Hi, I'm having problems registering devices, either via the portal (eg MAC based authentication) or 802.1x.
I had originally logged an issue on Github https://github.com/inverse-inc/packetfence/issues/6361 but closed it after the issue disappeared for a while. Perhaps I have something wrong somewhere? We're running PacketFence 10.3 on Debian 9, apt is up to date and we've applied the latest available patches (pf-maint.pl)... I have AD configured and receive this error even when I remove 'condition0' and then completely re-initialise the platform: /usr/local/pf/bin/pfcmd fixpermissions; /usr/local/pf/bin/pfcmd pfconfig clear_backend; systemctl restart packetfence-config; /usr/local/pf/bin/pfcmd configreload hard; Init 6; authentication.conf [companyad_users] password=*************** write_timeout=5 description=Company AD - Users scope=sub realms=null,netbiosdomain,ad.company.com type=AD connection_timeout=1 binddn=auth-packetfe...@ad.company.com read_timeout=10 cache_match=0 host=ad.company.com port=636 monitor=1 shuffle=0 searchattributes= email_attribute=mail encryption=ssl basedn=OU=Users,OU=Company,DC=ad,DC=company,DC=com usernameattribute=sAMAccountName dynamic_routing_module=AuthModule dead_duration=60 set_access_durations_action= [companyad_users rule staff] action0=set_role=staff match=all description=Member of company AD security group class=authentication status=enabled action1=set_access_duration=1M This rule typically includes the following, but was deleted when testing: condition0=memberOf,equals,CN=company,OU=Company,OU=Security Groups,OU=Company,DC=ad,DC=company,DC=com profiles.conf [Wireless_802.1x] advanced_filter= description=Wireless 802.1x sources=syrexad_users locale= filter=connection_type:Wireless-802.11-EAP reuse_dot1x_credentials=enabled portal_modules.conf <empty> Logs: Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Instantiate profile Wireless_802.1x (pf::Connection::ProfileFactory::_from_profile) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Instantiate profile Wireless_802.1x (pf::Connection::ProfileFactory::_from_profile) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Authenticating user using sources : companyad_users (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Reusing 802.1x credentials with username 'davidh' and realm 'null' (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] [companyad_users staff] Searching for (sAMAccountName=davidh), from OU=Users,OU=Company,DC=ad,DC=company,DC=com, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Matched rule (staff) in source companyad_users, returning actions. (pf::Authentication::Source::match_rule) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Matched rule (staff) in source companyad_users, returning actions. (pf::Authentication::Source::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] User davidh has authenticated on the portal. (Class::MOP::Class:::after) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Warning: 1364: Field 'pid' doesn't have a default value (pf::dal::db_execute) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $pid in lc at /usr/local/pf/lib/pf/person.pm line 252. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $new_pid in lc at /usr/local/pf/lib/pf/person.pm line 252. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Warning: 1364: Field 'pid' doesn't have a default value (pf::dal::db_execute) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $pid in string ne at /usr/local/pf/lib/pf/person.pm line 261. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $new_pid in string ne at /usr/local/pf/lib/pf/person.pm line 261. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] [companyad_users] Missing parameters to construct LDAP filter (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] [companyad_users] Missing parameters to construct LDAP filter (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Execute actions of module default_policy+default_registration_policy+default_login_policy did not succeed. (captiveportal::PacketFence::DynamicRouting::Module::done) Jun 24 01:35:12 packetfence2 pfqueue: pfqueue(2482) INFO: [mac:unknown] Already did a person lookup for davidh (pf::lookup::person::lookup_person) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Authenticating user using sources : companyad_users (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Reusing 802.1x credentials with username 'davidh' and realm 'null' (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] [companyad_users staff] Searching for (sAMAccountName=davidh), from OU=Users,OU=Company,DC=ad,DC=company,DC=com, with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Matched rule (staff) in source companyad_users, returning actions. (pf::Authentication::Source::match_rule) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Matched rule (staff) in source companyad_users, returning actions. (pf::Authentication::Source::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] User davidh has authenticated on the portal. (Class::MOP::Class:::after) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Warning: 1364: Field 'pid' doesn't have a default value (pf::dal::db_execute) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $pid in lc at /usr/local/pf/lib/pf/person.pm line 252. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $new_pid in lc at /usr/local/pf/lib/pf/person.pm line 252. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Trying to save a NULL value in a non nullable field person.pid (pf::dal::validate_field) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] Skipping invalid value (NULL) in when inserting field person.pid (pf::dal::_insert_data) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Warning: 1364: Field 'pid' doesn't have a default value (pf::dal::db_execute) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $pid in string ne at /usr/local/pf/lib/pf/person.pm line 261. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Use of uninitialized value $new_pid in string ne at /usr/local/pf/lib/pf/person.pm line 261. (pf::person::person_modify) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] [companyad_users] Missing parameters to construct LDAP filter (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:11 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Found source companyad_users in session. (Class::MOP::Class:::around) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) INFO: [mac:00:11:22:33:44:55] Using sources companyad_users for matching (pf::authentication::match) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) ERROR: [mac:00:11:22:33:44:55] [companyad_users] Missing parameters to construct LDAP filter (pf::Authentication::Source::LDAPSource::match_in_subclass) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2870) WARN: [mac:00:11:22:33:44:55] Execute actions of module default_policy+default_registration_policy+default_login_policy did not succeed. (captiveportal::PacketFence::DynamicRouting::Module::done) Jun 24 01:35:12 packetfence2 pfqueue: pfqueue(2482) INFO: [mac:unknown] Already did a person lookup for davidh (pf::lookup::person::lookup_person) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2868) INFO: [mac:00:11:22:33:44:55] Instantiate profile Wireless_802.1x (pf::Connection::ProfileFactory::_from_profile) Jun 24 01:35:12 packetfence2 packetfence_httpd.portal: httpd.portal(2868) INFO: [mac:00:11:22:33:44:55] Instantiate profile Wireless_802.1x (pf::Connection::ProfileFactory::_from_profile) PS: I presume the 'Missing parameters to construct LDAP filter' error relates to 'searchattributes' being blank. My understanding of the above is that 'sAMAccountName' matching 'davidh' was found in LDAP and matched the rule. It however then fails to populate person.pid... We're running Windows 2019 AD with SSL encrypted LDAP (tcp:636). Could I possibly turn up debugging to provide additional information? Regards David Herselman
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
