Re: [PacketFence-users] PF 9.3.0 and connection profiles and recomputing of roles - not working

[Fabrice Durand via PacketFence-users]

Ok so assign the default realm in the authentication source and/or the 
realm springfieldcollege.edu.

Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit :
Hi Fabrice,
I want to thank you for taking the time to look into the log file.
Yes, we have AD configured as an authentication source. I added it to 
the source in the connection profile and will test it in the morning 
and report back.

Best,

Nadim

On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice <fdur...@inverse.ca 
<mailto:fdur...@inverse.ca>> wrote:

    Hello Nadim,

    here what happen:

    Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
    INFO: [mac:a4:e9:75:4e:95:5d] handling radius autz request: from
    switch_ip => (10.2.75.11), connection_type =>
    Wireless-802.11-EAP,switch_mac => (5c:5b:35:a8:10:33), mac =>
    [a4:e9:75:4e:95:5d], port => 0, username =>
    "nel-kho...@springfieldcollege.edu"
    <mailto:nel-kho...@springfieldcollege.edu>, ssid => eduroam
    (pf::radius::authorize)
    Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
    INFO: [mac:a4:e9:75:4e:95:5d] Instantiate profile
    non-sc-eduroam-users (pf::Connection::ProfileFactory::_from_profile)
    Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
    INFO: [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : ''
    for realm 'springfieldcollege.edu <http://springfieldcollege.edu>'
    (pf::config::util::filter_authentication_sources)
    Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
    WARN: [mac:a4:e9:75:4e:95:5d] No category computed for autoreg
    (pf::role::getNodeInfoForAutoReg)
    Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
    WARN: [mac:a4:e9:75:4e:95:5d] Switch type 'pf::Switch::Generic'
    does not support MABFloatingDevices (pf::SwitchSupports::__ANON__)
    Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955)
    INFO: [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : ''
    for realm 'springfieldcollege.edu <http://springfieldcollege.edu>'
    (pf::config::util::filter_authentication_sources)

    PacketFence instantiate the profile non-sc-eduroam-users but is
    not able to find any sources to compute the rules.

    My assumption is that you enabled auto registration on the
    connection profile but you didn't defined any sources.

    So edit the connection profile and assign an authentication source
    on it (you probably  have an AD one).

    Regards

    Fabrice


    Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit :
    Hi Fabrice,

    Please find attached the packetfence.log file.
    The username is nel-kho...@springfieldcollege.edu
    <mailto:nel-kho...@springfieldcollege.edu>

    Best,

    Nadim

    On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via
    PacketFence-users <packetfence-users@lists.sourceforge.net
    <mailto:packetfence-users@lists.sourceforge.net>> wrote:

        Hello Nadim

        Le 20-02-05 à 02 h 19, Nadim El-Khoury via PacketFence-users
        a écrit :
        Hi Everyone,

        It does not look like that PF 9.3.0 is able to assign the
        right connection profile once a user is authenticated.

        Question 1) Why is the right connection profile not being
        picked up based on the created filter?
        probably a wrong filter
        Question 2) Can the default connection profile be disabled?
        no
        Question 3) Why is the system not entering the right owner
        for the registered device after successful authentication?
        No profile , so no source, so no user.
        Question 4) Why is the connection profile is set to N/A when
        it does not properly match a profile?
        because packetfence is not able to compute the connection
        profile.

        When running the /usr/local/pf/bin/pftest authentication
        username ""
        The command returns the right AD group the user is part of.

        Recomputing of roles does not seem to be working if a device
        is successfully registered with another user or owner. So,
        if a new user uses the same device the role is not
        recomputed and the new user using the same old registered
        device ends up with the same previous role as the previous
        user.

        Question 1) How can we change the above behavior?

        share your packetfence.log file when the device connect and
        we will have the answer.

        Regards

        Fabrice


        Your help is very much appreciated.

        Best,

        Nadim



        _______________________________________________
        PacketFence-users mailing list
        PacketFence-users@lists.sourceforge.net  
<mailto:PacketFence-users@lists.sourceforge.net>
        https://lists.sourceforge.net/lists/listinfo/packetfence-users
        _______________________________________________
        PacketFence-users mailing list
        PacketFence-users@lists.sourceforge.net
        <mailto:PacketFence-users@lists.sourceforge.net>
        https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users