Show me the logs of a successful one. You said it works with a non domain joined PC?
On Fri, Mar 20, 2020, 12:03 PM Wagner Liegio <wagner.lie...@gmail.com> wrote: > Zacharry, > > Here is the example: Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: > httpd.aaa (6759) WARN: [mac: d0: 94: 66: db: ae: 77] No role specified or > found for pid ANA \ iran ( MAC d0: 94: 66: db: ae: 77); assumes maximum > number of registered nodes is reached (pf :: node :: > is_max_reg_nodes_reached) but, they are all users of the domain and > computer in the domain. The problem is not the user, but how the rule is > being applied, there is a problem with that. I have version 8 running with > the same parameters and I have no problem with auto register. > > Em sex., 20 de mar. de 2020 às 15:14, Zacharry Williams < > zachar...@gmail.com> escreveu: > >> What's the distinguished name of your user? The log says it found the >> auth source but didn't match a role. >> >> On Fri, Mar 20, 2020, 10:42 AM Wagner Liegio <wagner.lie...@gmail.com> >> wrote: >> >>> Dear, >>> >>> I'm copying the analyst Leandro to follow the case and try to solve it. >>> I ask you to send me what you need. >>> >>> Em sex., 20 de mar. de 2020 às 14:32, Wagner Liegio < >>> wagner.lie...@gmail.com> escreveu: >>> >>>> No, authentication is domain \ user using the 802.1x protocol >>>> >>>> Em sex., 20 de mar. de 2020 às 11:25, Zacharry Williams < >>>> zachar...@gmail.com> escreveu: >>>> >>>>> Domain computers should be logging in with host\computername. Are you >>>>> trying to do machine auth? >>>>> >>>>> >>>>> On Fri, Mar 20, 2020, 5:59 AM Wagner Liegio <wagner.lie...@gmail.com> >>>>> wrote: >>>>> >>>>>> Hello Zachary, >>>>>> >>>>>> I already performed this test, computers outside the domain using >>>>>> username and password authenticate. My problem is domain computer. Please >>>>>> help me resolve this. >>>>>> >>>>>> Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via >>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu: >>>>>> >>>>>>> Try logging in with just a username and password. No ANA\ or >>>>>>> anything. >>>>>>> >>>>>>> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users < >>>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>>> >>>>>>>> Good afternoon, >>>>>>>> >>>>>>>> I made the suggested adjustments by activating the strip in radius, >>>>>>>> created a new realm, and the error persists. User authentication >>>>>>>> searching >>>>>>>> for the domain only works, manually registering the node in the >>>>>>>> packetfence. Therefore, the error still remains in the database when >>>>>>>> trying >>>>>>>> to register auto. >>>>>>>> Below is the database error log: >>>>>>>> >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling radius autz >>>>>>>> request: >>>>>>>> from switch_ip => (10.95.10.1), connection_type => >>>>>>>> Ethernet-EAP,switch_mac >>>>>>>> => (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, >>>>>>>> username >>>>>>>> => "ANA\iran" (pf::radius::authorize) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate profile >>>>>>>> 802.1x >>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found authentication >>>>>>>> source(s) : 'Ana' for realm 'default' >>>>>>>> (pf::config::util::filter_authentication_sources) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for >>>>>>>> matching (pf::authentication::match2) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>>>>> (pf::LDAP::expire_if) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category computed for >>>>>>>> autoreg (pf::role::getNodeInfoForAutoReg) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role specified or >>>>>>>> found >>>>>>>> for pid ANA\iran (MAC d0:94:66:db:ae:77); assume maximum number of >>>>>>>> registered nodes is reached (pf::node::is_max_reg_nodes_reached) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or >>>>>>>> exceeded - registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>>>>> (pf::registration::setup_node_for_registration) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] auto-registration of >>>>>>>> node >>>>>>>> failed max nodes per pid met or exceeded (pf::radius::authorize) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database query failed >>>>>>>> with >>>>>>>> non retryable error: Cannot add or update a child row: a foreign key >>>>>>>> constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY >>>>>>>> (`tenant_id`, >>>>>>>> `pid`) REFERENCES `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON >>>>>>>> UPDATE >>>>>>>> CASCADE) (errno: 1452) [INSERT INTO `node` ( `autoreg`, >>>>>>>> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, >>>>>>>> `computername`, `detect_date`, `device_class`, `device_manufacturer`, >>>>>>>> `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, >>>>>>>> `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, >>>>>>>> `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, >>>>>>>> `notes`, >>>>>>>> `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, >>>>>>>> `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>>>>>> ?, >>>>>>>> ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) >>>>>>>> ON >>>>>>>> DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, >>>>>>>> `status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, >>>>>>>> 2020-03-19 18:15:11, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, >>>>>>>> NULL, >>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>> d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00 00:00:00, NULL, >>>>>>>> reg, 1, >>>>>>>> NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA\iran, reg, 1} >>>>>>>> (pf::dal::db_execute) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save >>>>>>>> d0:94:66:db:ae:77 error (500) (pf::radius::authorize) >>>>>>>> >>>>>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>> escreveu: >>>>>>>> >>>>>>>>> Try that: >>>>>>>>> >>>>>>>>> pftest authentication ANA\pereira "" >>>>>>>>> >>>>>>>>> and >>>>>>>>> >>>>>>>>> pftest authentication pereira "" >>>>>>>>> >>>>>>>>> to see if the user is found and if it match a rule. >>>>>>>>> >>>>>>>>> If the second one works then in the ANA realm enable strip in >>>>>>>>> radius. >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> Fabrice >>>>>>>>> >>>>>>>>> >>>>>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>>>>> écrit : >>>>>>>>> >>>>>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>>>>> radius for null and your domain and and try logging on with just your >>>>>>>>> username and password. I'm guessing your realms config isn't >>>>>>>>> matching. For >>>>>>>>> us we had three domains and we had to add them all. For example >>>>>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>>>>> >>>>>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users >>>>>>>>> <packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>> >>>>>>>>>> Good afternoon, >>>>>>>>>> >>>>>>>>>> Follow the requested files attached. >>>>>>>>>> >>>>>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>>>>> lzam...@inverse.ca> escreveu: >>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> Could you post the result fo those two commands: >>>>>>>>>>> >>>>>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>>>>> >>>>>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>>>>> >>>>>>>>>>> remove your informations. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>>>>>>> www.inverse.ca >>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users >>>>>>>>>>> <packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Good Morning, >>>>>>>>>>> >>>>>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 >>>>>>>>>>> that I downloaded from the site, I will send some images of how the >>>>>>>>>>> configuration is through the webgui, so I noticed everything is >>>>>>>>>>> correct, >>>>>>>>>>> what is happening is that the function and the rule is not being >>>>>>>>>>> applied >>>>>>>>>>> for some reason that I don't know. >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>>>>> escreveu: >>>>>>>>>>> >>>>>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> >>>>>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>>>>> authorization source for AD. In the source, I had an >>>>>>>>>>>>> authentication rule >>>>>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>>>>> group name >>>>>>>>>>>>> must be the AD DN (distinguished name) of the group. >>>>>>>>>>>>> CN=%security group >>>>>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your >>>>>>>>>>>>> domain%,DC=%domain suffix% >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>>>>> packetfence-users@lists.sourceforge.net> >>>>>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>>>>> *To:* packetfence-users@lists.sourceforge.net >>>>>>>>>>>>> *Cc:* Wagner Liegio <wagner.lie...@gmail.com> >>>>>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>>>>> packetfence 9.3 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Good afternoon, I'm facing the same problem only in version >>>>>>>>>>>>> 9.3. I have done everything I can think of, reconfigured the >>>>>>>>>>>>> domain, the >>>>>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>>>>> follows: No >>>>>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: >>>>>>>>>>>>> db: ee: 7d); >>>>>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node >>>>>>>>>>>>> :: >>>>>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed >>>>>>>>>>>>> max nodes >>>>>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>>>>> retryable >>>>>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>>>>>> fails >>>>>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) >>>>>>>>>>>>> REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE >>>>>>>>>>>>> CASCADE) >>>>>>>>>>>>> (errno: 1452) [INSERT INTO node >>>>>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>>>>> device_manufacturer, >>>>>>>>>>>>> device_score, device_type, >>>>>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>>>>> lastskip, >>>>>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, >>>>>>>>>>>>> tenant_id, >>>>>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = >>>>>>>>>>>>> ?, >>>>>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, >>>>>>>>>>>>> NULL, NULL, >>>>>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>>>>> NULL, >>>>>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 >>>>>>>>>>>>> 00:00:00, d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, >>>>>>>>>>>>> 0000-00-00 >>>>>>>>>>>>> 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, >>>>>>>>>>>>> ANA \ >>>>>>>>>>>>> pereira, reg, 1} >>>>>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing >>>>>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users