Hi, have had trouble with packetfence now for a long time and I don't manage solve it... Tried reinstall of OS, Packetfence 9.3, 10 etc.
I now have a clean Debian 9 with PF 10. System is configured against AD and ldap / AD as source with and catch all rule to see if assignment works, and connection profile, switch etc is configured for this. Pftest works and assigns role just fine.. But when connection a client pflog says: May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) INFO: [mac:c4:65:16:9e:b4:e6] handling radius autz request: from switch_ip => (10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => (38:21:c7:4e:d1:22), mac => [c4:65:16:9e:b4:e6], port => 12, username => "vemXX\service" (pf::radius::authorize) May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) INFO: [mac:c4:65:16:9e:b4:e6] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) INFO: [mac:c4:65:16:9e:b4:e6] Found authentication source(s) : 'VEMXX' for realm 'vemXX' (pf::config::util::filter_authentication_sources) May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) WARN: [mac:c4:65:16:9e:b4:e6] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) INFO: [mac:c4:65:16:9e:b4:e6] Found authentication source(s) : 'VEMXX' for realm 'vemXX' (pf::config::util::filter_authentication_sources) May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) INFO: [mac:c4:65:16:9e:b4:e6] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) WARN: [mac:c4:65:16:9e:b4:e6] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 484. (pf::role::getRegisteredRole) May 15 01:31:47 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1555) INFO: [mac:c4:65:16:9e:b4:e6] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) in authentication.conf it looks like this. [VEMXX] realms=default,local,null,vemxx cache_match=0 set_access_durations_action= usernameattribute=sAMAccountName scope=sub port=389 email_attribute=mail read_timeout=10 basedn=DC=VEMXX,DC=LOCAL shuffle=0 host=vemxx.local connection_timeout=1 description=vemxx.local type=AD encryption=none monitor=1 write_timeout=5 searchattributes=UserPrincipalName,uid,distinguishedName,memberOf binddn=CN=XXXX,OU=ADMINS,OU=USERS,OU=VEMXX,DC=vemXX,DC=local password=XX [VEMXX rule ADMINS] match=all action1=set_access_duration=1D action0=set_role=default class=authentication condition0=memberOf,equals,CN=Domain Admins,CN=Users,DC=vemxx,DC=local [VEMXX rule GUEST] class=authentication match=all action1=set_access_duration=5D action0=set_role=guest Just to test basic conf. switch.conf [10.0.20.2] type=Aruba defaultVlan=30 description=CORE-1 radiusSecret=dUxnKzSO4T group=default guestVlan=31 why does the username not match any policy for the role assignment ? BR, Anton
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
