Yes. Em qua, 25 de mar de 2020 21:15, Durand fabrice <[email protected]> escreveu:
> Hello Wagner, > > in which case the web page ? > > Regards > > Fabrice > Le 20-03-24 à 15 h 32, Wagner Liegio a écrit : > > Dear, > > Just one more question if you can help me, the web page Has an access time > limit, would you like to change the time limit from 15 minutes to more > time? If I have where to find and make the change? > > Sincerely, > > Wagner > > Em ter., 24 de mar. de 2020 às 10:17, Wagner Liegio < > [email protected]> escreveu: > >> Zacharry, >> >> Thank you very much also for the effort, apparently it was to increase >> the level of research in the domain and not just in an OU. >> >> Em seg., 23 de mar. de 2020 às 20:17, Zacharry Williams < >> [email protected]> escreveu: >> >>> That's kind of what I was feeling too. Everything else seemed to be >>> working as intended >>> >>> On Mon, Mar 23, 2020, 3:43 PM Durand fabrice via PacketFence-users < >>> [email protected]> wrote: >>> >>>> Ok so you probably already see the issue. >>>> >>>> As i expected the base dn is wrong: >>>> >>>> OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br versus >>>> OU=Usuarios,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>>> >>>> So fix your authentication source with the correct base dn and you >>>> should be ok. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 20-03-23 à 17 h 25, Wagner Liegio a écrit : >>>> >>>> Fabrice, >>>> >>>> Here is the result of the command: >>>> >>>> version: 1 >>>> >>>> # >>>> # LDAPv3 >>>> # base <DC=tabajara,DC=com,DC=br> with scope subtree >>>> # filter: sAMAccountName=iran >>>> # requesting: ALL >>>> # >>>> >>>> # Iran L B de Albuquerque, Servidores, Usuarios, UO11.3-RR, Unidades Ope >>>> racionais, tabajara.com.br >>>> dn: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios,OU=UO11.3-RR,O >>>> U=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>>> objectClass: top >>>> objectClass: person >>>> objectClass: organizationalPerson >>>> objectClass: user >>>> cn: Iran L B de Albuquerque >>>> sn: B de Albuquerque >>>> c: BR >>>> l: Boa Vista >>>> st: RR >>>> title: Servidor(a) >>>> description:: >>>> VU8xMTM7IFNlcnZpZG9yOiBBZ8OqbmNpYSBOYWNpb25hbCBkZSBUZWxlY29tdW5p >>>> Y2HDp8O1ZXMgLSBBTkFURUw= >>>> postalCode: 69308-450 >>>> postOfficeBox:: IA== >>>> physicalDeliveryOfficeName: Boa Vista, RR >>>> telephoneNumber: 4952004 >>>> facsimileTelephoneNumber: 4612000 >>>> givenName: Iran L >>>> initials: ILBA >>>> distinguishedName: CN=Iran L B de Albuquerque,OU=Servidores,OU=Usuarios >>>> ,OU=UO11.3-RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>>> instanceType: 4 >>>> whenCreated: 20050220000539.0Z >>>> whenChanged: 20200316125236.0Z >>>> displayName: Iran L B de Albuquerque >>>> uSNCreated: 284874 >>>> memberOf: CN=VPN_SSL_TABAJARA_CONTINGENCY,OU=VPNs,OU=Grupos,OU=Tabajara >>>> Sede,DC=an >>>> atel,DC=com,DC=br >>>> memberOf: CN=VPN_SSL_TABAJARA,OU=VPNs,OU=Grupos,OU=Tabajara >>>> Sede,DC=tabajara,DC=com, >>>> DC=br >>>> memberOf: CN=UO0113OUTORGA,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>>> Operacionais,DC= >>>> tabajara,DC=com,DC=br >>>> memberOf: CN=Servidores,OU=CloudTabajara,OU=Grupos,OU=Tabajara >>>> Sede,DC=tabajara,DC=g >>>> ov,DC=br >>>> memberOf: CN=pentaho_users,OU=Pentaho,OU=Grupos,OU=Tabajara >>>> Sede,DC=tabajara,DC=go >>>> v,DC=br >>>> memberOf: CN=UO113 SERVIDOR,OU=Lotacao SARH,OU=Grupos,OU=Tabajara >>>> Sede,DC=tabajara >>>> ,DC=com,DC=br >>>> memberOf: CN=LD SFI - >>>> UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESAB >>>> ILITADAS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=SA_SFI_TOTAL_REGER,OU=LOTACOES,OU=Grupos,OU=Tabajara >>>> Sede,DC=tabajara >>>> ,DC=com,DC=br >>>> memberOf: CN=internet_acesso_total_F,OU=Internet,OU=Grupos,OU=Tabajara >>>> Sede,DC=a >>>> natel,DC=com,DC=br >>>> memberOf: CN=LD >>>> UO113,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILITAD >>>> AS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=LD Serv >>>> Carreira,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDES >>>> ABILITADAS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=UO113OT,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>>> Operacionais,DC=tabajara >>>> ,DC=com,DC=br >>>> memberOf: CN=UO113PUBLICO,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>>> Operacionais,DC=a >>>> natel,DC=com,DC=br >>>> memberOf: CN=LD Serv >>>> UO-RR,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABI >>>> LITADAS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=LD Serv >>>> QuadroEspec,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS >>>> DESABILITADAS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=LD Serv >>>> MC,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESABILIT >>>> ADAS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=LD Gerentes >>>> ERs-UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTAS >>>> DESABILITADAS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=UO-11.3-RR,OU=Grupos,OU=UO11.3-RR,OU=Unidades >>>> Operacionais,DC=ana >>>> tel,DC=com,DC=br >>>> memberOf: CN=LD Gerentes >>>> UOs,OU=LISTAS_DE_DISTRIBUICAO,OU=GRUPOS,OU=CONTASDESA >>>> BILITADAS,DC=tabajara,DC=com,DC=br >>>> memberOf: CN=Domain Users,OU=Grupos do Windows,DC=tabajara,DC=com,DC=br >>>> uSNChanged: 354948756 >>>> department: UO113 >>>> company:: >>>> QWfDqm5jaWEgTmFjaW9uYWwgZGUgVGVsZWNvbXVuaWNhw6fDtWVzIC0gQU5BVEVM >>>> proxyAddresses: X500:/o=Tabajara Sociedade Anonima/ou=TABAJARA/cn=Reci >>>> pients/cn=Iran >>>> proxyAddresses: smtp:[email protected] >>>> proxyAddresses: x500:/o=ExchangeLabs/ou=Exchange Administrative Group >>>> (FYDIBOH >>>> F23SPDLT)/cn=Recipients/cn=aa0e6e3655504471baaf6df296608f61-Iran L B >>>> proxyAddresses: sip:[email protected] >>>> proxyAddresses: x400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq >>>> ue;g=Iran;i=ILBA; >>>> proxyAddresses: ccmail:B de Albuquerque, Iran at TABAJARA >>>> proxyAddresses: X400:c=US;a= ;p=Tabajara SA;o=TABAJARA;s=B de Albuquerq >>>> ue;g=Iran L;i=ILBA; >>>> proxyAddresses: CCMAIL:B de Albuquerque, Iran L at TABAJARA >>>> proxyAddresses: SMTP:[email protected] >>>> proxyAddresses: MS:TABAJARASA/TABAJARA/IRAN >>>> streetAddress:: UlVBIFVBXYzDgywgNTI5 >>>> autoReplyMessage: / >>>> garbageCollPeriod: 0 >>>> targetAddress: SMTP:[email protected] >>>> mAPIRecipient: TRUE >>>> directReports: CN=CC - FAX CIDADAO - >>>> RR,OU=CAIXAS_CORPORATIVAS,OU=USUARIOS,OU= >>>> CONTASDESABILITADAS,DC=tabajara,DC=com,DC=br >>>> directReports: CN=CC - ARQUIVO GERAL - RR,OU=Caixas >>>> Corporativas,OU=Tabajara Sed >>>> e,DC=tabajara,DC=com,DC=br >>>> msExchAssistantName: Servidor(a) >>>> mailNickname: Iran >>>> protocolSettings:: SFRYYMKnMcKnMcKnwqfCp8KnwqfCpw== >>>> protocolSettings:: T1dBwqcx >>>> replicatedObjectVersion: 0 >>>> name: Iran L B de Albuquerque >>>> objectGUID:: 8OlTc9ksdkWEeRUV2/f5Rg== >>>> userAccountControl: 512 >>>> badPwdCount: 0 >>>> codePage: 0 >>>> countryCode: 0 >>>> homeDirectory: \\WIFSYY01\EstruturaFS\usu\iran >>>> homeDrive: U: >>>> badPasswordTime: 132201321553958769 >>>> lastLogoff: 0 >>>> lastLogon: 132294526197067216 >>>> scriptPath: SCRIPT_MAP_FS_RR.bat >>>> logonHours:: //////////////////////////// >>>> pwdLastSet: 132157904882466519 >>>> primaryGroupID: 43988 >>>> userParameters:: >>>> bTogICAgICAgICAgICAgICAgICAgIGQBICAgICAgICAgICAgICAgICAgICAgI >>>> CAg >>>> objectSid:: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3CQgAAA== >>>> adminCount: 1 >>>> accountExpires: 0 >>>> logonCount: 688 >>>> sAMAccountName: iran >>>> sAMAccountType: 805306368 >>>> showInAddressBook:: >>>> Q049TGlzdGFzIGRlIERpc3RyaWJ1acOnw6NvLENOPUFsbCBBZGRyZXNzIE >>>> >>>> >>>> xpc3RzLENOPUFkZHJlc3MgTGlzdHMgQ29udGFpbmVyLENOPUFnZW5jaWEgTmFjaW9uYWwgZGUgVGV >>>> >>>> >>>> sZWNvbXVuaWNhY29lcyxDTj1NaWNyb3NvZnQgRXhjaGFuZ2UsQ049U2VydmljZXMsQ049Q29uZmln >>>> dXJhdGlvbixEQz1hbmF0ZWwsREM9Z292LERDPWJy >>>> showInAddressBook: CN=TABAJARA,CN=All Address Lists,CN=Address Lists >>>> Container,C >>>> N=Tabajara Sociedade Anonima,CN=Microsoft Exchange,CN=Services,CN=C >>>> onfiguration,DC=tabajara,DC=com,DC=br >>>> showInAddressBook: CN=Default Global Address List,CN=All Global Address >>>> Lists, >>>> CN=Address Lists Container,CN=Tabajara Sociedade Anonima,CN=Microso >>>> ft Exchange,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br >>>> legacyExchangeDN: /o=Tabajara Sociedade Anonima/ou=External (FYDIBOH >>>> F25SPDLT)/cn=Recipients/cn=ce777c1762dc4c20a6dafaed019c8109 >>>> userPrincipalName: [email protected] >>>> lockoutTime: 0 >>>> objectCategory: >>>> CN=Person,CN=Schema,CN=Configuration,DC=tabajara,DC=com,DC=br >>>> mSMQSignCertificates:: >>>> AQAAAA34CKbLO1X76RZlUUnQXTrh7FhapogMRpn8hkchOf5KzQEAADC >>>> >>>> >>>> CAckwggFzoAMCAQICBKqlWlUwDAYIKoZIhvcNAgUFADBsMREwDwYDVQQHHggATQBTAE0AUTELMAkG >>>> >>>> >>>> A1UECh4CAC0xCzAJBgNVBAseAgAtMT0wOwYDVQQDHjQAQQBOAEEAVABFAEwAXABpAHIAYQBuACwAI >>>> >>>> >>>> AB1AG8AMQAxADMAaABwAG4AbwB0AGUAVAAxMB4XDTA4MDYyMzIwMTgzMloXDTE2MDYyMzIwMTgzMl >>>> >>>> >>>> owbDERMA8GA1UEBx4IAE0AUwBNAFExCzAJBgNVBAoeAgAtMQswCQYDVQQLHgIALTE9MDsGA1UEAx4 >>>> >>>> >>>> 0AEEATgBBAFQARQBMAFwAaQByAGEAbgAsACAAdQBvADEAMQZzAGgAcABuAG8AdABlADAAMTBcMA0G >>>> >>>> >>>> CSqGSIb3DQEBAQUAA0sAMEgCQQDjJqL/rmrh9hZ4WvNdBe3a0XaoM+6ntIG/1UjYCp2kJVXpH3/Bm >>>> >>>> >>>> ubsruE0Gq2YXA9qlAJbpROi+OoUaY/3uS0nAgMBAAEwDQYJKoZIhvcNAQEEBQADQQC8s2Cd5BiBVS >>>> >>>> HqaVG+N0Py1havFO6baY0Ll+PGsbgO7V5bzQWqzn/7gGttNBoBis4ituzD+znk7Fs1oApR9DlZ >>>> mSMQDigests:: DfgIpss7VfvpFmVRSdBdOg== >>>> dSCorePropagationData: 20200214141328.0Z >>>> dSCorePropagationData: 20200212143013.0Z >>>> dSCorePropagationData: 20120918141327.0Z >>>> dSCorePropagationData: 20120918135620.0Z >>>> dSCorePropagationData: 16010714223649.0Z >>>> mS-DS-ConsistencyGuid:: 8OlTc9ksdkWEeRUV2/f5Rg== >>>> lastLogonTimestamp: 132288367423325630 >>>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>>> Controllers, >>>> DC=tabajara,DC=com,DC=br >>>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>>> Controllers, >>>> DC=tabajara,DC=com,DC=br >>>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>>> Controllers, >>>> DC=tabajara,DC=com,DC=br >>>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>>> Controllers, >>>> DC=tabajara,DC=com,DC=br >>>> msDS-RevealedDSAs: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>>> Controllers, >>>> DC=tabajara,DC=com,DC=br >>>> msDS-AuthenticatedAtDC: CN=WIADYY01,OU=Unidades Operacionais,OU=Domain >>>> Control >>>> lers,DC=tabajara,DC=com,DC=br >>>> textEncodedORAddress: X400:C=US;A= ;P=Tabajara SA;O=TABAJARA;S=B de Alb >>>> uquerque;G=Iran L;I=ILBA; >>>> mail: [email protected] >>>> manager: CN=Augusto C P de Q,OU=Servidores,OU=Usuarios,OU=UO32311.4 >>>> -RR,OU=Unidades Operacionais,DC=tabajara,DC=com,DC=br >>>> replicationSignature:: r477tHTGckGaVQb4US9Ssg== >>>> msExchALObjectVersion: 82 >>>> msExchADCGlobalNames: >>>> FOREST:78877421B3B32741B2AA00229344053900000000526C2D5B5 >>>> 954C601 >>>> msExchADCGlobalNames: >>>> NT5:F0E95373D92C764584791515DBF7F94600000000526C2D5B5954 >>>> C601 >>>> msExchADCGlobalNames: forest:o=Tabajara Sociedade Anonima000000008C7 >>>> F1E18375AC601 >>>> msExchADCGlobalNames: EX5:cn=Iran,cn=Recipients,ou=TABAJARA,o=Tabajara >>>> SA >>>> :organizationalperson$person$top000000008C7F1E18375AC601 >>>> msExchHideFromAddressLists: FALSE >>>> msExchUserAccountControl: 0 >>>> msExchMailboxGuid:: vlMgHCFiW0ahUM9Sl9nFaA== >>>> dLMemDefault: 1 >>>> msExchPoliciesIncluded: c3585128-bd66-40e9-9061-7a83471a6b4d >>>> msExchPoliciesIncluded: {26491cfc-9e50-4857-861b-0cb8df22b5d7} >>>> msRTCSIP-FederationEnabled: TRUE >>>> msExchSafeSendersHash:: V69bNQ== >>>> msRTCSIP-InternetAccessEnabled: TRUE >>>> msExchUMDtmfMap: reversedPhone:0002164 >>>> msExchUMDtmfMap: reversedPhone:4002594 >>>> msExchUMDtmfMap: emailAddress:4726 >>>> msExchUMDtmfMap: lastNameFirstName:27242332528783338347265849 >>>> msExchUMDtmfMap: firstNameLastName:47265849272477725287837783 >>>> msExchMobileMailboxFlags: 1 >>>> msRTCSIP-PrimaryUserAddress: sip:[email protected] >>>> msExchRecipientDisplayType: -2147483642 >>>> msRTCSIP-DeploymentLocator: sipfezis.online.lync.com >>>> msRTCSIP-OptionFlags: 257 >>>> msRTCSIP-UserEnabled: TRUE >>>> msRTCSIP-PrimaryHomeServer: CN=Lc >>>> Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC >>>> Service,CN=Services,CN=Configuration,DC=tabajara,DC=com,DC=br >>>> msExchWhenMailboxCreated: 20190413014438.0Z >>>> msExchRecipientTypeDetails: 2147483648 >>>> msExchVersion: 44220983382016 >>>> msExchRemoteRecipientType: 4 >>>> >>>> # search reference >>>> # refldap:// >>>> AppPartition.tabajara.com.br/DC=AppPartition,DC=tabajara,DC=com,DC=br >>>> >>>> # search reference >>>> # refldap:// >>>> DomainDnsZones.tabajara.com.br/DC=DomainDnsZones,DC=tabajara,DC=com,DC= >>>> br >>>> >>>> # search reference >>>> # refldap:// >>>> ForestDnsZones.tabajara.com.br/DC=ForestDnsZones,DC=tabajara,DC=com,DC= >>>> br >>>> >>>> # search reference >>>> # refldap://tabajara.com.br/CN=Configuration,DC=tabajara,DC=com,DC=br >>>> >>>> # search result >>>> >>>> # numResponses: 6 >>>> # numEntries: 1 >>>> # numReferences: 4 >>>> >>>> Em seg., 23 de mar. de 2020 às 17:26, Fabrice Durand < >>>> [email protected]> escreveu: >>>> >>>>> Hello Wagner, >>>>> >>>>> i am here to help you, if there is no user in the OU who match >>>>> sAMAccountName=iran then it's the issue. >>>>> >>>>> Try in the whole ldap server then to see if it returns something: >>>>> >>>>> ldapsearch -h 10.10.10.70 -s sub -b "DC=tabajara,DC=com,DC=br" -D >>>>> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >>>>> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >>>>> "sAMAccountName=iran" >>>>> >>>>> paste the output. >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> >>>>> >>>>> Le 20-03-23 à 15 h 16, Wagner Liegio a écrit : >>>>> >>>>> Fabrice, >>>>> >>>>> Excuse me, but if I were to hear that I would not have contacted the >>>>> mailing list support. There is a problem with packetfence 9.3 linked to >>>>> the >>>>> domain that it does not recognize users and computers. So much so that >>>>> there is a problem that by inserting the node manually it manages to >>>>> search >>>>> for the user and authenticate the node. >>>>> >>>>> Em seg., 23 de mar. de 2020 às 15:42, Fabrice Durand < >>>>> [email protected]> escreveu: >>>>> >>>>>> Hello Wagner, >>>>>> >>>>>> so it mean that there is no user with the attribute >>>>>> sAMAccountName=iran in OU=Usuarios,OU=Tabajara >>>>>> Sede,DC=tabajara,DC=com,DC=br >>>>>> >>>>>> So if there is no user then there is no role returned. >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Le 20-03-23 à 14 h 13, Wagner Liegio a écrit : >>>>>> >>>>>> Fabrice, >>>>>> >>>>>> Below is the return of the command: >>>>>> >>>>>> version: 1 >>>>>> >>>>>> # >>>>>> # LDAPv3 >>>>>> # base <OU=Usuarios,OU=Tabajara Sede,DC=tabajara,DC=com,DC=br> with >>>>>> scope subtree >>>>>> # filter: sAMAccountName=iran >>>>>> # requesting: ALL >>>>>> # >>>>>> >>>>>> # search result >>>>>> >>>>>> # numResponses: 1 >>>>>> >>>>>> I want to inform you that I will perform the same procedure in >>>>>> packtefence 8, which has self-registration enabled and working, the >>>>>> output >>>>>> of the command was the same. >>>>>> >>>>>> Em seg., 23 de mar. de 2020 às 11:48, Fabrice Durand < >>>>>> [email protected]> escreveu: >>>>>> >>>>>>> Hello Wagner, >>>>>>> >>>>>>> do the search with sAMAccountName=iran not sAMAccountName = >>>>>>> packetfence >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> Le 20-03-23 à 10 h 45, Wagner Liegio a écrit : >>>>>>> >>>>>>> Good morning Fabrice, >>>>>>> >>>>>>> Follows return of the informed command: >>>>>>> >>>>>>> version: 1 >>>>>>> >>>>>>> # >>>>>>> # LDAPv3 >>>>>>> # base <OU = Users, OU = Tabajara Headquarters, DC = tabajara, DC = >>>>>>> com, DC = br> with scope subtree >>>>>>> # filter: sAMAccountName = packetfence >>>>>>> # requesting: ALL >>>>>>> # >>>>>>> >>>>>>> # packetfence, PacketFence, Service, Users, Tabajara Headquarters, >>>>>>> tabajara.com.br >>>>>>> dn: CN = packetfence, OU = PacketFence, OU = Service, OU = Users, OU >>>>>>> = Tabajara Sede, DC = taba >>>>>>> jara, DC = com, DC = br >>>>>>> objectClass: top >>>>>>> objectClass: person >>>>>>> objectClass: organizationalPerson >>>>>>> objectClass: user >>>>>>> cn: packetfence >>>>>>> givenName: packetfence >>>>>>> distinguishedName: CN = packetfence, OU = PacketFence, OU = Service, >>>>>>> OU = Users, OU = Table >>>>>>> jara Headquarters, DC = tabajara, DC = com, DC = br >>>>>>> instanceType: 4 >>>>>>> whenCreated: 20190522175834.0Z >>>>>>> whenChanged: 20200314212343.0Z >>>>>>> displayName: packetfence >>>>>>> uSNCreated: 332707737 >>>>>>> memberOf: CN = Domain Admins, CN = Users, DC = tabajara, DC = com, >>>>>>> DC = us >>>>>>> uSNChanged: 354881720 >>>>>>> name: packetfence >>>>>>> objectGUID :: Gtp8SctV30ObE156O9onWA == >>>>>>> userAccountControl: 66048 >>>>>>> badPwdCount: 0 >>>>>>> codePage: 0 >>>>>>> countryCode: 0 >>>>>>> badPasswordTime: 134565121389590252 >>>>>>> lastLogon: 133465121436547757 >>>>>>> pwdLastSet: 132030215143488213 >>>>>>> primaryGroupID: 513 >>>>>>> objectSid :: AQUAAAAAAAUVAAAAOEkycmN9EhxnEvQ3io7GNA == >>>>>>> adminCount: 1 >>>>>>> accountExpires: 9223372036854775807 >>>>>>> logonCount: 0 >>>>>>> sAMAccountName: packetfence >>>>>>> sAMAccountType: 805306368 >>>>>>> userPrincipalName: [email protected] >>>>>>> objectCategory: CN = Person, CN = Schema, CN = Configuration, DC = >>>>>>> tabajara, DC = com, DC = us >>>>>>> dSCorePropagationData: 16010101000000.0Z >>>>>>> mS-DS-ConsistencyGuid :: Gtp8SctV30ObE156O9onWA == >>>>>>> lastLogonTimestamp: 132286946239647914 >>>>>>> >>>>>>> # search result >>>>>>> >>>>>>> # numResponses: 2 >>>>>>> # numEntries: 1 >>>>>>> >>>>>>> Sincerely, >>>>>>> >>>>>>> Wagner >>>>>>> >>>>>>> Em qui., 19 de mar. de 2020 às 23:45, Durand fabrice < >>>>>>> [email protected]> escreveu: >>>>>>> >>>>>>>> If you stripped in radius in the realm ANA, it mean that >>>>>>>> packetfence is doing a ldap search with sAMAccountName=iran >>>>>>>> >>>>>>>> So try that from the cli: >>>>>>>> >>>>>>>> ldapsearch -h 10.10.10.70 -s sub -b "OU=Usuarios,OU=Tabajara >>>>>>>> Sede,DC=tabajara,DC=com,DC=br" -D >>>>>>>> "CN=packetfence,OU=PacketFence,OU=Servico,OU=Usuarios,OU=Tabajara >>>>>>>> Sede,DC=tabajara,DC=com,DC=br" -w whatyouarelookingfor -L >>>>>>>> "sAMAccountName=iran" >>>>>>>> >>>>>>>> and see if it return something. >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> Fabrice >>>>>>>> >>>>>>>> >>>>>>>> Le 20-03-19 à 14 h 42, Wagner Liegio a écrit : >>>>>>>> >>>>>>>> Good afternoon, >>>>>>>> >>>>>>>> I made the suggested adjustments by activating the strip in radius, >>>>>>>> created a new realm, and the error persists. User authentication >>>>>>>> searching >>>>>>>> for the domain only works, manually registering the node in the >>>>>>>> packetfence. Therefore, the error still remains in the database when >>>>>>>> trying >>>>>>>> to register auto. >>>>>>>> Below is the database error log: >>>>>>>> >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] handling radius autz >>>>>>>> request: >>>>>>>> from switch_ip => (10.95.10.1), connection_type => >>>>>>>> Ethernet-EAP,switch_mac >>>>>>>> => (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, >>>>>>>> username >>>>>>>> => "ANA\iran" (pf::radius::authorize) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Instantiate profile >>>>>>>> 802.1x >>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Found authentication >>>>>>>> source(s) : 'Ana' for realm 'default' >>>>>>>> (pf::config::util::filter_authentication_sources) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for >>>>>>>> matching (pf::authentication::match2) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>>>>> (pf::LDAP::expire_if) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No category computed for >>>>>>>> autoreg (pf::role::getNodeInfoForAutoReg) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) WARN: [mac:d0:94:66:db:ae:77] No role specified or >>>>>>>> found >>>>>>>> for pid ANA\iran (MAC d0:94:66:db:ae:77); assume maximum number of >>>>>>>> registered nodes is reached (pf::node::is_max_reg_nodes_reached) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or >>>>>>>> exceeded - registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>>>>> (pf::registration::setup_node_for_registration) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] auto-registration of >>>>>>>> node >>>>>>>> failed max nodes per pid met or exceeded (pf::radius::authorize) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Database query failed >>>>>>>> with >>>>>>>> non retryable error: Cannot add or update a child row: a foreign key >>>>>>>> constraint fails (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY >>>>>>>> (`tenant_id`, >>>>>>>> `pid`) REFERENCES `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON >>>>>>>> UPDATE >>>>>>>> CASCADE) (errno: 1452) [INSERT INTO `node` ( `autoreg`, >>>>>>>> `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`, `category_id`, >>>>>>>> `computername`, `detect_date`, `device_class`, `device_manufacturer`, >>>>>>>> `device_score`, `device_type`, `device_version`, `dhcp6_enterprise`, >>>>>>>> `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, >>>>>>>> `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, >>>>>>>> `notes`, >>>>>>>> `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`, >>>>>>>> `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>>>>>> ?, >>>>>>>> ?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) >>>>>>>> ON >>>>>>>> DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, >>>>>>>> `status` = ?, `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, >>>>>>>> 2020-03-19 18:15:11, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, >>>>>>>> NULL, >>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>> d0:94:66:db:ae:77, NULL, NULL, ANA\iran, 0000-00-00 00:00:00, NULL, >>>>>>>> reg, 1, >>>>>>>> NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA\iran, reg, 1} >>>>>>>> (pf::dal::db_execute) >>>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: >>>>>>>> httpd.aaa(6759) ERROR: [mac:d0:94:66:db:ae:77] Cannot save >>>>>>>> d0:94:66:db:ae:77 error (500) (pf::radius::authorize) >>>>>>>> >>>>>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>>>>> PacketFence-users <[email protected]> >>>>>>>> escreveu: >>>>>>>> >>>>>>>>> Try that: >>>>>>>>> >>>>>>>>> pftest authentication ANA\pereira "" >>>>>>>>> >>>>>>>>> and >>>>>>>>> >>>>>>>>> pftest authentication pereira "" >>>>>>>>> >>>>>>>>> to see if the user is found and if it match a rule. >>>>>>>>> >>>>>>>>> If the second one works then in the ANA realm enable strip in >>>>>>>>> radius. >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> Fabrice >>>>>>>>> >>>>>>>>> >>>>>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>>>>> écrit : >>>>>>>>> >>>>>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>>>>> radius for null and your domain and and try logging on with just your >>>>>>>>> username and password. I'm guessing your realms config isn't >>>>>>>>> matching. For >>>>>>>>> us we had three domains and we had to add them all. For example >>>>>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>>>>> >>>>>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users >>>>>>>>> <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> Good afternoon, >>>>>>>>>> >>>>>>>>>> Follow the requested files attached. >>>>>>>>>> >>>>>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>>>>> [email protected]> escreveu: >>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> Could you post the result fo those two commands: >>>>>>>>>>> >>>>>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>>>>> >>>>>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>>>>> >>>>>>>>>>> remove your informations. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>>>>>> www.inverse.ca >>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users >>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>> Good Morning, >>>>>>>>>>> >>>>>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 >>>>>>>>>>> that I downloaded from the site, I will send some images of how the >>>>>>>>>>> configuration is through the webgui, so I noticed everything is >>>>>>>>>>> correct, >>>>>>>>>>> what is happening is that the function and the rule is not being >>>>>>>>>>> applied >>>>>>>>>>> for some reason that I don't know. >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>> escreveu: >>>>>>>>>>> >>>>>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> >>>>>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>>>>> authorization source for AD. In the source, I had an >>>>>>>>>>>>> authentication rule >>>>>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>>>>> group name >>>>>>>>>>>>> must be the AD DN (distinguished name) of the group. >>>>>>>>>>>>> CN=%security group >>>>>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your >>>>>>>>>>>>> domain%,DC=%domain suffix% >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>>>>> [email protected]> >>>>>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>>>>> *To:* [email protected] >>>>>>>>>>>>> *Cc:* Wagner Liegio <[email protected]> >>>>>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>>>>> packetfence 9.3 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Good afternoon, I'm facing the same problem only in version >>>>>>>>>>>>> 9.3. I have done everything I can think of, reconfigured the >>>>>>>>>>>>> domain, the >>>>>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>>>>> follows: No >>>>>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: >>>>>>>>>>>>> db: ee: 7d); >>>>>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node >>>>>>>>>>>>> :: >>>>>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed >>>>>>>>>>>>> max nodes >>>>>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>>>>> retryable >>>>>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>>>>>> fails >>>>>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) >>>>>>>>>>>>> REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE >>>>>>>>>>>>> CASCADE) >>>>>>>>>>>>> (errno: 1452) [INSERT INTO node >>>>>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>>>>> device_manufacturer, >>>>>>>>>>>>> device_score, device_type, >>>>>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>>>>> lastskip, >>>>>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, >>>>>>>>>>>>> tenant_id, >>>>>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = >>>>>>>>>>>>> ?, >>>>>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, >>>>>>>>>>>>> NULL, NULL, >>>>>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>>>>> NULL, >>>>>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 >>>>>>>>>>>>> 00:00:00, d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, >>>>>>>>>>>>> 0000-00-00 >>>>>>>>>>>>> 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, >>>>>>>>>>>>> ANA \ >>>>>>>>>>>>> pereira, reg, 1} >>>>>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://lists.sourceforge. >>>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>>>>>>> >>>>>>>>>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
