Good afternoon,
I made the suggested adjustments by activating the
strip in radius, created a new realm, and the error
persists. User authentication searching for the domain
only works, manually registering the node in the
packetfence. Therefore, the error still remains in the
database when trying to register auto.
Below is the database error log:
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling
radius autz request: from switch_ip => (10.95.10.1),
connection_type => Ethernet-EAP,switch_mac =>
(c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port
=> 78774, username => "ANA\iran" (pf::radius::authorize)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77]
Instantiate profile 802.1x
(pf::Connection::ProfileFactory::_from_profile)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found
authentication source(s) : 'Ana' for realm 'default'
(pf::config::util::filter_authentication_sources)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using
sources Ana for matching (pf::authentication::match2)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP
testing connection (pf::LDAP::expire_if)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No
category computed for autoreg
(pf::role::getNodeInfoForAutoReg)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role
specified or found for pid ANA\iran (MAC
d0:94:66:db:ae:77); assume maximum number of registered
nodes is reached (pf::node::is_max_reg_nodes_reached)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max
nodes per pid met or exceeded - registration of
d0:94:66:db:ae:77 to ANA\iran failed
(pf::registration::setup_node_for_registration)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77]
auto-registration of node failed max nodes per pid met
or exceeded (pf::radius::authorize)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database
query failed with non retryable error: Cannot add or
update a child row: a foreign key constraint fails
(`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY
(`tenant_id`, `pid`) REFERENCES `person` (`tenant_id`,
`pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno:
1452) [INSERT INTO `node` ( `autoreg`,
`bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
`category_id`, `computername`, `detect_date`,
`device_class`, `device_manufacturer`, `device_score`,
`device_type`, `device_version`, `dhcp6_enterprise`,
`dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`,
`mac`, `machine_account`, `notes`, `pid`, `regdate`,
`sessionid`, `status`, `tenant_id`, `time_balance`,
`unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY
UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?,
`status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL,
NULL, NULL, 2020-03-19 18:15:11, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00
00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00,
d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00
00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00,
NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute)
Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa:
httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot
save d0:94:66:db:ae:77 error (500) (pf::radius::authorize)
Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice
via PacketFence-users
<[email protected]
<mailto:[email protected]>> escreveu:
Try that:
pftest authentication ANA\pereira ""
and
pftest authentication pereira ""
to see if the user is found and if it match a rule.
If the second one works then in the ANA realm
enable strip in radius.
Regards
Fabrice
Le 20-03-18 à 20 h 13, Zacharry Williams via
PacketFence-users a écrit :
Gonna take a wild guess here, in your realms
config turn on strip radius for null and your
domain and and try logging on with just your
username and password. I'm guessing your realms
config isn't matching. For us we had three domains
and we had to add them all. For example
COMPANY.ORG <http://COMPANY.ORG>, COMPANY.LAN,
COMPANY.COM <http://COMPANY.COM>.
On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via
PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
Good afternoon,
Follow the requested files attached.
Em ter., 17 de mar. de 2020 às 14:16, Ludovic
Zammit <[email protected]
<mailto:[email protected]>> escreveu:
Hello,
Could you post the result fo those two
commands:
cat /usr/local/pf/conf/authentication.conf
cat /usr/local/pf/conf/profiles.conf
remove your informations.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> ::
+1.514.447.4918 (x145) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu) and PacketFence (http://packetfence.org)
On Mar 17, 2020, at 9:42 AM, Wagner
Liegio via PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
Good Morning,
The rules, functions are standard on the
Zen packetfence 9.3 that I downloaded
from the site, I will send some images of
how the configuration is through the
webgui, so I noticed everything is
correct, what is happening is that the
function and the rule is not being
applied for some reason that I don't know.
<image.png>
<image.png>
<image.png>
Em ter., 17 de mar. de 2020 às 00:04,
Zacharry Williams via PacketFence-users
<[email protected]
<mailto:[email protected]>>
escreveu:
Check and make sure your realms are
defined also.
On Mon, Mar 16, 2020, 4:58 PM Brandt
Winchell via PacketFence-users
<[email protected]
<mailto:[email protected]>>
wrote:
Hello,
I know when I ran into this
issue, it had to do with the
authorization source for AD. In
the source, I had an
authentication rule that matched
the sAMAccountName is member of
“group name”. The group name must
be the AD DN (distinguished name)
of the group. CN=%security group
you want%,OU=%OU the object
resides in%,DC=%your
domain%,DC=%domain suffix%
*From:* Wagner Liegio via
PacketFence-users
<[email protected]
<mailto:[email protected]>>
*Sent:* Monday, March 16, 2020
1:08 PM
*To:*
[email protected]
<mailto:[email protected]>
*Cc:* Wagner Liegio
<[email protected]
<mailto:[email protected]>>
*Subject:* [PacketFence-users]
authentication sources
packetfence 9.3
Good afternoon, I'm facing the
same problem only in version 9.3.
I have done everything I can
think of, reconfigured the
domain, the connection profile,
checked the rules and functions.
The error follows: No role
specified or found for pid ANA \
pereira (MAC d0: 94: 66: db: ee:
7d); assumes maximum number of
registered nodes is reached (pf
:: node :: is_max_reg_nodes_reached)
plpcktfpdin01
packetfence_httpd.aaa: httpd.aaa
(9837) ERROR: [mac: d0: 94: 66:
db: ee: 7d] max nodes per pid met
or exceeded - registration of d0:
94: 66: db: ae: 7d to ANA \
pereira failed
(pf :: registration ::
setup_node_for_registration)
plpcktfpdin01
packetfence_httpd.aaa: httpd.aaa
(9837) ERROR: [mac: d0: 94: 66:
db: ee: 7d] auto-registration of
node failed max nodes per pid met
or exceeded (pf :: radius ::
authorize)
plpcktfpdin01
packetfence_httpd.aaa: httpd.aaa
(9837) ERROR: [mac: d0: 94: 66:
db: ee: 7d] Database query failed
with non retryable error: Cannot
add or update a child row: a
foreign key constraint fails
(pf.node, CONSTRAINT 0_57 FOREIGN
KEY (tenant_id, pid) REFERENCES
person (tenant_id, pid) ON DELETE
CASCADE ON UPDATE CASCADE)
(errno: 1452) [INSERT INTO node
(autoreg, bandwidth_balance,
bypass_role_id, bypass_vlan,
category_id, computername,
detect_date, device_class,
device_manufacturer,
device_score, device_type,
device_version,
dhcp6_enterprise,
dhcp6_fingerprint,
dhcp_fingerprint, dhcp_vendor,
last_arp, last_dhcp, last_seen,
lastskip, mac, machine_account,
notes, regdate, sessionid,
status, tenant_id, time_balance,
void, user?
?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW
(),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON
DUPLICATE KEY UPDATE autoreg = ?,
Last_seen = NOW (), pid = ?,
Status = ?, Tenant_id` =?] {Yes,
NULL, NULL, NULL, NULL, NULL,
2020 - 03-13 19:08:50, NULL,
NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL,
0000-00-00 00:00:00, 0000-00-00
00:00:00, 0000-00-00 00:00:00,
d0: 94: 66: db: ae: 7d, NULL,
NULL, ANA \ pereira, 0000-00-00
00:00:00, NULL, reg, 1, NULL,
0000-00-00 00:00:00, NULL, no,
yes, ANA \ pereira, reg, 1}
(pf :: dal :: db_execute)
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
