Hello Nadim,

it depend of the filter and the order.

The default one will always be the last one and after that the first match win.

Regards

Fabrice


Le 20-02-10 à 22 h 49, Nadim El-Khoury a écrit :
Hi Fabrice,

I have another question for you.
How does PF choose which connection profile to use? We have 3 defined.
1) default which comes with the system.
2) sc-eduroam for local users
3) non-sc-eduroam for visitors.

Best,

Nadim

On Mon, Feb 10, 2020 at 10:42 PM Nadim El-Khoury <nel-kho...@springfield.edu <mailto:nel-kho...@springfield.edu>> wrote:

    Hi Fabrice,

    I want to thank you for taking the time to look into the log file.
    Yes, we have AD configured as an authentication source. I added it
    to the source in the connection profile and will test it in
    the morning and report back.

    Best,

    Nadim

    On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice <fdur...@inverse.ca
    <mailto:fdur...@inverse.ca>> wrote:

        Hello Nadim,

        here what happen:

        Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
        INFO: [mac:a4:e9:75:4e:95:5d] handling radius autz request:
        from switch_ip => (10.2.75.11), connection_type =>
        Wireless-802.11-EAP,switch_mac => (5c:5b:35:a8:10:33), mac =>
        [a4:e9:75:4e:95:5d], port => 0, username =>
        "nel-kho...@springfieldcollege.edu"
        <mailto:nel-kho...@springfieldcollege.edu>, ssid => eduroam
        (pf::radius::authorize)
        Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
        INFO: [mac:a4:e9:75:4e:95:5d] Instantiate profile
        non-sc-eduroam-users
        (pf::Connection::ProfileFactory::_from_profile)
        Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
        INFO: [mac:a4:e9:75:4e:95:5d] Found authentication source(s) :
        '' for realm 'springfieldcollege.edu
        <http://springfieldcollege.edu>'
        (pf::config::util::filter_authentication_sources)
        Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
        WARN: [mac:a4:e9:75:4e:95:5d] No category computed for autoreg
        (pf::role::getNodeInfoForAutoReg)
        Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
        WARN: [mac:a4:e9:75:4e:95:5d] Switch type
        'pf::Switch::Generic' does not support MABFloatingDevices
        (pf::SwitchSupports::__ANON__)
        Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
        INFO: [mac:a4:e9:75:4e:95:5d] Found authentication source(s) :
        '' for realm 'springfieldcollege.edu
        <http://springfieldcollege.edu>'
        (pf::config::util::filter_authentication_sources)

        PacketFence instantiate the profile non-sc-eduroam-users but
        is not able to find any sources to compute the rules.

        My assumption is that you enabled auto registration on the
        connection profile but you didn't defined any sources.

        So edit the connection profile and assign an authentication
        source on it (you probably  have an AD one).

        Regards

        Fabrice


        Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit :
        Hi Fabrice,

        Please find attached the packetfence.log file.
        The username is nel-kho...@springfieldcollege.edu
        <mailto:nel-kho...@springfieldcollege.edu>

        Best,

        Nadim

        On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via
        PacketFence-users <packetfence-users@lists.sourceforge.net
        <mailto:packetfence-users@lists.sourceforge.net>> wrote:

            Hello Nadim

            Le 20-02-05 à 02 h 19, Nadim El-Khoury via
            PacketFence-users a écrit :
            Hi Everyone,

            It does not look like that PF 9.3.0 is able to assign
            the right connection profile once a user is authenticated.

            Question 1) Why is the right connection profile not
            being picked up based on the created filter?
            probably a wrong filter
            Question 2) Can the default connection profile be disabled?
            no
            Question 3) Why is the system not entering the right
            owner for the registered device after successful
            authentication?
            No profile , so no source, so no user.
            Question 4) Why is the connection profile is set to N/A
            when it does not properly match a profile?
            because packetfence is not able to compute the connection
            profile.

            When running the /usr/local/pf/bin/pftest authentication
            username ""
            The command returns the right AD group the user is part of.

            Recomputing of roles does not seem to be working if a
            device is successfully registered with another user or
            owner. So, if a new user uses the same device the role
            is not recomputed and the new user using the same old
            registered device ends up with the same previous role as
            the previous user.

            Question 1) How can we change the above behavior?

            share your packetfence.log file when the device connect
            and we will have the answer.

            Regards

            Fabrice


            Your help is very much appreciated.

            Best,

            Nadim



            _______________________________________________
            PacketFence-users mailing list
            PacketFence-users@lists.sourceforge.net  
<mailto:PacketFence-users@lists.sourceforge.net>
            https://lists.sourceforge.net/lists/listinfo/packetfence-users
            _______________________________________________
            PacketFence-users mailing list
            PacketFence-users@lists.sourceforge.net
            <mailto:PacketFence-users@lists.sourceforge.net>
            https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to