Good morning Fabrice, Follows return of the informed command:
version: 1 # # LDAPv3 # base <OU = Users, OU = Tabajara Headquarters, DC = tabajara, DC = com, DC = br> with scope subtree # filter: sAMAccountName = packetfence # requesting: ALL # # packetfence, PacketFence, Service, Users, Tabajara Headquarters, tabajara.com.br dn: CN = packetfence, OU = PacketFence, OU = Service, OU = Users, OU = Tabajara Sede, DC = taba jara, DC = com, DC = br objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: packetfence givenName: packetfence distinguishedName: CN = packetfence, OU = PacketFence, OU = Service, OU = Users, OU = Table jara Headquarters, DC = tabajara, DC = com, DC = br instanceType: 4 whenCreated: 20190522175834.0Z whenChanged: 20200314212343.0Z displayName: packetfence uSNCreated: 332707737 memberOf: CN = Domain Admins, CN = Users, DC = tabajara, DC = com, DC = us uSNChanged: 354881720 name: packetfence objectGUID :: Gtp8SctV30ObE156O9onWA == userAccountControl: 66048 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 134565121389590252 lastLogon: 133465121436547757 pwdLastSet: 132030215143488213 primaryGroupID: 513 objectSid :: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3io7GNA == adminCount: 1 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: packetfence sAMAccountType: 805306368 userPrincipalName: packetfe...@tabajara.com.br objectCategory: CN = Person, CN = Schema, CN = Configuration, DC = tabajara, DC = com, DC = us dSCorePropagationData: 16010101000000.0Z mS-DS-ConsistencyGuid :: Gtp8SctV30ObE156O9onWA == lastLogonTimestamp: 132286946239647914 # search result # numResponses: 2 # numEntries: 1 Sincerely, Wagner Em qui., 19 de mar. de 2020 às 23:45, Durand fabrice <fdur...@inverse.ca> escreveu: > If you stripped in radius in the realm ANA, it mean that packetfence is > doing a ldap search with sAMAccountName=iran > > So try that from the cli: > > ldapsearch -h 10.10.10.70 -s sub -b "OU=Usuarios,OU=Tabajara > Sede,DC=tabajara,DC=com,DC=br" -D > "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara > Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L > "sAMAccountName=iran" > > and see if it return something. > > Regards > > Fabrice > > > Le 20-03-19 à 14 h 42, Wagner Liegio a écrit : > > Good afternoon, > > I made the suggested adjustments by activating the strip in radius, > created a new realm, and the error persists. User authentication searching > for the domain only works, manually registering the node in the > packetfence. Therefore, the error still remains in the database when trying > to register auto. > Below is the database error log: > > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip > => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => > (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username => > "ANA\iran" (pf::radius::authorize) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x > (pf::Connection::ProfileFactory::_from_profile) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for > realm 'default' (pf::config::util::filter_authentication_sources) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching > (pf::authentication::match2) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection (pf::LDAP::expire_if) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran > (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is > reached (pf::node::is_max_reg_nodes_reached) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - > registration of d0:94:66:db:ae:77 to ANA\iran failed > (pf::registration::setup_node_for_registration) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes > per pid met or exceeded (pf::radius::authorize) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable > error: Cannot add or update a child row: a foreign key constraint fails > (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES > `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: > 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, > `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, > `detect_date`, `device_class`, `device_manufacturer`, `device_score`, > `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, > `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, > `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, > `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, > `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, > ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY > UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, > `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, > 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, > ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, > NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) > Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) > ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) > (pf::radius::authorize) > > Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via PacketFence-users > <packetfence-users@lists.sourceforge.net> escreveu: > >> Try that: >> >> pftest authentication ANA\pereira "" >> >> and >> >> pftest authentication pereira "" >> >> to see if the user is found and if it match a rule. >> >> If the second one works then in the ANA realm enable strip in radius. >> >> Regards >> >> Fabrice >> >> >> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a écrit : >> >> Gonna take a wild guess here, in your realms config turn on strip radius >> for null and your domain and and try logging on with just your username and >> password. I'm guessing your realms config isn't matching. For us we had >> three domains and we had to add them all. For example COMPANY.ORG, >> COMPANY.LAN, COMPANY.COM. >> >> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >> packetfence-users@lists.sourceforge.net> wrote: >> >>> Good afternoon, >>> >>> Follow the requested files attached. >>> >>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit <lzam...@inverse.ca> >>> escreveu: >>> >>>> Hello, >>>> >>>> Could you post the result fo those two commands: >>>> >>>> cat /usr/local/pf/conf/authentication.conf >>>> >>>> cat /usr/local/pf/conf/profiles.conf >>>> >>>> remove your informations. >>>> >>>> Thanks, >>>> >>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>> packetfence-users@lists.sourceforge.net> wrote: >>>> >>>> Good Morning, >>>> >>>> The rules, functions are standard on the Zen packetfence 9.3 that I >>>> downloaded from the site, I will send some images of how the configuration >>>> is through the webgui, so I noticed everything is correct, what is >>>> happening is that the function and the rule is not being applied for some >>>> reason that I don't know. >>>> >>>> <image.png> >>>> >>>> <image.png> >>>> >>>> <image.png> >>>> >>>> >>>> >>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu: >>>> >>>>> Check and make sure your realms are defined also. >>>>> >>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I know when I ran into this issue, it had to do with the >>>>>> authorization source for AD. In the source, I had an authentication rule >>>>>> that matched the sAMAccountName is member of “group name”. The group >>>>>> name >>>>>> must be the AD DN (distinguished name) of the group. CN=%security group >>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain >>>>>> suffix% >>>>>> >>>>>> >>>>>> >>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>> packetfence-users@lists.sourceforge.net> >>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>> *To:* packetfence-users@lists.sourceforge.net >>>>>> *Cc:* Wagner Liegio <wagner.lie...@gmail.com> >>>>>> *Subject:* [PacketFence-users] authentication sources packetfence 9.3 >>>>>> >>>>>> >>>>>> >>>>>> Good afternoon, I'm facing the same problem only in version 9.3. I >>>>>> have done everything I can think of, reconfigured the domain, the >>>>>> connection profile, checked the rules and functions. The error follows: >>>>>> No >>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: ee: >>>>>> 7d); >>>>>> assumes maximum number of registered nodes is reached (pf :: node :: >>>>>> is_max_reg_nodes_reached) >>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>> d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - registration >>>>>> of >>>>>> d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>> (pf :: registration :: setup_node_for_registration) >>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>> d0: 94: 66: db: ee: 7d] auto-registration of node failed max nodes per >>>>>> pid >>>>>> met or exceeded (pf :: radius :: authorize) >>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>> d0: 94: 66: db: ee: 7d] Database query failed with non retryable error: >>>>>> Cannot add or update a child row: a foreign key constraint fails >>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES >>>>>> person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>>> 1452) >>>>>> [INSERT INTO node >>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>> category_id, computername, detect_date, device_class, >>>>>> device_manufacturer, >>>>>> device_score, device_type, >>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, lastskip, >>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, NULL, >>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, NULL, >>>>>> NULL, NULL, NULL, NULL, >>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0: >>>>>> 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 00:00:00, NULL, >>>>>> reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ pereira, reg, 1} >>>>>> (pf :: dal :: db_execute) >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> >>>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> _______________________________________________ >> PacketFence-users mailing >> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users