Re: [PacketFence-users] authentication sources packetfence 9.3

[Durand fabrice via PacketFence-users]

Ok so you probably already see the issue.

As i expected the base dn is wrong:
OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br versus 
OU=Usuarios,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br

So fix your authentication source with the correct base dn and you 
should be ok.

Regards

Fabrice


Le 20-03-23 à 17 h 25, Wagner Liegio a écrit :
Fabrice,

Here is the result of the command:

version: 1

#
# LDAPv3
# base <DC=tabajara,DC=com,DC=br> with scope subtree
# filter: sAMAccountName=iran
# requesting: ALL
#

# Iran L B de Albuquerque, Servidores, Usuarios, UO11.3-RR, Unidades Ope
 racionais, tabajara.com.br <http://tabajara.com.br>
dn: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios,OU=UO11.3-RR,O
 U=Unidades Operacionais,DC=tabajara,DC=com,DC=br
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Iran L B de Albuquerque
sn: B de Albuquerque
c: BR
l: Boa Vista
st: RR
title: Servidor(a)
description:: 
VU8xMTM7IFNlcnZpZG9yOiBBZ8OqbmNpYSBOYWNpb25hbCBkZSBUZWxlY29tdW5p
 Y2HDp8O1ZXMgLSBBTkFURUw=
postalCode: 69308-450
postOfficeBox:: IA==
physicalDeliveryOfficeName: Boa Vista, RR
telephoneNumber: 4952004
facsimileTelephoneNumber: 4612000
givenName: Iran L
initials: ILBA
distinguishedName: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios
 ,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br
instanceType: 4
whenCreated: 20050220000539.0Z
whenChanged: 20200316125236.0Z
displayName: Iran L B de Albuquerque
uSNCreated: 284874
memberOf: 
CN=VPN_SSL_TABAJARA_CONTINGENCY,OU=VPNs,OU=Grupos,OU=Tabajara Sede,DC=an
 atel,DC=com,DC=br
memberOf: CN=VPN_SSL_TABAJARA,OU=VPNs,OU=Grupos,OU=Tabajara 
Sede,DC=tabajara,DC=com,
 DC=br
memberOf: CN=UO0113OUTORGA,OU=Grupos,OU=UO11.3-RR,OU=Unidades 
Operacionais,DC=
 tabajara,DC=com,DC=br
memberOf: CN=Servidores,OU=CloudTabajara,OU=Grupos,OU=Tabajara 
Sede,DC=tabajara,DC=g
 ov,DC=br
memberOf: CN=pentaho_users,OU=Pentaho,OU=Grupos,OU=Tabajara 
Sede,DC=tabajara,DC=go
 v,DC=br
memberOf: CN=UO113 SERVIDOR,OU=Lotacao SARH,OU=Grupos,OU=Tabajara 
Sede,DC=tabajara
 ,DC=com,DC=br
memberOf: CN=LD SFI - 
UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESAB
 ILITADAS,DC=tabajara,DC=com,DC=br
memberOf: CN=SA_SFI_TOTAL_REGER,OU=LOTACOES,OU=Grupos,OU=Tabajara 
Sede,DC=tabajara
 ,DC=com,DC=br
memberOf: CN=internet_acesso_total_F,OU=Internet,OU=Grupos,OU=Tabajara 
Sede,DC=a
 natel,DC=com,DC=br
memberOf: CN=LD 
UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILITAD
 AS,DC=tabajara,DC=com,DC=br
memberOf: CN=LD Serv 
Carreira,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDES
 ABILITADAS,DC=tabajara,DC=com,DC=br
memberOf: CN=UO113OT,OU=Grupos,OU=UO11.3-RR,OU=Unidades 
Operacionais,DC=tabajara
 ,DC=com,DC=br
memberOf: CN=UO113PUBLICO,OU=Grupos,OU=UO11.3-RR,OU=Unidades 
Operacionais,DC=a
 natel,DC=com,DC=br
memberOf: CN=LD Serv 
UO-RR,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABI
 LITADAS,DC=tabajara,DC=com,DC=br
memberOf: CN=LD Serv 
QuadroEspec,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS
 DESABILITADAS,DC=tabajara,DC=com,DC=br
memberOf: CN=LD Serv 
MC,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILIT
 ADAS,DC=tabajara,DC=com,DC=br
memberOf: CN=LD Gerentes 
ERs-UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS
 DESABILITADAS,DC=tabajara,DC=com,DC=br
memberOf: CN=UO-11.3-RR,OU=Grupos,OU=UO11.3-RR,OU=Unidades 
Operacionais,DC=ana
 tel,DC=com,DC=br
memberOf: CN=LD Gerentes 
UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESA
 BILITADAS,DC=tabajara,DC=com,DC=br
memberOf: CN=Domain Users,OU=Grupos do Windows,DC=tabajara,DC=com,DC=br
uSNChanged: 354948756
department: UO113
company:: QWfDqm5jaWEgTmFjaW9uYWwgZGUgVGVsZWNvbXVuaWNhw6fDtWVzIC0gQU5BVEVM
proxyAddresses: X500:/o=Tabajara Sociedade Anonima/ou=TABAJARA/cn=Reci
 pients/cn=Iran
proxyAddresses: smtp:i...@tabajara365.mail.onmicrosoft.com 
<mailto:smtp%3ai...@tabajara365.mail.onmicrosoft.com>
proxyAddresses: x500:/o=ExchangeLabs/ou=Exchange Administrative Group 
(FYDIBOH
 F23SPDLT)/cn=Recipients/cn=aa0e6e3655504471baaf6df296608f61-Iran L B
proxyAddresses: sip:i...@tabajara.com.br 
<mailto:sip%3ai...@tabajara.com.br>
proxyAddresses: x400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq
 ue;g=Iran;i=ILBA;
proxyAddresses: ccmail:B de Albuquerque, Iran at TABAJARA
proxyAddresses: X400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq
 ue;g=Iran L;i=ILBA;
proxyAddresses: CCMAIL:B de Albuquerque, Iran L at TABAJARA
proxyAddresses: SMTP:i...@tabajara.com.br 
<mailto:smtp%3ai...@tabajara.com.br>
proxyAddresses: MS:TABAJARASA/TABAJARA/IRAN
streetAddress:: UlVBIFVBXYzDgywgNTI5
autoReplyMessage: /
garbageCollPeriod: 0
targetAddress: SMTP:i...@tabajara365.mail.onmicrosoft.com 
<mailto:smtp%3ai...@tabajara365.mail.onmicrosoft.com>
mAPIRecipient: TRUE
directReports: CN=CC - FAX CIDADAO - 
RR,OU=CAIXAS_CORPORATIVAS,OU=USUARIOS,OU=
 CONTASDESABILITADAS,DC=tabajara,DC=com,DC=br
directReports: CN=CC - ARQUIVO GERAL - RR,OU=Caixas 
Corporativas,OU=Tabajara Sed
 e,DC=tabajara,DC=com,DC=br
msExchAssistantName: Servidor(a)
mailNickname: Iran
protocolSettings:: SFRYYMKnMcKnMcKnwqfCp8KnwqfCpw==
protocolSettings:: T1dBwqcx
replicatedObjectVersion: 0
name: Iran L B de Albuquerque
objectGUID:: 8OlTc9ksdkWEeRUV2/f5Rg==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: \\WIFSYY01\EstruturaFS\usu\iran
homeDrive: U:
badPasswordTime: 132201321553958769
lastLogoff: 0
lastLogon: 132294526197067216
scriptPath: SCRIPT_MAP_FS_RR.bat
logonHours:: ////////////////////////////
pwdLastSet: 132157904882466519
primaryGroupID: 43988
userParameters:: 
bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgI
 CAg
objectSid:: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3CQgAAA==
adminCount: 1
accountExpires: 0
logonCount: 688
sAMAccountName: iran
sAMAccountType: 805306368
showInAddressBook:: 
Q049TGlzdGFzIGRlIERpc3RyaWJ1acOnw6NvLENOPUFsbCBBZGRyZXNzIE
 xpc3RzLENOPUFkZHJlc3MgTGlzdHMgQ29udGFpbmVyLENOPUFnZW5jaWEgTmFjaW9uYWwgZGUgVGV
 sZWNvbXVuaWNhY29lcyxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmln
 dXJhdGlvbixEQz1hbmF0ZWwsREM9Z292LERDPWJy
showInAddressBook: CN=TABAJARA,CN=All Address Lists,CN=Address Lists 
Container,C
 N=Tabajara Sociedade Anonima,CN=Microsoft Exchange,CN=Services,CN=C
 onfiguration,DC=tabajara,DC=com,DC=br
showInAddressBook: CN=Default Global Address List,CN=All Global 
Address Lists,
 CN=Address Lists Container,CN=Tabajara Sociedade Anonima,CN=Microso
 ft Exchange,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br
legacyExchangeDN: /o=Tabajara Sociedade Anonima/ou=External (FYDIBOH
 F25SPDLT)/cn=Recipients/cn=ce777c1762dc4c20a6dafaed019c8109
userPrincipalName: i...@tabajara.com.br <mailto:i...@tabajara.com.br>
lockoutTime: 0
objectCategory: 
CN=Person,CN=Schema,CN=Configuration,DC=tabajara,DC=com,DC=br
mSMQSignCertificates:: 
AQAAAA34CKbLO1X76RZlUUnQXTrh7FhapogMRpn8hkchOf5KzQEAADC
 CAckwggFzoAMCAQICBKqlWlUwDAYIKoZIhvcNAgUFADBsMREwDwYDVQQHHggATQBTAE0AUTELMAkG
 A1UECh4CAC0xCzAJBgNVBAseAgAtMT0wOwYDVQQDHjQAQQBOAEEAVABFAEwAXABpAHIAYQBuACwAI
 AB1AG8AMQAxADMAaABwAG4AbwB0AGUAVAAxMB4XDTA4MDYyMzIwMTgzMloXDTE2MDYyMzIwMTgzMl
 owbDERMA8GA1UEBx4IAE0AUwBNAFExCzAJBgNVBAoeAgAtMQswCQYDVQQLHgIALTE9MDsGA1UEAx4
 0AEEATgBBAFQARQBMAFwAaQByAGEAbgAsACAAdQBvADEAMQZzAGgAcABuAG8AdABlADAAMTBcMA0G
 CSqGSIb3DQEBAQUAA0sAMEgCQQDjJqL/rmrh9hZ4WvNdBe3a0XaoM+6ntIG/1UjYCp2kJVXpH3/Bm
 ubsruE0Gq2YXA9qlAJbpROi+OoUaY/3uS0nAgMBAAEwDQYJKoZIhvcNAQEEBQADQQC8s2Cd5BiBVS
 HqaVG+N0Py1havFO6baY0Ll+PGsbgO7V5bzQWqzn/7gGttNBoBis4ituzD+znk7Fs1oApR9DlZ
mSMQDigests:: DfgIpss7VfvpFmVRSdBdOg==
dSCorePropagationData: 20200214141328.0Z
dSCorePropagationData: 20200212143013.0Z
dSCorePropagationData: 20120918141327.0Z
dSCorePropagationData: 20120918135620.0Z
dSCorePropagationData: 16010714223649.0Z
mS-DS-ConsistencyGuid:: 8OlTc9ksdkWEeRUV2/f5Rg==
lastLogonTimestamp: 132288367423325630
msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain 
Controllers,
 DC=tabajara,DC=com,DC=br
msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain 
Controllers,
 DC=tabajara,DC=com,DC=br
msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain 
Controllers,
 DC=tabajara,DC=com,DC=br
msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain 
Controllers,
 DC=tabajara,DC=com,DC=br
msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain 
Controllers,
 DC=tabajara,DC=com,DC=br
msDS-AuthenticatedAtDC: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain 
Control
 lers,DC=tabajara,DC=com,DC=br
textEncodedORAddress: X400:C=US;A= ;P=Tabajara SA;O=TABAJARA;S=B de Alb
 uquerque;G=Iran L;I=ILBA;
mail: i...@tabajara.com.br <mailto:i...@tabajara.com.br>
manager: CN=Augusto C P de Q,OU=Servidores,OU=Usuarios,OU=UO32311.4
 -RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br
replicationSignature:: r477tHTGckGaVQb4US9Ssg==
msExchALObjectVersion: 82
msExchADCGlobalNames: 
FOREST:78877421B3B32741B2AA00229344053900000000526C2D5B5
 954C601
msExchADCGlobalNames: 
NT5:F0E95373D92C764584791515DBF7F94600000000526C2D5B5954
 C601
msExchADCGlobalNames: forest:o=Tabajara Sociedade Anonima000000008C7
 F1E18375AC601
msExchADCGlobalNames: EX5:cn=Iran,cn=Recipients,ou=TABAJARA,o=Tabajara SA
:organizationalperson$person$top000000008C7F1E18375AC601
msExchHideFromAddressLists: FALSE
msExchUserAccountControl: 0
msExchMailboxGuid:: vlMgHCFiW0ahUM9Sl9nFaA==
dLMemDefault: 1
msExchPoliciesIncluded: c3585128-bd66-40e9-9061-7a83471a6b4d
msExchPoliciesIncluded: {26491cfc-9e50-4857-861b-0cb8df22b5d7}
msRTCSIP-FederationEnabled: TRUE
msExchSafeSendersHash:: V69bNQ==
msRTCSIP-InternetAccessEnabled: TRUE
msExchUMDtmfMap: reversedPhone:0002164
msExchUMDtmfMap: reversedPhone:4002594
msExchUMDtmfMap: emailAddress:4726
msExchUMDtmfMap: lastNameFirstName:27242332528783338347265849
msExchUMDtmfMap: firstNameLastName:47265849272477725287837783
msExchMobileMailboxFlags: 1
msRTCSIP-PrimaryUserAddress: sip:i...@tabajara.com.br 
<mailto:sip%3ai...@tabajara.com.br>
msExchRecipientDisplayType: -2147483642
msRTCSIP-DeploymentLocator: sipfezis.online.lync.com 
<http://sipfezis.online.lync.com>
msRTCSIP-OptionFlags: 257
msRTCSIP-UserEnabled: TRUE
msRTCSIP-PrimaryHomeServer: CN=Lc 
Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC
  Service,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br
msExchWhenMailboxCreated: 20190413014438.0Z
msExchRecipientTypeDetails: 2147483648
msExchVersion: 44220983382016
msExchRemoteRecipientType: 4

# search reference
# 
refldap://AppPartition.tabajara.com.br/DC=AppPartition,DC=tabajara,DC=com,DC=br 
<http://AppPartition.tabajara.com.br/DC=AppPartition,DC=tabajara,DC=com,DC=br>

# search reference
# 
refldap://DomainDnsZones.tabajara.com.br/DC=DomainDnsZones,DC=tabajara,DC=com,DC= 
<http://DomainDnsZones.tabajara.com.br/DC=DomainDnsZones,DC=tabajara,DC=com,DC=>
 br

# search reference
# 
refldap://ForestDnsZones.tabajara.com.br/DC=ForestDnsZones,DC=tabajara,DC=com,DC= 
<http://ForestDnsZones.tabajara.com.br/DC=ForestDnsZones,DC=tabajara,DC=com,DC=>
 br

# search reference
# refldap://tabajara.com.br/CN=Configuration,DC=tabajara,DC=com,DC=br 
<http://tabajara.com.br/CN=Configuration,DC=tabajara,DC=com,DC=br>

# search result

# numResponses: 6
# numEntries: 1
# numReferences: 4

Em seg., 23 de mar. de 2020 às 17:26, Fabrice Durand 
<fdur...@inverse.ca <mailto:fdur...@inverse.ca>> escreveu:

    Hello Wagner,

    i am here to help you, if there is no user in the OU who match
    sAMAccountName=iran then it's the issue.

    Try in the whole ldap server then to see if it returns something:

    ldapsearch -h 10.10.10.70  -s sub -b "DC=tabajara,DC=com,DC=br" -D
    "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara
    Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L
    "sAMAccountName=iran"

    paste the output.

    Regards

    Fabrice


    Le 20-03-23 à 15 h 16, Wagner Liegio a écrit :
    Fabrice,

    Excuse me, but if I were to hear that I would not have contacted
    the mailing list support. There is a problem with packetfence 9.3
    linked to the domain that it does not recognize users and
    computers. So much so that there is a problem that by inserting
    the node manually it manages to search for the user and
    authenticate the node.

    Em seg., 23 de mar. de 2020 às 15:42, Fabrice Durand
    <fdur...@inverse.ca <mailto:fdur...@inverse.ca>> escreveu:

        Hello Wagner,

        so it mean that there is no user with the attribute
        sAMAccountName=iran in OU=Usuarios,OU=Tabajara
        Sede,DC=tabajara,DC=com,DC=br

        So if there is no user then there is no role returned.

        Regards

        Fabrice


        Le 20-03-23 à 14 h 13, Wagner Liegio a écrit :
        Fabrice,

        Below is the return of the command:

        version: 1

        #
        # LDAPv3
        # base <OU=Usuarios,OU=Tabajara
        Sede,DC=tabajara,DC=com,DC=br> with scope subtree
        # filter: sAMAccountName=iran
        # requesting: ALL
        #

        # search result

        # numResponses: 1

        I want to inform you that I will perform the same procedure
        in packtefence 8, which has self-registration enabled and
        working, the output of the command was the same.

        Em seg., 23 de mar. de 2020 às 11:48, Fabrice Durand
        <fdur...@inverse.ca <mailto:fdur...@inverse.ca>> escreveu:

            Hello Wagner,

            do the search with sAMAccountName=iran not
            sAMAccountName = packetfence

            Regards

            Fabrice


            Le 20-03-23 à 10 h 45, Wagner Liegio a écrit :
            Good morning Fabrice,

            Follows return of the informed command:

            version: 1

            #
            # LDAPv3
            # base <OU = Users, OU = Tabajara Headquarters, DC =
            tabajara, DC = com, DC = br> with scope subtree
            # filter: sAMAccountName = packetfence
            # requesting: ALL
            #

            # packetfence, PacketFence, Service, Users, Tabajara
            Headquarters, tabajara.com.br <http://tabajara.com.br>
            dn: CN = packetfence, OU = PacketFence, OU = Service,
            OU = Users, OU = Tabajara Sede, DC = taba
             jara, DC = com, DC = br
            objectClass: top
            objectClass: person
            objectClass: organizationalPerson
            objectClass: user
            cn: packetfence
            givenName: packetfence
            distinguishedName: CN = packetfence, OU = PacketFence,
            OU = Service, OU = Users, OU = Table
             jara Headquarters, DC = tabajara, DC = com, DC = br
            instanceType: 4
            whenCreated: 20190522175834.0Z
            whenChanged: 20200314212343.0Z
            displayName: packetfence
            uSNCreated: 332707737
            memberOf: CN = Domain Admins, CN = Users, DC =
            tabajara, DC = com, DC = us
            uSNChanged: 354881720
            name: packetfence
            objectGUID :: Gtp8SctV30ObE156O9onWA ==
            userAccountControl: 66048
            badPwdCount: 0
            codePage: 0
            countryCode: 0
            badPasswordTime: 134565121389590252
            lastLogon: 133465121436547757
            pwdLastSet: 132030215143488213
            primaryGroupID: 513
            objectSid :: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3io7GNA ==
            adminCount: 1
            accountExpires: 9223372036854775807
            logonCount: 0
            sAMAccountName: packetfence
            sAMAccountType: 805306368
            userPrincipalName: packetfe...@tabajara.com.br
            <mailto:packetfe...@tabajara.com.br>
            objectCategory: CN = Person, CN = Schema, CN =
            Configuration, DC = tabajara, DC = com, DC = us
            dSCorePropagationData: 16010101000000.0Z
            mS-DS-ConsistencyGuid :: Gtp8SctV30ObE156O9onWA ==
            lastLogonTimestamp: 132286946239647914

            # search result

            # numResponses: 2
            # numEntries: 1

            Sincerely,

            Wagner

            Em qui., 19 de mar. de 2020 às 23:45, Durand fabrice
            <fdur...@inverse.ca <mailto:fdur...@inverse.ca>> escreveu:

                If you stripped in radius in the realm ANA, it mean
                that packetfence is doing a ldap search with
                sAMAccountName=iran

                So try that from the cli:

                ldapsearch -h 10.10.10.70  -s sub -b
                "OU=Usuarios,OU=Tabajara
                Sede,DC=tabajara,DC=com,DC=br" -D
                
"CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara
                Sede,DC=tabajara,DC=com,DC=br" -w
                whatyouarelookingfor -L "sAMAccountName=iran"

                and see if it return something.

                Regards

                Fabrice


                Le 20-03-19 à 14 h 42, Wagner Liegio a écrit :
                Good afternoon,

                I made the suggested adjustments by activating the
                strip in radius, created a new realm, and the
                error persists. User authentication searching for
                the domain only works, manually registering the
                node in the packetfence. Therefore, the error
                still remains in the database when trying to
                register auto.
                Below is the database error log:

                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) INFO:
                [mac:d0:94:66:db:ae:77] handling radius autz
                request: from switch_ip => (10.95.10.1),
                connection_type => Ethernet-EAP,switch_mac =>
                (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77],
                port => 78774, username => "ANA\iran"
                (pf::radius::authorize)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) INFO:
                [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x
                (pf::Connection::ProfileFactory::_from_profile)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) INFO:
                [mac:d0:94:66:db:ae:77] Found authentication
                source(s) : 'Ana' for realm 'default'
                (pf::config::util::filter_authentication_sources)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) INFO:
                [mac:d0:94:66:db:ae:77] Using sources Ana for
                matching (pf::authentication::match2)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) INFO:
                [mac:d0:94:66:db:ae:77] LDAP testing connection
                (pf::LDAP::expire_if)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) WARN:
                [mac:d0:94:66:db:ae:77] No category computed for
                autoreg (pf::role::getNodeInfoForAutoReg)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) WARN:
                [mac:d0:94:66:db:ae:77] No role specified or found
                for pid ANA\iran (MAC d0:94:66:db:ae:77); assume
                maximum number of registered nodes is reached
                (pf::node::is_max_reg_nodes_reached)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) ERROR:
                [mac:d0:94:66:db:ae:77] max nodes per pid met or
                exceeded - registration of d0:94:66:db:ae:77 to
                ANA\iran failed
                (pf::registration::setup_node_for_registration)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) ERROR:
                [mac:d0:94:66:db:ae:77] auto-registration of node
                failed max nodes per pid met or exceeded
                (pf::radius::authorize)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) ERROR:
                [mac:d0:94:66:db:ae:77] Database query failed with
                non retryable error: Cannot add or update a child
                row: a foreign key constraint fails (`pf`.`node`,
                CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`)
                REFERENCES `person` (`tenant_id`, `pid`) ON DELETE
                CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT
                INTO `node` ( `autoreg`, `bandwidth_balance`,
                `bypass_role_id`, `bypass_vlan`, `category_id`,
                `computername`, `detect_date`, `device_class`,
                `device_manufacturer`, `device_score`,
                `device_type`, `device_version`,
                `dhcp6_enterprise`, `dhcp6_fingerprint`,
                `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`,
                `last_dhcp`, `last_seen`, `lastskip`, `mac`,
                `machine_account`, `notes`, `pid`, `regdate`,
                `sessionid`, `status`, `tenant_id`,
                `time_balance`, `unregdate`, `user_agent`, `voip`)
                VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
                ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
                ?, ?, ? ) ON DUPLICATE KEY UPDATE `autoreg` = ?,
                `last_seen` = NOW(), `pid` = ?, `status` = ?,
                `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL,
                NULL, 2020-03-19 18:15:11, NULL, NULL, NULL, NULL,
                NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00,
                0000-00-00 00:00:00, 0000-00-00 00:00:00,
                d0:94:66:db:ae:77, NULL, NULL, ANA\iran,
                0000-00-00 00:00:00, NULL, reg, 1, NULL,
                0000-00-00 00:00:00, NULL, no, yes, ANA\iran, reg,
                1} (pf::dal::db_execute)
                Mar 19 18:15:11 aplpcktfpdin01
                packetfence_httpd.aaa: httpd.aaa(6759) ERROR:
                [mac:d0:94:66:db:ae:77] Cannot save
                d0:94:66:db:ae:77 error (500) (pf::radius::authorize)

                Em qua., 18 de mar. de 2020 às 21:34, Durand
                fabrice via PacketFence-users
                <packetfence-users@lists.sourceforge.net
                <mailto:packetfence-users@lists.sourceforge.net>>
                escreveu:

                    Try that:

                    pftest authentication ANA\pereira ""

                    and

                    pftest authentication pereira ""

                    to see if the user is found and if it match a
                    rule.

                    If the second one works then in the ANA realm
                    enable strip in radius.

                    Regards

                    Fabrice


                    Le 20-03-18 à 20 h 13, Zacharry Williams via
                    PacketFence-users a écrit :
                    Gonna take a wild guess here, in your realms
                    config turn on strip radius for null and your
                    domain and and try logging on with just your
                    username and password. I'm guessing your
                    realms config isn't matching. For us we had
                    three domains and we had to add them all. For
                    example COMPANY.ORG <http://COMPANY.ORG>,
                    COMPANY.LAN, COMPANY.COM <http://COMPANY.COM>.

                    On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio
                    via PacketFence-users
                    <packetfence-users@lists.sourceforge.net
                    <mailto:packetfence-users@lists.sourceforge.net>>
                    wrote:

                        Good afternoon,

                        Follow the requested files attached.

                        Em ter., 17 de mar. de 2020 às 14:16,
                        Ludovic Zammit <lzam...@inverse.ca
                        <mailto:lzam...@inverse.ca>> escreveu:

                            Hello,

                            Could you post the result fo those
                            two commands:

                            cat
                            /usr/local/pf/conf/authentication.conf

                            cat /usr/local/pf/conf/profiles.conf

                            remove your informations.

                            Thanks,

                            Ludovic Zammit
                            lzam...@inverse.ca  <mailto:lzam...@inverse.ca>  ::  
+1.514.447.4918 (x145) ::www.inverse.ca  <http://www.inverse.ca>
                            Inverse inc. :: Leaders behind SOGo 
(http://www.sogo.nu) and PacketFence (http://packetfence.org)





                            On Mar 17, 2020, at 9:42 AM, Wagner
                            Liegio via PacketFence-users
                            <packetfence-users@lists.sourceforge.net
                            <mailto:packetfence-users@lists.sourceforge.net>>
                            wrote:

                            Good Morning,

                            The rules, functions are standard on
                            the Zen packetfence 9.3 that I
                            downloaded from the site, I will
                            send some images of how the
                            configuration is through the webgui,
                            so I noticed everything is correct,
                            what is happening is that the
                            function and the rule is not being
                            applied for some reason that I don't
                            know.

                            <image.png>

                            <image.png>

                            <image.png>



                            Em ter., 17 de mar. de 2020 às
                            00:04, Zacharry Williams via
                            PacketFence-users
                            <packetfence-users@lists.sourceforge.net
                            <mailto:packetfence-users@lists.sourceforge.net>>
                            escreveu:

                                Check and make sure your realms
                                are defined also.

                                On Mon, Mar 16, 2020, 4:58 PM
                                Brandt Winchell via
                                PacketFence-users
                                <packetfence-users@lists.sourceforge.net
                                
<mailto:packetfence-users@lists.sourceforge.net>>
                                wrote:

                                    Hello,

                                    I know when I ran into this
                                    issue, it had to do with the
                                    authorization source for
                                    AD.  In the source, I had an
                                    authentication rule that
                                    matched the sAMAccountName
                                    is member of “group name”.
                                    The group name must be the
                                    AD DN (distinguished name)
                                    of the group. CN=%security
                                    group you want%,OU=%OU the
                                    object resides in%,DC=%your
                                    domain%,DC=%domain suffix%

                                    *From:* Wagner Liegio via
                                    PacketFence-users
                                    <packetfence-users@lists.sourceforge.net
                                    
<mailto:packetfence-users@lists.sourceforge.net>>

                                    *Sent:* Monday, March 16,
                                    2020 1:08 PM
                                    *To:*
                                    packetfence-users@lists.sourceforge.net
                                    
<mailto:packetfence-users@lists.sourceforge.net>
                                    *Cc:* Wagner Liegio
                                    <wagner.lie...@gmail.com
                                    <mailto:wagner.lie...@gmail.com>>
                                    *Subject:*
                                    [PacketFence-users]
                                    authentication sources
                                    packetfence 9.3

                                    Good afternoon, I'm facing
                                    the same problem only in
                                    version 9.3. I have done
                                    everything I can think of,
                                    reconfigured the domain, the
                                    connection profile, checked
                                    the rules and functions. The
                                    error follows: No role
                                    specified or found for pid
                                    ANA \ pereira (MAC d0: 94:
                                    66: db: ee: 7d); assumes
                                    maximum number of registered
                                    nodes is reached (pf :: node
                                    :: is_max_reg_nodes_reached)
                                    plpcktfpdin01
                                    packetfence_httpd.aaa:
                                    httpd.aaa (9837) ERROR:
                                    [mac: d0: 94: 66: db: ee:
                                    7d] max nodes per pid met or
                                    exceeded - registration of
                                    d0: 94: 66: db: ae: 7d to
                                    ANA \ pereira failed
                                    (pf :: registration ::
                                    setup_node_for_registration)
                                     plpcktfpdin01
                                    packetfence_httpd.aaa:
                                    httpd.aaa (9837) ERROR:
                                    [mac: d0: 94: 66: db: ee:
                                    7d] auto-registration of
                                    node failed max nodes per
                                    pid met or exceeded (pf ::
                                    radius :: authorize)
                                     plpcktfpdin01
                                    packetfence_httpd.aaa:
                                    httpd.aaa (9837) ERROR:
                                    [mac: d0: 94: 66: db: ee:
                                    7d] Database query failed
                                    with non retryable error:
                                    Cannot add or update a child
                                    row: a foreign key
                                    constraint fails
                                    (pf.node, CONSTRAINT 0_57
                                    FOREIGN KEY (tenant_id, pid)
                                    REFERENCES person
                                    (tenant_id, pid) ON DELETE
                                    CASCADE ON UPDATE CASCADE)
                                    (errno: 1452) [INSERT INTO node
                                    (autoreg, bandwidth_balance,
                                    bypass_role_id, bypass_vlan,
                                    category_id, computername,
                                    detect_date, device_class,
                                    device_manufacturer,
                                    device_score, device_type,
                                     device_version,
                                    dhcp6_enterprise,
                                    dhcp6_fingerprint,
                                    dhcp_fingerprint,
                                    dhcp_vendor, last_arp,
                                    last_dhcp, last_seen,
                                    lastskip, mac,
                                    machine_account, notes,
                                    regdate, sessionid, status,
                                    tenant_id, time_balance,
                                    void, user?
                                    ?,?,?,?,?,?,?,?,?,?,?,?,?,?,
                                    NOW (),?,?,?,?,?,?,?,?,?,
                                    ?,?,?,?) ON DUPLICATE KEY
                                    UPDATE autoreg = ?,
                                    Last_seen = NOW (), pid = ?,
                                    Status = ?, Tenant_id` =?]
                                    {Yes, NULL, NULL, NULL,
                                    NULL, NULL, 2020 - 03-13
                                    19:08:50, NULL, NULL, NULL,
                                    NULL, NULL, NULL, NULL,
                                    NULL, NULL,
                                     0000-00-00 00:00:00,
                                    0000-00-00 00:00:00,
                                    0000-00-00 00:00:00, d0: 94:
                                    66: db: ae: 7d, NULL, NULL,
                                    ANA \ pereira, 0000-00-00
                                    00:00:00, NULL, reg, 1,
                                    NULL, 0000-00-00 00:00:00,
                                    NULL, no, yes, ANA \
                                    pereira, reg, 1}
                                     (pf :: dal :: db_execute)

                                    
_______________________________________________
                                    PacketFence-users mailing list
                                    PacketFence-users@lists.sourceforge.net
                                    
<mailto:PacketFence-users@lists.sourceforge.net>
                                    
https://lists.sourceforge.net/lists/listinfo/packetfence-users

                                _______________________________________________
                                PacketFence-users mailing list
                                PacketFence-users@lists.sourceforge.net
                                <mailto:PacketFence-users@lists.sourceforge.net>
                                
https://lists.sourceforge.net/lists/listinfo/packetfence-users

                            _______________________________________________
                            PacketFence-users mailing list
                            PacketFence-users@lists.sourceforge.net
                            <mailto:PacketFence-users@lists.sourceforge.net>
                            
https://lists.sourceforge.net/lists/listinfo/packetfence-users

                        _______________________________________________
                        PacketFence-users mailing list
                        PacketFence-users@lists.sourceforge.net
                        <mailto:PacketFence-users@lists.sourceforge.net>
                        
https://lists.sourceforge.net/lists/listinfo/packetfence-users



                    _______________________________________________
                    PacketFence-users mailing list
                    PacketFence-users@lists.sourceforge.net  
<mailto:PacketFence-users@lists.sourceforge.net>
                    
https://lists.sourceforge.net/lists/listinfo/packetfence-users
                    _______________________________________________
                    PacketFence-users mailing list
                    PacketFence-users@lists.sourceforge.net
                    <mailto:PacketFence-users@lists.sourceforge.net>
                    
https://lists.sourceforge.net/lists/listinfo/packetfence-users

            -- 
            Fabrice Durand
            fdur...@inverse.ca  <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 
(x135) ::www.inverse.ca  <http://www.inverse.ca>
            Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
PacketFence (http://packetfence.org)

        -- 
        Fabrice Durand
        fdur...@inverse.ca  <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) 
::www.inverse.ca  <http://www.inverse.ca>
        Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
PacketFence (http://packetfence.org)

    -- 
    Fabrice Durand
    fdur...@inverse.ca  <mailto:fdur...@inverse.ca>  ::  +1.514.447.4918 (x135) 
::www.inverse.ca  <http://www.inverse.ca>
    Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users