Dear, Just one more question if you can help me, the web page Has an access time limit, would you like to change the time limit from 15 minutes to more time? If I have where to find and make the change?
Sincerely, Wagner Em ter., 24 de mar. de 2020 às 10:17, Wagner Liegio <[email protected]> escreveu: > Zacharry, > > Thank you very much also for the effort, apparently it was to increase the > level of research in the domain and not just in an OU. > > Em seg., 23 de mar. de 2020 às 20:17, Zacharry Williams < > [email protected]> escreveu: > >> That's kind of what I was feeling too. Everything else seemed to be >> working as intended >> >> On Mon, Mar 23, 2020, 3:43 PM Durand fabrice via PacketFence-users < >> [email protected]> wrote: >> >>> Ok so you probably already see the issue. >>> >>> As i expected the base dn is wrong: >>> >>> OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br versus >>> OU=Usuarios,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>> >>> So fix your authentication source with the correct base dn and you >>> should be ok. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-03-23 à 17 h 25, Wagner Liegio a écrit : >>> >>> Fabrice, >>> >>> Here is the result of the command: >>> >>> version: 1 >>> >>> # >>> # LDAPv3 >>> # base <DC=tabajara,DC=com,DC=br> with scope subtree >>> # filter: sAMAccountName=iran >>> # requesting: ALL >>> # >>> >>> # Iran L B de Albuquerque, Servidores, Usuarios, UO11.3-RR, Unidades Ope >>> racionais, tabajara.com.br >>> dn: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios,OU=UO11.3-RR,O >>> U=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>> objectClass: top >>> objectClass: person >>> objectClass: organizationalPerson >>> objectClass: user >>> cn: Iran L B de Albuquerque >>> sn: B de Albuquerque >>> c: BR >>> l: Boa Vista >>> st: RR >>> title: Servidor(a) >>> description:: >>> VU8xMTM7IFNlcnZpZG9yOiBBZ8OqbmNpYSBOYWNpb25hbCBkZSBUZWxlY29tdW5p >>> Y2HDp8O1ZXMgLSBBTkFURUw= >>> postalCode: 69308-450 >>> postOfficeBox:: IA== >>> physicalDeliveryOfficeName: Boa Vista, RR >>> telephoneNumber: 4952004 >>> facsimileTelephoneNumber: 4612000 >>> givenName: Iran L >>> initials: ILBA >>> distinguishedName: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios >>> ,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>> instanceType: 4 >>> whenCreated: 20050220000539.0Z >>> whenChanged: 20200316125236.0Z >>> displayName: Iran L B de Albuquerque >>> uSNCreated: 284874 >>> memberOf: CN=VPN_SSL_TABAJARA_CONTINGENCY,OU=VPNs,OU=Grupos,OU=Tabajara >>> Sede,DC=an >>> atel,DC=com,DC=br >>> memberOf: CN=VPN_SSL_TABAJARA,OU=VPNs,OU=Grupos,OU=Tabajara >>> Sede,DC=tabajara,DC=com, >>> DC=br >>> memberOf: CN=UO0113OUTORGA,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>> Operacionais,DC= >>> tabajara,DC=com,DC=br >>> memberOf: CN=Servidores,OU=CloudTabajara,OU=Grupos,OU=Tabajara >>> Sede,DC=tabajara,DC=g >>> ov,DC=br >>> memberOf: CN=pentaho_users,OU=Pentaho,OU=Grupos,OU=Tabajara >>> Sede,DC=tabajara,DC=go >>> v,DC=br >>> memberOf: CN=UO113 SERVIDOR,OU=Lotacao SARH,OU=Grupos,OU=Tabajara >>> Sede,DC=tabajara >>> ,DC=com,DC=br >>> memberOf: CN=LD SFI - >>> UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESAB >>> ILITADAS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=SA_SFI_TOTAL_REGER,OU=LOTACOES,OU=Grupos,OU=Tabajara >>> Sede,DC=tabajara >>> ,DC=com,DC=br >>> memberOf: CN=internet_acesso_total_F,OU=Internet,OU=Grupos,OU=Tabajara >>> Sede,DC=a >>> natel,DC=com,DC=br >>> memberOf: CN=LD >>> UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILITAD >>> AS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=LD Serv >>> Carreira,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDES >>> ABILITADAS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=UO113OT,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>> Operacionais,DC=tabajara >>> ,DC=com,DC=br >>> memberOf: CN=UO113PUBLICO,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>> Operacionais,DC=a >>> natel,DC=com,DC=br >>> memberOf: CN=LD Serv >>> UO-RR,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABI >>> LITADAS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=LD Serv >>> QuadroEspec,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS >>> DESABILITADAS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=LD Serv >>> MC,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILIT >>> ADAS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=LD Gerentes >>> ERs-UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS >>> DESABILITADAS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=UO-11.3-RR,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>> Operacionais,DC=ana >>> tel,DC=com,DC=br >>> memberOf: CN=LD Gerentes >>> UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESA >>> BILITADAS,DC=tabajara,DC=com,DC=br >>> memberOf: CN=Domain Users,OU=Grupos do Windows,DC=tabajara,DC=com,DC=br >>> uSNChanged: 354948756 >>> department: UO113 >>> company:: >>> QWfDqm5jaWEgTmFjaW9uYWwgZGUgVGVsZWNvbXVuaWNhw6fDtWVzIC0gQU5BVEVM >>> proxyAddresses: X500:/o=Tabajara Sociedade Anonima/ou=TABAJARA/cn=Reci >>> pients/cn=Iran >>> proxyAddresses: smtp:[email protected] >>> proxyAddresses: x500:/o=ExchangeLabs/ou=Exchange Administrative Group >>> (FYDIBOH >>> F23SPDLT)/cn=Recipients/cn=aa0e6e3655504471baaf6df296608f61-Iran L B >>> proxyAddresses: sip:[email protected] >>> proxyAddresses: x400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq >>> ue;g=Iran;i=ILBA; >>> proxyAddresses: ccmail:B de Albuquerque, Iran at TABAJARA >>> proxyAddresses: X400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq >>> ue;g=Iran L;i=ILBA; >>> proxyAddresses: CCMAIL:B de Albuquerque, Iran L at TABAJARA >>> proxyAddresses: SMTP:[email protected] >>> proxyAddresses: MS:TABAJARASA/TABAJARA/IRAN >>> streetAddress:: UlVBIFVBXYzDgywgNTI5 >>> autoReplyMessage: / >>> garbageCollPeriod: 0 >>> targetAddress: SMTP:[email protected] >>> mAPIRecipient: TRUE >>> directReports: CN=CC - FAX CIDADAO - >>> RR,OU=CAIXAS_CORPORATIVAS,OU=USUARIOS,OU= >>> CONTASDESABILITADAS,DC=tabajara,DC=com,DC=br >>> directReports: CN=CC - ARQUIVO GERAL - RR,OU=Caixas >>> Corporativas,OU=Tabajara Sed >>> e,DC=tabajara,DC=com,DC=br >>> msExchAssistantName: Servidor(a) >>> mailNickname: Iran >>> protocolSettings:: SFRYYMKnMcKnMcKnwqfCp8KnwqfCpw== >>> protocolSettings:: T1dBwqcx >>> replicatedObjectVersion: 0 >>> name: Iran L B de Albuquerque >>> objectGUID:: 8OlTc9ksdkWEeRUV2/f5Rg== >>> userAccountControl: 512 >>> badPwdCount: 0 >>> codePage: 0 >>> countryCode: 0 >>> homeDirectory: \\WIFSYY01\EstruturaFS\usu\iran >>> homeDrive: U: >>> badPasswordTime: 132201321553958769 >>> lastLogoff: 0 >>> lastLogon: 132294526197067216 >>> scriptPath: SCRIPT_MAP_FS_RR.bat >>> logonHours:: //////////////////////////// >>> pwdLastSet: 132157904882466519 >>> primaryGroupID: 43988 >>> userParameters:: >>> bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgI >>> CAg >>> objectSid:: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3CQgAAA== >>> adminCount: 1 >>> accountExpires: 0 >>> logonCount: 688 >>> sAMAccountName: iran >>> sAMAccountType: 805306368 >>> showInAddressBook:: >>> Q049TGlzdGFzIGRlIERpc3RyaWJ1acOnw6NvLENOPUFsbCBBZGRyZXNzIE >>> >>> >>> xpc3RzLENOPUFkZHJlc3MgTGlzdHMgQ29udGFpbmVyLENOPUFnZW5jaWEgTmFjaW9uYWwgZGUgVGV >>> >>> >>> sZWNvbXVuaWNhY29lcyxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmln >>> dXJhdGlvbixEQz1hbmF0ZWwsREM9Z292LERDPWJy >>> showInAddressBook: CN=TABAJARA,CN=All Address Lists,CN=Address Lists >>> Container,C >>> N=Tabajara Sociedade Anonima,CN=Microsoft Exchange,CN=Services,CN=C >>> onfiguration,DC=tabajara,DC=com,DC=br >>> showInAddressBook: CN=Default Global Address List,CN=All Global Address >>> Lists, >>> CN=Address Lists Container,CN=Tabajara Sociedade Anonima,CN=Microso >>> ft Exchange,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br >>> legacyExchangeDN: /o=Tabajara Sociedade Anonima/ou=External (FYDIBOH >>> F25SPDLT)/cn=Recipients/cn=ce777c1762dc4c20a6dafaed019c8109 >>> userPrincipalName: [email protected] >>> lockoutTime: 0 >>> objectCategory: >>> CN=Person,CN=Schema,CN=Configuration,DC=tabajara,DC=com,DC=br >>> mSMQSignCertificates:: >>> AQAAAA34CKbLO1X76RZlUUnQXTrh7FhapogMRpn8hkchOf5KzQEAADC >>> >>> >>> CAckwggFzoAMCAQICBKqlWlUwDAYIKoZIhvcNAgUFADBsMREwDwYDVQQHHggATQBTAE0AUTELMAkG >>> >>> >>> A1UECh4CAC0xCzAJBgNVBAseAgAtMT0wOwYDVQQDHjQAQQBOAEEAVABFAEwAXABpAHIAYQBuACwAI >>> >>> >>> AB1AG8AMQAxADMAaABwAG4AbwB0AGUAVAAxMB4XDTA4MDYyMzIwMTgzMloXDTE2MDYyMzIwMTgzMl >>> >>> >>> owbDERMA8GA1UEBx4IAE0AUwBNAFExCzAJBgNVBAoeAgAtMQswCQYDVQQLHgIALTE9MDsGA1UEAx4 >>> >>> >>> 0AEEATgBBAFQARQBMAFwAaQByAGEAbgAsACAAdQBvADEAMQZzAGgAcABuAG8AdABlADAAMTBcMA0G >>> >>> >>> CSqGSIb3DQEBAQUAA0sAMEgCQQDjJqL/rmrh9hZ4WvNdBe3a0XaoM+6ntIG/1UjYCp2kJVXpH3/Bm >>> >>> >>> ubsruE0Gq2YXA9qlAJbpROi+OoUaY/3uS0nAgMBAAEwDQYJKoZIhvcNAQEEBQADQQC8s2Cd5BiBVS >>> >>> HqaVG+N0Py1havFO6baY0Ll+PGsbgO7V5bzQWqzn/7gGttNBoBis4ituzD+znk7Fs1oApR9DlZ >>> mSMQDigests:: DfgIpss7VfvpFmVRSdBdOg== >>> dSCorePropagationData: 20200214141328.0Z >>> dSCorePropagationData: 20200212143013.0Z >>> dSCorePropagationData: 20120918141327.0Z >>> dSCorePropagationData: 20120918135620.0Z >>> dSCorePropagationData: 16010714223649.0Z >>> mS-DS-ConsistencyGuid:: 8OlTc9ksdkWEeRUV2/f5Rg== >>> lastLogonTimestamp: 132288367423325630 >>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>> Controllers, >>> DC=tabajara,DC=com,DC=br >>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>> Controllers, >>> DC=tabajara,DC=com,DC=br >>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>> Controllers, >>> DC=tabajara,DC=com,DC=br >>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>> Controllers, >>> DC=tabajara,DC=com,DC=br >>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>> Controllers, >>> DC=tabajara,DC=com,DC=br >>> msDS-AuthenticatedAtDC: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>> Control >>> lers,DC=tabajara,DC=com,DC=br >>> textEncodedORAddress: X400:C=US;A= ;P=Tabajara SA;O=TABAJARA;S=B de Alb >>> uquerque;G=Iran L;I=ILBA; >>> mail: [email protected] >>> manager: CN=Augusto C P de Q,OU=Servidores,OU=Usuarios,OU=UO32311.4 >>> -RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>> replicationSignature:: r477tHTGckGaVQb4US9Ssg== >>> msExchALObjectVersion: 82 >>> msExchADCGlobalNames: >>> FOREST:78877421B3B32741B2AA00229344053900000000526C2D5B5 >>> 954C601 >>> msExchADCGlobalNames: >>> NT5:F0E95373D92C764584791515DBF7F94600000000526C2D5B5954 >>> C601 >>> msExchADCGlobalNames: forest:o=Tabajara Sociedade Anonima000000008C7 >>> F1E18375AC601 >>> msExchADCGlobalNames: EX5:cn=Iran,cn=Recipients,ou=TABAJARA,o=Tabajara SA >>> :organizationalperson$person$top000000008C7F1E18375AC601 >>> msExchHideFromAddressLists: FALSE >>> msExchUserAccountControl: 0 >>> msExchMailboxGuid:: vlMgHCFiW0ahUM9Sl9nFaA== >>> dLMemDefault: 1 >>> msExchPoliciesIncluded: c3585128-bd66-40e9-9061-7a83471a6b4d >>> msExchPoliciesIncluded: {26491cfc-9e50-4857-861b-0cb8df22b5d7} >>> msRTCSIP-FederationEnabled: TRUE >>> msExchSafeSendersHash:: V69bNQ== >>> msRTCSIP-InternetAccessEnabled: TRUE >>> msExchUMDtmfMap: reversedPhone:0002164 >>> msExchUMDtmfMap: reversedPhone:4002594 >>> msExchUMDtmfMap: emailAddress:4726 >>> msExchUMDtmfMap: lastNameFirstName:27242332528783338347265849 >>> msExchUMDtmfMap: firstNameLastName:47265849272477725287837783 >>> msExchMobileMailboxFlags: 1 >>> msRTCSIP-PrimaryUserAddress: sip:[email protected] >>> msExchRecipientDisplayType: -2147483642 >>> msRTCSIP-DeploymentLocator: sipfezis.online.lync.com >>> msRTCSIP-OptionFlags: 257 >>> msRTCSIP-UserEnabled: TRUE >>> msRTCSIP-PrimaryHomeServer: CN=Lc >>> Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC >>> Service,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br >>> msExchWhenMailboxCreated: 20190413014438.0Z >>> msExchRecipientTypeDetails: 2147483648 >>> msExchVersion: 44220983382016 >>> msExchRemoteRecipientType: 4 >>> >>> # search reference >>> # refldap:// >>> AppPartition.tabajara.com.br/DC=AppPartition,DC=tabajara,DC=com,DC=br >>> >>> # search reference >>> # refldap:// >>> DomainDnsZones.tabajara.com.br/DC=DomainDnsZones,DC=tabajara,DC=com,DC= >>> br >>> >>> # search reference >>> # refldap:// >>> ForestDnsZones.tabajara.com.br/DC=ForestDnsZones,DC=tabajara,DC=com,DC= >>> br >>> >>> # search reference >>> # refldap://tabajara.com.br/CN=Configuration,DC=tabajara,DC=com,DC=br >>> >>> # search result >>> >>> # numResponses: 6 >>> # numEntries: 1 >>> # numReferences: 4 >>> >>> Em seg., 23 de mar. de 2020 às 17:26, Fabrice Durand <[email protected]> >>> escreveu: >>> >>>> Hello Wagner, >>>> >>>> i am here to help you, if there is no user in the OU who match >>>> sAMAccountName=iran then it's the issue. >>>> >>>> Try in the whole ldap server then to see if it returns something: >>>> >>>> ldapsearch -h 10.10.10.70 -s sub -b "DC=tabajara,DC=com,DC=br" -D >>>> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >>>> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >>>> "sAMAccountName=iran" >>>> >>>> paste the output. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 20-03-23 à 15 h 16, Wagner Liegio a écrit : >>>> >>>> Fabrice, >>>> >>>> Excuse me, but if I were to hear that I would not have contacted the >>>> mailing list support. There is a problem with packetfence 9.3 linked to the >>>> domain that it does not recognize users and computers. So much so that >>>> there is a problem that by inserting the node manually it manages to search >>>> for the user and authenticate the node. >>>> >>>> Em seg., 23 de mar. de 2020 às 15:42, Fabrice Durand < >>>> [email protected]> escreveu: >>>> >>>>> Hello Wagner, >>>>> >>>>> so it mean that there is no user with the attribute >>>>> sAMAccountName=iran in OU=Usuarios,OU=Tabajara >>>>> Sede,DC=tabajara,DC=com,DC=br >>>>> >>>>> So if there is no user then there is no role returned. >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> >>>>> >>>>> Le 20-03-23 à 14 h 13, Wagner Liegio a écrit : >>>>> >>>>> Fabrice, >>>>> >>>>> Below is the return of the command: >>>>> >>>>> version: 1 >>>>> >>>>> # >>>>> # LDAPv3 >>>>> # base <OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br> with >>>>> scope subtree >>>>> # filter: sAMAccountName=iran >>>>> # requesting: ALL >>>>> # >>>>> >>>>> # search result >>>>> >>>>> # numResponses: 1 >>>>> >>>>> I want to inform you that I will perform the same procedure in >>>>> packtefence 8, which has self-registration enabled and working, the output >>>>> of the command was the same. >>>>> >>>>> Em seg., 23 de mar. de 2020 às 11:48, Fabrice Durand < >>>>> [email protected]> escreveu: >>>>> >>>>>> Hello Wagner, >>>>>> >>>>>> do the search with sAMAccountName=iran not sAMAccountName = >>>>>> packetfence >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le 20-03-23 à 10 h 45, Wagner Liegio a écrit : >>>>>> >>>>>> Good morning Fabrice, >>>>>> >>>>>> Follows return of the informed command: >>>>>> >>>>>> version: 1 >>>>>> >>>>>> # >>>>>> # LDAPv3 >>>>>> # base <OU = Users, OU = Tabajara Headquarters, DC = tabajara, DC = >>>>>> com, DC = br> with scope subtree >>>>>> # filter: sAMAccountName = packetfence >>>>>> # requesting: ALL >>>>>> # >>>>>> >>>>>> # packetfence, PacketFence, Service, Users, Tabajara Headquarters, >>>>>> tabajara.com.br >>>>>> dn: CN = packetfence, OU = PacketFence, OU = Service, OU = Users, OU >>>>>> = Tabajara Sede, DC = taba >>>>>> jara, DC = com, DC = br >>>>>> objectClass: top >>>>>> objectClass: person >>>>>> objectClass: organizationalPerson >>>>>> objectClass: user >>>>>> cn: packetfence >>>>>> givenName: packetfence >>>>>> distinguishedName: CN = packetfence, OU = PacketFence, OU = Service, >>>>>> OU = Users, OU = Table >>>>>> jara Headquarters, DC = tabajara, DC = com, DC = br >>>>>> instanceType: 4 >>>>>> whenCreated: 20190522175834.0Z >>>>>> whenChanged: 20200314212343.0Z >>>>>> displayName: packetfence >>>>>> uSNCreated: 332707737 >>>>>> memberOf: CN = Domain Admins, CN = Users, DC = tabajara, DC = com, DC >>>>>> = us >>>>>> uSNChanged: 354881720 >>>>>> name: packetfence >>>>>> objectGUID :: Gtp8SctV30ObE156O9onWA == >>>>>> userAccountControl: 66048 >>>>>> badPwdCount: 0 >>>>>> codePage: 0 >>>>>> countryCode: 0 >>>>>> badPasswordTime: 134565121389590252 >>>>>> lastLogon: 133465121436547757 >>>>>> pwdLastSet: 132030215143488213 >>>>>> primaryGroupID: 513 >>>>>> objectSid :: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3io7GNA == >>>>>> adminCount: 1 >>>>>> accountExpires: 9223372036854775807 >>>>>> logonCount: 0 >>>>>> sAMAccountName: packetfence >>>>>> sAMAccountType: 805306368 >>>>>> userPrincipalName: [email protected] >>>>>> objectCategory: CN = Person, CN = Schema, CN = Configuration, DC = >>>>>> tabajara, DC = com, DC = us >>>>>> dSCorePropagationData: 16010101000000.0Z >>>>>> mS-DS-ConsistencyGuid :: Gtp8SctV30ObE156O9onWA == >>>>>> lastLogonTimestamp: 132286946239647914 >>>>>> >>>>>> # search result >>>>>> >>>>>> # numResponses: 2 >>>>>> # numEntries: 1 >>>>>> >>>>>> Sincerely, >>>>>> >>>>>> Wagner >>>>>> >>>>>> Em qui., 19 de mar. de 2020 às 23:45, Durand fabrice < >>>>>> [email protected]> escreveu: >>>>>> >>>>>>> If you stripped in radius in the realm ANA, it mean that packetfence >>>>>>> is doing a ldap search with sAMAccountName=iran >>>>>>> >>>>>>> So try that from the cli: >>>>>>> >>>>>>> ldapsearch -h 10.10.10.70 -s sub -b "OU=Usuarios,OU=Tabajara >>>>>>> Sede,DC=tabajara,DC=com,DC=br" -D >>>>>>> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >>>>>>> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >>>>>>> "sAMAccountName=iran" >>>>>>> >>>>>>> and see if it return something. >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> Le 20-03-19 à 14 h 42, Wagner Liegio a écrit : >>>>>>> >>>>>>> Good afternoon, >>>>>>> >>>>>>> I made the suggested adjustments by activating the strip in radius, >>>>>>> created a new realm, and the error persists. User authentication >>>>>>> searching >>>>>>> for the domain only works, manually registering the node in the >>>>>>> packetfence. Therefore, the error still remains in the database when >>>>>>> trying >>>>>>> to register auto. >>>>>>> Below is the database error log: >>>>>>> >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling radius autz >>>>>>> request: >>>>>>> from switch_ip => (10.95.10.1), connection_type => >>>>>>> Ethernet-EAP,switch_mac >>>>>>> => (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, >>>>>>> username >>>>>>> => "ANA\iran" (pf::radius::authorize) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found authentication >>>>>>> source(s) : 'Ana' for realm 'default' >>>>>>> (pf::config::util::filter_authentication_sources) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for >>>>>>> matching (pf::authentication::match2) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>>>> (pf::LDAP::expire_if) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category computed for >>>>>>> autoreg (pf::role::getNodeInfoForAutoReg) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role specified or found >>>>>>> for pid ANA\iran (MAC d0:94:66:db:ae:77); assume maximum number of >>>>>>> registered nodes is reached (pf::node::is_max_reg_nodes_reached) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or >>>>>>> exceeded - registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>>>> (pf::registration::setup_node_for_registration) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node >>>>>>> failed max nodes per pid met or exceeded (pf::radius::authorize) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database query failed >>>>>>> with >>>>>>> non retryable error: Cannot add or update a child row: a foreign key >>>>>>> constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY >>>>>>> (`tenant_id`, >>>>>>> `pid`) REFERENCES `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON >>>>>>> UPDATE >>>>>>> CASCADE) (errno: 1452) [INSERT INTO `node` ( `autoreg`, >>>>>>> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, >>>>>>> `computername`, `detect_date`, `device_class`, `device_manufacturer`, >>>>>>> `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, >>>>>>> `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, >>>>>>> `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, `notes`, >>>>>>> `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, >>>>>>> `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>>>>> ?, >>>>>>> ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) >>>>>>> ON >>>>>>> DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, >>>>>>> `status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, >>>>>>> 2020-03-19 18:15:11, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, >>>>>>> NULL, >>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>> d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00 00:00:00, NULL, >>>>>>> reg, 1, >>>>>>> NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA\iran, reg, 1} >>>>>>> (pf::dal::db_execute) >>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save >>>>>>> d0:94:66:db:ae:77 error (500) (pf::radius::authorize) >>>>>>> >>>>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>>>> PacketFence-users <[email protected]> >>>>>>> escreveu: >>>>>>> >>>>>>>> Try that: >>>>>>>> >>>>>>>> pftest authentication ANA\pereira "" >>>>>>>> >>>>>>>> and >>>>>>>> >>>>>>>> pftest authentication pereira "" >>>>>>>> >>>>>>>> to see if the user is found and if it match a rule. >>>>>>>> >>>>>>>> If the second one works then in the ANA realm enable strip in >>>>>>>> radius. >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> Fabrice >>>>>>>> >>>>>>>> >>>>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>>>> écrit : >>>>>>>> >>>>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>>>> radius for null and your domain and and try logging on with just your >>>>>>>> username and password. I'm guessing your realms config isn't matching. >>>>>>>> For >>>>>>>> us we had three domains and we had to add them all. For example >>>>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>>>> >>>>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Good afternoon, >>>>>>>>> >>>>>>>>> Follow the requested files attached. >>>>>>>>> >>>>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>>>> [email protected]> escreveu: >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> Could you post the result fo those two commands: >>>>>>>>>> >>>>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>>>> >>>>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>>>> >>>>>>>>>> remove your informations. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> >>>>>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>>>>> www.inverse.ca >>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>> Good Morning, >>>>>>>>>> >>>>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that >>>>>>>>>> I downloaded from the site, I will send some images of how the >>>>>>>>>> configuration is through the webgui, so I noticed everything is >>>>>>>>>> correct, >>>>>>>>>> what is happening is that the function and the rule is not being >>>>>>>>>> applied >>>>>>>>>> for some reason that I don't know. >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>> escreveu: >>>>>>>>>> >>>>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>>>> >>>>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>>>> authorization source for AD. In the source, I had an >>>>>>>>>>>> authentication rule >>>>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>>>> group name >>>>>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security >>>>>>>>>>>> group >>>>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your >>>>>>>>>>>> domain%,DC=%domain suffix% >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>>>> [email protected]> >>>>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>>>> *To:* [email protected] >>>>>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>>>> packetfence 9.3 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Good afternoon, I'm facing the same problem only in version >>>>>>>>>>>> 9.3. I have done everything I can think of, reconfigured the >>>>>>>>>>>> domain, the >>>>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>>>> follows: No >>>>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: >>>>>>>>>>>> ee: 7d); >>>>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node >>>>>>>>>>>> :: >>>>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max >>>>>>>>>>>> nodes >>>>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>>>> retryable >>>>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>>>>> fails >>>>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) >>>>>>>>>>>> REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE >>>>>>>>>>>> CASCADE) >>>>>>>>>>>> (errno: 1452) [INSERT INTO node >>>>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>>>> device_manufacturer, >>>>>>>>>>>> device_score, device_type, >>>>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>>>> lastskip, >>>>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, >>>>>>>>>>>> NULL, NULL, >>>>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>>>> NULL, >>>>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 >>>>>>>>>>>> 00:00:00, >>>>>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ >>>>>>>>>>>> pereira, reg, >>>>>>>>>>>> 1} >>>>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> [email protected] >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing >>>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> -- >>>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>>>> www.inverse.ca >>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>>> (http://packetfence.org) >>>>>> >>>>>> -- >>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> -- >>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
