Sorry for my english level My problem is that the role is not given by the rule so the PC won't be put in a VLAN, but when I give the PC the role thanks to the nodes it's working when the user and the password are matching with the user on the AD. - I'm Using packetfence (PacketFence-ZEN-v10.3.0) on VMware I have a Layer 3 switch is an HP5130 - The AD Join is 'OK' - The realms are linked to the AD - The Auth source is down there and the test button says "Successfully validated with 10.5.2.48,10.5.2.47." - The switch conf looks ok when I go to the network view of packetfence and when I manually give the role to the PC, I see the PC "Reg" and with information about it. - The Connection Profiles are down there too I don't understand why it doesn't work, can someone help me please ?
The log: May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) INFO: [mac:dc:4a:3e:e0:b5:0c] Instantiate profile 8021x (pf::Connection::ProfileFactory::_from_profile) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) INFO: [mac:dc:4a:3e:e0:b5:0c] Found authentication source(s) : 'Auth-Sturno' for realm 'default' (pf::config::util::filter_authentication_sources) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) INFO: [mac:dc:4a:3e:e0:b5:0c] Using sources Auth-Sturno for matching (pf::authentication::match2) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) WARN: [mac:dc:4a:3e:e0:b5:0c] [Auth-Sturno catchall] Searching for (&(|(sAMAccountName=GROUPE-STURNO\psanson)(servicePrincipalName=GROUPE-STURNO\psanson))), from DC=LOCAL, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) INFO: [mac:dc:4a:3e:e0:b5:0c] LDAP testing connection (pf::LDAP::expire_if) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) ERROR: [mac:dc:4a:3e:e0:b5:0c] [Auth-Sturno] Unable to execute search (&(|(sAMAccountName=GROUPE-STURNO\psanson)(servicePrincipalName=GROUPE-STURNO\psanson))) from DC=LOCAL on 10.5.2.48:389, we skip the rule. (pf::Authentication::Source::LDAPSource::_match_in_subclass) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) INFO: [mac:dc:4a:3e:e0:b5:0c] No rules matches or no category defined for the node, set it as unreg. (pf::role::getNodeInfoForAutoReg) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) WARN: [mac:dc:4a:3e:e0:b5:0c] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) WARN: [mac:dc:4a:3e:e0:b5:0c] No role specified or found for pid GROUPE-STURNO\psanson (MAC dc:4a:3e:e0:b5:0c); assume maximum number of registered nodes is reached (pf::node::is_max_reg_nodes_reached) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) ERROR: [mac:dc:4a:3e:e0:b5:0c] no role computed by any sources - registration of dc:4a:3e:e0:b5:0c to GROUPE-STURNO\psanson failed (pf::registration::setup_node_for_registration) May 18 12:20:40 packetfence packetfence_httpd.aaa: httpd.aaa(1660) ERROR: [mac:dc:4a:3e:e0:b5:0c] auto-registration of node failed no role computed by any sources (pf::radius::authorize) *One my Switch (HP 5130) Layer3 Switch:* interface GigabitEthernet1/0/19 port access vlan 200 dot1x undo dot1x handshake dot1x mandatory-domain groupe-sturno.local dot1x max-user 4 *The Auth Source: * [Auth-Sturno] cache_match=0 read_timeout=30 realms=default,null basedn=CN=Users,DC=groupe-sturno,DC=LOCAL monitor=1 shuffle=0 searchattributes= set_access_durations_action= scope=sub email_attribute=mail usernameattribute=sAMAccountName dead_duration=60 connection_timeout=15 encryption=none description=test-1 port=389 host=10.5.2.48,10.5.2.47 write_timeout=15 type=AD password=********** binddn=CN=root,CN=Users,DC=groupe-sturno,DC=LOCAL [Auth-Sturno rule catchall] action0=set_role=DATA_Sturno_Avranches status=enabled match=any class=authentication action1=set_access_duration=5D description=catchall [8021x] locale= description=802.1X wired connections sources=Auth-Sturno advanced_filter= filter=connection_type:Ethernet-EAP autoregister=enabled If anything more is needed I can give it. Pierre-Alexis SANSON End-of-year internship student
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
