Hi Fabrice, I want to thank you for taking the time to look into the log file. Yes, we have AD configured as an authentication source. I added it to the source in the connection profile and will test it in the morning and report back.
Best, Nadim On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice <fdur...@inverse.ca> wrote: > Hello Nadim, > > here what happen: > > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: > [mac:a4:e9:75:4e:95:5d] handling radius autz request: from switch_ip => > (10.2.75.11), connection_type => Wireless-802.11-EAP,switch_mac => > (5c:5b:35:a8:10:33), mac => [a4:e9:75:4e:95:5d], port => 0, username => > "nel-kho...@springfieldcollege.edu" <nel-kho...@springfieldcollege.edu>, > ssid => eduroam (pf::radius::authorize) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: > [mac:a4:e9:75:4e:95:5d] Instantiate profile non-sc-eduroam-users > (pf::Connection::ProfileFactory::_from_profile) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: > [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' > springfieldcollege.edu' (pf::config::util::filter_authentication_sources) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: > [mac:a4:e9:75:4e:95:5d] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: > [mac:a4:e9:75:4e:95:5d] Switch type 'pf::Switch::Generic' does not support > MABFloatingDevices (pf::SwitchSupports::__ANON__) > Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: > [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' > springfieldcollege.edu' (pf::config::util::filter_authentication_sources) > > PacketFence instantiate the profile non-sc-eduroam-users but is not able > to find any sources to compute the rules. > > My assumption is that you enabled auto registration on the connection > profile but you didn't defined any sources. > > So edit the connection profile and assign an authentication source on it > (you probably have an AD one). > > Regards > > Fabrice > > > Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit : > > Hi Fabrice, > > Please find attached the packetfence.log file. > The username is nel-kho...@springfieldcollege.edu > > Best, > > Nadim > > On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Hello Nadim >> Le 20-02-05 à 02 h 19, Nadim El-Khoury via PacketFence-users a écrit : >> >> Hi Everyone, >> >> It does not look like that PF 9.3.0 is able to assign the right >> connection profile once a user is authenticated. >> >> Question 1) Why is the right connection profile not being picked up based >> on the created filter? >> >> probably a wrong filter >> >> Question 2) Can the default connection profile be disabled? >> >> no >> >> Question 3) Why is the system not entering the right owner for the >> registered device after successful authentication? >> >> No profile , so no source, so no user. >> >> Question 4) Why is the connection profile is set to N/A when it does not >> properly match a profile? >> >> because packetfence is not able to compute the connection profile. >> >> >> When running the /usr/local/pf/bin/pftest authentication username "" >> The command returns the right AD group the user is part of. >> >> Recomputing of roles does not seem to be working if a device is >> successfully registered with another user or owner. So, if a new user uses >> the same device the role is not recomputed and the new user using the same >> old registered device ends up with the same previous role as the previous >> user. >> >> Question 1) How can we change the above behavior? >> >> share your packetfence.log file when the device connect and we will have >> the answer. >> >> Regards >> >> Fabrice >> >> >> Your help is very much appreciated. >> >> Best, >> >> Nadim >> >> >> >> _______________________________________________ >> PacketFence-users mailing >> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
