Hi Fabrice, Please note that I sanitized the authentication.conf file and removed the shared Radius key and the password to connect to our MS LDAP. Everything else is intact.
Thank you very much for all your help and for looking at this issue. Best, Nadim On Tue, Feb 11, 2020 at 9:02 PM Durand fabrice <[email protected]> wrote: > It's still the same in the logs. > > Can you share your prifiles.conf and authentication.conf file ? > > Regards > > Fabrice > > > Le 20-02-11 à 12 h 02, Nadim El-Khoury a écrit : > > Hi Fabrice, > > I am sorry to report that nothing works. I am still seeing the same > behavior. > I deleted all the connection profiles and just left the default one and > still nothing. > > I am attaching the packetfence.log file. > > Best, > > Nadim > > On Tue, Feb 11, 2020 at 8:31 AM Fabrice Durand <[email protected]> wrote: > >> Ok so assign the default realm in the authentication source and/or the >> realm springfieldcollege.edu. >> Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit : >> >> Hi Fabrice, >> >> I want to thank you for taking the time to look into the log file. >> Yes, we have AD configured as an authentication source. I added it to the >> source in the connection profile and will test it in the morning and report >> back. >> >> Best, >> >> Nadim >> >> On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice <[email protected]> >> wrote: >> >>> Hello Nadim, >>> >>> here what happen: >>> >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>> [mac:a4:e9:75:4e:95:5d] handling radius autz request: from switch_ip => >>> (10.2.75.11), connection_type => Wireless-802.11-EAP,switch_mac => >>> (5c:5b:35:a8:10:33), mac => [a4:e9:75:4e:95:5d], port => 0, username => >>> "[email protected]" <[email protected]>, >>> ssid => eduroam (pf::radius::authorize) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>> [mac:a4:e9:75:4e:95:5d] Instantiate profile non-sc-eduroam-users >>> (pf::Connection::ProfileFactory::_from_profile) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>> [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' >>> springfieldcollege.edu' >>> (pf::config::util::filter_authentication_sources) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: >>> [mac:a4:e9:75:4e:95:5d] No category computed for autoreg >>> (pf::role::getNodeInfoForAutoReg) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: >>> [mac:a4:e9:75:4e:95:5d] Switch type 'pf::Switch::Generic' does not support >>> MABFloatingDevices (pf::SwitchSupports::__ANON__) >>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>> [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' >>> springfieldcollege.edu' >>> (pf::config::util::filter_authentication_sources) >>> >>> PacketFence instantiate the profile non-sc-eduroam-users but is not able >>> to find any sources to compute the rules. >>> >>> My assumption is that you enabled auto registration on the connection >>> profile but you didn't defined any sources. >>> >>> So edit the connection profile and assign an authentication source on it >>> (you probably have an AD one). >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit : >>> >>> Hi Fabrice, >>> >>> Please find attached the packetfence.log file. >>> The username is [email protected] >>> >>> Best, >>> >>> Nadim >>> >>> On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via PacketFence-users < >>> [email protected]> wrote: >>> >>>> Hello Nadim >>>> Le 20-02-05 à 02 h 19, Nadim El-Khoury via PacketFence-users a écrit : >>>> >>>> Hi Everyone, >>>> >>>> It does not look like that PF 9.3.0 is able to assign the right >>>> connection profile once a user is authenticated. >>>> >>>> Question 1) Why is the right connection profile not being picked up >>>> based on the created filter? >>>> >>>> probably a wrong filter >>>> >>>> Question 2) Can the default connection profile be disabled? >>>> >>>> no >>>> >>>> Question 3) Why is the system not entering the right owner for the >>>> registered device after successful authentication? >>>> >>>> No profile , so no source, so no user. >>>> >>>> Question 4) Why is the connection profile is set to N/A when it does >>>> not properly match a profile? >>>> >>>> because packetfence is not able to compute the connection profile. >>>> >>>> >>>> When running the /usr/local/pf/bin/pftest authentication username "" >>>> The command returns the right AD group the user is part of. >>>> >>>> Recomputing of roles does not seem to be working if a device is >>>> successfully registered with another user or owner. So, if a new user uses >>>> the same device the role is not recomputed and the new user using the same >>>> old registered device ends up with the same previous role as the previous >>>> user. >>>> >>>> Question 1) How can we change the above behavior? >>>> >>>> share your packetfence.log file when the device connect and we will >>>> have the answer. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Your help is very much appreciated. >>>> >>>> Best, >>>> >>>> Nadim >>>> >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing >>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >>
profiles.conf
Description: Binary data
authentication.conf
Description: Binary data
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
