Hi Fabrice, I have another question for you. How does PF choose which connection profile to use? We have 3 defined. 1) default which comes with the system. 2) sc-eduroam for local users 3) non-sc-eduroam for visitors.
Best, Nadim On Mon, Feb 10, 2020 at 10:42 PM Nadim El-Khoury <[email protected]> wrote: > Hi Fabrice, > > I want to thank you for taking the time to look into the log file. > Yes, we have AD configured as an authentication source. I added it to the > source in the connection profile and will test it in the morning and report > back. > > Best, > > Nadim > > On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice <[email protected]> wrote: > >> Hello Nadim, >> >> here what happen: >> >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >> [mac:a4:e9:75:4e:95:5d] handling radius autz request: from switch_ip => >> (10.2.75.11), connection_type => Wireless-802.11-EAP,switch_mac => >> (5c:5b:35:a8:10:33), mac => [a4:e9:75:4e:95:5d], port => 0, username => >> "[email protected]" <[email protected]>, >> ssid => eduroam (pf::radius::authorize) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >> [mac:a4:e9:75:4e:95:5d] Instantiate profile non-sc-eduroam-users >> (pf::Connection::ProfileFactory::_from_profile) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >> [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' >> springfieldcollege.edu' (pf::config::util::filter_authentication_sources) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: >> [mac:a4:e9:75:4e:95:5d] No category computed for autoreg >> (pf::role::getNodeInfoForAutoReg) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: >> [mac:a4:e9:75:4e:95:5d] Switch type 'pf::Switch::Generic' does not support >> MABFloatingDevices (pf::SwitchSupports::__ANON__) >> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >> [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' >> springfieldcollege.edu' (pf::config::util::filter_authentication_sources) >> >> PacketFence instantiate the profile non-sc-eduroam-users but is not able >> to find any sources to compute the rules. >> >> My assumption is that you enabled auto registration on the connection >> profile but you didn't defined any sources. >> >> So edit the connection profile and assign an authentication source on it >> (you probably have an AD one). >> >> Regards >> >> Fabrice >> >> >> Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit : >> >> Hi Fabrice, >> >> Please find attached the packetfence.log file. >> The username is [email protected] >> >> Best, >> >> Nadim >> >> On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via PacketFence-users < >> [email protected]> wrote: >> >>> Hello Nadim >>> Le 20-02-05 à 02 h 19, Nadim El-Khoury via PacketFence-users a écrit : >>> >>> Hi Everyone, >>> >>> It does not look like that PF 9.3.0 is able to assign the right >>> connection profile once a user is authenticated. >>> >>> Question 1) Why is the right connection profile not being picked up >>> based on the created filter? >>> >>> probably a wrong filter >>> >>> Question 2) Can the default connection profile be disabled? >>> >>> no >>> >>> Question 3) Why is the system not entering the right owner for the >>> registered device after successful authentication? >>> >>> No profile , so no source, so no user. >>> >>> Question 4) Why is the connection profile is set to N/A when it does not >>> properly match a profile? >>> >>> because packetfence is not able to compute the connection profile. >>> >>> >>> When running the /usr/local/pf/bin/pftest authentication username "" >>> The command returns the right AD group the user is part of. >>> >>> Recomputing of roles does not seem to be working if a device is >>> successfully registered with another user or owner. So, if a new user uses >>> the same device the role is not recomputed and the new user using the same >>> old registered device ends up with the same previous role as the previous >>> user. >>> >>> Question 1) How can we change the above behavior? >>> >>> share your packetfence.log file when the device connect and we will have >>> the answer. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Your help is very much appreciated. >>> >>> Best, >>> >>> Nadim >>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
