That's kind of what I was feeling too. Everything else seemed to be working as intended
On Mon, Mar 23, 2020, 3:43 PM Durand fabrice via PacketFence-users < [email protected]> wrote: > Ok so you probably already see the issue. > > As i expected the base dn is wrong: > > OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br versus > OU=Usuarios,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br > > So fix your authentication source with the correct base dn and you should > be ok. > > Regards > > Fabrice > > > Le 20-03-23 à 17 h 25, Wagner Liegio a écrit : > > Fabrice, > > Here is the result of the command: > > version: 1 > > # > # LDAPv3 > # base <DC=tabajara,DC=com,DC=br> with scope subtree > # filter: sAMAccountName=iran > # requesting: ALL > # > > # Iran L B de Albuquerque, Servidores, Usuarios, UO11.3-RR, Unidades Ope > racionais, tabajara.com.br > dn: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios,OU=UO11.3-RR,O > U=Unidades Operacionais,DC=tabajara,DC=com,DC=br > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: Iran L B de Albuquerque > sn: B de Albuquerque > c: BR > l: Boa Vista > st: RR > title: Servidor(a) > description:: > VU8xMTM7IFNlcnZpZG9yOiBBZ8OqbmNpYSBOYWNpb25hbCBkZSBUZWxlY29tdW5p > Y2HDp8O1ZXMgLSBBTkFURUw= > postalCode: 69308-450 > postOfficeBox:: IA== > physicalDeliveryOfficeName: Boa Vista, RR > telephoneNumber: 4952004 > facsimileTelephoneNumber: 4612000 > givenName: Iran L > initials: ILBA > distinguishedName: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios > ,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br > instanceType: 4 > whenCreated: 20050220000539.0Z > whenChanged: 20200316125236.0Z > displayName: Iran L B de Albuquerque > uSNCreated: 284874 > memberOf: CN=VPN_SSL_TABAJARA_CONTINGENCY,OU=VPNs,OU=Grupos,OU=Tabajara > Sede,DC=an > atel,DC=com,DC=br > memberOf: CN=VPN_SSL_TABAJARA,OU=VPNs,OU=Grupos,OU=Tabajara > Sede,DC=tabajara,DC=com, > DC=br > memberOf: CN=UO0113OUTORGA,OU=Grupos,OU=UO11.3-RR,OU=Unidades > Operacionais,DC= > tabajara,DC=com,DC=br > memberOf: CN=Servidores,OU=CloudTabajara,OU=Grupos,OU=Tabajara > Sede,DC=tabajara,DC=g > ov,DC=br > memberOf: CN=pentaho_users,OU=Pentaho,OU=Grupos,OU=Tabajara > Sede,DC=tabajara,DC=go > v,DC=br > memberOf: CN=UO113 SERVIDOR,OU=Lotacao SARH,OU=Grupos,OU=Tabajara > Sede,DC=tabajara > ,DC=com,DC=br > memberOf: CN=LD SFI - > UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESAB > ILITADAS,DC=tabajara,DC=com,DC=br > memberOf: CN=SA_SFI_TOTAL_REGER,OU=LOTACOES,OU=Grupos,OU=Tabajara > Sede,DC=tabajara > ,DC=com,DC=br > memberOf: CN=internet_acesso_total_F,OU=Internet,OU=Grupos,OU=Tabajara > Sede,DC=a > natel,DC=com,DC=br > memberOf: CN=LD > UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILITAD > AS,DC=tabajara,DC=com,DC=br > memberOf: CN=LD Serv > Carreira,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDES > ABILITADAS,DC=tabajara,DC=com,DC=br > memberOf: CN=UO113OT,OU=Grupos,OU=UO11.3-RR,OU=Unidades > Operacionais,DC=tabajara > ,DC=com,DC=br > memberOf: CN=UO113PUBLICO,OU=Grupos,OU=UO11.3-RR,OU=Unidades > Operacionais,DC=a > natel,DC=com,DC=br > memberOf: CN=LD Serv > UO-RR,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABI > LITADAS,DC=tabajara,DC=com,DC=br > memberOf: CN=LD Serv > QuadroEspec,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS > DESABILITADAS,DC=tabajara,DC=com,DC=br > memberOf: CN=LD Serv > MC,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILIT > ADAS,DC=tabajara,DC=com,DC=br > memberOf: CN=LD Gerentes > ERs-UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS > DESABILITADAS,DC=tabajara,DC=com,DC=br > memberOf: CN=UO-11.3-RR,OU=Grupos,OU=UO11.3-RR,OU=Unidades > Operacionais,DC=ana > tel,DC=com,DC=br > memberOf: CN=LD Gerentes > UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESA > BILITADAS,DC=tabajara,DC=com,DC=br > memberOf: CN=Domain Users,OU=Grupos do Windows,DC=tabajara,DC=com,DC=br > uSNChanged: 354948756 > department: UO113 > company:: QWfDqm5jaWEgTmFjaW9uYWwgZGUgVGVsZWNvbXVuaWNhw6fDtWVzIC0gQU5BVEVM > proxyAddresses: X500:/o=Tabajara Sociedade Anonima/ou=TABAJARA/cn=Reci > pients/cn=Iran > proxyAddresses: smtp:[email protected] > proxyAddresses: x500:/o=ExchangeLabs/ou=Exchange Administrative Group > (FYDIBOH > F23SPDLT)/cn=Recipients/cn=aa0e6e3655504471baaf6df296608f61-Iran L B > proxyAddresses: sip:[email protected] > proxyAddresses: x400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq > ue;g=Iran;i=ILBA; > proxyAddresses: ccmail:B de Albuquerque, Iran at TABAJARA > proxyAddresses: X400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq > ue;g=Iran L;i=ILBA; > proxyAddresses: CCMAIL:B de Albuquerque, Iran L at TABAJARA > proxyAddresses: SMTP:[email protected] > proxyAddresses: MS:TABAJARASA/TABAJARA/IRAN > streetAddress:: UlVBIFVBXYzDgywgNTI5 > autoReplyMessage: / > garbageCollPeriod: 0 > targetAddress: SMTP:[email protected] > mAPIRecipient: TRUE > directReports: CN=CC - FAX CIDADAO - > RR,OU=CAIXAS_CORPORATIVAS,OU=USUARIOS,OU= > CONTASDESABILITADAS,DC=tabajara,DC=com,DC=br > directReports: CN=CC - ARQUIVO GERAL - RR,OU=Caixas > Corporativas,OU=Tabajara Sed > e,DC=tabajara,DC=com,DC=br > msExchAssistantName: Servidor(a) > mailNickname: Iran > protocolSettings:: SFRYYMKnMcKnMcKnwqfCp8KnwqfCpw== > protocolSettings:: T1dBwqcx > replicatedObjectVersion: 0 > name: Iran L B de Albuquerque > objectGUID:: 8OlTc9ksdkWEeRUV2/f5Rg== > userAccountControl: 512 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > homeDirectory: \\WIFSYY01\EstruturaFS\usu\iran > homeDrive: U: > badPasswordTime: 132201321553958769 > lastLogoff: 0 > lastLogon: 132294526197067216 > scriptPath: SCRIPT_MAP_FS_RR.bat > logonHours:: //////////////////////////// > pwdLastSet: 132157904882466519 > primaryGroupID: 43988 > userParameters:: > bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgI > CAg > objectSid:: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3CQgAAA== > adminCount: 1 > accountExpires: 0 > logonCount: 688 > sAMAccountName: iran > sAMAccountType: 805306368 > showInAddressBook:: > Q049TGlzdGFzIGRlIERpc3RyaWJ1acOnw6NvLENOPUFsbCBBZGRyZXNzIE > > xpc3RzLENOPUFkZHJlc3MgTGlzdHMgQ29udGFpbmVyLENOPUFnZW5jaWEgTmFjaW9uYWwgZGUgVGV > > sZWNvbXVuaWNhY29lcyxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmln > dXJhdGlvbixEQz1hbmF0ZWwsREM9Z292LERDPWJy > showInAddressBook: CN=TABAJARA,CN=All Address Lists,CN=Address Lists > Container,C > N=Tabajara Sociedade Anonima,CN=Microsoft Exchange,CN=Services,CN=C > onfiguration,DC=tabajara,DC=com,DC=br > showInAddressBook: CN=Default Global Address List,CN=All Global Address > Lists, > CN=Address Lists Container,CN=Tabajara Sociedade Anonima,CN=Microso > ft Exchange,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br > legacyExchangeDN: /o=Tabajara Sociedade Anonima/ou=External (FYDIBOH > F25SPDLT)/cn=Recipients/cn=ce777c1762dc4c20a6dafaed019c8109 > userPrincipalName: [email protected] > lockoutTime: 0 > objectCategory: > CN=Person,CN=Schema,CN=Configuration,DC=tabajara,DC=com,DC=br > mSMQSignCertificates:: > AQAAAA34CKbLO1X76RZlUUnQXTrh7FhapogMRpn8hkchOf5KzQEAADC > > CAckwggFzoAMCAQICBKqlWlUwDAYIKoZIhvcNAgUFADBsMREwDwYDVQQHHggATQBTAE0AUTELMAkG > > A1UECh4CAC0xCzAJBgNVBAseAgAtMT0wOwYDVQQDHjQAQQBOAEEAVABFAEwAXABpAHIAYQBuACwAI > > AB1AG8AMQAxADMAaABwAG4AbwB0AGUAVAAxMB4XDTA4MDYyMzIwMTgzMloXDTE2MDYyMzIwMTgzMl > > owbDERMA8GA1UEBx4IAE0AUwBNAFExCzAJBgNVBAoeAgAtMQswCQYDVQQLHgIALTE9MDsGA1UEAx4 > > 0AEEATgBBAFQARQBMAFwAaQByAGEAbgAsACAAdQBvADEAMQZzAGgAcABuAG8AdABlADAAMTBcMA0G > > CSqGSIb3DQEBAQUAA0sAMEgCQQDjJqL/rmrh9hZ4WvNdBe3a0XaoM+6ntIG/1UjYCp2kJVXpH3/Bm > > ubsruE0Gq2YXA9qlAJbpROi+OoUaY/3uS0nAgMBAAEwDQYJKoZIhvcNAQEEBQADQQC8s2Cd5BiBVS > HqaVG+N0Py1havFO6baY0Ll+PGsbgO7V5bzQWqzn/7gGttNBoBis4ituzD+znk7Fs1oApR9DlZ > mSMQDigests:: DfgIpss7VfvpFmVRSdBdOg== > dSCorePropagationData: 20200214141328.0Z > dSCorePropagationData: 20200212143013.0Z > dSCorePropagationData: 20120918141327.0Z > dSCorePropagationData: 20120918135620.0Z > dSCorePropagationData: 16010714223649.0Z > mS-DS-ConsistencyGuid:: 8OlTc9ksdkWEeRUV2/f5Rg== > lastLogonTimestamp: 132288367423325630 > msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain > Controllers, > DC=tabajara,DC=com,DC=br > msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain > Controllers, > DC=tabajara,DC=com,DC=br > msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain > Controllers, > DC=tabajara,DC=com,DC=br > msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain > Controllers, > DC=tabajara,DC=com,DC=br > msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain > Controllers, > DC=tabajara,DC=com,DC=br > msDS-AuthenticatedAtDC: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain > Control > lers,DC=tabajara,DC=com,DC=br > textEncodedORAddress: X400:C=US;A= ;P=Tabajara SA;O=TABAJARA;S=B de Alb > uquerque;G=Iran L;I=ILBA; > mail: [email protected] > manager: CN=Augusto C P de Q,OU=Servidores,OU=Usuarios,OU=UO32311.4 > -RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br > replicationSignature:: r477tHTGckGaVQb4US9Ssg== > msExchALObjectVersion: 82 > msExchADCGlobalNames: > FOREST:78877421B3B32741B2AA00229344053900000000526C2D5B5 > 954C601 > msExchADCGlobalNames: > NT5:F0E95373D92C764584791515DBF7F94600000000526C2D5B5954 > C601 > msExchADCGlobalNames: forest:o=Tabajara Sociedade Anonima000000008C7 > F1E18375AC601 > msExchADCGlobalNames: EX5:cn=Iran,cn=Recipients,ou=TABAJARA,o=Tabajara SA > :organizationalperson$person$top000000008C7F1E18375AC601 > msExchHideFromAddressLists: FALSE > msExchUserAccountControl: 0 > msExchMailboxGuid:: vlMgHCFiW0ahUM9Sl9nFaA== > dLMemDefault: 1 > msExchPoliciesIncluded: c3585128-bd66-40e9-9061-7a83471a6b4d > msExchPoliciesIncluded: {26491cfc-9e50-4857-861b-0cb8df22b5d7} > msRTCSIP-FederationEnabled: TRUE > msExchSafeSendersHash:: V69bNQ== > msRTCSIP-InternetAccessEnabled: TRUE > msExchUMDtmfMap: reversedPhone:0002164 > msExchUMDtmfMap: reversedPhone:4002594 > msExchUMDtmfMap: emailAddress:4726 > msExchUMDtmfMap: lastNameFirstName:27242332528783338347265849 > msExchUMDtmfMap: firstNameLastName:47265849272477725287837783 > msExchMobileMailboxFlags: 1 > msRTCSIP-PrimaryUserAddress: sip:[email protected] > msExchRecipientDisplayType: -2147483642 > msRTCSIP-DeploymentLocator: sipfezis.online.lync.com > msRTCSIP-OptionFlags: 257 > msRTCSIP-UserEnabled: TRUE > msRTCSIP-PrimaryHomeServer: CN=Lc > Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC > Service,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br > msExchWhenMailboxCreated: 20190413014438.0Z > msExchRecipientTypeDetails: 2147483648 > msExchVersion: 44220983382016 > msExchRemoteRecipientType: 4 > > # search reference > # refldap:// > AppPartition.tabajara.com.br/DC=AppPartition,DC=tabajara,DC=com,DC=br > > # search reference > # refldap:// > DomainDnsZones.tabajara.com.br/DC=DomainDnsZones,DC=tabajara,DC=com,DC= > br > > # search reference > # refldap:// > ForestDnsZones.tabajara.com.br/DC=ForestDnsZones,DC=tabajara,DC=com,DC= > br > > # search reference > # refldap://tabajara.com.br/CN=Configuration,DC=tabajara,DC=com,DC=br > > # search result > > # numResponses: 6 > # numEntries: 1 > # numReferences: 4 > > Em seg., 23 de mar. de 2020 às 17:26, Fabrice Durand <[email protected]> > escreveu: > >> Hello Wagner, >> >> i am here to help you, if there is no user in the OU who match >> sAMAccountName=iran then it's the issue. >> >> Try in the whole ldap server then to see if it returns something: >> >> ldapsearch -h 10.10.10.70 -s sub -b "DC=tabajara,DC=com,DC=br" -D >> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >> "sAMAccountName=iran" >> >> paste the output. >> >> Regards >> >> Fabrice >> >> >> Le 20-03-23 à 15 h 16, Wagner Liegio a écrit : >> >> Fabrice, >> >> Excuse me, but if I were to hear that I would not have contacted the >> mailing list support. There is a problem with packetfence 9.3 linked to the >> domain that it does not recognize users and computers. So much so that >> there is a problem that by inserting the node manually it manages to search >> for the user and authenticate the node. >> >> Em seg., 23 de mar. de 2020 às 15:42, Fabrice Durand <[email protected]> >> escreveu: >> >>> Hello Wagner, >>> >>> so it mean that there is no user with the attribute sAMAccountName=iran >>> in OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br >>> >>> So if there is no user then there is no role returned. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-03-23 à 14 h 13, Wagner Liegio a écrit : >>> >>> Fabrice, >>> >>> Below is the return of the command: >>> >>> version: 1 >>> >>> # >>> # LDAPv3 >>> # base <OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br> with >>> scope subtree >>> # filter: sAMAccountName=iran >>> # requesting: ALL >>> # >>> >>> # search result >>> >>> # numResponses: 1 >>> >>> I want to inform you that I will perform the same procedure in >>> packtefence 8, which has self-registration enabled and working, the output >>> of the command was the same. >>> >>> Em seg., 23 de mar. de 2020 às 11:48, Fabrice Durand <[email protected]> >>> escreveu: >>> >>>> Hello Wagner, >>>> >>>> do the search with sAMAccountName=iran not sAMAccountName = packetfence >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 20-03-23 à 10 h 45, Wagner Liegio a écrit : >>>> >>>> Good morning Fabrice, >>>> >>>> Follows return of the informed command: >>>> >>>> version: 1 >>>> >>>> # >>>> # LDAPv3 >>>> # base <OU = Users, OU = Tabajara Headquarters, DC = tabajara, DC = >>>> com, DC = br> with scope subtree >>>> # filter: sAMAccountName = packetfence >>>> # requesting: ALL >>>> # >>>> >>>> # packetfence, PacketFence, Service, Users, Tabajara Headquarters, >>>> tabajara.com.br >>>> dn: CN = packetfence, OU = PacketFence, OU = Service, OU = Users, OU = >>>> Tabajara Sede, DC = taba >>>> jara, DC = com, DC = br >>>> objectClass: top >>>> objectClass: person >>>> objectClass: organizationalPerson >>>> objectClass: user >>>> cn: packetfence >>>> givenName: packetfence >>>> distinguishedName: CN = packetfence, OU = PacketFence, OU = Service, OU >>>> = Users, OU = Table >>>> jara Headquarters, DC = tabajara, DC = com, DC = br >>>> instanceType: 4 >>>> whenCreated: 20190522175834.0Z >>>> whenChanged: 20200314212343.0Z >>>> displayName: packetfence >>>> uSNCreated: 332707737 >>>> memberOf: CN = Domain Admins, CN = Users, DC = tabajara, DC = com, DC = >>>> us >>>> uSNChanged: 354881720 >>>> name: packetfence >>>> objectGUID :: Gtp8SctV30ObE156O9onWA == >>>> userAccountControl: 66048 >>>> badPwdCount: 0 >>>> codePage: 0 >>>> countryCode: 0 >>>> badPasswordTime: 134565121389590252 >>>> lastLogon: 133465121436547757 >>>> pwdLastSet: 132030215143488213 >>>> primaryGroupID: 513 >>>> objectSid :: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3io7GNA == >>>> adminCount: 1 >>>> accountExpires: 9223372036854775807 >>>> logonCount: 0 >>>> sAMAccountName: packetfence >>>> sAMAccountType: 805306368 >>>> userPrincipalName: [email protected] >>>> objectCategory: CN = Person, CN = Schema, CN = Configuration, DC = >>>> tabajara, DC = com, DC = us >>>> dSCorePropagationData: 16010101000000.0Z >>>> mS-DS-ConsistencyGuid :: Gtp8SctV30ObE156O9onWA == >>>> lastLogonTimestamp: 132286946239647914 >>>> >>>> # search result >>>> >>>> # numResponses: 2 >>>> # numEntries: 1 >>>> >>>> Sincerely, >>>> >>>> Wagner >>>> >>>> Em qui., 19 de mar. de 2020 às 23:45, Durand fabrice < >>>> [email protected]> escreveu: >>>> >>>>> If you stripped in radius in the realm ANA, it mean that packetfence >>>>> is doing a ldap search with sAMAccountName=iran >>>>> >>>>> So try that from the cli: >>>>> >>>>> ldapsearch -h 10.10.10.70 -s sub -b "OU=Usuarios,OU=Tabajara >>>>> Sede,DC=tabajara,DC=com,DC=br" -D >>>>> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >>>>> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >>>>> "sAMAccountName=iran" >>>>> >>>>> and see if it return something. >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> >>>>> >>>>> Le 20-03-19 à 14 h 42, Wagner Liegio a écrit : >>>>> >>>>> Good afternoon, >>>>> >>>>> I made the suggested adjustments by activating the strip in radius, >>>>> created a new realm, and the error persists. User authentication searching >>>>> for the domain only works, manually registering the node in the >>>>> packetfence. Therefore, the error still remains in the database when >>>>> trying >>>>> to register auto. >>>>> Below is the database error log: >>>>> >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip >>>>> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => >>>>> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username >>>>> => >>>>> "ANA\iran" (pf::radius::authorize) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for >>>>> realm 'default' (pf::config::util::filter_authentication_sources) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching >>>>> (pf::authentication::match2) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>> (pf::LDAP::expire_if) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg >>>>> (pf::role::getNodeInfoForAutoReg) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran >>>>> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is >>>>> reached (pf::node::is_max_reg_nodes_reached) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - >>>>> registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>> (pf::registration::setup_node_for_registration) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes >>>>> per pid met or exceeded (pf::radius::authorize) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable >>>>> error: Cannot add or update a child row: a foreign key constraint fails >>>>> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) >>>>> REFERENCES >>>>> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, >>>>> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, >>>>> `detect_date`, `device_class`, `device_manufacturer`, `device_score`, >>>>> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, >>>>> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, >>>>> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, >>>>> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, >>>>> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>>> ?, >>>>> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY >>>>> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, >>>>> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, >>>>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, >>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, >>>>> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, >>>>> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) >>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) >>>>> (pf::radius::authorize) >>>>> >>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>> PacketFence-users <[email protected]> escreveu: >>>>> >>>>>> Try that: >>>>>> >>>>>> pftest authentication ANA\pereira "" >>>>>> >>>>>> and >>>>>> >>>>>> pftest authentication pereira "" >>>>>> >>>>>> to see if the user is found and if it match a rule. >>>>>> >>>>>> If the second one works then in the ANA realm enable strip in radius. >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>> écrit : >>>>>> >>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>> radius for null and your domain and and try logging on with just your >>>>>> username and password. I'm guessing your realms config isn't matching. >>>>>> For >>>>>> us we had three domains and we had to add them all. For example >>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>> >>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Good afternoon, >>>>>>> >>>>>>> Follow the requested files attached. >>>>>>> >>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>> [email protected]> escreveu: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> Could you post the result fo those two commands: >>>>>>>> >>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>> >>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>> >>>>>>>> remove your informations. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>>> www.inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>> PacketFence (http://packetfence.org) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>> Good Morning, >>>>>>>> >>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that I >>>>>>>> downloaded from the site, I will send some images of how the >>>>>>>> configuration >>>>>>>> is through the webgui, so I noticed everything is correct, what is >>>>>>>> happening is that the function and the rule is not being applied for >>>>>>>> some >>>>>>>> reason that I don't know. >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>> PacketFence-users <[email protected]> >>>>>>>> escreveu: >>>>>>>> >>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>> >>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>> PacketFence-users <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>> authorization source for AD. In the source, I had an authentication >>>>>>>>>> rule >>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>> group name >>>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security >>>>>>>>>> group >>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain >>>>>>>>>> suffix% >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>> [email protected]> >>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>> *To:* [email protected] >>>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>> packetfence 9.3 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Good afternoon, I'm facing the same problem only in version 9.3. >>>>>>>>>> I have done everything I can think of, reconfigured the domain, the >>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>> follows: No >>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: >>>>>>>>>> ee: 7d); >>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node :: >>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max >>>>>>>>>> nodes >>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>> retryable >>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>>> fails >>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES >>>>>>>>>> person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno: >>>>>>>>>> 1452) >>>>>>>>>> [INSERT INTO node >>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>> device_manufacturer, >>>>>>>>>> device_score, device_type, >>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>> lastskip, >>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, >>>>>>>>>> NULL, >>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>> NULL, >>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 >>>>>>>>>> 00:00:00, >>>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ >>>>>>>>>> pereira, reg, >>>>>>>>>> 1} >>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing >>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> -- >>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> -- >>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
