[PacketFence-users] Users Being Authenticated without using AD

William Blake MacIsaac via PacketFence-users Wed, 13 Feb 2019 18:14:08 -0800

I'm hoping someone can help me.    I'm trying to setup 802.1x-Wireless to
allow users to connect to a SSID utilizing domain credentials.  The problem
is, when users connect and enter there username and password, they are not
being tested against the Authentication sources i have setup, they are just
being allowed to connect, regardless if they are part of the group or not.
I can even delete the whole authentication source and they are still being
authenticated.. what the hell?  :(, please help



[image: image.png]

:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] handling radius autz request: from switch_ip =>
(10.100.2.254), connection_type => Wireless-802.11-EAP,switch_mac =>
(00:15:5d:01:3d:00), mac => [8c:f5:a3:a2:d4:18], port => 12290, username =>
"bmacisaaca", ssid => YC-IT (pf::radius::authorize)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Found authentication source(s) :
'local,8021X-Wireless' for realm 'null'
(pf::config::util::filter_authentication_sources)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
[mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match2)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Using sources local, 8021X-Wireless for matching
(pf::authentication::match2)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] LDAP testing connection (pf::LDAP::expire_if)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Role has already been computed and we don't want to
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - returning role
'YC-IT-WIFI' (pf::role::getRegisteredRole)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned VLAN:
(undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
[mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in
conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
Feb 13 14:19:39 PacketFence pfqueue: pfqueue(33849) INFO: [mac:unknown]
undefined source id provided (pf::lookup::person::lookup_person)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for
8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] handling radius autz request: from switch_ip =>
(10.100.2.254), connection_type => Wireless-802.11-EAP,switch_mac =>
(00:15:5d:01:3d:00), mac => [8c:f5:a3:a2:d4:18], port => 12290, username =>
"bmacisaaca", ssid => YC-IT (pf::radius::authorize)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Found authentication source(s) : 'local' for realm
'null' (pf::config::util::filter_authentication_sources)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
[mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match2)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Using sources local for matching
(pf::authentication::match2)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Role has already been computed and we don't want to
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - returning role
'YC-IT-WIFI' (pf::role::getRegisteredRole)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned VLAN:
(undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
[mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in
conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for
8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:21:15 PacketFence pfqueue: pfqueue(32627) INFO: [mac:unknown]
undefined source id provided (pf::lookup::person::lookup_person)
^C
[root@PacketFence logs]# tail -f packetfence.log
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Found authentication source(s) : 'local' for realm
'null' (pf::config::util::filter_authentication_sources)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
[mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match2)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Using sources local for matching
(pf::authentication::match2)
Feb 13 14:28:49 PacketFence pfqueue: pfqueue(101125) INFO: [mac:unknown]
undefined source id provided (pf::lookup::person::lookup_person)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Role has already been computed and we don't want to
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - returning role
'YC-IT-WIFI' (pf::role::getRegisteredRole)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned VLAN:
(undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
[mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in
conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for
8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
[mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
(pf::Connection::ProfileFactory::_from_profile)

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Users Being Authenticated without using AD

Reply via email to