Good afternoon,
I made the suggested adjustments by activating the strip in
radius, created a new realm, and the error persists. User
authentication searching for the domain only works, manually
registering the node in the packetfence. Therefore, the
error still remains in the database when trying to register
auto.
Below is the database error log:
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling
radius autz request: from switch_ip => (10.95.10.1),
connection_type => Ethernet-EAP,switch_mac =>
(c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port =>
78774, username => "ANA\iran" (pf::radius::authorize)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate
profile 802.1x (pf::Connection::ProfileFactory::_from_profile)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found
authentication source(s) : 'Ana' for realm 'default'
(pf::config::util::filter_authentication_sources)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources
Ana for matching (pf::authentication::match2)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing
connection (pf::LDAP::expire_if)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category
computed for autoreg (pf::role::getNodeInfoForAutoReg)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role
specified or found for pid ANA\iran (MAC d0:94:66:db:ae:77);
assume maximum number of registered nodes is reached
(pf::node::is_max_reg_nodes_reached)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per
pid met or exceeded - registration of d0:94:66:db:ae:77 to
ANA\iran failed (pf::registration::setup_node_for_registration)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77]
auto-registration of node failed max nodes per pid met or
exceeded (pf::radius::authorize)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database
query failed with non retryable error: Cannot add or update
a child row: a foreign key constraint fails (`pf`.`node`,
CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`)
REFERENCES `person` (`tenant_id`, `pid`) ON DELETE CASCADE
ON UPDATE CASCADE) (errno: 1452) [INSERT INTO `node` (
`autoreg`, `bandwidth_balance`, `bypass_role_id`,
`bypass_vlan`, `category_id`, `computername`, `detect_date`,
`device_class`, `device_manufacturer`, `device_score`,
`device_type`, `device_version`, `dhcp6_enterprise`,
`dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`,
`machine_account`, `notes`, `pid`, `regdate`, `sessionid`,
`status`, `tenant_id`, `time_balance`, `unregdate`,
`user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ? ) ON DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen`
= NOW(), `pid` = ?, `status` = ?, `tenant_id` = ?]{yes,
NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00
00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00,
d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00
00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no,
yes, ANA\iran, reg, 1} (pf::dal::db_execute)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save
d0:94:66:db:ae:77 error (500) (pf::radius::authorize)
Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via
PacketFence-users <[email protected]
<mailto:[email protected]>> escreveu:
Try that:
pftest authentication ANA\pereira ""
and
pftest authentication pereira ""
to see if the user is found and if it match a rule.
If the second one works then in the ANA realm enable
strip in radius.
Regards
Fabrice
Le 20-03-18 à 20 h 13, Zacharry Williams via
PacketFence-users a écrit :
Gonna take a wild guess here, in your realms config
turn on strip radius for null and your domain and and
try logging on with just your username and password.
I'm guessing your realms config isn't matching. For us
we had three domains and we had to add them all. For
example COMPANY.ORG <http://COMPANY.ORG>, COMPANY.LAN,
COMPANY.COM <http://COMPANY.COM>.
On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via
PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Good afternoon,
Follow the requested files attached.
Em ter., 17 de mar. de 2020 às 14:16, Ludovic
Zammit <[email protected]
<mailto:[email protected]>> escreveu:
Hello,
Could you post the result fo those two commands:
cat /usr/local/pf/conf/authentication.conf
cat /usr/local/pf/conf/profiles.conf
remove your informations.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> ::
+1.514.447.4918 (x145) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu)
and PacketFence (http://packetfence.org)
On Mar 17, 2020, at 9:42 AM, Wagner Liegio via
PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
Good Morning,
The rules, functions are standard on the Zen
packetfence 9.3 that I downloaded from the
site, I will send some images of how the
configuration is through the webgui, so I
noticed everything is correct, what is
happening is that the function and the rule is
not being applied for some reason that I don't
know.
<image.png>
<image.png>
<image.png>
Em ter., 17 de mar. de 2020 às 00:04, Zacharry
Williams via PacketFence-users
<[email protected]
<mailto:[email protected]>>
escreveu:
Check and make sure your realms are
defined also.
On Mon, Mar 16, 2020, 4:58 PM Brandt
Winchell via PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
Hello,
I know when I ran into this issue, it
had to do with the authorization
source for AD. In the source, I had
an authentication rule that matched
the sAMAccountName is member of “group
name”. The group name must be the AD
DN (distinguished name) of the group.
CN=%security group you want%,OU=%OU
the object resides in%,DC=%your
domain%,DC=%domain suffix%
*From:* Wagner Liegio via
PacketFence-users
<[email protected]
<mailto:[email protected]>>
*Sent:* Monday, March 16, 2020 1:08 PM
*To:*
[email protected]
<mailto:[email protected]>
*Cc:* Wagner Liegio
<[email protected]
<mailto:[email protected]>>
*Subject:* [PacketFence-users]
authentication sources packetfence 9.3
Good afternoon, I'm facing the same
problem only in version 9.3. I have
done everything I can think of,
reconfigured the domain, the
connection profile, checked the rules
and functions. The error follows: No
role specified or found for pid ANA \
pereira (MAC d0: 94: 66: db: ee: 7d);
assumes maximum number of registered
nodes is reached (pf :: node ::
is_max_reg_nodes_reached)
plpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa (9837) ERROR: [mac: d0: 94:
66: db: ee: 7d] max nodes per pid met
or exceeded - registration of d0: 94:
66: db: ae: 7d to ANA \ pereira failed
(pf :: registration ::
setup_node_for_registration)
plpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa (9837) ERROR: [mac: d0: 94:
66: db: ee: 7d] auto-registration of
node failed max nodes per pid met or
exceeded (pf :: radius :: authorize)
plpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa (9837) ERROR: [mac: d0: 94:
66: db: ee: 7d] Database query failed
with non retryable error: Cannot add
or update a child row: a foreign key
constraint fails
(pf.node, CONSTRAINT 0_57 FOREIGN KEY
(tenant_id, pid) REFERENCES person
(tenant_id, pid) ON DELETE CASCADE ON
UPDATE CASCADE) (errno: 1452) [INSERT
INTO node
(autoreg, bandwidth_balance,
bypass_role_id, bypass_vlan,
category_id, computername,
detect_date, device_class,
device_manufacturer, device_score,
device_type,
device_version, dhcp6_enterprise,
dhcp6_fingerprint, dhcp_fingerprint,
dhcp_vendor, last_arp, last_dhcp,
last_seen, lastskip, mac,
machine_account, notes, regdate,
sessionid, status, tenant_id,
time_balance, void, user?
?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW
(),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON
DUPLICATE KEY UPDATE autoreg = ?,
Last_seen = NOW (), pid = ?, Status =
?, Tenant_id` =?] {Yes, NULL, NULL,
NULL, NULL, NULL, 2020 - 03-13
19:08:50, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
0000-00-00 00:00:00, 0000-00-00
00:00:00, 0000-00-00 00:00:00, d0: 94:
66: db: ae: 7d, NULL, NULL, ANA \
pereira, 0000-00-00 00:00:00, NULL,
reg, 1, NULL, 0000-00-00 00:00:00,
NULL, no, yes, ANA \ pereira, reg, 1}
(pf :: dal :: db_execute)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
