Re: [PacketFence-users] Users Being Authenticated without using AD

Christian McDonald via PacketFence-users Wed, 13 Feb 2019 18:55:25 -0800

Try restarting all the services. There are tons of settings and features
riddled throughput PacketFence that require resetting services (or even the
whole operating system) to get working correctly...I've had similar
frustrations


On Wed, Feb 13, 2019 at 9:13 PM William Blake MacIsaac via
PacketFence-users <[email protected]> wrote:

> I'm hoping someone can help me.    I'm trying to setup 802.1x-Wireless to
> allow users to connect to a SSID utilizing domain credentials.  The problem
> is, when users connect and enter there username and password, they are not
> being tested against the Authentication sources i have setup, they are just
> being allowed to connect, regardless if they are part of the group or not.
> I can even delete the whole authentication source and they are still being
> authenticated.. what the hell?  :(, please help
>
>
> [image: image.png]
>
> :19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] handling radius autz request: from switch_ip =>
> (10.100.2.254), connection_type => Wireless-802.11-EAP,switch_mac =>
> (00:15:5d:01:3d:00), mac => [8c:f5:a3:a2:d4:18], port => 12290, username =>
> "bmacisaaca", ssid => YC-IT (pf::radius::authorize)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
> (pf::Connection::ProfileFactory::_from_profile)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Found authentication source(s) :
> 'local,8021X-Wireless' for realm 'null'
> (pf::config::util::filter_authentication_sources)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
> [mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match2)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Using sources local, 8021X-Wireless for matching
> (pf::authentication::match2)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] LDAP testing connection (pf::LDAP::expire_if)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Role has already been computed and we don't want to
> recompute it. Getting role from node_info (pf::role::getRegisteredRole)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - returning role
> 'YC-IT-WIFI' (pf::role::getRegisteredRole)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned VLAN:
> (undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
> [mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in
> conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
> Feb 13 14:19:39 PacketFence pfqueue: pfqueue(33849) INFO: [mac:unknown]
> undefined source id provided (pf::lookup::person::lookup_person)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for
> 8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
> Feb 13 14:19:39 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
> (pf::Connection::ProfileFactory::_from_profile)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] handling radius autz request: from switch_ip =>
> (10.100.2.254), connection_type => Wireless-802.11-EAP,switch_mac =>
> (00:15:5d:01:3d:00), mac => [8c:f5:a3:a2:d4:18], port => 12290, username =>
> "bmacisaaca", ssid => YC-IT (pf::radius::authorize)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
> (pf::Connection::ProfileFactory::_from_profile)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Found authentication source(s) : 'local' for realm
> 'null' (pf::config::util::filter_authentication_sources)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
> [mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match2)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Using sources local for matching
> (pf::authentication::match2)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Role has already been computed and we don't want to
> recompute it. Getting role from node_info (pf::role::getRegisteredRole)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - returning role
> 'YC-IT-WIFI' (pf::role::getRegisteredRole)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned VLAN:
> (undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
> [mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in
> conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for
> 8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
> Feb 13 14:21:15 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
> (pf::Connection::ProfileFactory::_from_profile)
> Feb 13 14:21:15 PacketFence pfqueue: pfqueue(32627) INFO: [mac:unknown]
> undefined source id provided (pf::lookup::person::lookup_person)
> ^C
> [root@PacketFence logs]# tail -f packetfence.log
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Found authentication source(s) : 'local' for realm
> 'null' (pf::config::util::filter_authentication_sources)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
> [mac:8c:f5:a3:a2:d4:18] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match2)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Using sources local for matching
> (pf::authentication::match2)
> Feb 13 14:28:49 PacketFence pfqueue: pfqueue(101125) INFO: [mac:unknown]
> undefined source id provided (pf::lookup::person::lookup_person)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Role has already been computed and we don't want to
> recompute it. Getting role from node_info (pf::role::getRegisteredRole)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Username was defined "bmacisaaca" - returning role
> 'YC-IT-WIFI' (pf::role::getRegisteredRole)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] PID: "bmacisaaca", Status: reg Returned VLAN:
> (undefined), Role: YC-IT-WIFI (pf::role::fetchRoleForNode)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) WARN:
> [mac:8c:f5:a3:a2:d4:18] No parameter YC-IT-WIFIVlan found in
> conf/switches.conf for the switch 10.100.2.254 (pf::Switch::getVlanByName)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] violation 1300003 force-closed for
> 8c:f5:a3:a2:d4:18 (pf::violation::violation_force_close)
> Feb 13 14:28:49 PacketFence packetfence_httpd.aaa: httpd.aaa(8345) INFO:
> [mac:8c:f5:a3:a2:d4:18] Instantiate profile 802.1X-Profile
> (pf::Connection::ProfileFactory::_from_profile)
>
>
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
-- 
R. Christian McDonald
*Director of Technology*
Grand Rapids Adventist Academy
C: (616) 856-9291

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Users Being Authenticated without using AD

Reply via email to