Fabrice, Here is the result of the command:
version: 1 # # LDAPv3 # base <DC=tabajara,DC=com,DC=br> with scope subtree # filter: sAMAccountName=iran # requesting: ALL # # Iran L B de Albuquerque, Servidores, Usuarios, UO11.3-RR, Unidades Ope racionais, tabajara.com.br dn: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios,OU=UO11.3-RR,O U=Unidades Operacionais,DC=tabajara,DC=com,DC=br objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Iran L B de Albuquerque sn: B de Albuquerque c: BR l: Boa Vista st: RR title: Servidor(a) description:: VU8xMTM7IFNlcnZpZG9yOiBBZ8OqbmNpYSBOYWNpb25hbCBkZSBUZWxlY29tdW5p Y2HDp8O1ZXMgLSBBTkFURUw= postalCode: 69308-450 postOfficeBox:: IA== physicalDeliveryOfficeName: Boa Vista, RR telephoneNumber: 4952004 facsimileTelephoneNumber: 4612000 givenName: Iran L initials: ILBA distinguishedName: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios ,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br instanceType: 4 whenCreated: 20050220000539.0Z whenChanged: 20200316125236.0Z displayName: Iran L B de Albuquerque uSNCreated: 284874 memberOf: CN=VPN_SSL_TABAJARA_CONTINGENCY,OU=VPNs,OU=Grupos,OU=Tabajara Sede,DC=an atel,DC=com,DC=br memberOf: CN=VPN_SSL_TABAJARA,OU=VPNs,OU=Grupos,OU=Tabajara Sede,DC=tabajara,DC=com, DC=br memberOf: CN=UO0113OUTORGA,OU=Grupos,OU=UO11.3-RR,OU=Unidades Operacionais,DC= tabajara,DC=com,DC=br memberOf: CN=Servidores,OU=CloudTabajara,OU=Grupos,OU=Tabajara Sede,DC=tabajara,DC=g ov,DC=br memberOf: CN=pentaho_users,OU=Pentaho,OU=Grupos,OU=Tabajara Sede,DC=tabajara,DC=go v,DC=br memberOf: CN=UO113 SERVIDOR,OU=Lotacao SARH,OU=Grupos,OU=Tabajara Sede,DC=tabajara ,DC=com,DC=br memberOf: CN=LD SFI - UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESAB ILITADAS,DC=tabajara,DC=com,DC=br memberOf: CN=SA_SFI_TOTAL_REGER,OU=LOTACOES,OU=Grupos,OU=Tabajara Sede,DC=tabajara ,DC=com,DC=br memberOf: CN=internet_acesso_total_F,OU=Internet,OU=Grupos,OU=Tabajara Sede,DC=a natel,DC=com,DC=br memberOf: CN=LD UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILITAD AS,DC=tabajara,DC=com,DC=br memberOf: CN=LD Serv Carreira,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDES ABILITADAS,DC=tabajara,DC=com,DC=br memberOf: CN=UO113OT,OU=Grupos,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara ,DC=com,DC=br memberOf: CN=UO113PUBLICO,OU=Grupos,OU=UO11.3-RR,OU=Unidades Operacionais,DC=a natel,DC=com,DC=br memberOf: CN=LD Serv UO-RR,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABI LITADAS,DC=tabajara,DC=com,DC=br memberOf: CN=LD Serv QuadroEspec,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS DESABILITADAS,DC=tabajara,DC=com,DC=br memberOf: CN=LD Serv MC,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILIT ADAS,DC=tabajara,DC=com,DC=br memberOf: CN=LD Gerentes ERs-UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS DESABILITADAS,DC=tabajara,DC=com,DC=br memberOf: CN=UO-11.3-RR,OU=Grupos,OU=UO11.3-RR,OU=Unidades Operacionais,DC=ana tel,DC=com,DC=br memberOf: CN=LD Gerentes UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESA BILITADAS,DC=tabajara,DC=com,DC=br memberOf: CN=Domain Users,OU=Grupos do Windows,DC=tabajara,DC=com,DC=br uSNChanged: 354948756 department: UO113 company:: QWfDqm5jaWEgTmFjaW9uYWwgZGUgVGVsZWNvbXVuaWNhw6fDtWVzIC0gQU5BVEVM proxyAddresses: X500:/o=Tabajara Sociedade Anonima/ou=TABAJARA/cn=Reci pients/cn=Iran proxyAddresses: smtp:[email protected] proxyAddresses: x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOH F23SPDLT)/cn=Recipients/cn=aa0e6e3655504471baaf6df296608f61-Iran L B proxyAddresses: sip:[email protected] proxyAddresses: x400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq ue;g=Iran;i=ILBA; proxyAddresses: ccmail:B de Albuquerque, Iran at TABAJARA proxyAddresses: X400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq ue;g=Iran L;i=ILBA; proxyAddresses: CCMAIL:B de Albuquerque, Iran L at TABAJARA proxyAddresses: SMTP:[email protected] proxyAddresses: MS:TABAJARASA/TABAJARA/IRAN streetAddress:: UlVBIFVBXYzDgywgNTI5 autoReplyMessage: / garbageCollPeriod: 0 targetAddress: SMTP:[email protected] mAPIRecipient: TRUE directReports: CN=CC - FAX CIDADAO - RR,OU=CAIXAS_CORPORATIVAS,OU=USUARIOS,OU= CONTASDESABILITADAS,DC=tabajara,DC=com,DC=br directReports: CN=CC - ARQUIVO GERAL - RR,OU=Caixas Corporativas,OU=Tabajara Sed e,DC=tabajara,DC=com,DC=br msExchAssistantName: Servidor(a) mailNickname: Iran protocolSettings:: SFRYYMKnMcKnMcKnwqfCp8KnwqfCpw== protocolSettings:: T1dBwqcx replicatedObjectVersion: 0 name: Iran L B de Albuquerque objectGUID:: 8OlTc9ksdkWEeRUV2/f5Rg== userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 0 homeDirectory: \\WIFSYY01\EstruturaFS\usu\iran homeDrive: U: badPasswordTime: 132201321553958769 lastLogoff: 0 lastLogon: 132294526197067216 scriptPath: SCRIPT_MAP_FS_RR.bat logonHours:: //////////////////////////// pwdLastSet: 132157904882466519 primaryGroupID: 43988 userParameters:: bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgI CAg objectSid:: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3CQgAAA== adminCount: 1 accountExpires: 0 logonCount: 688 sAMAccountName: iran sAMAccountType: 805306368 showInAddressBook:: Q049TGlzdGFzIGRlIERpc3RyaWJ1acOnw6NvLENOPUFsbCBBZGRyZXNzIE xpc3RzLENOPUFkZHJlc3MgTGlzdHMgQ29udGFpbmVyLENOPUFnZW5jaWEgTmFjaW9uYWwgZGUgVGV sZWNvbXVuaWNhY29lcyxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmln dXJhdGlvbixEQz1hbmF0ZWwsREM9Z292LERDPWJy showInAddressBook: CN=TABAJARA,CN=All Address Lists,CN=Address Lists Container,C N=Tabajara Sociedade Anonima,CN=Microsoft Exchange,CN=Services,CN=C onfiguration,DC=tabajara,DC=com,DC=br showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists, CN=Address Lists Container,CN=Tabajara Sociedade Anonima,CN=Microso ft Exchange,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br legacyExchangeDN: /o=Tabajara Sociedade Anonima/ou=External (FYDIBOH F25SPDLT)/cn=Recipients/cn=ce777c1762dc4c20a6dafaed019c8109 userPrincipalName: [email protected] lockoutTime: 0 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=tabajara,DC=com,DC=br mSMQSignCertificates:: AQAAAA34CKbLO1X76RZlUUnQXTrh7FhapogMRpn8hkchOf5KzQEAADC CAckwggFzoAMCAQICBKqlWlUwDAYIKoZIhvcNAgUFADBsMREwDwYDVQQHHggATQBTAE0AUTELMAkG A1UECh4CAC0xCzAJBgNVBAseAgAtMT0wOwYDVQQDHjQAQQBOAEEAVABFAEwAXABpAHIAYQBuACwAI AB1AG8AMQAxADMAaABwAG4AbwB0AGUAVAAxMB4XDTA4MDYyMzIwMTgzMloXDTE2MDYyMzIwMTgzMl owbDERMA8GA1UEBx4IAE0AUwBNAFExCzAJBgNVBAoeAgAtMQswCQYDVQQLHgIALTE9MDsGA1UEAx4 0AEEATgBBAFQARQBMAFwAaQByAGEAbgAsACAAdQBvADEAMQZzAGgAcABuAG8AdABlADAAMTBcMA0G CSqGSIb3DQEBAQUAA0sAMEgCQQDjJqL/rmrh9hZ4WvNdBe3a0XaoM+6ntIG/1UjYCp2kJVXpH3/Bm ubsruE0Gq2YXA9qlAJbpROi+OoUaY/3uS0nAgMBAAEwDQYJKoZIhvcNAQEEBQADQQC8s2Cd5BiBVS HqaVG+N0Py1havFO6baY0Ll+PGsbgO7V5bzQWqzn/7gGttNBoBis4ituzD+znk7Fs1oApR9DlZ mSMQDigests:: DfgIpss7VfvpFmVRSdBdOg== dSCorePropagationData: 20200214141328.0Z dSCorePropagationData: 20200212143013.0Z dSCorePropagationData: 20120918141327.0Z dSCorePropagationData: 20120918135620.0Z dSCorePropagationData: 16010714223649.0Z mS-DS-ConsistencyGuid:: 8OlTc9ksdkWEeRUV2/f5Rg== lastLogonTimestamp: 132288367423325630 msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain Controllers, DC=tabajara,DC=com,DC=br msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain Controllers, DC=tabajara,DC=com,DC=br msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain Controllers, DC=tabajara,DC=com,DC=br msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain Controllers, DC=tabajara,DC=com,DC=br msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain Controllers, DC=tabajara,DC=com,DC=br msDS-AuthenticatedAtDC: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain Control lers,DC=tabajara,DC=com,DC=br textEncodedORAddress: X400:C=US;A= ;P=Tabajara SA;O=TABAJARA;S=B de Alb uquerque;G=Iran L;I=ILBA; mail: [email protected] manager: CN=Augusto C P de Q,OU=Servidores,OU=Usuarios,OU=UO32311.4 -RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br replicationSignature:: r477tHTGckGaVQb4US9Ssg== msExchALObjectVersion: 82 msExchADCGlobalNames: FOREST:78877421B3B32741B2AA00229344053900000000526C2D5B5 954C601 msExchADCGlobalNames: NT5:F0E95373D92C764584791515DBF7F94600000000526C2D5B5954 C601 msExchADCGlobalNames: forest:o=Tabajara Sociedade Anonima000000008C7 F1E18375AC601 msExchADCGlobalNames: EX5:cn=Iran,cn=Recipients,ou=TABAJARA,o=Tabajara SA :organizationalperson$person$top000000008C7F1E18375AC601 msExchHideFromAddressLists: FALSE msExchUserAccountControl: 0 msExchMailboxGuid:: vlMgHCFiW0ahUM9Sl9nFaA== dLMemDefault: 1 msExchPoliciesIncluded: c3585128-bd66-40e9-9061-7a83471a6b4d msExchPoliciesIncluded: {26491cfc-9e50-4857-861b-0cb8df22b5d7} msRTCSIP-FederationEnabled: TRUE msExchSafeSendersHash:: V69bNQ== msRTCSIP-InternetAccessEnabled: TRUE msExchUMDtmfMap: reversedPhone:0002164 msExchUMDtmfMap: reversedPhone:4002594 msExchUMDtmfMap: emailAddress:4726 msExchUMDtmfMap: lastNameFirstName:27242332528783338347265849 msExchUMDtmfMap: firstNameLastName:47265849272477725287837783 msExchMobileMailboxFlags: 1 msRTCSIP-PrimaryUserAddress: sip:[email protected] msExchRecipientDisplayType: -2147483642 msRTCSIP-DeploymentLocator: sipfezis.online.lync.com msRTCSIP-OptionFlags: 257 msRTCSIP-UserEnabled: TRUE msRTCSIP-PrimaryHomeServer: CN=Lc Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br msExchWhenMailboxCreated: 20190413014438.0Z msExchRecipientTypeDetails: 2147483648 msExchVersion: 44220983382016 msExchRemoteRecipientType: 4 # search reference # refldap:// AppPartition.tabajara.com.br/DC=AppPartition,DC=tabajara,DC=com,DC=br # search reference # refldap:// DomainDnsZones.tabajara.com.br/DC=DomainDnsZones,DC=tabajara,DC=com,DC= br # search reference # refldap:// ForestDnsZones.tabajara.com.br/DC=ForestDnsZones,DC=tabajara,DC=com,DC= br # search reference # refldap://tabajara.com.br/CN=Configuration,DC=tabajara,DC=com,DC=br # search result # numResponses: 6 # numEntries: 1 # numReferences: 4 Em seg., 23 de mar. de 2020 às 17:26, Fabrice Durand <[email protected]> escreveu: > Hello Wagner, > > i am here to help you, if there is no user in the OU who match > sAMAccountName=iran then it's the issue. > > Try in the whole ldap server then to see if it returns something: > > ldapsearch -h 10.10.10.70 -s sub -b "DC=tabajara,DC=com,DC=br" -D > "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara > Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L > "sAMAccountName=iran" > > paste the output. > > Regards > > Fabrice > > > Le 20-03-23 à 15 h 16, Wagner Liegio a écrit : > > Fabrice, > > Excuse me, but if I were to hear that I would not have contacted the > mailing list support. There is a problem with packetfence 9.3 linked to the > domain that it does not recognize users and computers. So much so that > there is a problem that by inserting the node manually it manages to search > for the user and authenticate the node. > > Em seg., 23 de mar. de 2020 às 15:42, Fabrice Durand <[email protected]> > escreveu: > >> Hello Wagner, >> >> so it mean that there is no user with the attribute sAMAccountName=iran >> in OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br >> >> So if there is no user then there is no role returned. >> >> Regards >> >> Fabrice >> >> >> Le 20-03-23 à 14 h 13, Wagner Liegio a écrit : >> >> Fabrice, >> >> Below is the return of the command: >> >> version: 1 >> >> # >> # LDAPv3 >> # base <OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br> with scope >> subtree >> # filter: sAMAccountName=iran >> # requesting: ALL >> # >> >> # search result >> >> # numResponses: 1 >> >> I want to inform you that I will perform the same procedure in >> packtefence 8, which has self-registration enabled and working, the output >> of the command was the same. >> >> Em seg., 23 de mar. de 2020 às 11:48, Fabrice Durand <[email protected]> >> escreveu: >> >>> Hello Wagner, >>> >>> do the search with sAMAccountName=iran not sAMAccountName = packetfence >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-03-23 à 10 h 45, Wagner Liegio a écrit : >>> >>> Good morning Fabrice, >>> >>> Follows return of the informed command: >>> >>> version: 1 >>> >>> # >>> # LDAPv3 >>> # base <OU = Users, OU = Tabajara Headquarters, DC = tabajara, DC = com, >>> DC = br> with scope subtree >>> # filter: sAMAccountName = packetfence >>> # requesting: ALL >>> # >>> >>> # packetfence, PacketFence, Service, Users, Tabajara Headquarters, >>> tabajara.com.br >>> dn: CN = packetfence, OU = PacketFence, OU = Service, OU = Users, OU = >>> Tabajara Sede, DC = taba >>> jara, DC = com, DC = br >>> objectClass: top >>> objectClass: person >>> objectClass: organizationalPerson >>> objectClass: user >>> cn: packetfence >>> givenName: packetfence >>> distinguishedName: CN = packetfence, OU = PacketFence, OU = Service, OU >>> = Users, OU = Table >>> jara Headquarters, DC = tabajara, DC = com, DC = br >>> instanceType: 4 >>> whenCreated: 20190522175834.0Z >>> whenChanged: 20200314212343.0Z >>> displayName: packetfence >>> uSNCreated: 332707737 >>> memberOf: CN = Domain Admins, CN = Users, DC = tabajara, DC = com, DC = >>> us >>> uSNChanged: 354881720 >>> name: packetfence >>> objectGUID :: Gtp8SctV30ObE156O9onWA == >>> userAccountControl: 66048 >>> badPwdCount: 0 >>> codePage: 0 >>> countryCode: 0 >>> badPasswordTime: 134565121389590252 >>> lastLogon: 133465121436547757 >>> pwdLastSet: 132030215143488213 >>> primaryGroupID: 513 >>> objectSid :: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3io7GNA == >>> adminCount: 1 >>> accountExpires: 9223372036854775807 >>> logonCount: 0 >>> sAMAccountName: packetfence >>> sAMAccountType: 805306368 >>> userPrincipalName: [email protected] >>> objectCategory: CN = Person, CN = Schema, CN = Configuration, DC = >>> tabajara, DC = com, DC = us >>> dSCorePropagationData: 16010101000000.0Z >>> mS-DS-ConsistencyGuid :: Gtp8SctV30ObE156O9onWA == >>> lastLogonTimestamp: 132286946239647914 >>> >>> # search result >>> >>> # numResponses: 2 >>> # numEntries: 1 >>> >>> Sincerely, >>> >>> Wagner >>> >>> Em qui., 19 de mar. de 2020 às 23:45, Durand fabrice <[email protected]> >>> escreveu: >>> >>>> If you stripped in radius in the realm ANA, it mean that packetfence is >>>> doing a ldap search with sAMAccountName=iran >>>> >>>> So try that from the cli: >>>> >>>> ldapsearch -h 10.10.10.70 -s sub -b "OU=Usuarios,OU=Tabajara >>>> Sede,DC=tabajara,DC=com,DC=br" -D >>>> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >>>> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >>>> "sAMAccountName=iran" >>>> >>>> and see if it return something. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 20-03-19 à 14 h 42, Wagner Liegio a écrit : >>>> >>>> Good afternoon, >>>> >>>> I made the suggested adjustments by activating the strip in radius, >>>> created a new realm, and the error persists. User authentication searching >>>> for the domain only works, manually registering the node in the >>>> packetfence. Therefore, the error still remains in the database when trying >>>> to register auto. >>>> Below is the database error log: >>>> >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip >>>> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => >>>> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username => >>>> "ANA\iran" (pf::radius::authorize) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >>>> (pf::Connection::ProfileFactory::_from_profile) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for >>>> realm 'default' (pf::config::util::filter_authentication_sources) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching >>>> (pf::authentication::match2) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection (pf::LDAP::expire_if) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg >>>> (pf::role::getNodeInfoForAutoReg) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran >>>> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is >>>> reached (pf::node::is_max_reg_nodes_reached) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - >>>> registration of d0:94:66:db:ae:77 to ANA\iran failed >>>> (pf::registration::setup_node_for_registration) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes >>>> per pid met or exceeded (pf::radius::authorize) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable >>>> error: Cannot add or update a child row: a foreign key constraint fails >>>> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES >>>> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, >>>> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, >>>> `detect_date`, `device_class`, `device_manufacturer`, `device_score`, >>>> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, >>>> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, >>>> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, >>>> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, >>>> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY >>>> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, >>>> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, >>>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, >>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, >>>> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, >>>> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) >>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) >>>> (pf::radius::authorize) >>>> >>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>> PacketFence-users <[email protected]> escreveu: >>>> >>>>> Try that: >>>>> >>>>> pftest authentication ANA\pereira "" >>>>> >>>>> and >>>>> >>>>> pftest authentication pereira "" >>>>> >>>>> to see if the user is found and if it match a rule. >>>>> >>>>> If the second one works then in the ANA realm enable strip in radius. >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> >>>>> >>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>> écrit : >>>>> >>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>> radius for null and your domain and and try logging on with just your >>>>> username and password. I'm guessing your realms config isn't matching. For >>>>> us we had three domains and we had to add them all. For example >>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>> >>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>>>> [email protected]> wrote: >>>>> >>>>>> Good afternoon, >>>>>> >>>>>> Follow the requested files attached. >>>>>> >>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>> [email protected]> escreveu: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> Could you post the result fo those two commands: >>>>>>> >>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>> >>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>> >>>>>>> remove your informations. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>> www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>> Good Morning, >>>>>>> >>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that I >>>>>>> downloaded from the site, I will send some images of how the >>>>>>> configuration >>>>>>> is through the webgui, so I noticed everything is correct, what is >>>>>>> happening is that the function and the rule is not being applied for >>>>>>> some >>>>>>> reason that I don't know. >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>> PacketFence-users <[email protected]> >>>>>>> escreveu: >>>>>>> >>>>>>>> Check and make sure your realms are defined also. >>>>>>>> >>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via PacketFence-users >>>>>>>> <[email protected]> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>> authorization source for AD. In the source, I had an authentication >>>>>>>>> rule >>>>>>>>> that matched the sAMAccountName is member of “group name”. The group >>>>>>>>> name >>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security >>>>>>>>> group >>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain >>>>>>>>> suffix% >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>> [email protected]> >>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>> *To:* [email protected] >>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>> *Subject:* [PacketFence-users] authentication sources packetfence >>>>>>>>> 9.3 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Good afternoon, I'm facing the same problem only in version 9.3. I >>>>>>>>> have done everything I can think of, reconfigured the domain, the >>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>> follows: No >>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: >>>>>>>>> ee: 7d); >>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node :: >>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac: >>>>>>>>> d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>> registration of >>>>>>>>> d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max >>>>>>>>> nodes >>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non retryable >>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>> fails >>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES >>>>>>>>> person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>>>>>> 1452) >>>>>>>>> [INSERT INTO node >>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>> device_manufacturer, >>>>>>>>> device_score, device_type, >>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>> lastskip, >>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, >>>>>>>>> NULL, >>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, NULL, >>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 >>>>>>>>> 00:00:00, >>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ >>>>>>>>> pereira, reg, >>>>>>>>> 1} >>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing >>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> -- >>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
