Re: [PacketFence-users] Users Being Authenticated without using AD

[Durand fabrice via PacketFence-users]

Hello William,

can you try that:
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3967.diff

cd /usr/local/pf

curl 
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3967.diff| 
patch -p1 --dry-run

if there is no error

curl 
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/3967.diff| 
patch -p1

restart packetfence and in the connection profile 802.1X-Profile and 
check: dot1x_unset_on_unmatch

And retry.

let me know if it help

Regards

Fabrice


Le 19-02-13 à 17 h 43, William Blake MacIsaac via PacketFence-users a 
écrit :
I'm hoping someone can help me.    I'm trying to setup 802.1x-Wireless 
to allow users to connect to a SSID utilizing domain credentials.  The 
problem is, when users connect and enter there username and password, 
they are not being tested against the Authentication sources i have 
setup, they are just being allowed to connect, regardless if they are 
part of the group or not.  I can even delete the whole authentication 
source and they are still being authenticated.. what the hell?  :(, 
please help


image.png

:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO: 
[mac:8c:f5:a3:a2:d4:18] handling radius autz request: from switch_ip 
=> (10.100.2.254), connection_type => Wireless-802.11-EAP,switch_mac 
=> (00:15:5d:01:3d:00), mac => [8c:f5:a3:a2:d4:18], port => 12290, 
username => "bmacisaaca", ssid => YC-IT (pf::radius::authorize)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile 
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Found authentication source(s) : 
'local,8021X-Wireless' for realm 'null' 
(pf::config::util::filter_authentication_sources)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
WARN: [mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule 
class. Defaulting to 'authentication' (pf::authentication::match2)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Using sources local, 8021X-Wireless for 
matching (pf::authentication::match2)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] LDAP testing connection 
(pf::LDAP::expire_if)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Role has already been computed and we 
don't want to recompute it. Getting role from node_info 
(pf::role::getRegisteredRole)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - 
returning role 'YC-IT-WIFI' (pf::role::getRegisteredRole)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned 
VLAN: (undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
WARN: [mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in 
conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
Feb 13 14:19:39 PacketFence pfqueue: pfqueue(33849) INFO: 
[mac:unknown] undefined source id provided 
(pf::lookup::person::lookup_person)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for 
8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile 
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] handling radius autz request: from 
switch_ip => (10.100.2.254), connection_type => 
Wireless-802.11-EAP,switch_mac => (00:15:5d:01:3d:00), mac => 
[8c:f5:a3:a2:d4:18], port => 12290, username => "bmacisaaca", ssid => 
YC-IT (pf::radius::authorize)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile 
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Found authentication source(s) : 'local' 
for realm 'null' (pf::config::util::filter_authentication_sources)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
WARN: [mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule 
class. Defaulting to 'authentication' (pf::authentication::match2)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Using sources local for matching 
(pf::authentication::match2)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Role has already been computed and we 
don't want to recompute it. Getting role from node_info 
(pf::role::getRegisteredRole)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - 
returning role 'YC-IT-WIFI' (pf::role::getRegisteredRole)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned 
VLAN: (undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
WARN: [mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in 
conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for 
8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile 
(pf::Connection::ProfileFactory::_from_profile)
Feb 13 14:21:15 PacketFence pfqueue: pfqueue(32627) INFO: 
[mac:unknown] undefined source id provided 
(pf::lookup::person::lookup_person)
^C
[root@PacketFence logs]# tail -f packetfence.log
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Found authentication source(s) : 'local' 
for realm 'null' (pf::config::util::filter_authentication_sources)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
WARN: [mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule 
class. Defaulting to 'authentication' (pf::authentication::match2)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Using sources local for matching 
(pf::authentication::match2)
Feb 13 14:28:49 PacketFence pfqueue: pfqueue(101125) INFO: 
[mac:unknown] undefined source id provided 
(pf::lookup::person::lookup_person)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Role has already been computed and we 
don't want to recompute it. Getting role from node_info 
(pf::role::getRegisteredRole)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - 
returning role 'YC-IT-WIFI' (pf::role::getRegisteredRole)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned 
VLAN: (undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
WARN: [mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in 
conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for 
8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) 
INFO: [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile 
(pf::Connection::ProfileFactory::_from_profile)







_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users