No, authentication is domain \ user using the 802.1x protocol Em sex., 20 de mar. de 2020 às 11:25, Zacharry Williams <[email protected]> escreveu:
> Domain computers should be logging in with host\computername. Are you > trying to do machine auth? > > > On Fri, Mar 20, 2020, 5:59 AM Wagner Liegio <[email protected]> > wrote: > >> Hello Zachary, >> >> I already performed this test, computers outside the domain using >> username and password authenticate. My problem is domain computer. Please >> help me resolve this. >> >> Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via >> PacketFence-users <[email protected]> escreveu: >> >>> Try logging in with just a username and password. No ANA\ or anything. >>> >>> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users < >>> [email protected]> wrote: >>> >>>> Good afternoon, >>>> >>>> I made the suggested adjustments by activating the strip in radius, >>>> created a new realm, and the error persists. User authentication searching >>>> for the domain only works, manually registering the node in the >>>> packetfence. Therefore, the error still remains in the database when trying >>>> to register auto. >>>> Below is the database error log: >>>> >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip >>>> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => >>>> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username => >>>> "ANA\iran" (pf::radius::authorize) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >>>> (pf::Connection::ProfileFactory::_from_profile) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for >>>> realm 'default' (pf::config::util::filter_authentication_sources) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching >>>> (pf::authentication::match2) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection (pf::LDAP::expire_if) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg >>>> (pf::role::getNodeInfoForAutoReg) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran >>>> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is >>>> reached (pf::node::is_max_reg_nodes_reached) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - >>>> registration of d0:94:66:db:ae:77 to ANA\iran failed >>>> (pf::registration::setup_node_for_registration) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes >>>> per pid met or exceeded (pf::radius::authorize) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable >>>> error: Cannot add or update a child row: a foreign key constraint fails >>>> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES >>>> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, >>>> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, >>>> `detect_date`, `device_class`, `device_manufacturer`, `device_score`, >>>> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, >>>> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, >>>> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, >>>> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, >>>> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY >>>> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, >>>> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, >>>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, >>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, >>>> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, >>>> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) >>>> (pf::radius::authorize) >>>> >>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>> PacketFence-users <[email protected]> escreveu: >>>> >>>>> Try that: >>>>> >>>>> pftest authentication ANA\pereira "" >>>>> >>>>> and >>>>> >>>>> pftest authentication pereira "" >>>>> >>>>> to see if the user is found and if it match a rule. >>>>> >>>>> If the second one works then in the ANA realm enable strip in radius. >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> >>>>> >>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>> écrit : >>>>> >>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>> radius for null and your domain and and try logging on with just your >>>>> username and password. I'm guessing your realms config isn't matching. For >>>>> us we had three domains and we had to add them all. For example >>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>> >>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>>>> [email protected]> wrote: >>>>> >>>>>> Good afternoon, >>>>>> >>>>>> Follow the requested files attached. >>>>>> >>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>> [email protected]> escreveu: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> Could you post the result fo those two commands: >>>>>>> >>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>> >>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>> >>>>>>> remove your informations. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>> www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>> Good Morning, >>>>>>> >>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that I >>>>>>> downloaded from the site, I will send some images of how the >>>>>>> configuration >>>>>>> is through the webgui, so I noticed everything is correct, what is >>>>>>> happening is that the function and the rule is not being applied for >>>>>>> some >>>>>>> reason that I don't know. >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>> PacketFence-users <[email protected]> >>>>>>> escreveu: >>>>>>> >>>>>>>> Check and make sure your realms are defined also. >>>>>>>> >>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via PacketFence-users >>>>>>>> <[email protected]> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>> authorization source for AD. In the source, I had an authentication >>>>>>>>> rule >>>>>>>>> that matched the sAMAccountName is member of “group name”. The group >>>>>>>>> name >>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security >>>>>>>>> group >>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain >>>>>>>>> suffix% >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>> [email protected]> >>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>> *To:* [email protected] >>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>> *Subject:* [PacketFence-users] authentication sources packetfence >>>>>>>>> 9.3 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Good afternoon, I'm facing the same problem only in version 9.3. I >>>>>>>>> have done everything I can think of, reconfigured the domain, the >>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>> follows: No >>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: >>>>>>>>> ee: 7d); >>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node :: >>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>>>>> d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>> registration of >>>>>>>>> d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max >>>>>>>>> nodes >>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non retryable >>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>> fails >>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES >>>>>>>>> person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>>>>>> 1452) >>>>>>>>> [INSERT INTO node >>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>> device_manufacturer, >>>>>>>>> device_score, device_type, >>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>> lastskip, >>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, >>>>>>>>> NULL, >>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, NULL, >>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 >>>>>>>>> 00:00:00, >>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ >>>>>>>>> pereira, reg, >>>>>>>>> 1} >>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing >>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
