Zacharry, Here is the example: Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (6759) WARN: [mac: d0: 94: 66: db: ae: 77] No role specified or found for pid ANA \ iran ( MAC d0: 94: 66: db: ae: 77); assumes maximum number of registered nodes is reached (pf :: node :: is_max_reg_nodes_reached) but, they are all users of the domain and computer in the domain. The problem is not the user, but how the rule is being applied, there is a problem with that. I have version 8 running with the same parameters and I have no problem with auto register.
Em sex., 20 de mar. de 2020 às 15:14, Zacharry Williams <[email protected]> escreveu: > What's the distinguished name of your user? The log says it found the > auth source but didn't match a role. > > On Fri, Mar 20, 2020, 10:42 AM Wagner Liegio <[email protected]> > wrote: > >> Dear, >> >> I'm copying the analyst Leandro to follow the case and try to solve it. I >> ask you to send me what you need. >> >> Em sex., 20 de mar. de 2020 às 14:32, Wagner Liegio < >> [email protected]> escreveu: >> >>> No, authentication is domain \ user using the 802.1x protocol >>> >>> Em sex., 20 de mar. de 2020 às 11:25, Zacharry Williams < >>> [email protected]> escreveu: >>> >>>> Domain computers should be logging in with host\computername. Are you >>>> trying to do machine auth? >>>> >>>> >>>> On Fri, Mar 20, 2020, 5:59 AM Wagner Liegio <[email protected]> >>>> wrote: >>>> >>>>> Hello Zachary, >>>>> >>>>> I already performed this test, computers outside the domain using >>>>> username and password authenticate. My problem is domain computer. Please >>>>> help me resolve this. >>>>> >>>>> Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via >>>>> PacketFence-users <[email protected]> escreveu: >>>>> >>>>>> Try logging in with just a username and password. No ANA\ or >>>>>> anything. >>>>>> >>>>>> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Good afternoon, >>>>>>> >>>>>>> I made the suggested adjustments by activating the strip in radius, >>>>>>> created a new realm, and the error persists. User authentication >>>>>>> searching >>>>>>> for the domain only works, manually registering the node in the >>>>>>> packetfence. Therefore, the error still remains in the database when >>>>>>> trying >>>>>>> to register auto. >>>>>>> Below is the database error log: >>>>>>> >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling radius autz >>>>>>> request: >>>>>>> from switch_ip => (10.95.10.1), connection_type => >>>>>>> Ethernet-EAP,switch_mac >>>>>>> => (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, >>>>>>> username >>>>>>> => "ANA\iran" (pf::radius::authorize) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found authentication >>>>>>> source(s) : 'Ana' for realm 'default' >>>>>>> (pf::config::util::filter_authentication_sources) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for >>>>>>> matching (pf::authentication::match2) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>>>> (pf::LDAP::expire_if) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category computed for >>>>>>> autoreg (pf::role::getNodeInfoForAutoReg) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role specified or found >>>>>>> for pid ANA\iran (MAC d0:94:66:db:ae:77); assume maximum number of >>>>>>> registered nodes is reached (pf::node::is_max_reg_nodes_reached) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or >>>>>>> exceeded - registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>>>> (pf::registration::setup_node_for_registration) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node >>>>>>> failed max nodes per pid met or exceeded (pf::radius::authorize) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database query failed >>>>>>> with >>>>>>> non retryable error: Cannot add or update a child row: a foreign key >>>>>>> constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY >>>>>>> (`tenant_id`, >>>>>>> `pid`) REFERENCES `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON >>>>>>> UPDATE >>>>>>> CASCADE) (errno: 1452) [INSERT INTO `node` ( `autoreg`, >>>>>>> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, >>>>>>> `computername`, `detect_date`, `device_class`, `device_manufacturer`, >>>>>>> `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, >>>>>>> `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, >>>>>>> `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, `notes`, >>>>>>> `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, >>>>>>> `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>>>>> ?, >>>>>>> ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) >>>>>>> ON >>>>>>> DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, >>>>>>> `status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, >>>>>>> 2020-03-19 18:15:11, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, >>>>>>> NULL, >>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>> d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00 00:00:00, NULL, >>>>>>> reg, 1, >>>>>>> NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA\iran, reg, 1} >>>>>>> (pf::dal::db_execute) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save >>>>>>> d0:94:66:db:ae:77 error (500) (pf::radius::authorize) >>>>>>> >>>>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>>>> PacketFence-users <[email protected]> >>>>>>> escreveu: >>>>>>> >>>>>>>> Try that: >>>>>>>> >>>>>>>> pftest authentication ANA\pereira "" >>>>>>>> >>>>>>>> and >>>>>>>> >>>>>>>> pftest authentication pereira "" >>>>>>>> >>>>>>>> to see if the user is found and if it match a rule. >>>>>>>> >>>>>>>> If the second one works then in the ANA realm enable strip in >>>>>>>> radius. >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> Fabrice >>>>>>>> >>>>>>>> >>>>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>>>> écrit : >>>>>>>> >>>>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>>>> radius for null and your domain and and try logging on with just your >>>>>>>> username and password. I'm guessing your realms config isn't matching. >>>>>>>> For >>>>>>>> us we had three domains and we had to add them all. For example >>>>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>>>> >>>>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Good afternoon, >>>>>>>>> >>>>>>>>> Follow the requested files attached. >>>>>>>>> >>>>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>>>> [email protected]> escreveu: >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> Could you post the result fo those two commands: >>>>>>>>>> >>>>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>>>> >>>>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>>>> >>>>>>>>>> remove your informations. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>>>>> www.inverse.ca >>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>> Good Morning, >>>>>>>>>> >>>>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that >>>>>>>>>> I downloaded from the site, I will send some images of how the >>>>>>>>>> configuration is through the webgui, so I noticed everything is >>>>>>>>>> correct, >>>>>>>>>> what is happening is that the function and the rule is not being >>>>>>>>>> applied >>>>>>>>>> for some reason that I don't know. >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>> escreveu: >>>>>>>>>> >>>>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>>>> >>>>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>>>> authorization source for AD. In the source, I had an >>>>>>>>>>>> authentication rule >>>>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>>>> group name >>>>>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security >>>>>>>>>>>> group >>>>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your >>>>>>>>>>>> domain%,DC=%domain suffix% >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>>>> [email protected]> >>>>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>>>> *To:* [email protected] >>>>>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>>>> packetfence 9.3 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Good afternoon, I'm facing the same problem only in version >>>>>>>>>>>> 9.3. I have done everything I can think of, reconfigured the >>>>>>>>>>>> domain, the >>>>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>>>> follows: No >>>>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: >>>>>>>>>>>> ee: 7d); >>>>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node >>>>>>>>>>>> :: >>>>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max >>>>>>>>>>>> nodes >>>>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>>>> retryable >>>>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>>>>> fails >>>>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) >>>>>>>>>>>> REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE >>>>>>>>>>>> CASCADE) >>>>>>>>>>>> (errno: 1452) [INSERT INTO node >>>>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>>>> device_manufacturer, >>>>>>>>>>>> device_score, device_type, >>>>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>>>> lastskip, >>>>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, >>>>>>>>>>>> NULL, NULL, >>>>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>>>> NULL, >>>>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 >>>>>>>>>>>> 00:00:00, >>>>>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ >>>>>>>>>>>> pereira, reg, >>>>>>>>>>>> 1} >>>>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing >>>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
