Dear Ludovic
Many thanks for your appreciated reply.
I did a manual check as you described. Please see the command reply below. I’ve
taken the password stored in the PF GUI.
The DB connect seems to work in nearly all the cases, except the described node
check while auth.
The root login works also fort h DB connect.
It is (currently) a standalone installed by the current OVA from the website in
version 11.1 (Oct 29th build).
Thank you very much for your effort!
Sincerley jonas
root@SLcsPFCv01:~# mysql -u pf pf -p
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1455
Server version: 10.5.12-MariaDB-0+deb11u1 Debian 11
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [pf]>
MariaDB [pf]> show tables
-> ;
+------------------------------+
| Tables_in_pf |
+------------------------------+
| action |
| activation |
| admin_api_audit_log |
| auth_log |
| bandwidth_accounting |
| bandwidth_accounting_history |
| billing |
| chi_cache |
| class |
| dhcp_option82 |
| dhcp_option82_history |
| dhcppool |
| dns_audit_log |
| ip4log |
| ip4log_archive |
| ip4log_history |
| ip6log |
| ip6log_archive |
| ip6log_history |
| key_value_storage |
| keyed |
| locationlog |
| locationlog_history |
| node |
| node_category |
| password |
| person |
| pf_version |
| pki_cas |
| pki_certs |
| pki_profiles |
| pki_revoked_certs |
| radacct |
| radacct_log |
| radius_audit_log |
| radius_nas |
| radreply |
| savedsearch |
| scan |
| security_event |
| sms_carrier |
| tenant |
| user_preference |
| wrix |
+------------------------------+
44 rows in set (0.000 sec)
Von: Zammit, Ludovic <luza...@akamai.com>
Gesendet: Montag, 8. November 2021 18:50
An: packetfence-users@lists.sourceforge.net
Cc: jonas.stal...@gmx.ch; Jonas Stalder <jonas.stal...@leuchterag.ch>
Betreff: Re: [PacketFence-users] Database connect error while auth.
Hello Jonas,
Try that:
mysql -u pf pf -p
Tell me if it works.
Is the root login works ?
Do you have a standalone or a cluster?
Thanks,
Ludovic Zammit
Product Support Engineer Principal
Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:
<https://community.akamai.com/> <http://blogs.akamai.com/>
<https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
<http://www.linkedin.com/company/akamai-technologies>
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>
On Nov 8, 2021, at 9:25 AM, jonas.stalder--- via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net> > wrote:
Dear Guys
Sorry for asking again, but I still strugle with this issue and would be
important for me to solve.
I’ve checked the mariadb-log for the corresponding entries and I still
experience the same issue.
/usr/lib/mysql/SLcsPFCv01.log reports following :
178841 Connect Access denied for user 'pf'@'localhost' (using password: YES)
To verify the DB configuraiton, I logged in by mysql in 3 constellations :
// without DB PASS
root@SLcsPFCv01:/usr/local/pf/raddb# mysql -u pf -h localhost
ERROR 1045 (28000): Access denied for user 'pf'@'localhost' (using password: NO)
// with incorrect DB pass
root@SLcsPFCv01:/usr/local/pf/raddb# mysql -u pf -h localhost -p
Enter password:
ERROR 1045 (28000): Access denied for user 'pf'@'localhost' (using password:
YES)
// with correct DB pass corresponding to the value documented in packet fence
UI/config. file
root@SLcsPFCv01:/usr/local/pf/raddb# mysql -u pf -h localhost -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 179254
Server version: 10.5.12-MariaDB-0+deb11u1 Debian 11
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
Also the node is present in the db:
MariaDB [pf]> select mac from node;
+-------------------+
| mac |
+-------------------+
| dc:a6:32:b2:5e:02 |
+-------------------+
1 row in set (0.000 sec)
In my view, if this is intendet behavour, the DB access would be blocked all
the time.
Due to the fact, that in the rest of the cases, the db can be queried, I’m
still thinking about a bug, but my report (
<https://urldefense.com/v3/__https:/github.com/inverse-inc/packetfence/issues/6685__;!!GjvTz_vk!EflhieWszggxRu7zqZwlCInSbD2AUdRnSdSxaF0z1g7tPBiiLBMfjwOVSuuxUsZI$>
https://github.com/inverse-inc/packetfence/issues/6685) has been closed
without any comment.
Could someone give me a hint if this is known behavour or should I reinsist
regarding a bug.
Or is there probably a workaround ?
Would be great to have a feedback. 1000Thanks in advance!!
Jonas
Von: Jonas Stalder via PacketFence-users <
<mailto:packetfence-users@lists.sourceforge.net>
packetfence-users@lists.sourceforge.net>
Gesendet: Samstag, 6. November 2021 17:46
An: <mailto:packetfence-users@lists.sourceforge.net>
packetfence-users@lists.sourceforge.net
Cc: Jonas Stalder < <mailto:jonas.stal...@gmx.ch> jonas.stal...@gmx.ch>
Betreff: [PacketFence-users] Database connect error while auth.
Dear Guys
Hope you’re all doing well.
Took me know hours but I still get no authentication from client with 802.1x +
MAC.
While looking to the log, I see a auth. Error regarding the a database query.
->->Nov 6 16:24:56 packetfence packetfence_httpd.aaa[10168]: httpd.aaa(1383)
FATAL: [mac:[undef]] unable to connect to database: Access denied for user
'pf'@'localhost' (using password: YES) at /usr/local/pf/lib/CHI/Driver/DBI.pm
line 28.
(pf::CHI::db::db_connect)
The installation has now be cleaned up (reinstalled) two times. The database
configuration in the setup has been done “automaticly” (by wizard).
I’ve checked the with login “pf”@localhost and also as root manually (mysql). I
was able to login and check the user-table:
MariaDB [mysql]> select user,host,authentication_string,plugin from mysql.user
-> ;
+-------------+-----------+-------------------------------------------+-----------------------+
| User | Host | authentication_string | plugin
|
+-------------+-----------+-------------------------------------------+-----------------------+
| mariadb.sys | localhost | |
mysql_native_password |
| root | localhost | *5E0316A4B8BD7B23XXXXX0580425566E5 |
mysql_native_password |
| mysql | localhost | invalid |
mysql_native_password |
| pf | % | *0861D201B2B18B1F8DBEXXXXXXXF626088E47F73 |
mysql_native_password |
| pf | localhost | *0861D201B2B1XXXXXXXXEAF626088E47F73 |
mysql_native_password |
+-------------+-----------+-------------------------------------------+-----------------------+
5 rows in set (0.001 sec)
A reset of the password for pf@localhost was also successfully. I still get the
error.
My intention is that this is the error because the auth does not work.
Could there be a bug or does anyone has a good hint for me?
Yours faithfully & thanks for your efforts
Jonas
// Log========
Nov 6 16:24:52 packetfence httpd_aaa[1462]: 127.0.0.1 - - [06/Nov/2021:17:24:52
+0100] "-" 408 0 0 19 "-" "-" "-"
Nov 6 16:24:56 packetfence auth[9610]: Adding client 10.123.252.1/32
Nov 6 16:24:56 packetfence auth[9610]: (4817) rest: ERROR: Server returned:
Nov 6 16:24:56 packetfence auth[9610]: (4817) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow"}
Nov 6 16:24:56 packetfence auth[9610]: [mac:dc:a6:32:b2:5e:02] Rejected user:
dca632b25e02
Nov 6 16:24:56 packetfence auth[9610]: (4817) Rejected in post-auth:
[dca632b25e02] (from client 10.123.252.1/32 port 7 cli dc:a6:32:b2:5e:02)
Nov 6 16:24:56 packetfence auth[9610]: (4817) Login incorrect (rest: Server
returned:): [dca632b25e02] (from client 10.123.252.1/32 port 7 cli
dc:a6:32:b2:5e:02)
Nov 6 16:24:56 packetfence httpd_aaa_err[1461]: Use of uninitialized value
$radius_return in numeric eq (==) at /usr/local/pf/lib/pf/radius/rest.pm line
48.
Nov 6 16:24:56 packetfence httpd_aaa_err[1461]: Use of uninitialized value
$radius_return in numeric eq (==) at /usr/local/pf/lib/pf/radius/rest.pm line
53.
Nov 6 16:24:56 packetfence httpd_aaa_err[1461]: Use of uninitialized value
$radius_return in numeric eq (==) at /usr/local/pf/lib/pf/radius/rest.pm line
53.
Nov 6 16:24:56 packetfence httpd_aaa_err[1461]: Use of uninitialized value
$radius_return in numeric eq (==) at /usr/local/pf/lib/pf/radius/rest.pm line
53.
->->Nov 6 16:24:56 packetfence packetfence_httpd.aaa[10168]: httpd.aaa(1383)
FATAL: [mac:[undef]] unable to connect to database: Access denied for user
'pf'@'localhost' (using password: YES) at /usr/local/pf/lib/CHI/Driver/DBI.pm
line 28.
(pf::CHI::db::db_connect)
Nov 6 16:24:56 packetfence packetfence_httpd.aaa[10168]: httpd.aaa(1383) ERROR:
[mac:[undef]] radius authorize failed with error: unable to connect to
database: Access denied for user 'pf'@'localhost' (using password: YES) at
/usr/local/pf/lib/CHI/Driver/DBI.pm line 28.
(pf::api::radius_authorize)
Nov 6 16:24:56 packetfence packetfence_httpd.aaa[10168]: httpd.aaa(1383) WARN:
[mac:[undef]] Use of uninitialized value $radius_return in numeric eq (==) at
/usr/local/pf/lib/pf/radius/rest.pm line 48.
(pf::radius::rest::format_response)
Nov 6 16:24:56 packetfence packetfence_httpd.aaa[10168]: httpd.aaa(1383) WARN:
[mac:[undef]] Use of uninitialized value $radius_return in numeric eq (==) at
/usr/local/pf/lib/pf/radius/rest.pm line 53.
(pf::radius::rest::format_response)
Nov 6 16:24:56 packetfence packetfence_httpd.aaa[10168]: httpd.aaa(1383) WARN:
[mac:[undef]] Use of uninitialized value $radius_return in numeric eq (==) at
/usr/local/pf/lib/pf/radius/rest.pm line 53.
(pf::radius::rest::format_response)
Nov 6 16:24:56 packetfence packetfence_httpd.aaa[10168]: httpd.aaa(1383) WARN:
[mac:[undef]] Use of uninitialized value $radius_return in numeric eq (==) at
/usr/local/pf/lib/pf/radius/rest.pm line 53.
(pf::radius::rest::format_response)
Nov 6 16:24:56 packetfence httpd_aaa[1462]: 127.0.0.1 - - [06/Nov/2021:17:24:56
+0100] "POST //radius/rest/authorize HTTP/1.1" 401 205 2239 3095 "-"
"FreeRADIUS 3.0.25" "127.0.0.1:7070"
_______________________________________________
PacketFence-users mailing list
<mailto:PacketFence-users@lists.sourceforge.net>
PacketFence-users@lists.sourceforge.net
<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!EflhieWszggxRu7zqZwlCInSbD2AUdRnSdSxaF0z1g7tPBiiLBMfjwOVSpeyQ1yf$>
https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!EflhieWszggxRu7zqZwlCInSbD2AUdRnSdSxaF0z1g7tPBiiLBMfjwOVSpeyQ1yf$
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
