Hello Stephan,
it looks that you strip the username somewhere, do you have a realm or a
radius filter who do that ?
Regards
Fabrice
Le lun. 13 sept. 2021 à 16:41, Kaufhold, Stephan via PacketFence-users <
packetfence-users@lists.sourceforge.net> a écrit :
> Hello,
>
>
>
> the client host/cust-SEG.custulm.local can't authenticate.
>
> In packetfence.log I see cust-SEG.custulm.local without "host/" prefix.
>
>
>
> /usr/local/pf/bin/pftest authentication host/cust-SEG.custulm.local "" is
> working well.
>
> /usr/local/pf/bin/pftest authentication cust-SEG.custulm.local "" is not
> working.
>
>
>
> What can be the reason to remove the host prefix?
>
>
>
> Thanks in advance
>
>
>
> radius.log...
>
> Sep 13 13:44:06 cust-NAC01 auth[1674]: Adding client 10.1.40.1/32
>
> Sep 13 13:44:06 cust-NAC01 auth[1674]: [mac:10:7b:44:18:ed:3a] Rejected
> user: host/cust-SEG.custulm.local
>
> Sep 13 13:44:06 cust-NAC01 auth[1674]: (150) Rejected in post-auth:
> [host/cust-SEG.custulm.local] (from client 10.1.40.1/32 port 260 cli
> 10:7b:44:18:ed:3a)
>
> Sep 13 13:44:06 cust-NAC01 auth[1674]: (150) Login incorrect (sql_reject:
> Insufficient space to store pair string, needed 2088 bytes have 2048
> bytes): [host/cust-SEG.custulm.local] (from client 10.1.40.1/32 port 260
> cli 10:7b:44:18:ed:3a)
>
>
>
> packetfence.log...
>
>
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
> [mac:10:7b:44:18:ed:3a] [AS-custulm INSEL] Searching for
> (servicePrincipalName=cust-SEG.custulm.local), from DC=custulm,DC=local,
> with scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass)
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) INFO:
> [mac:10:7b:44:18:ed:3a] No rules matches or no category defined for the
> node, set it as unreg. (pf::role::getNodeInfoForAutoReg)
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
> [mac:10:7b:44:18:ed:3a] No category computed for autoreg
> (pf::role::getNodeInfoForAutoReg)
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
> [mac:10:7b:44:18:ed:3a] No role specified or found for pid
> cust-SEG.custulm.local (MAC 10:7b:44:18:ed:3a); assume maximum number of
> registered nodes is reached (pf::node::is_max_reg_nodes_reached)
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
> [mac:10:7b:44:18:ed:3a] max nodes per pid met or exceeded - registration of
> 10:7b:44:18:ed:3a to cust-SEG.custulm.local failed
> (pf::registration::setup_node_for_registration)
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
> [mac:10:7b:44:18:ed:3a] auto-registration of node failed max nodes per pid
> met or exceeded (pf::radius::authorize)
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
> [mac:10:7b:44:18:ed:3a] Database query failed with non retryable error:
> Cannot add or update a child row: a foreign key constraint fails
> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES
> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno:
> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`,
> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`,
> `detect_date`, `device_class`, `device_manufacturer`, `device_score`,
> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`,
> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`,
> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`,
> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`,
> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY
> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `tenant_id` = ?]{yes,
> NULL, NULL, NULL, NULL, NULL, 2021-09-13 11:21:11, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, 0000-00-00 00:00:00,
> 0000-00-00 00:00:00, 10:7b:44:18:ed:3a, NULL, NULL, cust-SEG.custulm.local,
> 0000-00-00 00:00:00, NULL, unreg, 1, NULL, 0000-00-00 00:00:00, NULL, no,
> yes, cust-SEG.custulm.local, 1} (pf::dal::db_execute)
>
> Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
> [mac:10:7b:44:18:ed:3a] Cannot save 10:7b:44:18:ed:3a error (500)
> (pf::radius::authorize)
>
>
>
> Kind regards
>
>
>
>
>
>
>
> ------------------------------
>
> Celos Computer GmbH | Liststraße 1 | 89079 Ulm
> www.celos.de | facebook <https://www.facebook.com/CelosComputerGmbH/>| xing
> <https://www.xing.com/companies/celoscomputergmbh>
>
>
>
> Stephan Kaufhold
> *Consultant *
>
>
>
> Telefon: +49 731 96884-690 | Fax: +49 73196884-790 | E-Mail:
> stephan.kaufh...@celos.de
>
>
> ------------------------------
>
> Besuchen Sie uns auf
> <https://www.facebook.com/CelosComputerGmbH>
> <https://linkedin.com/company/celos-computer-gmbh>
> <https://www.xing.com/pages/celoscomputergmbh>
>
>
>
>
>
>
>
>
>
>
> Sitz der Gesellschaft: Ulm | Rechtsform: GmbH | Amtsgericht Ulm: HRB
> 730872 | Geschäftsführer: Dipl. Ing. Thomas Hoffmann
> Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige
> vertrauliche Informationen enthalten.
> Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine
> Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe
> ausdrücklich untersagt. Bitte benachrichtigen Sie uns und vernichten Sie
> die empfangene E-Mail. Vielen Dank.
>
>
>
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
