Fabrice, Below is the return of the command:
version: 1 # # LDAPv3 # base <OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br> with scope subtree # filter: sAMAccountName=iran # requesting: ALL # # search result # numResponses: 1 I want to inform you that I will perform the same procedure in packtefence 8, which has self-registration enabled and working, the output of the command was the same. Em seg., 23 de mar. de 2020 às 11:48, Fabrice Durand <[email protected]> escreveu: > Hello Wagner, > > do the search with sAMAccountName=iran not sAMAccountName = packetfence > > Regards > > Fabrice > > > Le 20-03-23 à 10 h 45, Wagner Liegio a écrit : > > Good morning Fabrice, > > Follows return of the informed command: > > version: 1 > > # > # LDAPv3 > # base <OU = Users, OU = Tabajara Headquarters, DC = tabajara, DC = com, > DC = br> with scope subtree > # filter: sAMAccountName = packetfence > # requesting: ALL > # > > # packetfence, PacketFence, Service, Users, Tabajara Headquarters, > tabajara.com.br > dn: CN = packetfence, OU = PacketFence, OU = Service, OU = Users, OU = > Tabajara Sede, DC = taba > jara, DC = com, DC = br > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: packetfence > givenName: packetfence > distinguishedName: CN = packetfence, OU = PacketFence, OU = Service, OU = > Users, OU = Table > jara Headquarters, DC = tabajara, DC = com, DC = br > instanceType: 4 > whenCreated: 20190522175834.0Z > whenChanged: 20200314212343.0Z > displayName: packetfence > uSNCreated: 332707737 > memberOf: CN = Domain Admins, CN = Users, DC = tabajara, DC = com, DC = us > uSNChanged: 354881720 > name: packetfence > objectGUID :: Gtp8SctV30ObE156O9onWA == > userAccountControl: 66048 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > badPasswordTime: 134565121389590252 > lastLogon: 133465121436547757 > pwdLastSet: 132030215143488213 > primaryGroupID: 513 > objectSid :: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3io7GNA == > adminCount: 1 > accountExpires: 9223372036854775807 > logonCount: 0 > sAMAccountName: packetfence > sAMAccountType: 805306368 > userPrincipalName: [email protected] > objectCategory: CN = Person, CN = Schema, CN = Configuration, DC = > tabajara, DC = com, DC = us > dSCorePropagationData: 16010101000000.0Z > mS-DS-ConsistencyGuid :: Gtp8SctV30ObE156O9onWA == > lastLogonTimestamp: 132286946239647914 > > # search result > > # numResponses: 2 > # numEntries: 1 > > Sincerely, > > Wagner > > Em qui., 19 de mar. de 2020 às 23:45, Durand fabrice <[email protected]> > escreveu: > >> If you stripped in radius in the realm ANA, it mean that packetfence is >> doing a ldap search with sAMAccountName=iran >> >> So try that from the cli: >> >> ldapsearch -h 10.10.10.70 -s sub -b "OU=Usuarios,OU=Tabajara >> Sede,DC=tabajara,DC=com,DC=br" -D >> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >> "sAMAccountName=iran" >> >> and see if it return something. >> >> Regards >> >> Fabrice >> >> >> Le 20-03-19 à 14 h 42, Wagner Liegio a écrit : >> >> Good afternoon, >> >> I made the suggested adjustments by activating the strip in radius, >> created a new realm, and the error persists. User authentication searching >> for the domain only works, manually registering the node in the >> packetfence. Therefore, the error still remains in the database when trying >> to register auto. >> Below is the database error log: >> >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip >> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => >> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username => >> "ANA\iran" (pf::radius::authorize) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >> (pf::Connection::ProfileFactory::_from_profile) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for >> realm 'default' (pf::config::util::filter_authentication_sources) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching >> (pf::authentication::match2) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection (pf::LDAP::expire_if) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg >> (pf::role::getNodeInfoForAutoReg) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran >> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is >> reached (pf::node::is_max_reg_nodes_reached) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - >> registration of d0:94:66:db:ae:77 to ANA\iran failed >> (pf::registration::setup_node_for_registration) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes >> per pid met or exceeded (pf::radius::authorize) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable >> error: Cannot add or update a child row: a foreign key constraint fails >> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES >> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, >> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, >> `detect_date`, `device_class`, `device_manufacturer`, `device_score`, >> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, >> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, >> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, >> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, >> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, >> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY >> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, >> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, >> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, >> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, >> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, >> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) >> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) >> (pf::radius::authorize) >> >> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >> PacketFence-users <[email protected]> escreveu: >> >>> Try that: >>> >>> pftest authentication ANA\pereira "" >>> >>> and >>> >>> pftest authentication pereira "" >>> >>> to see if the user is found and if it match a rule. >>> >>> If the second one works then in the ANA realm enable strip in radius. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a écrit : >>> >>> Gonna take a wild guess here, in your realms config turn on strip radius >>> for null and your domain and and try logging on with just your username and >>> password. I'm guessing your realms config isn't matching. For us we had >>> three domains and we had to add them all. For example COMPANY.ORG, >>> COMPANY.LAN, COMPANY.COM. >>> >>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>> [email protected]> wrote: >>> >>>> Good afternoon, >>>> >>>> Follow the requested files attached. >>>> >>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>> [email protected]> escreveu: >>>> >>>>> Hello, >>>>> >>>>> Could you post the result fo those two commands: >>>>> >>>>> cat /usr/local/pf/conf/authentication.conf >>>>> >>>>> cat /usr/local/pf/conf/profiles.conf >>>>> >>>>> remove your informations. >>>>> >>>>> Thanks, >>>>> >>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>> [email protected]> wrote: >>>>> >>>>> Good Morning, >>>>> >>>>> The rules, functions are standard on the Zen packetfence 9.3 that I >>>>> downloaded from the site, I will send some images of how the configuration >>>>> is through the webgui, so I noticed everything is correct, what is >>>>> happening is that the function and the rule is not being applied for some >>>>> reason that I don't know. >>>>> >>>>> <image.png> >>>>> >>>>> <image.png> >>>>> >>>>> <image.png> >>>>> >>>>> >>>>> >>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>> PacketFence-users <[email protected]> escreveu: >>>>> >>>>>> Check and make sure your realms are defined also. >>>>>> >>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via PacketFence-users < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I know when I ran into this issue, it had to do with the >>>>>>> authorization source for AD. In the source, I had an authentication >>>>>>> rule >>>>>>> that matched the sAMAccountName is member of “group name”. The group >>>>>>> name >>>>>>> must be the AD DN (distinguished name) of the group. CN=%security group >>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain >>>>>>> suffix% >>>>>>> >>>>>>> >>>>>>> >>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>> [email protected]> >>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>> *To:* [email protected] >>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>> *Subject:* [PacketFence-users] authentication sources packetfence >>>>>>> 9.3 >>>>>>> >>>>>>> >>>>>>> >>>>>>> Good afternoon, I'm facing the same problem only in version 9.3. I >>>>>>> have done everything I can think of, reconfigured the domain, the >>>>>>> connection profile, checked the rules and functions. The error follows: >>>>>>> No >>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: ee: >>>>>>> 7d); >>>>>>> assumes maximum number of registered nodes is reached (pf :: node :: >>>>>>> is_max_reg_nodes_reached) >>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>>> d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>> registration of >>>>>>> d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>>> d0: 94: 66: db: ee: 7d] auto-registration of node failed max nodes per >>>>>>> pid >>>>>>> met or exceeded (pf :: radius :: authorize) >>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>>> d0: 94: 66: db: ee: 7d] Database query failed with non retryable error: >>>>>>> Cannot add or update a child row: a foreign key constraint fails >>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES >>>>>>> person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>>>> 1452) >>>>>>> [INSERT INTO node >>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>> category_id, computername, detect_date, device_class, >>>>>>> device_manufacturer, >>>>>>> device_score, device_type, >>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, lastskip, >>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, >>>>>>> NULL, >>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, NULL, >>>>>>> NULL, NULL, NULL, NULL, >>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0: >>>>>>> 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 00:00:00, >>>>>>> NULL, >>>>>>> reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ pereira, reg, 1} >>>>>>> (pf :: dal :: db_execute) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
