Hello,
Could you post an example for one auth ?
Thanks
Best Regards
Enrico
Il 06/02/19 03:29, Durand fabrice via PacketFence-users ha scritto:
Hello,
none of the 2 sources return a role (IT,TestUsers) and an access duration.
you can use pftest to test your authentication source.
(/usr/local/pf/bin/pftest)
Btw you can create a catch_all rule without any condition at the end
of the other authentication rules and see if it compute a role.
Regards
Fabrice
Le 19-02-05 à 09 h 54, Piotr Pucicki via PacketFence-users a écrit :
Hello,
I have a problem with obtain vlan, I fighting with it from few days
and I cannot solve it.
I created roles, profiles switches etc. like as in Installation guide
but I can't obtain a vlan for users and machine.
Below I attaching logs and configs:
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] handling radius autz request: from
switch_ip => (10.10.109.16), connection_type => Ethernet-E$
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] Instantiate profile TestProfile
(pf::Connection::ProfileFactory::_from_profile)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] Found authentication source(s) :
'IT,TestUsers' for realm 'default' (pf::config::util::filte$
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authenticati$
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] Using sources IT, TestUsers for
matching (pf::authentication::match2)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] LDAP testing connection
(pf::LDAP::expire_if)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] LDAP testing connection
(pf::LDAP::expire_if)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] modify of non-existent person
Test\radtest attempted - person added (pf::person::person_modi$
Feb 5 14:28:22 PacketFence-ZEN pfqueue: pfqueue(760) INFO:
[mac:unknown] undefined source id provided
(pf::lookup::person::lookup_person)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 736.
(pf::role::_check_bypass)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] Role has already been computed and we
don't want to recompute it. Getting role from node_info$
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.$
(pf::role::getRegisteredRole)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] Username was NOT defined or unable to
match a role - returning node based role '' (pf::role::$
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] PID: "Test\radtest", Status: reg
Returned VLAN: (undefined), Role: (undefined) (pf::role::fe$
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 7$
(pf::Switch::getVlanByName)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/S$
(pf::Switch::getVlanByName)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] No parameter Vlan found in
conf/switches.conf for the switch 10.10.109.16 (pf::Switch::getVla$
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
WARN: [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $roleName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 7$
(pf::Switch::getRoleByName)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] violation 1300003 force-closed for
4c:cc:6a:d5:a0:e5 (pf::violation::violation_force_close)
Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486)
INFO: [mac:4c:cc:6a:d5:a0:e5] Instantiate profile TestProfile
(pf::Connection::ProfileFactory::_from_profile)
[authentication.conf]
[IT]
cache_match=0
read_timeout=10
realms=
password=zaq1@WSX
searchattributes=
scope=sub
binddn=CN=admin,OU=Administratorzy,OU=test,DC=test,DC=loc
port=389
description=Grupa dla IT
write_timeout=5
type=AD
basedn=DC=test,DC=loc
monitor=1
set_access_level_action=
shuffle=0
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=1
encryption=none
host=10.10.200.16
[IT rule ITAdmin]
action0=set_access_level=NetworkAdmins
condition0=memberOf,equals,CN=Network
Admins,OU=Grupy,OU=test,DC=test,DC=loc
match=all
class=administration
[IT rule ITAuth]
action0=set_role=IT
condition0=memberOf,matches regexp,IT
match=all
class=authentication
action1=set_access_duration=12h
[TestUsers]
cache_match=0
read_timeout=10
realms=
password=zaq1@WSX
searchattributes=
scope=sub
binddn=CN=admin,OU=Administratorzy,OU=test,DC=test,DC=loc
port=389
description=test group
write_timeout=10
type=AD
basedn=DC=test,DC=loc
monitor=1
set_access_level_action=
shuffle=0
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
encryption=none
host=10.10.200.16
[TestUsers rule TestUsersAuth]
action0=set_role=TestUsers
condition0=memberOf,matches regexp,TestUsers
match=any
class=authentication
action1=set_access_duration=12h
[switches.conf]
[10.10.109.16]
description=SG300-WAG
group=SG300
[group SG300]
SNMPCommunityRead=admin
ITVlan=144
description=Switche SG300
cliAccess=Y
REJECTVlan=55
TestUsersVlan=761
guestVlan=55
type=Cisco::SG300
isolationVlan=55
radiusSecret=e74GsWbJa9
SNMPVersion=2c
[profiles.conf]
[TestProfile]
locale=
filter=connection_type:Ethernet-EAP
autoregister=enabled
sources=IT,TestUsers
dot1x_recompute_role_from_portal=enabled
pftests authentication radtest zaq1@WSX <mailto:zaq1@WSX>
Authenticating against 'TestUsers' in context 'admin'
Authentication SUCCEEDED against TestUsers (Authentication successful.)
Matched against TestUsers for 'authentication' rules
set_role : TestUsers
set_access_duration : 12h
Did not match against TestUsers for 'administration' rules
Authenticating against 'TestUsers' in context 'portal'
Authentication SUCCEEDED against TestUsers (Authentication successful.)
Matched against TestUsers for 'authentication' rules
set_role : TestUsers
set_access_duration : 12h
Did not match against TestUsers for 'administration' rules
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
_______________________________________________________________________
Enrico Becchetti Servizio di Calcolo e Reti
Istituto Nazionale di Fisica Nucleare - Sezione di Perugia
Via Pascoli,c/o Dipartimento di Fisica 06123 Perugia (ITALY)
Phone:+39 075 5852777 Mail: Enrico.Becchetti<at>pg.infn.it
_______________________________________________________________________
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
