Re: [PacketFence-users] authentication sources packetfence 9.3

[Wagner Liegio via PacketFence-users]

Good afternoon,

Follow the requested files attached.

Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit <lzam...@inverse.ca>
escreveu:

> Hello,
>
> Could you post the result fo those two commands:
>
> cat /usr/local/pf/conf/authentication.conf
>
> cat /usr/local/pf/conf/profiles.conf
>
> remove your informations.
>
> Thanks,
>
>
> Ludovic zammitlzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
>
>
>
> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
> Good Morning,
>
> The rules, functions are standard on the Zen packetfence 9.3 that I
> downloaded from the site, I will send some images of how the configuration
> is through the webgui, so I noticed everything is correct, what is
> happening is that the function and the rule is not being applied for some
> reason that I don't know.
>
> <image.png>
>
> <image.png>
>
> <image.png>
>
>
>
> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via
> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu:
>
>> Check and make sure your realms are defined also.
>>
>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> wrote:
>>
>>> Hello,
>>>
>>> I know when I ran into this issue, it had to do with the authorization
>>> source for AD.  In the source, I had an authentication rule that matched
>>> the sAMAccountName is member of “group name”.  The group name must be the
>>> AD DN (distinguished name) of the group.  CN=%security group you
>>> want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain suffix%
>>>
>>>
>>>
>>> *From:* Wagner Liegio via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net>
>>> *Sent:* Monday, March 16, 2020 1:08 PM
>>> *To:* packetfence-users@lists.sourceforge.net
>>> *Cc:* Wagner Liegio <wagner.lie...@gmail.com>
>>> *Subject:* [PacketFence-users] authentication sources packetfence 9.3
>>>
>>>
>>>
>>> Good afternoon, I'm facing the same problem only in version 9.3. I have
>>> done everything I can think of, reconfigured the domain, the connection
>>> profile, checked the rules and functions. The error follows: No role
>>> specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: ee: 7d);
>>> assumes maximum number of registered nodes is reached (pf :: node ::
>>> is_max_reg_nodes_reached)
>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: d0:
>>> 94: 66: db: ee: 7d] max nodes per pid met or exceeded - registration of d0:
>>> 94: 66: db: ae: 7d to ANA \ pereira failed
>>> (pf :: registration :: setup_node_for_registration)
>>>  plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: d0:
>>> 94: 66: db: ee: 7d] auto-registration of node failed max nodes per pid met
>>> or exceeded (pf :: radius :: authorize)
>>>  plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: d0:
>>> 94: 66: db: ee: 7d] Database query failed with non retryable error: Cannot
>>> add or update a child row: a foreign key constraint fails
>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES person
>>> (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT
>>> INTO node
>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, category_id,
>>> computername, detect_date, device_class, device_manufacturer, device_score,
>>> device_type,
>>>  device_version, dhcp6_enterprise, dhcp6_fingerprint, dhcp_fingerprint,
>>> dhcp_vendor, last_arp, last_dhcp, last_seen, lastskip, mac,
>>> machine_account, notes, regdate, sessionid, status, tenant_id,
>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW
>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?,
>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, NULL,
>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, NULL,
>>> NULL, NULL, NULL, NULL,
>>>  0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0: 94:
>>> 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 00:00:00, NULL, reg,
>>> 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ pereira, reg, 1}
>>>  (pf :: dal :: db_execute)
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>

[802.1x]
locale=
description=802.1X wired connections
sources=Tabajara
filter=connection_type:Ethernet-EAP
autoregister=enabled
#
# Copyright (C) 2005-2019 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[local]
description=Local Users
type=SQL

[file1]
description=Legacy Source
path=/usr/local/pf/conf/admin.conf
type=Htpasswd
realms=null

[file1 rule admins]
description=All admins
class=administration
match=all
action0=set_access_level=ALL

[sms]
description=SMS-based registration
sms_carriers=100056,100057,100061,100058,100059,100060,100062,100063,100071,100064,100116,100066,100117,100112,100067,100065,100068,100069,100070,100118,100115,100072,100073,100074,100075,100076,100077,100085,100086,100080,100079,100081,100083,100082,100084,100087,100088,100111,100089,100090,100091,100092,100093,100094,100095,100096,100098,100097,100099,100100,100101,100113,100102,100103,100104,100106,100105,100107,100108,100109,100114,100110,100078,100119,100120,100121,100122,100123,100124,100125,100126,100127,100128
type=SMS
create_local_account=no

[sms rule catchall]
description=
class=authentication
match=all
action0=set_role=guest
action1=set_access_duration=1D

[email]
description=Email-based registration
email_activation_timeout=10m
type=Email
allow_localdomain=yes
create_local_account=no

[email rule catchall]
description=
class=authentication
match=all
action0=set_role=guest
action1=set_access_duration=1D

[sponsor]
description=Sponsor-based registration
type=SponsorEmail
allow_localdomain=yes
create_local_account=no

[sponsor rule catchall]
description=
class=authentication
match=all
action0=set_role=guest
action1=set_access_duration=1D

[null]
description=Null Source
type=Null
email_required=no

[null rule catchall]
description=catchall
class=authentication
match=all
action0=set_role=guest
action1=set_access_duration=1D

[Tabajara]
cache_match=0
read_timeout=10
realms=
basedn=OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br
monitor=1
password=whatyouarelookingfor
shuffle=0
searchattributes=cn
set_access_durations_action=
scope=sub
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=1
binddn=CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara 
Sede,DC=tabajara,DC=com,DC=br
encryption=none
description=Tabajara-AD
port=389
host=10.10.10.70
write_timeout=5
type=AD

[Tabajara rule catchall]
action0=set_role=default
match=all
class=authentication
action1=set_access_duration=5D

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users