Dear, I'm copying the analyst Leandro to follow the case and try to solve it. I ask you to send me what you need.
Em sex., 20 de mar. de 2020 às 14:32, Wagner Liegio <[email protected]> escreveu: > No, authentication is domain \ user using the 802.1x protocol > > Em sex., 20 de mar. de 2020 às 11:25, Zacharry Williams < > [email protected]> escreveu: > >> Domain computers should be logging in with host\computername. Are you >> trying to do machine auth? >> >> >> On Fri, Mar 20, 2020, 5:59 AM Wagner Liegio <[email protected]> >> wrote: >> >>> Hello Zachary, >>> >>> I already performed this test, computers outside the domain using >>> username and password authenticate. My problem is domain computer. Please >>> help me resolve this. >>> >>> Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via >>> PacketFence-users <[email protected]> escreveu: >>> >>>> Try logging in with just a username and password. No ANA\ or anything. >>>> >>>> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users < >>>> [email protected]> wrote: >>>> >>>>> Good afternoon, >>>>> >>>>> I made the suggested adjustments by activating the strip in radius, >>>>> created a new realm, and the error persists. User authentication searching >>>>> for the domain only works, manually registering the node in the >>>>> packetfence. Therefore, the error still remains in the database when >>>>> trying >>>>> to register auto. >>>>> Below is the database error log: >>>>> >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip >>>>> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => >>>>> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username >>>>> => >>>>> "ANA\iran" (pf::radius::authorize) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for >>>>> realm 'default' (pf::config::util::filter_authentication_sources) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching >>>>> (pf::authentication::match2) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>> (pf::LDAP::expire_if) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg >>>>> (pf::role::getNodeInfoForAutoReg) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran >>>>> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is >>>>> reached (pf::node::is_max_reg_nodes_reached) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - >>>>> registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>> (pf::registration::setup_node_for_registration) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes >>>>> per pid met or exceeded (pf::radius::authorize) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable >>>>> error: Cannot add or update a child row: a foreign key constraint fails >>>>> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) >>>>> REFERENCES >>>>> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, >>>>> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, >>>>> `detect_date`, `device_class`, `device_manufacturer`, `device_score`, >>>>> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, >>>>> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, >>>>> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, >>>>> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, >>>>> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>>> ?, >>>>> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY >>>>> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, >>>>> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, >>>>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, >>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, >>>>> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, >>>>> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) >>>>> (pf::radius::authorize) >>>>> >>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>> PacketFence-users <[email protected]> escreveu: >>>>> >>>>>> Try that: >>>>>> >>>>>> pftest authentication ANA\pereira "" >>>>>> >>>>>> and >>>>>> >>>>>> pftest authentication pereira "" >>>>>> >>>>>> to see if the user is found and if it match a rule. >>>>>> >>>>>> If the second one works then in the ANA realm enable strip in radius. >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>> écrit : >>>>>> >>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>> radius for null and your domain and and try logging on with just your >>>>>> username and password. I'm guessing your realms config isn't matching. >>>>>> For >>>>>> us we had three domains and we had to add them all. For example >>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>> >>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Good afternoon, >>>>>>> >>>>>>> Follow the requested files attached. >>>>>>> >>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>> [email protected]> escreveu: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> Could you post the result fo those two commands: >>>>>>>> >>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>> >>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>> >>>>>>>> remove your informations. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>>> www.inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>> PacketFence (http://packetfence.org) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>> Good Morning, >>>>>>>> >>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that I >>>>>>>> downloaded from the site, I will send some images of how the >>>>>>>> configuration >>>>>>>> is through the webgui, so I noticed everything is correct, what is >>>>>>>> happening is that the function and the rule is not being applied for >>>>>>>> some >>>>>>>> reason that I don't know. >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>> PacketFence-users <[email protected]> >>>>>>>> escreveu: >>>>>>>> >>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>> >>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>> PacketFence-users <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>> authorization source for AD. In the source, I had an authentication >>>>>>>>>> rule >>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>> group name >>>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security >>>>>>>>>> group >>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain >>>>>>>>>> suffix% >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>> [email protected]> >>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>> *To:* [email protected] >>>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>> packetfence 9.3 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Good afternoon, I'm facing the same problem only in version 9.3. >>>>>>>>>> I have done everything I can think of, reconfigured the domain, the >>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>> follows: No >>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: >>>>>>>>>> ee: 7d); >>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node :: >>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max >>>>>>>>>> nodes >>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>> retryable >>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>>> fails >>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES >>>>>>>>>> person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>>>>>>> 1452) >>>>>>>>>> [INSERT INTO node >>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>> device_manufacturer, >>>>>>>>>> device_score, device_type, >>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>> lastskip, >>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, >>>>>>>>>> NULL, >>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>> NULL, >>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 >>>>>>>>>> 00:00:00, >>>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ >>>>>>>>>> pereira, reg, >>>>>>>>>> 1} >>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing >>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
