This is what it have. Logs
1. (/usr/local/pf/logs/packetfence.log) 2. Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) INFO: [mac:c8:f7:50:7f:18:4c] handling radius autz request: from switch_ip => (10.0.1.18), connection_type => Ethernet-NoEAP,switch_mac => (Unknown), mac => [c8:f7:50:7f:18:4c], port => 8204, username => "[email protected]" (pf::radius::authorize) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) INFO: [mac:c8:f7:50:7f:18:4c] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) INFO: [mac:c8:f7:50:7f:18:4c] Found authentication source(s) : 'local,TCCAD' for realm 'default' (pf::config::util::filter_authentication_sources) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) INFO: [mac:c8:f7:50:7f:18:4c] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) WARN: [mac:c8:f7:50:7f:18:4c] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 489. (pf::role::getRegisteredRole) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) INFO: [mac:c8:f7:50:7f:18:4c] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) INFO: [mac:c8:f7:50:7f:18:4c] PID: "default", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) WARN: [mac:c8:f7:50:7f:18:4c] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 608. (pf::Switch::getVlanByName) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) WARN: [mac:c8:f7:50:7f:18:4c] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 611. (pf::Switch::getVlanByName) Oct 2 14:16:00 pfence-cen packetfence_httpd.aaa: httpd.aaa(2345) WARN: [mac:c8:f7:50:7f:18:4c] No parameter Vlan found in conf/switches.conf for the switch 10.0.1.18 (pf::Switch::getVlanByName) 1. (/usr/local/pf/logs/radius.log) Oct 2 14:16:00 pfence-cen auth[80961]: Adding client 10.0.1.18/32 Oct 2 14:16:00 pfence-cen auth[80961]: [mac:c8:f7:50:7f:18:4c] Accepted user: and returned VLAN Oct 2 14:16:00 pfence-cen auth[80961]: (1612) Login OK: [[email protected]] (from client 10.0.1.18/32 port 8204 cli c8:f7:50:7f:18:4c) Config File 1. Authentication.conf [TCCAD] cache_match=0 read_timeout=10 realms=default basedn=CN=Administrator,CN=Users,DC=tcc,DC=to monitor=1 shuffle=0 searchattributes= set_access_durations_action= scope=sub email_attribute=mail usernameattribute=sAMAccountName connection_timeout=1 encryption=none description=Domain Controller port=389 host=10.0.1.10 write_timeout=5 type=AD [TCCAD rule employee] action0=set_role=default status=enabled match=all class=authentication action1=set_unreg_date=2021-01-01 00:00:00 description=For all Wires Employee 1. Domain.conf [tccto] status=enabled ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2)))) registration=0 ntlm_cache_expiry=3600 dns_name=TCC.TO dns_servers=10.0.1.8,10.0.1.10 ou=Computers ntlm_cache_on_connection=disabled #workgroup=TCC.TO ntlm_cache_batch_one_at_a_time=disabled ad_server=10.0.1.10 sticky_dc=10.0.1.10 ntlm_cache_batch=disabled server_name=%h ntlmv2_only=0 workgroup=TCC-NETWORK # Copyright (C) Inverse inc. ~ Strangely the radius log above says but still I have authentication failed on the status, not only that but if I use any username or password its just keeps saying login OK. Looks like the authentication is correctly forward to the DC or something else. Would appreciate any help on this. FYI The domain is joined just fine with no problem [TCC] Confidentiality Notice: This email (including any attachment) is intended for internal use only. Any unauthorized use, dissemination or copying of the content is prohibited. If you are not the intended recipient and have received this e-mail in error, please notify the sender by email and delete this email and any attachment.
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
