Good afternoon,
I made the suggested adjustments by activating the strip in
radius, created a new realm, and the error persists. User
authentication searching for the domain only works, manually
registering the node in the packetfence. Therefore, the error
still remains in the database when trying to register auto.
Below is the database error log:
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling radius
autz request: from switch_ip => (10.95.10.1), connection_type =>
Ethernet-EAP,switch_mac => (c8:0c:c8:f1:25:20), mac =>
[d0:94:66:db:ae:77], port => 78774, username => "ANA\iran"
(pf::radius::authorize)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate profile
802.1x (pf::Connection::ProfileFactory::_from_profile)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found
authentication source(s) : 'Ana' for realm 'default'
(pf::config::util::filter_authentication_sources)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources Ana
for matching (pf::authentication::match2)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing
connection (pf::LDAP::expire_if)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category
computed for autoreg (pf::role::getNodeInfoForAutoReg)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role specified
or found for pid ANA\iran (MAC d0:94:66:db:ae:77); assume maximum
number of registered nodes is reached
(pf::node::is_max_reg_nodes_reached)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid
met or exceeded - registration of d0:94:66:db:ae:77 to ANA\iran
failed (pf::registration::setup_node_for_registration)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] auto-registration
of node failed max nodes per pid met or exceeded
(pf::radius::authorize)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database query
failed with non retryable error: Cannot add or update a child
row: a foreign key constraint fails (`pf`.`node`, CONSTRAINT
`0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES `person`
(`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno:
1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`,
`bypass_role_id`, `bypass_vlan`, `category_id`, `computername`,
`detect_date`, `device_class`, `device_manufacturer`,
`device_score`, `device_type`, `device_version`,
`dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`,
`dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, `lastskip`,
`mac`, `machine_account`, `notes`, `pid`, `regdate`, `sessionid`,
`status`, `tenant_id`, `time_balance`, `unregdate`, `user_agent`,
`voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE
KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?,
`status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL,
2020-03-19 18:15:11, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00
00:00:00, d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00
00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes,
ANA\iran, reg, 1} (pf::dal::db_execute)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save
d0:94:66:db:ae:77 error (500) (pf::radius::authorize)
Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via
PacketFence-users <[email protected]
<mailto:[email protected]>> escreveu:
Try that:
pftest authentication ANA\pereira ""
and
pftest authentication pereira ""
to see if the user is found and if it match a rule.
If the second one works then in the ANA realm enable strip in
radius.
Regards
Fabrice
Le 20-03-18 à 20 h 13, Zacharry Williams via
PacketFence-users a écrit :
Gonna take a wild guess here, in your realms config turn on
strip radius for null and your domain and and try logging on
with just your username and password. I'm guessing your
realms config isn't matching. For us we had three domains
and we had to add them all. For example COMPANY.ORG
<http://COMPANY.ORG>, COMPANY.LAN, COMPANY.COM
<http://COMPANY.COM>.
On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via
PacketFence-users <[email protected]
<mailto:[email protected]>> wrote:
Good afternoon,
Follow the requested files attached.
Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit
<[email protected] <mailto:[email protected]>> escreveu:
Hello,
Could you post the result fo those two commands:
cat /usr/local/pf/conf/authentication.conf
cat /usr/local/pf/conf/profiles.conf
remove your informations.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918
(x145) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
On Mar 17, 2020, at 9:42 AM, Wagner Liegio via
PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
Good Morning,
The rules, functions are standard on the Zen
packetfence 9.3 that I downloaded from the site, I
will send some images of how the configuration is
through the webgui, so I noticed everything is
correct, what is happening is that the function and
the rule is not being applied for some reason that
I don't know.
<image.png>
<image.png>
<image.png>
Em ter., 17 de mar. de 2020 às 00:04, Zacharry
Williams via PacketFence-users
<[email protected]
<mailto:[email protected]>>
escreveu:
Check and make sure your realms are defined also.
On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell
via PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
Hello,
I know when I ran into this issue, it had
to do with the authorization source for
AD. In the source, I had an authentication
rule that matched the sAMAccountName is
member of “group name”. The group name must
be the AD DN (distinguished name) of the
group. CN=%security group you want%,OU=%OU
the object resides in%,DC=%your
domain%,DC=%domain suffix%
*From:* Wagner Liegio via PacketFence-users
<[email protected]
<mailto:[email protected]>>
*Sent:* Monday, March 16, 2020 1:08 PM
*To:*
[email protected]
<mailto:[email protected]>
*Cc:* Wagner Liegio
<[email protected]
<mailto:[email protected]>>
*Subject:* [PacketFence-users]
authentication sources packetfence 9.3
Good afternoon, I'm facing the same problem
only in version 9.3. I have done everything
I can think of, reconfigured the domain,
the connection profile, checked the rules
and functions. The error follows: No role
specified or found for pid ANA \ pereira
(MAC d0: 94: 66: db: ee: 7d); assumes
maximum number of registered nodes is
reached (pf :: node ::
is_max_reg_nodes_reached)
plpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa (9837) ERROR: [mac: d0: 94: 66:
db: ee: 7d] max nodes per pid met or
exceeded - registration of d0: 94: 66: db:
ae: 7d to ANA \ pereira failed
(pf :: registration ::
setup_node_for_registration)
plpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa (9837) ERROR: [mac: d0: 94: 66:
db: ee: 7d] auto-registration of node
failed max nodes per pid met or exceeded
(pf :: radius :: authorize)
plpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa (9837) ERROR: [mac: d0: 94: 66:
db: ee: 7d] Database query failed with non
retryable error: Cannot add or update a
child row: a foreign key constraint fails
(pf.node, CONSTRAINT 0_57 FOREIGN KEY
(tenant_id, pid) REFERENCES person
(tenant_id, pid) ON DELETE CASCADE ON
UPDATE CASCADE) (errno: 1452) [INSERT INTO node
(autoreg, bandwidth_balance,
bypass_role_id, bypass_vlan, category_id,
computername, detect_date, device_class,
device_manufacturer, device_score, device_type,
device_version, dhcp6_enterprise,
dhcp6_fingerprint, dhcp_fingerprint,
dhcp_vendor, last_arp, last_dhcp,
last_seen, lastskip, mac, machine_account,
notes, regdate, sessionid, status,
tenant_id, time_balance, void, user?
?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW
(),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE
KEY UPDATE autoreg = ?, Last_seen = NOW (),
pid = ?, Status = ?, Tenant_id` =?] {Yes,
NULL, NULL, NULL, NULL, NULL, 2020 - 03-13
19:08:50, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
0000-00-00 00:00:00, 0000-00-00 00:00:00,
0000-00-00 00:00:00, d0: 94: 66: db: ae:
7d, NULL, NULL, ANA \ pereira, 0000-00-00
00:00:00, NULL, reg, 1, NULL, 0000-00-00
00:00:00, NULL, no, yes, ANA \ pereira, reg, 1}
(pf :: dal :: db_execute)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
