Thanks Fabrice that now works fine I just got confused with needing strip on the Realm Options and not Strip on RADIUS authorization
WillH From: Fabrice Durand via PacketFence-users <[email protected]> Sent: 21 January 2019 14:02 To: [email protected] Cc: Fabrice Durand <[email protected]> Subject: Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration Hello Will, so here is your issue: Jan 21 08:07:57 packetfence packetfence_httpd.aaa: httpd.aaa(6105) DEBUG: [mac:68:b3:5e:1b:0b:e4] [AD_For_802_1x catchall] Searching for (|(UserPrincipalName=w.halsall)), from DC=College,DC=Farnborough, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) Jan 21 08:07:57 packetfence packetfence_httpd.aaa: httpd.aaa(6105) DEBUG: [mac:68:b3:5e:1b:0b:e4] [AD_For_802_1x catchall] Found 0 results (pf::Authentication::Source::LDAPSource::_match_in_subclass) Jan 21 08:07:57 packetfence packetfence_httpd.aaa: httpd.aaa(6105) DEBUG: [mac:68:b3:5e:1b:0b:e4] [AD_For_802_1x catchall] No match found for this LDAP filter You need to uncheck "Strip in RADIUS authorization" in the realm farn-ct.ac.uk. Regards Fabrice Le 19-01-21 à 03 h 22, Will Halsall via PacketFence-users a écrit : Hi Fbrice, It looks like the DEBUG is on now Thanks Will From: Fabrice Durand via PacketFence-users <[email protected]><mailto:[email protected]> Sent: 17 January 2019 15:45 To: [email protected]<mailto:[email protected]> Cc: Fabrice Durand <[email protected]><mailto:[email protected]> Subject: Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration No, the logs are not in debug. You can restart httpd.aaa to force it. Le 19-01-17 à 10 h 11, Will Halsall via PacketFence-users a écrit : I hope this is correct Thanks WillH From: Fabrice Durand via PacketFence-users <[email protected]><mailto:[email protected]> Sent: 17 January 2019 13:50 To: [email protected]<mailto:[email protected]> Cc: Fabrice Durand <[email protected]><mailto:[email protected]> Subject: Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration Hello Will, for me it looks that the search in the ldap server doesn't return anything. What you can do is to change the log level to debug for httpd.aaa, make a try and paste again the packetfence.log. https://github.com/inverse-inc/packetfence/blob/devel/conf/log.conf.d/httpd.aaa.conf.example#L2 log4perl.rootLogger = DEBUG, HTTPD_AAA Regards Fabrice Le 19-01-17 à 07 h 42, Will Halsall via PacketFence-users a écrit : Hi Fabrice, The fix has helped as a Role is being returned, not the Role I wanted but a Role none the less. No Access Duration is being set at all Have included the radius debug logs and packetfence.log Thanks WillH From: Fabrice Durand via PacketFence-users <[email protected]><mailto:[email protected]> Sent: 16 January 2019 14:40 To: [email protected]<mailto:[email protected]> Cc: Fabrice Durand <[email protected]><mailto:[email protected]> Subject: Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration Hello Will, i have pushed something in the maintenance branch. Can you run /usr/local/pf/addons/pf-maint.pl then restart packetfence and make another try. Btw let me know if it fix the issue. Thanks Fabrice Le 19-01-16 à 06 h 38, Will Halsall via PacketFence-users a écrit : Hi Fabrice I added the ad source to the default connection profile but no joy The user with a userPrincipalName of [email protected]<mailto:[email protected]> and sAMAacountname of xwill dpose not set a Role or Access Duration A user with a userPrincipalName of [email protected]<mailto:[email protected]> and a sAMAcountName of 00000010 will set a Role and Access Duration Thanks Will Halsall From: Durand fabrice via PacketFence-users <[email protected]><mailto:[email protected]> Sent: 16 January 2019 02:21 To: [email protected]<mailto:[email protected]> Cc: Durand fabrice <[email protected]><mailto:[email protected]> Subject: Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration Hello Will, can you provide the content of packetfece.log. It looks that the user xwill authenticate correctly but there is nothing returned by packetfence. (it use the default connection profile). Do you have an authentication source defined in the default connection profile (like the AD source) ? Regards Fabrice Le 19-01-15 à 10 h 50, Will Halsall via PacketFence-users a écrit : Hi Folks, Have upgraded to packetfence 8.3 to use the userPrincipalNmae for 802.1x authentication and it authenticates fine but I cannot make it set the Role or the Access Duration I have defined the role in the Internal Sources and the Exclusive Sources as a catchall rule This message is intended only for the use of the person(s) to whom it is addressed, and may contain privileged and confidential information. If it has come to you in error, please contact the sender as soon as possible, and note that you must take no action based on the content, nor must you copy, distribute, or show the content to any other person. In accordance with its legal obligations, Farnborough College of Technology reserves the right to monitor the content of e-mails sent and received, but will not do so routinely. _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected]<mailto:[email protected]> :: +1.514.447.4918 (x135) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
