Hello Will,
so here is your issue:
Jan 21 08:07:57 packetfence packetfence_httpd.aaa: httpd.aaa(6105)
DEBUG: [mac:68:b3:5e:1b:0b:e4] [AD_For_802_1x catchall] Searching for
(|(UserPrincipalName=w.halsall)), from DC=College,DC=Farnborough, with
scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass)
Jan 21 08:07:57 packetfence packetfence_httpd.aaa: httpd.aaa(6105)
DEBUG: [mac:68:b3:5e:1b:0b:e4] [AD_For_802_1x catchall] Found 0 results
(pf::Authentication::Source::LDAPSource::_match_in_subclass)
Jan 21 08:07:57 packetfence packetfence_httpd.aaa: httpd.aaa(6105)
DEBUG: [mac:68:b3:5e:1b:0b:e4] [AD_For_802_1x catchall] No match found
for this LDAP filter
You need to uncheck "Strip in RADIUS authorization" in the realm
farn-ct.ac.uk.
Regards
Fabrice
Le 19-01-21 à 03 h 22, Will Halsall via PacketFence-users a écrit :
Hi Fbrice,
It looks like the DEBUG is on now
Thanks
Will
*From:*Fabrice Durand via PacketFence-users
<[email protected]>
*Sent:* 17 January 2019 15:45
*To:* [email protected]
*Cc:* Fabrice Durand <[email protected]>
*Subject:* Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot
set the Role or the Access Duration
No, the logs are not in debug.
You can restart httpd.aaa to force it.
Le 19-01-17 à 10 h 11, Will Halsall via PacketFence-users a écrit :
I hope this is correct
Thanks
WillH
*From:*Fabrice Durand via PacketFence-users
<[email protected]>
<mailto:[email protected]>
*Sent:* 17 January 2019 13:50
*To:* [email protected]
<mailto:[email protected]>
*Cc:* Fabrice Durand <[email protected]> <mailto:[email protected]>
*Subject:* Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma
cannot set the Role or the Access Duration
Hello Will,
for me it looks that the search in the ldap server doesn't return
anything.
What you can do is to change the log level to debug for httpd.aaa,
make a try and paste again the packetfence.log.
https://github.com/inverse-inc/packetfence/blob/devel/conf/log.conf.d/httpd.aaa.conf.example#L2
log4perl.rootLogger = DEBUG, HTTPD_AAA
Regards
Fabrice
Le 19-01-17 à 07 h 42, Will Halsall via PacketFence-users a écrit :
Hi Fabrice,
The fix has helped as a Role is being returned, not the Role I
wanted but a Role none the less. No Access Duration is being
set at all
Have included the radius debug logs and packetfence.log
Thanks
WillH
*From:*Fabrice Durand via PacketFence-users
<[email protected]>
<mailto:[email protected]>
*Sent:* 16 January 2019 14:40
*To:* [email protected]
<mailto:[email protected]>
*Cc:* Fabrice Durand <[email protected]>
<mailto:[email protected]>
*Subject:* Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma
cannot set the Role or the Access Duration
Hello Will,
i have pushed something in the maintenance branch.
Can you run /usr/local/pf/addons/pf-maint.pl then restart
packetfence and make another try.
Btw let me know if it fix the issue.
Thanks
Fabrice
Le 19-01-16 à 06 h 38, Will Halsall via PacketFence-users a
écrit :
Hi Fabrice
I added the ad source to the default connection profile
but no joy
The user with a userPrincipalName of
[email protected] <mailto:[email protected]>
and sAMAacountname of xwill dpose not set a Role or Access
Duration
A user with a userPrincipalName of [email protected]
<mailto:[email protected]> and a sAMAcountName of
00000010 will set a Role and Access Duration
Thanks
Will Halsall
*From:*Durand fabrice via PacketFence-users
<[email protected]>
<mailto:[email protected]>
*Sent:* 16 January 2019 02:21
*To:* [email protected]
<mailto:[email protected]>
*Cc:* Durand fabrice <[email protected]>
<mailto:[email protected]>
*Subject:* Re: [PacketFence-users] Packetfence 8.3.0 +
Eduroma cannot set the Role or the Access Duration
Hello Will,
can you provide the content of packetfece.log.
It looks that the user xwill authenticate correctly but
there is nothing returned by packetfence. (it use the
default connection profile).
Do you have an authentication source defined in the
default connection profile (like the AD source) ?
Regards
Fabrice
Le 19-01-15 à 10 h 50, Will Halsall via PacketFence-users
a écrit :
Hi Folks,
Have upgraded to packetfence 8.3 to use the userPrincipalNmae
for 802.1x authentication and it authenticates fine but I cannot make it set
the Role or the Access Duration
I have defined the role in the Internal Sources and the
Exclusive Sources as a catchall rule
This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and
confidential information.
If it has come to you in error, please contact the sender as
soon as possible,
and note that you must take no action based on the content, nor
must you copy,
distribute, or show the content to any other person.
In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails
sent and
received, but will not do so routinely.
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
