Hello Nadim,

there is no source associate to the sc-eduroam-profile profile, try that:

#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
autoregister=enabled
sources=MSAD

[sc-eduroam-profile]
filter_match_style=all
locale=
description=Springfield College local eduroam connections
filter=ssid:eduroam
sources=MSAD

[incoming-eduroam-connections]
locale=
sources=US-Eduroam-Servers
filter=realm:eduroam
description=Incoming Eduroam Connections
#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html

let me know if it's ok now.

Regards

Fabrice

Le 20-02-12 à 08 h 11, Nadim El-Khoury a écrit :
Hi Fabrice,

Please note that I sanitized the authentication.conf file and removed the shared Radius key and the password to connect to our MS LDAP. Everything else is intact.

Thank you very much for all your help and for looking at this issue.

Best,

Nadim

On Tue, Feb 11, 2020 at 9:02 PM Durand fabrice <fdur...@inverse.ca <mailto:fdur...@inverse.ca>> wrote:

    It's still the same in the logs.

    Can you share your prifiles.conf and authentication.conf file ?

    Regards

    Fabrice


    Le 20-02-11 à 12 h 02, Nadim El-Khoury a écrit :
    Hi Fabrice,

    I am sorry to report that nothing works. I am still seeing the
    same behavior.
    I deleted all the connection profiles and just left the default
    one and still nothing.

    I am attaching the packetfence.log file.

    Best,

    Nadim

    On Tue, Feb 11, 2020 at 8:31 AM Fabrice Durand
    <fdur...@inverse.ca <mailto:fdur...@inverse.ca>> wrote:

        Ok so assign the default realm in the authentication source
        and/or the realm springfieldcollege.edu
        <http://springfieldcollege.edu>.

        Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit :
        Hi Fabrice,

        I want to thank you for taking the time to look into the log
        file.
        Yes, we have AD configured as an authentication source. I
        added it to the source in the connection profile and will
        test it in the morning and report back.

        Best,

        Nadim

        On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice
        <fdur...@inverse.ca <mailto:fdur...@inverse.ca>> wrote:

            Hello Nadim,

            here what happen:

            Feb 10 13:15:08 fennec packetfence_httpd.aaa:
            httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] handling
            radius autz request: from switch_ip => (10.2.75.11),
            connection_type => Wireless-802.11-EAP,switch_mac =>
            (5c:5b:35:a8:10:33), mac => [a4:e9:75:4e:95:5d], port =>
            0, username => "nel-kho...@springfieldcollege.edu"
            <mailto:nel-kho...@springfieldcollege.edu>, ssid =>
            eduroam (pf::radius::authorize)
            Feb 10 13:15:08 fennec packetfence_httpd.aaa:
            httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d]
            Instantiate profile non-sc-eduroam-users
            (pf::Connection::ProfileFactory::_from_profile)
            Feb 10 13:15:08 fennec packetfence_httpd.aaa:
            httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] Found
            authentication source(s) : '' for realm
            'springfieldcollege.edu <http://springfieldcollege.edu>'
            (pf::config::util::filter_authentication_sources)
            Feb 10 13:15:08 fennec packetfence_httpd.aaa:
            httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d] No
            category computed for autoreg
            (pf::role::getNodeInfoForAutoReg)
            Feb 10 13:15:08 fennec packetfence_httpd.aaa:
            httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d] Switch
            type 'pf::Switch::Generic' does not support
            MABFloatingDevices (pf::SwitchSupports::__ANON__)
            Feb 10 13:15:08 fennec packetfence_httpd.aaa:
            httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d] Found
            authentication source(s) : '' for realm
            'springfieldcollege.edu <http://springfieldcollege.edu>'
            (pf::config::util::filter_authentication_sources)

            PacketFence instantiate the profile non-sc-eduroam-users
            but is not able to find any sources to compute the rules.

            My assumption is that you enabled auto registration on
            the connection profile but you didn't defined any sources.

            So edit the connection profile and assign an
            authentication source on it (you probably  have an AD one).

            Regards

            Fabrice


            Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit :
            Hi Fabrice,

            Please find attached the packetfence.log file.
            The username is nel-kho...@springfieldcollege.edu
            <mailto:nel-kho...@springfieldcollege.edu>

            Best,

            Nadim

            On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via
            PacketFence-users
            <packetfence-users@lists.sourceforge.net
            <mailto:packetfence-users@lists.sourceforge.net>> wrote:

                Hello Nadim

                Le 20-02-05 à 02 h 19, Nadim El-Khoury via
                PacketFence-users a écrit :
                Hi Everyone,

                It does not look like that PF 9.3.0 is able to
                assign the right connection profile once a user is
                authenticated.

                Question 1) Why is the right connection profile
                not being picked up based on the created filter?
                probably a wrong filter
                Question 2) Can the default connection profile be
                disabled?
                no
                Question 3) Why is the system not entering the
                right owner for the registered device after
                successful authentication?
                No profile , so no source, so no user.
                Question 4) Why is the connection profile is set
                to N/A when it does not properly match a profile?
                because packetfence is not able to compute the
                connection profile.

                When running the /usr/local/pf/bin/pftest
                authentication username ""
                The command returns the right AD group the user is
                part of.

                Recomputing of roles does not seem to be working
                if a device is successfully registered with
                another user or owner. So, if a new user uses the
                same device the role is not recomputed and the new
                user using the same old registered device ends up
                with the same previous role as the previous user.

                Question 1) How can we change the above behavior?

                share your packetfence.log file when the device
                connect and we will have the answer.

                Regards

                Fabrice


                Your help is very much appreciated.

                Best,

                Nadim



                _______________________________________________
                PacketFence-users mailing list
                PacketFence-users@lists.sourceforge.net  
<mailto:PacketFence-users@lists.sourceforge.net>
                https://lists.sourceforge.net/lists/listinfo/packetfence-users
                _______________________________________________
                PacketFence-users mailing list
                PacketFence-users@lists.sourceforge.net
                <mailto:PacketFence-users@lists.sourceforge.net>
                https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- Fabrice Durand
        fdur...@inverse.ca  <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) 
::www.inverse.ca  <http://www.inverse.ca>
        Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
PacketFence (http://packetfence.org)

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to