Try with a simple filter, just like the ssid only and assign the source
on this profile.
Then share the packetfence.log.
Regards
Fabrice
Le 20-02-14 à 08 h 01, Nadim El-Khoury a écrit :
Hi Fabrice,
Unfortunately, it is the same behavior. This time the owner is
recognized but the profile is not getting set.
Best,
Nadim
On Wed, Feb 12, 2020 at 8:54 PM Nadim El-Khoury
<nel-kho...@springfield.edu <mailto:nel-kho...@springfield.edu>> wrote:
Hi Fabrice,
Thank you for looking into this.
I am attaching two screenshots where the GUI shows that the source
is selected but it does not show up in the profiles.conf file.
I will manually make the change in the file and report back to you.
Best,
Nadim
On Wed, Feb 12, 2020 at 8:46 PM Durand fabrice <fdur...@inverse.ca
<mailto:fdur...@inverse.ca>> wrote:
Hello Nadim,
there is no source associate to the sc-eduroam-profile
profile, try that:
#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
autoregister=enabled
sources=MSAD
[sc-eduroam-profile]
filter_match_style=all
locale=
description=Springfield College local eduroam connections
filter=ssid:eduroam
sources=MSAD
[incoming-eduroam-connections]
locale=
sources=US-Eduroam-Servers
filter=realm:eduroam
description=Incoming Eduroam Connections
#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
let me know if it's ok now.
Regards
Fabrice
Le 20-02-12 à 08 h 11, Nadim El-Khoury a écrit :
Hi Fabrice,
Please note that I sanitized the authentication.conf file and
removed the shared Radius key and the password to connect to
our MS LDAP. Everything else is intact.
Thank you very much for all your help and for looking at this
issue.
Best,
Nadim
On Tue, Feb 11, 2020 at 9:02 PM Durand fabrice
<fdur...@inverse.ca <mailto:fdur...@inverse.ca>> wrote:
It's still the same in the logs.
Can you share your prifiles.conf and authentication.conf
file ?
Regards
Fabrice
Le 20-02-11 à 12 h 02, Nadim El-Khoury a écrit :
Hi Fabrice,
I am sorry to report that nothing works. I am still
seeing the same behavior.
I deleted all the connection profiles and just left the
default one and still nothing.
I am attaching the packetfence.log file.
Best,
Nadim
On Tue, Feb 11, 2020 at 8:31 AM Fabrice Durand
<fdur...@inverse.ca <mailto:fdur...@inverse.ca>> wrote:
Ok so assign the default realm in the authentication
source and/or the realm springfieldcollege.edu
<http://springfieldcollege.edu>.
Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit :
Hi Fabrice,
I want to thank you for taking the time to look
into the log file.
Yes, we have AD configured as an authentication
source. I added it to the source in the connection
profile and will test it in the morning and report
back.
Best,
Nadim
On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice
<fdur...@inverse.ca <mailto:fdur...@inverse.ca>> wrote:
Hello Nadim,
here what happen:
Feb 10 13:15:08 fennec packetfence_httpd.aaa:
httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d]
handling radius autz request: from switch_ip =>
(10.2.75.11), connection_type =>
Wireless-802.11-EAP,switch_mac =>
(5c:5b:35:a8:10:33), mac =>
[a4:e9:75:4e:95:5d], port => 0, username =>
"nel-kho...@springfieldcollege.edu"
<mailto:nel-kho...@springfieldcollege.edu>,
ssid => eduroam (pf::radius::authorize)
Feb 10 13:15:08 fennec packetfence_httpd.aaa:
httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d]
Instantiate profile non-sc-eduroam-users
(pf::Connection::ProfileFactory::_from_profile)
Feb 10 13:15:08 fennec packetfence_httpd.aaa:
httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d]
Found authentication source(s) : '' for realm
'springfieldcollege.edu
<http://springfieldcollege.edu>'
(pf::config::util::filter_authentication_sources)
Feb 10 13:15:08 fennec packetfence_httpd.aaa:
httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d]
No category computed for autoreg
(pf::role::getNodeInfoForAutoReg)
Feb 10 13:15:08 fennec packetfence_httpd.aaa:
httpd.aaa(15955) WARN: [mac:a4:e9:75:4e:95:5d]
Switch type 'pf::Switch::Generic' does not
support MABFloatingDevices
(pf::SwitchSupports::__ANON__)
Feb 10 13:15:08 fennec packetfence_httpd.aaa:
httpd.aaa(15955) INFO: [mac:a4:e9:75:4e:95:5d]
Found authentication source(s) : '' for realm
'springfieldcollege.edu
<http://springfieldcollege.edu>'
(pf::config::util::filter_authentication_sources)
PacketFence instantiate the profile
non-sc-eduroam-users but is not able to find
any sources to compute the rules.
My assumption is that you enabled auto
registration on the connection profile but you
didn't defined any sources.
So edit the connection profile and assign an
authentication source on it (you probably have
an AD one).
Regards
Fabrice
Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit :
Hi Fabrice,
Please find attached the packetfence.log file.
The username is
nel-kho...@springfieldcollege.edu
<mailto:nel-kho...@springfieldcollege.edu>
Best,
Nadim
On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice
via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
Hello Nadim
Le 20-02-05 à 02 h 19, Nadim El-Khoury via
PacketFence-users a écrit :
Hi Everyone,
It does not look like that PF 9.3.0 is
able to assign the right connection
profile once a user is authenticated.
Question 1) Why is the right connection
profile not being picked up based on the
created filter?
probably a wrong filter
Question 2) Can the default connection
profile be disabled?
no
Question 3) Why is the system not
entering the right owner for the
registered device after successful
authentication?
No profile , so no source, so no user.
Question 4) Why is the connection profile
is set to N/A when it does not properly
match a profile?
because packetfence is not able to compute
the connection profile.
When running the /usr/local/pf/bin/pftest
authentication username ""
The command returns the right AD group
the user is part of.
Recomputing of roles does not seem to be
working if a device is successfully
registered with another user or owner.
So, if a new user uses the same device
the role is not recomputed and the new
user using the same old registered device
ends up with the same previous role as
the previous user.
Question 1) How can we change the above
behavior?
share your packetfence.log file when the
device connect and we will have the answer.
Regards
Fabrice
Your help is very much appreciated.
Best,
Nadim
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918
(x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users