So try that from the cli:
ldapsearch -h 10.10.10.70 -s sub -b "OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br" -D "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L "sAMAccountName=iran"
and see if it return something. Regards Fabrice Le 20-03-19 à 14 h 42, Wagner Liegio a écrit :
Good afternoon,I made the suggested adjustments by activating the strip in radius, created a new realm, and the error persists. User authentication searching for the domain only works, manually registering the node in the packetfence. Therefore, the error still remains in the database when trying to register auto.Below is the database error log:Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username => "ANA\iran" (pf::radius::authorize) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x (pf::Connection::ProfileFactory::_from_profile) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for realm 'default' (pf::config::util::filter_authentication_sources) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching (pf::authentication::match2) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection (pf::LDAP::expire_if) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is reached (pf::node::is_max_reg_nodes_reached) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - registration of d0:94:66:db:ae:77 to ANA\iran failed (pf::registration::setup_node_for_registration) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes per pid met or exceeded (pf::radius::authorize) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable error: Cannot add or update a child row: a foreign key constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, `detect_date`, `device_class`, `device_manufacturer`, `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) (pf::radius::authorize)Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net>> escreveu:Try that: pftest authentication ANA\pereira "" and pftest authentication pereira "" to see if the user is found and if it match a rule. If the second one works then in the ANA realm enable strip in radius. Regards Fabrice Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a écrit :Gonna take a wild guess here, in your realms config turn on strip radius for null and your domain and and try logging on with just your username and password. I'm guessing your realms config isn't matching. For us we had three domains and we had to add them all. For example COMPANY.ORG <http://COMPANY.ORG>, COMPANY.LAN, COMPANY.COM <http://COMPANY.COM>. On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net>> wrote: Good afternoon, Follow the requested files attached. Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca>> escreveu: Hello, Could you post the result fo those two commands: cat /usr/local/pf/conf/authentication.conf cat /usr/local/pf/conf/profiles.conf remove your informations. Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) ::www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net>> wrote: Good Morning, The rules, functions are standard on the Zen packetfence 9.3 that I downloaded from the site, I will send some images of how the configuration is through the webgui, so I noticed everything is correct, what is happening is that the function and the rule is not being applied for some reason that I don't know. <image.png> <image.png> <image.png> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net>> escreveu: Check and make sure your realms are defined also. On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello, I know when I ran into this issue, it had to do with the authorization source for AD. In the source, I had an authentication rule that matched the sAMAccountName is member of “group name”. The group name must be the AD DN (distinguished name) of the group. CN=%security group you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain suffix% *From:* Wagner Liegio via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net>> *Sent:* Monday, March 16, 2020 1:08 PM *To:* packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> *Cc:* Wagner Liegio <wagner.lie...@gmail.com <mailto:wagner.lie...@gmail.com>> *Subject:* [PacketFence-users] authentication sources packetfence 9.3 Good afternoon, I'm facing the same problem only in version 9.3. I have done everything I can think of, reconfigured the domain, the connection profile, checked the rules and functions. The error follows: No role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: ee: 7d); assumes maximum number of registered nodes is reached (pf :: node :: is_max_reg_nodes_reached) plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed (pf :: registration :: setup_node_for_registration) plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max nodes per pid met or exceeded (pf :: radius :: authorize) plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: d0: 94: 66: db: ee: 7d] Database query failed with non retryable error: Cannot add or update a child row: a foreign key constraint fails (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT INTO node (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, category_id, computername, detect_date, device_class, device_manufacturer, device_score, device_type, device_version, dhcp6_enterprise, dhcp6_fingerprint, dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, lastskip, mac, machine_account, notes, regdate, sessionid, status, tenant_id, time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, NULL, NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ pereira, reg, 1} (pf :: dal :: db_execute) _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net <mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
