Hi Fabrice
Thanx for reply,
I tried make a catch_all rule and it still didn't work.
I solved problem by enabling "Strip in RADIUS authorization" option in
DEFAULT realm(By default Packetfence tried to verify user with domain
name ie. TEST/username, not username).
It's missing this in installation guide
---
Regards
Piotr
W dniu 2019-02-06 03:29, Durand fabrice via PacketFence-users
napisał(a):
> Hello,
>
> none of the 2 sources return a role (IT,TestUsers) and an access duration.
>
> you can use pftest to test your authentication source.
> (/usr/local/pf/bin/pftest)
>
> Btw you can create a catch_all rule without any condition at the end of the
> other authentication rules and see if it compute a role.
>
> Regards
>
> Fabrice
>
> Le 19-02-05 à 09 h 54, Piotr Pucicki via PacketFence-users a écrit :
>
>> Hello,
>>
>> I have a problem with obtain vlan, I fighting with it from few days and I
>> cannot solve it.
>>
>> I created roles, profiles switches etc. like as in Installation guide but I
>> can't obtain a vlan for users and machine.
>>
>> Below I attaching logs and configs:
>>
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] handling radius autz request: from switch_ip =>
>> (10.10.109.16), connection_type => Ethernet-E$
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] Instantiate profile TestProfile
>> (pf::Connection::ProfileFactory::_from_profile)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] Found authentication source(s) : 'IT,TestUsers' for
>> realm 'default' (pf::config::util::filte$
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] Calling match with empty/invalid rule class.
>> Defaulting to 'authentication' (pf::authenticati$
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] Using sources IT, TestUsers for matching
>> (pf::authentication::match2)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] LDAP testing connection (pf::LDAP::expire_if)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] LDAP testing connection (pf::LDAP::expire_if)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] modify of non-existent person Test\radtest attempted
>> - person added (pf::person::person_modi$
>> Feb 5 14:28:22 PacketFence-ZEN pfqueue: pfqueue(760) INFO: [mac:unknown]
>> undefined source id provided (pf::lookup::person::lookup_person)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value in string eq at
>> /usr/local/pf/lib/pf/role.pm line 736.
>> (pf::role::_check_bypass)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] Role has already been computed and we don't want to
>> recompute it. Getting role from node_info$
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $role in concatenation
>> (.) or string at /usr/local/pf/lib/pf/role.$
>> (pf::role::getRegisteredRole)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] Username was NOT defined or unable to match a role -
>> returning node based role '' (pf::role::$
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] PID: "Test\radtest", Status: reg Returned VLAN:
>> (undefined), Role: (undefined) (pf::role::fe$
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $vlanName in hash element
>> at /usr/local/pf/lib/pf/Switch.pm line 7$
>> (pf::Switch::getVlanByName)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $vlanName in
>> concatenation (.) or string at /usr/local/pf/lib/pf/S$
>> (pf::Switch::getVlanByName)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] No parameter Vlan found in conf/switches.conf for
>> the switch 10.10.109.16 (pf::Switch::getVla$
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) WARN:
>> [mac:4c:cc:6a:d5:a0:e5] Use of uninitialized value $roleName in hash element
>> at /usr/local/pf/lib/pf/Switch.pm line 7$
>> (pf::Switch::getRoleByName)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] violation 1300003 force-closed for 4c:cc:6a:d5:a0:e5
>> (pf::violation::violation_force_close)
>> Feb 5 14:28:22 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(486) INFO:
>> [mac:4c:cc:6a:d5:a0:e5] Instantiate profile TestProfile
>> (pf::Connection::ProfileFactory::_from_profile)
>>
>> [authentication.conf]
>>
>> [IT]
>> cache_match=0
>> read_timeout=10
>> realms=
>> password=zaq1@WSX
>> searchattributes=
>> scope=sub
>> binddn=CN=admin,OU=Administratorzy,OU=test,DC=test,DC=loc
>> port=389
>> description=Grupa dla IT
>> write_timeout=5
>> type=AD
>> basedn=DC=test,DC=loc
>> monitor=1
>> set_access_level_action=
>> shuffle=0
>> email_attribute=mail
>> usernameattribute=sAMAccountName
>> connection_timeout=1
>> encryption=none
>> host=10.10.200.16
>>
>> [IT rule ITAdmin]
>> action0=set_access_level=NetworkAdmins
>> condition0=memberOf,equals,CN=Network Admins,OU=Grupy,OU=test,DC=test,DC=loc
>> match=all
>> class=administration
>>
>> [IT rule ITAuth]
>> action0=set_role=IT
>> condition0=memberOf,matches regexp,IT
>> match=all
>> class=authentication
>> action1=set_access_duration=12h
>>
>> [TestUsers]
>> cache_match=0
>> read_timeout=10
>> realms=
>> password=zaq1@WSX
>> searchattributes=
>> scope=sub
>> binddn=CN=admin,OU=Administratorzy,OU=test,DC=test,DC=loc
>> port=389
>> description=test group
>> write_timeout=10
>> type=AD
>> basedn=DC=test,DC=loc
>> monitor=1
>> set_access_level_action=
>> shuffle=0
>> email_attribute=mail
>> usernameattribute=sAMAccountName
>> connection_timeout=5
>> encryption=none
>> host=10.10.200.16
>>
>> [TestUsers rule TestUsersAuth]
>> action0=set_role=TestUsers
>> condition0=memberOf,matches regexp,TestUsers
>> match=any
>> class=authentication
>> action1=set_access_duration=12h
>>
>> [switches.conf]
>>
>> [10.10.109.16]
>> description=SG300-WAG
>> group=SG300
>>
>> [group SG300]
>> SNMPCommunityRead=admin
>> ITVlan=144
>> description=Switche SG300
>> cliAccess=Y
>> REJECTVlan=55
>> TestUsersVlan=761
>> guestVlan=55
>> type=Cisco::SG300
>> isolationVlan=55
>> radiusSecret=e74GsWbJa9
>> SNMPVersion=2c
>>
>> [profiles.conf]
>>
>> [TestProfile]
>> locale=
>> filter=connection_type:Ethernet-EAP
>> autoregister=enabled
>> sources=IT,TestUsers
>> dot1x_recompute_role_from_portal=enabled
>>
>> pftests authentication radtest zaq1@WSX
>>
>> Authenticating against 'TestUsers' in context 'admin'
>> Authentication SUCCEEDED against TestUsers (Authentication successful.)
>> Matched against TestUsers for 'authentication' rules
>> set_role : TestUsers
>> set_access_duration : 12h
>> Did not match against TestUsers for 'administration' rules
>>
>> Authenticating against 'TestUsers' in context 'portal'
>> Authentication SUCCEEDED against TestUsers (Authentication successful.)
>> Matched against TestUsers for 'authentication' rules
>> set_role : TestUsers
>> set_access_duration : 12h
>> Did not match against TestUsers for 'administration' rules
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
