
>
> 2018-03-08 05:45:35 (59.3 MB/s) - 
> '1eef967ad1ee589136a097166c440cb30107ddfb.diff'
> saved [831]
>
>
>
> Eugene
>
>
>
> *From:* Fabrice Durand via PacketFence-users [mailto:packetfence-users@
> lists.sourceforge.net <packetfence-users@lists.sourceforge.net>]
> *Sent:* Wednesday, March 07, 2018 2:08 PM
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* Fabrice Durand <fdur...@inverse.ca> <fdur...@inverse.ca>
> *Subject:* Re: [PacketFence-users] No roles assignment and no rules
> matching in the authentication source
>
>
>
> Hello Eugene,
>
> i suppose you apply the PR 2735 on github.
>
> I have push 2 new commits so can you try to apply them and make another
> try ?
>
> curl https://github.com/inverse-inc/packetfence/pull/2735/commits/
> 1eef967ad1ee589136a097166c440cb30107ddfb.diff | patch -p1
>
> curl https://github.com/inverse-inc/packetfence/pull/2735/commits/
> 34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff | patch -p1
>
> Regards
> Fabrice
>
> Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit :
>
> There’s another challenge in the endless string of them…
>
> My PEAP connection from Windows based supplicant lands on the connection
> profile and wheels start rotating, i.e. the profile uses the authentication
> source
>
> The connection and authentication completes but there’s no role assignment
> and I see that my conditions are not matched.
>
> Here’s an extract from packetfence.log
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++++++++++++++++
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] handling radius autz request: from switch_ip
> => (172.19.254.2), connection_type => Wireless-802.11-EAP,switch_mac => (
>
> 24:a4:3c:5e:c1:00), mac => [70:1a:04:2c:52:ff], port => 0, username =>
> "OPTIONS\test", ssid => SecStaff (pf::radius::authorize)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> ERROR: [mac:70:1a:04:2c:52:ff] *Can't bind : IO::Socket::INET: connect:
> Connection refused*
>
> (pf::ip4log::_get_lease_from_omapi)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Instantiate profile Staff-connection-profile
> (pf::Connection::ProfileFactory::_from_profile)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Found authentication source(s) :
> 'OPTIONS-AD-SOURCE' for realm 'default' (pf::config::util::filter_
> authentication_sour
>
> ces)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] *Calling match with empty/invalid rule
> class. Defaulting to 'authentication' (pf::authentication::match2)*
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Using sources OPTIONS-AD-SOURCE for matching
> (pf::authentication::match2)
>
> Mar  5 07:43:32 PacketFence-ZEN pfqueue: pfqueue(16161) INFO:
> [mac:unknown] undefined source id provided (pf::lookup::person::lookup_
> person)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Can't find provisioner for 70:1a:04:2c:52:ff
> since we don't have it's OS (pf::Connection::Profile::findProvisioner)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Use of uninitialized value in string eq at
> /usr/local/pf/lib/pf/role.pm line 728.
>
> (pf::role::_check_bypass)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Connection type is WIRELESS_MAC_AUTH. Getting
> role from node_info (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Use of uninitialized value $role in
> concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 476.
>
> (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Username was NOT defined or unable to match a
> role - returning node based role '' (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] PID: "OPTIONS\test", Status: reg Returned
> VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] violation 1300003 force-closed for
> 70:1a:04:2c:52:ff (pf::violation::violation_force_close)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> ERROR: [mac:70:1a:04:2c:52:ff] Can't bind : IO::Socket::INET: connect:
> Connection refused
>
> (pf::ip4log::_get_lease_from_omapi)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Instantiate profile Staff-connection-profile
> (pf::Connection::ProfileFactory::_from_profile)
>
> Mar  5 07:43:33 PacketFence-ZEN pfqueue: pfqueue(16150) ERROR:
> [mac:34:17:eb:de:f0:b4] Can't bind : IO::Socket::INET: connect: Connection
> refused
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++
>
>
>
> Why do I see all those errors? Why do I see the connection is refused,
> e.g. Can't bind : IO::Socket::INET: connect: Connection refused
>
> Why there’s no matching, e.g. Calling match with empty/invalid rule class
>
>
>
> Here’s an extract from authentication.conf file
>
>
>
> [OPTIONS-AD-SOURCE]
>
> cache_match=0
>
> read_timeout=10
>
> realms=default
>
> password=IloveU#007
>
> scope=base
>
> binddn=CN=ADintegrator,CN=Users,DC=options,DC=bc,DC=ca
>
> port=389
>
> description=Options-AD-Source
>
> write_timeout=5
>
> type=AD
>
> basedn=CN=Users,DC=options,DC=bc,DC=ca
>
> set_access_level_action=
>
> usernameattribute=sAMAccountName
>
> connection_timeout=5
>
> stripped_user_name=no
>
> encryption=none
>
> host=adserver.options.bc.ca
>
> email_attribute=mail
>
>
>
> [OPTIONS-AD-SOURCE rule Staff-WiFi]
>
> action0=set_role=Staff
>
> condition0=memberOf,equals,CN=Staff-WiFi,CN=Users,DC=options,DC=bc,DC=ca
>
> match=any
>
> class=authentication
>
> action1=set_unreg_date=2019-12-31
>
> description=Evaluates Staff-WiFi AD group membership
>
>
>
> Eugene
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> PacketFence-users@lists.sourceforge.net
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
> --
>
> Fabrice Durand
>
> fdur...@inverse.ca ::  +1.514.447.4918 <(514)%20447-4918> (x135) ::  
> www.inverse.ca
>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
>
>
> --
>
> Fabrice Durand
>
> fdur...@inverse.ca ::  +1.514.447.4918 <(514)%20447-4918> (x135) ::  
> www.inverse.ca
>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
>
> --
>
> Fabrice Durand
>
> fdur...@inverse.ca ::  +1.514.447.4918 <(514)%20447-4918> (x135) ::  
> www.inverse.ca
>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to