I got it working!! You were absolutely right about the username. The problem that I discovered from looking at the log in details, was that was matching my other Active Directory Authentication Source which didn’t have the “mark as sponsor” setting configured. It was matching the first one in the list which was the normal, non-sponsor AD auth source.
I had to re-order my test AD auth source with “mark as sponsor” administrative rule to be above the other one and it worked perfectly since it matched the sponsor AD auth source. Thanks for all the help with this! Louis Scaringella Security Systems Engineer Yellow Dog Networks, Inc 785-342-7903 > On Oct 7, 2020, at 12:39 PM, Louis Scaringella via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > I’ll try and capture that shortly. > > Just as a comparison, whenever I use a PacketFence local user that I create > to login as the sponsor, and that i’ve manually marked as a sponsor, things > work fine so it must be the AD authentication and marking as sponsor of that > account that is the problem for some reason. > > Louis Scaringella > Security Systems Engineer > Yellow Dog Networks, Inc > 785-342-7903 > >> On Oct 7, 2020, at 12:24 PM, Louis Scaringella via PacketFence-users >> <packetfence-users@lists.sourceforge.net> wrote: >> >> Thank you. I am using that name and just verified that is how it shows in AD >> exactly. Whenever I log in with that user, PacketFence says that user >> doesn’t have access to sponsor the user. It seems to fail to recognize this >> user as a sponsor. >> >> In my AD auth source, there is an admin rule set to “mark as sponsor” for >> all, no conditions present there so it should match. >> >> Louis Scaringella >> Security Systems Engineer >> Yellow Dog Networks, Inc >> 785-342-7903 >> >>> On Oct 7, 2020, at 12:20 PM, Fabrice Durand <fdur...@inverse.ca> wrote: >>> >>> The sAMAccountName. >>> >>> Le 20-10-07 à 13 h 17, Louis Scaringella a écrit : >>>> Ok, I have exactly that in my AD auth source now. >>>> >>>> When I login as a sponsor, what should I be using? My AD account name or >>>> email address associated with that account and sponsorship? >>>> >>>> Louis Scaringella >>>> Security Systems Engineer >>>> Yellow Dog Networks, Inc >>>> 785-342-7903 >>>> >>>>> On Oct 7, 2020, at 12:14 PM, Fabrice Durand <fdur...@inverse.ca> wrote: >>>>> >>>>> You are not suppose to do that. >>>>> >>>>> whit that in the AD source: >>>>> >>>>> email_attribute=mail >>>>> usernameattribute=sAMAccountName >>>>> >>>>> you should be ok. >>>>> >>>>> >>>>> Le 20-10-07 à 13 h 11, Louis Scaringella a écrit : >>>>>> In the AD auth source, I added “email” as a search attribute for the >>>>>> username. Maybe that is what you were explaining and I wasn’t quite >>>>>> understanding initially? >>>>>> >>>>>> Louis Scaringella >>>>>> Security Systems Engineer >>>>>> Yellow Dog Networks, Inc >>>>>> 785-342-7903 >>>>>> >>>>>>> On Oct 7, 2020, at 12:04 PM, Fabrice Durand <fdur...@inverse.ca> wrote: >>>>>>> >>>>>>> >>>>>>> Le 20-10-07 à 12 h 56, Louis Scaringella a écrit : >>>>>>>> I am logging in as the sponsor using the AD sAMAAccount name in this >>>>>>>> case. However, I think the problem is that when the guest has to put >>>>>>>> in a sponsor, it must be an email address so I think there is >>>>>>>> discrepancy there with that. It is expecting me to login with that >>>>>>>> email address I suspect. >>>>>>> No, it 2 different thing between email attribute and username attribute. >>>>>>> >>>>>>> What you can do is to capture the ldap traffic from packetfence to see >>>>>>> what is the search request/reply when you log as a sponsor to validate >>>>>>> the access. >>>>>>> >>>>>>> >>>>>>>> Do I maybe need to have an account created in PacketFence that matches >>>>>>>> that sponsor email address so PacketFence can mark that as a sponsor >>>>>>>> in its database? >>>>>>> No really necessary, you have to choose between using a local account >>>>>>> or an ad/ldap account. >>>>>>>> Louis Scaringella >>>>>>>> Security Systems Engineer >>>>>>>> Yellow Dog Networks, Inc >>>>>>>> 785-342-7903 >>>>>>>> >>>>>>>>> On Oct 7, 2020, at 11:52 AM, Fabrice Durand via PacketFence-users >>>>>>>>> <packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>> >>>>>>>>> What i think it's probably because of the username attribute in the >>>>>>>>> AD authentication source. >>>>>>>>> >>>>>>>>> When you set a sponsor in the portal then packetfence try to find the >>>>>>>>> email address in the AD and check if the user account is a sponsor. >>>>>>>>> >>>>>>>>> When you click on the link then the portal ask you to authenticate >>>>>>>>> with the sponsor credential but the format of the username depend of >>>>>>>>> the username attribute you defined (like sAMAccountName or >>>>>>>>> userPrincipalName). >>>>>>>>> >>>>>>>>> >>>>>>>>> Le 20-10-07 à 12 h 13, Louis Scaringella via PacketFence-users a >>>>>>>>> écrit : >>>>>>>>>> I tried the same thing, but using Active Directory source this time >>>>>>>>>> as a sponsor. It’s the same error, when a guest is signing up, they >>>>>>>>>> can put the sponsor from AD in and it does send the email to the >>>>>>>>>> sponsor. But when sponsor clicks the link and signs in with AD >>>>>>>>>> credentials, it says that the user doesn’t have access to sponsor. >>>>>>>>>> >>>>>>>>>> The AD source is now set to have an administrative rule to mark as >>>>>>>>>> sponsor. >>>>>>>>>> >>>>>>>>>> Louis Scaringella >>>>>>>>>> Security Systems Engineer >>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>> 785-342-7903 >>>>>>>>>> >>>>>>>>>>> On Oct 7, 2020, at 10:48 AM, Louis Scaringella via >>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Of course, thank you for your help! >>>>>>>>>>> >>>>>>>>>>> Here is the logs from the entire process of the guest choosing >>>>>>>>>>> sponsor email and then the sponsor clicking the link and trying to >>>>>>>>>>> authenticate. >>>>>>>>>>> >>>>>>>>>>> I’m using a user in /usr/local/pf/conf/admin.conf that I created as >>>>>>>>>>> a htpasswd file instead of Active Directory. I’m also open to using >>>>>>>>>>> a local PF admin using for this but haven’t had luck with that >>>>>>>>>>> either. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> It is hitting the right connection profile and file1 is the >>>>>>>>>>> authentication source where the htpasswd file is and set to mark as >>>>>>>>>>> sponsor. The problem is when the sponsor tries to sign in to >>>>>>>>>>> authenticate to approve the user is where it errors out. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Oct 7 10:43:01 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2612) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:06 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:06 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:08 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:08 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:08 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) ERROR: [mac:00:24:d6:5b:30:bc] Cannot restore >>>>>>>>>>> activation code from user session. >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::check_session_activation) >>>>>>>>>>> Oct 7 10:43:08 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2612) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:14 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] registering guest >>>>>>>>>>> through a sponsor >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Using sources >>>>>>>>>>> local, file1, LabDC for matching (pf::authentication::match) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Matched rule >>>>>>>>>>> (admins) in source file1, returning actions. >>>>>>>>>>> (pf::Authentication::Source::match_rule) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Matched rule >>>>>>>>>>> (admins) in source file1, returning actions. >>>>>>>>>>> (pf::Authentication::Source::match) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Adding guest >>>>>>>>>>> person louis.scaringe...@gmail.com >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Sponsor::do_sponsor_registration) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] new activation >>>>>>>>>>> code successfully generated (pf::activation::create) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:15 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] User >>>>>>>>>>> louis.scaringe...@gmail.com has authenticated on the portal. >>>>>>>>>>> (Class::MOP::Class:::after) >>>>>>>>>>> Oct 7 10:43:20 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:25 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:28 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) WARN: [mac:unknown] Unable to match MAC address >>>>>>>>>>> to IP '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:28 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) WARN: [mac:0] Unable to match MAC address to IP >>>>>>>>>>> '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:28 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:0] Instantiate profile >>>>>>>>>>> Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:28 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) WARN: [mac:0] Use of uninitialized value in >>>>>>>>>>> string ne at >>>>>>>>>>> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm >>>>>>>>>>> line 146. >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) >>>>>>>>>>> Oct 7 10:43:28 localhost pfqueue: pfqueue(2277) ERROR: >>>>>>>>>>> [mac:unknown] Unable to fetch query arguments for Fingerbank query. >>>>>>>>>>> Aborting. (pf::fingerbank::process) >>>>>>>>>>> Oct 7 10:43:28 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:0] [00:24:d6:5b:30:bc] Activation >>>>>>>>>>> code sent to email lscaringe...@ydn.co from >>>>>>>>>>> louis.scaringe...@gmail.com successfully verified. for activation >>>>>>>>>>> type: sponsor (pf::activation::validate_code) >>>>>>>>>>> Oct 7 10:43:28 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:0] Sponsor needs to authenticate in >>>>>>>>>>> order to activate guest. Guest token: >>>>>>>>>>> df13716b99252659d29c6b89a5617c36 >>>>>>>>>>> (captiveportal::PacketFence::Controller::Activate::Email::doSponsorRegistration) >>>>>>>>>>> Oct 7 10:43:29 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:unknown] Unable to match MAC address >>>>>>>>>>> to IP '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:29 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:0] Unable to match MAC address to IP >>>>>>>>>>> '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:29 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:0] Use of uninitialized value in >>>>>>>>>>> string ne at >>>>>>>>>>> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm >>>>>>>>>>> line 146. >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) >>>>>>>>>>> Oct 7 10:43:29 localhost pfqueue: pfqueue(2281) ERROR: >>>>>>>>>>> [mac:unknown] Unable to fetch query arguments for Fingerbank query. >>>>>>>>>>> Aborting. (pf::fingerbank::process) >>>>>>>>>>> Oct 7 10:43:31 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:35 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) WARN: [mac:unknown] Unable to match MAC address >>>>>>>>>>> to IP '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) WARN: [mac:0] Unable to match MAC address to IP >>>>>>>>>>> '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:0] Instantiate profile >>>>>>>>>>> Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) WARN: [mac:0] Use of uninitialized value in >>>>>>>>>>> string ne at >>>>>>>>>>> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm >>>>>>>>>>> line 146. >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) >>>>>>>>>>> Oct 7 10:43:36 localhost pfqueue: pfqueue(2276) ERROR: >>>>>>>>>>> [mac:unknown] Unable to fetch query arguments for Fingerbank query. >>>>>>>>>>> Aborting. (pf::fingerbank::process) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:0] [00:24:d6:5b:30:bc] Activation >>>>>>>>>>> code sent to email lscaringe...@ydn.co from >>>>>>>>>>> louis.scaringe...@gmail.com successfully verified. for activation >>>>>>>>>>> type: sponsor (pf::activation::validate_code) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:0] Realm source is part of the >>>>>>>>>>> connection profile sources. Using it as the only auth source. >>>>>>>>>>> (captiveportal::PacketFence::Controller::Authenticate::getSources) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:unknown] Unable to match MAC address >>>>>>>>>>> to IP '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:0] Unable to match MAC address to IP >>>>>>>>>>> '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:36 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:0] Use of uninitialized value in >>>>>>>>>>> string ne at >>>>>>>>>>> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm >>>>>>>>>>> line 146. >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) >>>>>>>>>>> Oct 7 10:43:36 localhost pfqueue: pfqueue(2275) ERROR: >>>>>>>>>>> [mac:unknown] Unable to fetch query arguments for Fingerbank query. >>>>>>>>>>> Aborting. (pf::fingerbank::process) >>>>>>>>>>> Oct 7 10:43:39 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:unknown] Unable to match MAC address >>>>>>>>>>> to IP '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:39 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:0] Unable to match MAC address to IP >>>>>>>>>>> '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:39 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) INFO: [mac:0] Instantiate profile >>>>>>>>>>> Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:39 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) WARN: [mac:0] Use of uninitialized value in >>>>>>>>>>> string ne at >>>>>>>>>>> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm >>>>>>>>>>> line 146. >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) >>>>>>>>>>> Oct 7 10:43:39 localhost pfqueue: pfqueue(2277) ERROR: >>>>>>>>>>> [mac:unknown] Unable to fetch query arguments for Fingerbank query. >>>>>>>>>>> Aborting. (pf::fingerbank::process) >>>>>>>>>>> Oct 7 10:43:39 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) INFO: [mac:0] [00:24:d6:5b:30:bc] Activation >>>>>>>>>>> code sent to email lscaringe...@ydn.co from >>>>>>>>>>> louis.scaringe...@gmail.com successfully verified. for activation >>>>>>>>>>> type: sponsor (pf::activation::validate_code) >>>>>>>>>>> Oct 7 10:43:39 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2610) INFO: [mac:0] Realm source is part of the >>>>>>>>>>> connection profile sources. Using it as the only auth source. >>>>>>>>>>> (captiveportal::PacketFence::Controller::Authenticate::getSources) >>>>>>>>>>> Oct 7 10:43:40 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2612) WARN: [mac:unknown] Unable to match MAC address >>>>>>>>>>> to IP '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:40 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2612) WARN: [mac:0] Unable to match MAC address to IP >>>>>>>>>>> '198.18.101.1' (pf::ip4log::ip2mac) >>>>>>>>>>> Oct 7 10:43:40 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2612) WARN: [mac:0] Use of uninitialized value in >>>>>>>>>>> string ne at >>>>>>>>>>> /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Application.pm >>>>>>>>>>> line 146. >>>>>>>>>>> (captiveportal::PacketFence::DynamicRouting::Application::process_fingerbank) >>>>>>>>>>> Oct 7 10:43:40 localhost pfqueue: pfqueue(2280) ERROR: >>>>>>>>>>> [mac:unknown] Unable to fetch query arguments for Fingerbank query. >>>>>>>>>>> Aborting. (pf::fingerbank::process) >>>>>>>>>>> Oct 7 10:43:40 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2611) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Oct 7 10:43:45 localhost packetfence_httpd.portal: >>>>>>>>>>> httpd.portal(2613) INFO: [mac:00:24:d6:5b:30:bc] Instantiate >>>>>>>>>>> profile Lab-Aruba-OpenGuest-copy >>>>>>>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>>>>>>> Louis Scaringella >>>>>>>>>>> Security Systems Engineer >>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>> 785-342-7903 >>>>>>>>>>> >>>>>>>>>>>> On Oct 7, 2020, at 8:15 AM, Fabrice Durand via PacketFence-users >>>>>>>>>>>> <packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hello Louis, >>>>>>>>>>>> >>>>>>>>>>>> you will need to check in the packetfence.log what authentication >>>>>>>>>>>> source is used when you log on the portal (to validate the access). >>>>>>>>>>>> >>>>>>>>>>>> Regards >>>>>>>>>>>> >>>>>>>>>>>> Fabrice >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Le 20-10-06 à 21 h 47, Louis Scaringella via PacketFence-users a >>>>>>>>>>>> écrit : >>>>>>>>>>>>> I made some progress with this. I can now progress past the >>>>>>>>>>>>> sponsor email section and it accepts it. The sponsor gets the >>>>>>>>>>>>> email, clicks the link, I login with the sponsor account, but >>>>>>>>>>>>> then it says "does not have permission to sponsor a user”. >>>>>>>>>>>>> >>>>>>>>>>>>> Any ideas now? >>>>>>>>>>>>> >>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>> >>>>>>>>>>>>>> On Oct 6, 2020, at 7:51 PM, Louis Scaringella >>>>>>>>>>>>>> <lscaringe...@yellowdognetworks.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> The exact message is : >>>>>>>>>>>>>> >>>>>>>>>>>>>> Email [myem...@mydomain.com] is not allowed to sponsor guest >>>>>>>>>>>>>> access. >>>>>>>>>>>>>> >>>>>>>>>>>>>> When I run the following test, it matches my authentication >>>>>>>>>>>>>> source which has this marked as a sponsor. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> [root@localhost bin]# ./pftest authentication >>>>>>>>>>>>>> lscaringe...@ydn.co xxxxxxxxxx >>>>>>>>>>>>>> >>>>>>>>>>>>>> Testing authentication for "lscaringe...@ydn.co" >>>>>>>>>>>>>> >>>>>>>>>>>>>> Authenticating against 'local' in context 'admin' >>>>>>>>>>>>>> Authentication SUCCEEDED against local (Authentication >>>>>>>>>>>>>> successful.) >>>>>>>>>>>>>> Matched against local for 'authentication' rule default >>>>>>>>>>>>>> set_access_level : ALL >>>>>>>>>>>>>> set_unreg_date : 0000-00-00 00:00:00 >>>>>>>>>>>>>> set_tenant_id : 1 >>>>>>>>>>>>>> Matched against local for 'administration' rule default >>>>>>>>>>>>>> set_access_level : ALL >>>>>>>>>>>>>> set_unreg_date : 0000-00-00 00:00:00 >>>>>>>>>>>>>> set_tenant_id : 1 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Authenticating against 'local' in context 'portal' >>>>>>>>>>>>>> Authentication SUCCEEDED against local (Authentication >>>>>>>>>>>>>> successful.) >>>>>>>>>>>>>> Matched against local for 'authentication' rule default >>>>>>>>>>>>>> set_access_level : ALL >>>>>>>>>>>>>> set_unreg_date : 0000-00-00 00:00:00 >>>>>>>>>>>>>> set_tenant_id : 1 >>>>>>>>>>>>>> Matched against local for 'administration' rule default >>>>>>>>>>>>>> set_access_level : ALL >>>>>>>>>>>>>> set_unreg_date : 0000-00-00 00:00:00 >>>>>>>>>>>>>> set_tenant_id : 1 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Authenticating against 'file1' in context 'admin' >>>>>>>>>>>>>> Authentication SUCCEEDED against file1 (Authentication >>>>>>>>>>>>>> successful.) >>>>>>>>>>>>>> Did not match against file1 for 'authentication' rules >>>>>>>>>>>>>> Matched against file1 for 'administration' rule admins >>>>>>>>>>>>>> set_access_level : ALL >>>>>>>>>>>>>> mark_as_sponsor : 1 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Authenticating against 'file1' in context 'portal' >>>>>>>>>>>>>> Authentication SUCCEEDED against file1 (Authentication >>>>>>>>>>>>>> successful.) >>>>>>>>>>>>>> Did not match against file1 for 'authentication' rules >>>>>>>>>>>>>> Matched against file1 for 'administration' rule admins >>>>>>>>>>>>>> set_access_level : ALL >>>>>>>>>>>>>> mark_as_sponsor : 1 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Oct 6, 2020, at 6:46 PM, Louis Scaringella >>>>>>>>>>>>>>> <lscaringe...@yellowdognetworks.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I’m having an issue with the captive portal with sponsored >>>>>>>>>>>>>>> guest access. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Basically, when I go to test this and enter a sponsor email, it >>>>>>>>>>>>>>> tells me that email doesn’t have access to be a sponsor. >>>>>>>>>>>>>>> Unfortunately, there isn’t great documentation on this process >>>>>>>>>>>>>>> and the other posts about this are years old. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Any ideas? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Louis Scaringella >>>>>>>>>>>>>>> Security Systems Engineer >>>>>>>>>>>>>>> Yellow Dog Networks, Inc >>>>>>>>>>>>>>> 785-342-7903 >>>>>>>>>>>>>>> >>>>>>>>>>>>> The information transmitted, including any attachments, is >>>>>>>>>>>>> intended only for the person or entity to which it is addressed >>>>>>>>>>>>> and may contain confidential and/or privileged material. Any >>>>>>>>>>>>> review, retransmission, dissemination or other use of, or taking >>>>>>>>>>>>> of any action in reliance upon, this information by persons or >>>>>>>>>>>>> entities other than the intended recipient is prohibited, and all >>>>>>>>>>>>> liability arising therefrom is disclaimed. If you received this >>>>>>>>>>>>> in error, please contact the sender and delete the material from >>>>>>>>>>>>> any computer. >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>> -- >>>>>>>>>>>> Fabrice Durand >>>>>>>>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> The information transmitted, including any attachments, is intended >>>>>>>>>>> only for the person or entity to which it is addressed and may >>>>>>>>>>> contain confidential and/or privileged material. Any review, >>>>>>>>>>> retransmission, dissemination or other use of, or taking of any >>>>>>>>>>> action in reliance upon, this information by persons or entities >>>>>>>>>>> other than the intended recipient is prohibited, and all liability >>>>>>>>>>> arising therefrom is disclaimed. If you received this in error, >>>>>>>>>>> please contact the sender and delete the material from any computer. >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> The information transmitted, including any attachments, is intended >>>>>>>>>> only for the person or entity to which it is addressed and may >>>>>>>>>> contain confidential and/or privileged material. Any review, >>>>>>>>>> retransmission, dissemination or other use of, or taking of any >>>>>>>>>> action in reliance upon, this information by persons or entities >>>>>>>>>> other than the intended recipient is prohibited, and all liability >>>>>>>>>> arising therefrom is disclaimed. If you received this in error, >>>>>>>>>> please contact the sender and delete the material from any computer. >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> -- >>>>>>>>> Fabrice Durand >>>>>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> The information transmitted, including any attachments, is intended >>>>>>>> only for the person or entity to which it is addressed and may contain >>>>>>>> confidential and/or privileged material. Any review, retransmission, >>>>>>>> dissemination or other use of, or taking of any action in reliance >>>>>>>> upon, this information by persons or entities other than the intended >>>>>>>> recipient is prohibited, and all liability arising therefrom is >>>>>>>> disclaimed. If you received this in error, please contact the sender >>>>>>>> and delete the material from any computer. >>>>>>> -- >>>>>>> Fabrice Durand >>>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>> The information transmitted, including any attachments, is intended only >>>>>> for the person or entity to which it is addressed and may contain >>>>>> confidential and/or privileged material. Any review, retransmission, >>>>>> dissemination or other use of, or taking of any action in reliance upon, >>>>>> this information by persons or entities other than the intended >>>>>> recipient is prohibited, and all liability arising therefrom is >>>>>> disclaimed. If you received this in error, please contact the sender and >>>>>> delete the material from any computer. >>>>> -- >>>>> Fabrice Durand >>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>> The information transmitted, including any attachments, is intended only >>>> for the person or entity to which it is addressed and may contain >>>> confidential and/or privileged material. Any review, retransmission, >>>> dissemination or other use of, or taking of any action in reliance upon, >>>> this information by persons or entities other than the intended recipient >>>> is prohibited, and all liability arising therefrom is disclaimed. If you >>>> received this in error, please contact the sender and delete the material >>>> from any computer. >>> >>> -- >>> Fabrice Durand >>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >> >> The information transmitted, including any attachments, is intended only for >> the person or entity to which it is addressed and may contain confidential >> and/or privileged material. Any review, retransmission, dissemination or >> other use of, or taking of any action in reliance upon, this information by >> persons or entities other than the intended recipient is prohibited, and all >> liability arising therefrom is disclaimed. If you received this in error, >> please contact the sender and delete the material from any computer. >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > The information transmitted, including any attachments, is intended only for > the person or entity to which it is addressed and may contain confidential > and/or privileged material. Any review, retransmission, dissemination or > other use of, or taking of any action in reliance upon, this information by > persons or entities other than the intended recipient is prohibited, and all > liability arising therefrom is disclaimed. If you received this in error, > please contact the sender and delete the material from any computer. > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users The information transmitted, including any attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited, and all liability arising therefrom is disclaimed. If you received this in error, please contact the sender and delete the material from any computer. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
