Zacharry, Sorry for the delay, I tried to find here the log of this successfully inserted node that was between March 12th and 13th of this month, and due to the isolation I was unable to access the facilities to test again. Is there any other parameter you need to check to help me?
Em sex., 20 de mar. de 2020 às 16:08, Zacharry Williams <[email protected]> escreveu: > Show me the logs of a successful one. You said it works with a non domain > joined PC? > > On Fri, Mar 20, 2020, 12:03 PM Wagner Liegio <[email protected]> > wrote: > >> Zacharry, >> >> Here is the example: Mar 19 18:15:11 aplpcktfpdin01 >> packetfence_httpd.aaa: httpd.aaa (6759) WARN: [mac: d0: 94: 66: db: ae: 77] >> No role specified or found for pid ANA \ iran ( MAC d0: 94: 66: db: ae: >> 77); assumes maximum number of registered nodes is reached (pf :: node :: >> is_max_reg_nodes_reached) but, they are all users of the domain and >> computer in the domain. The problem is not the user, but how the rule is >> being applied, there is a problem with that. I have version 8 running with >> the same parameters and I have no problem with auto register. >> >> Em sex., 20 de mar. de 2020 às 15:14, Zacharry Williams < >> [email protected]> escreveu: >> >>> What's the distinguished name of your user? The log says it found the >>> auth source but didn't match a role. >>> >>> On Fri, Mar 20, 2020, 10:42 AM Wagner Liegio <[email protected]> >>> wrote: >>> >>>> Dear, >>>> >>>> I'm copying the analyst Leandro to follow the case and try to solve it. >>>> I ask you to send me what you need. >>>> >>>> Em sex., 20 de mar. de 2020 às 14:32, Wagner Liegio < >>>> [email protected]> escreveu: >>>> >>>>> No, authentication is domain \ user using the 802.1x protocol >>>>> >>>>> Em sex., 20 de mar. de 2020 às 11:25, Zacharry Williams < >>>>> [email protected]> escreveu: >>>>> >>>>>> Domain computers should be logging in with host\computername. Are you >>>>>> trying to do machine auth? >>>>>> >>>>>> >>>>>> On Fri, Mar 20, 2020, 5:59 AM Wagner Liegio <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello Zachary, >>>>>>> >>>>>>> I already performed this test, computers outside the domain using >>>>>>> username and password authenticate. My problem is domain computer. >>>>>>> Please >>>>>>> help me resolve this. >>>>>>> >>>>>>> Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via >>>>>>> PacketFence-users <[email protected]> >>>>>>> escreveu: >>>>>>> >>>>>>>> Try logging in with just a username and password. No ANA\ or >>>>>>>> anything. >>>>>>>> >>>>>>>> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Good afternoon, >>>>>>>>> >>>>>>>>> I made the suggested adjustments by activating the strip in >>>>>>>>> radius, created a new realm, and the error persists. User >>>>>>>>> authentication >>>>>>>>> searching for the domain only works, manually registering the node in >>>>>>>>> the >>>>>>>>> packetfence. Therefore, the error still remains in the database when >>>>>>>>> trying >>>>>>>>> to register auto. >>>>>>>>> Below is the database error log: >>>>>>>>> >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling radius autz >>>>>>>>> request: >>>>>>>>> from switch_ip => (10.95.10.1), connection_type => >>>>>>>>> Ethernet-EAP,switch_mac >>>>>>>>> => (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, >>>>>>>>> username >>>>>>>>> => "ANA\iran" (pf::radius::authorize) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate profile >>>>>>>>> 802.1x >>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found authentication >>>>>>>>> source(s) : 'Ana' for realm 'default' >>>>>>>>> (pf::config::util::filter_authentication_sources) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for >>>>>>>>> matching (pf::authentication::match2) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>>>>>> (pf::LDAP::expire_if) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category computed for >>>>>>>>> autoreg (pf::role::getNodeInfoForAutoReg) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role specified or >>>>>>>>> found >>>>>>>>> for pid ANA\iran (MAC d0:94:66:db:ae:77); assume maximum number of >>>>>>>>> registered nodes is reached (pf::node::is_max_reg_nodes_reached) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met >>>>>>>>> or >>>>>>>>> exceeded - registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>>>>>> (pf::registration::setup_node_for_registration) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] auto-registration of >>>>>>>>> node >>>>>>>>> failed max nodes per pid met or exceeded (pf::radius::authorize) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database query failed >>>>>>>>> with >>>>>>>>> non retryable error: Cannot add or update a child row: a foreign key >>>>>>>>> constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY >>>>>>>>> (`tenant_id`, >>>>>>>>> `pid`) REFERENCES `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON >>>>>>>>> UPDATE >>>>>>>>> CASCADE) (errno: 1452) [INSERT INTO `node` ( `autoreg`, >>>>>>>>> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, >>>>>>>>> `computername`, `detect_date`, `device_class`, `device_manufacturer`, >>>>>>>>> `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, >>>>>>>>> `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, >>>>>>>>> `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, >>>>>>>>> `notes`, >>>>>>>>> `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, >>>>>>>>> `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, >>>>>>>>> ?, ?, >>>>>>>>> ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? >>>>>>>>> ) ON >>>>>>>>> DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, >>>>>>>>> `status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, >>>>>>>>> 2020-03-19 18:15:11, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, >>>>>>>>> NULL, >>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>> d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00 00:00:00, NULL, >>>>>>>>> reg, 1, >>>>>>>>> NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA\iran, reg, 1} >>>>>>>>> (pf::dal::db_execute) >>>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save >>>>>>>>> d0:94:66:db:ae:77 error (500) (pf::radius::authorize) >>>>>>>>> >>>>>>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>> escreveu: >>>>>>>>> >>>>>>>>>> Try that: >>>>>>>>>> >>>>>>>>>> pftest authentication ANA\pereira "" >>>>>>>>>> >>>>>>>>>> and >>>>>>>>>> >>>>>>>>>> pftest authentication pereira "" >>>>>>>>>> >>>>>>>>>> to see if the user is found and if it match a rule. >>>>>>>>>> >>>>>>>>>> If the second one works then in the ANA realm enable strip in >>>>>>>>>> radius. >>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> Fabrice >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>>>>>> écrit : >>>>>>>>>> >>>>>>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>>>>>> radius for null and your domain and and try logging on with just your >>>>>>>>>> username and password. I'm guessing your realms config isn't >>>>>>>>>> matching. For >>>>>>>>>> us we had three domains and we had to add them all. For example >>>>>>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>>>>>> >>>>>>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via >>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Good afternoon, >>>>>>>>>>> >>>>>>>>>>> Follow the requested files attached. >>>>>>>>>>> >>>>>>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>>>>>> [email protected]> escreveu: >>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> Could you post the result fo those two commands: >>>>>>>>>>>> >>>>>>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>>>>>> >>>>>>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>>>>>> >>>>>>>>>>>> remove your informations. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> >>>>>>>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>>>>>>> www.inverse.ca >>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via >>>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Good Morning, >>>>>>>>>>>> >>>>>>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 >>>>>>>>>>>> that I downloaded from the site, I will send some images of how the >>>>>>>>>>>> configuration is through the webgui, so I noticed everything is >>>>>>>>>>>> correct, >>>>>>>>>>>> what is happening is that the function and the rule is not being >>>>>>>>>>>> applied >>>>>>>>>>>> for some reason that I don't know. >>>>>>>>>>>> >>>>>>>>>>>> <image.png> >>>>>>>>>>>> >>>>>>>>>>>> <image.png> >>>>>>>>>>>> >>>>>>>>>>>> <image.png> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>>> escreveu: >>>>>>>>>>>> >>>>>>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>>>>>> authorization source for AD. In the source, I had an >>>>>>>>>>>>>> authentication rule >>>>>>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>>>>>> group name >>>>>>>>>>>>>> must be the AD DN (distinguished name) of the group. >>>>>>>>>>>>>> CN=%security group >>>>>>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your >>>>>>>>>>>>>> domain%,DC=%domain suffix% >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>>>>>> [email protected]> >>>>>>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>>>>>> *To:* [email protected] >>>>>>>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>>>>>> packetfence 9.3 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Good afternoon, I'm facing the same problem only in version >>>>>>>>>>>>>> 9.3. I have done everything I can think of, reconfigured the >>>>>>>>>>>>>> domain, the >>>>>>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>>>>>> follows: No >>>>>>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: >>>>>>>>>>>>>> db: ee: 7d); >>>>>>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: >>>>>>>>>>>>>> node :: >>>>>>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed >>>>>>>>>>>>>> max nodes >>>>>>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>>>>>> retryable >>>>>>>>>>>>>> error: Cannot add or update a child row: a foreign key >>>>>>>>>>>>>> constraint fails >>>>>>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) >>>>>>>>>>>>>> REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE >>>>>>>>>>>>>> CASCADE) >>>>>>>>>>>>>> (errno: 1452) [INSERT INTO node >>>>>>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>>>>>> device_manufacturer, >>>>>>>>>>>>>> device_score, device_type, >>>>>>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>>>>>> lastskip, >>>>>>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, >>>>>>>>>>>>>> tenant_id, >>>>>>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = >>>>>>>>>>>>>> ?, >>>>>>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, >>>>>>>>>>>>>> NULL, NULL, >>>>>>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>>>>>> NULL, >>>>>>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 >>>>>>>>>>>>>> 00:00:00, d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, >>>>>>>>>>>>>> 0000-00-00 >>>>>>>>>>>>>> 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, >>>>>>>>>>>>>> yes, ANA \ >>>>>>>>>>>>>> pereira, reg, 1} >>>>>>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing >>>>>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
