Hi There, I checked all settings but not automatically assigned to role after authentication. When I add the role manually to the node everything works fine. Could this be a bug?
Dec 10 12:38:03 x-nac auth[3178]: Adding client 10.110.10.225/32 Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] handling radius autz request: from switch_ip => (10.110.10.225), connection_type => Ethernet-EAP,switch_mac => (08:97:34:5f:eb:0a), mac => [00:2b:67:e0:f6:fc], port => 4, username => "DC\test.user" (pf::radius::authorize) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] Instantiate profile DC_Connection_Profile (pf::Connection::ProfileFactory::_from_profile) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] Found authentication source(s) : 'X_DC' for realm 'default' (pf::config::util::filter_authentication_sources) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] Role has already been computed and we don't want to recompute it. (pf::role::getNodeInfoForAutoReg) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) WARN: [mac:00:2b:67:e0:f6:fc] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] Found authentication source(s) : 'X_DC' for realm 'default' (pf::config::util::filter_authentication_sources) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] Role has already been computed and we don't want to recompute it. Getting role from node_info (pf::role::getRegisteredRole) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) WARN: [mac:00:2b:67:e0:f6:fc] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 489. (pf::role::getRegisteredRole) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] PID: "default", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) WARN: [mac:00:2b:67:e0:f6:fc] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 633. (pf::Switch::getVlanByName) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) WARN: [mac:00:2b:67:e0:f6:fc] Use of uninitialized value $name in exists at /usr/local/pf/lib/pf/Switch.pm line 667. (pf::Switch::_parentRoleForVlan) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) WARN: [mac:00:2b:67:e0:f6:fc] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 640. (pf::Switch::getVlanByName) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) WARN: [mac:00:2b:67:e0:f6:fc] No parameter Vlan found in conf/switches.conf for the switch 10.110.10.225 (pf::Switch::getVlanByName) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] security_event 1300003 force-closed for 00:2b:67:e0:f6:fc (pf::security_event::security_event_force_close) Dec 10 12:38:03 x-nac packetfence_httpd.aaa[65465]: httpd.aaa(2240) INFO: [mac:00:2b:67:e0:f6:fc] Instantiate profile DC_Connection_Profile (pf::Connection::ProfileFactory::_from_profile) Dec 10 12:38:03 x-nac auth[3178]: (5799) Login OK: [DC\test.user] (from client 10.110.10.225/32 port 4 cli 00:2b:67:e0:f6:fc via TLS tunnel) Dec 10 12:38:03 x-nac auth[3178]: [mac:00:2b:67:e0:f6:fc] Accepted user: DC\test.user and returned VLAN Dec 10 12:38:03 x-nac auth[3178]: (5800) Login OK: [DC\test.user] (from client 10.110.10.225/32 port 4 cli 00:2b:67:e0:f6:fc) Dec 10 12:38:03 x-nac httpd_aaa[3076]: 127.0.0.1 - - [10/Dec/2021:12:38:03 +0300] "POST //radius/rest/authorize HTTP/1.1" 200 845 1842 59663 "-" "FreeRADIUS 3.0.25" "127.0.0.1:7070" Dec 10 12:38:03 x-nac httpd_aaa_err[3072]: Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 489. Dec 10 12:38:03 x-nac httpd_aaa_err[3072]: Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 633. Dec 10 12:38:03 x-nac httpd_aaa_err[3072]: Use of uninitialized value $name in exists at /usr/local/pf/lib/pf/Switch.pm line 667. Dec 10 12:38:03 x-nac httpd_aaa_err[3072]: Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 640. Dec 10 12:38:20 x-nac packetfence[69020]: pfperl-api(2838) INFO: Using 300 resolution threshold (pf::pfcron::task::cluster_check::run) Dec 10 12:38:20 x-nac packetfence[69020]: pfperl-api(2838) INFO: All cluster members are running the same configuration version switches.conf [default] description=default deauthOnPrevious=N [10.110.10.225] group=SW_Group SNMPEngineID=8000113D030897345FEB08 [group SW_Group] registrationVlan=140 isolationVlan=150 SNMPVersion=3 SNMPUserNameRead=nacsnmp SNMPAuthProtocolRead=MD5 SNMPAuthPasswordRead=blabla SNMPPrivProtocolRead=DES SNMPPrivPasswordRead=blabla SNMPUserNameWrite=nacsnmp SNMPAuthProtocolWrite=MD5 SNMPAuthPasswordWrite=blabla SNMPPrivProtocolWrite=DES SNMPPrivPasswordWrite=blabla radiusSecret=blablabla description=HP1920s Switch Group type=HP::Switch DC_ClientVlan=99 GuestVlan=97 SNMPUserNameTrap=nactrap MachineVlan=30 defaultVlan=30 authentication.conf [DC] monitor=1 shuffle=0 basedn=OU=Users,DC=x,DC=local read_timeout=10 dead_duration=60 set_access_durations_action= usernameattribute=sAMAccountName scope=sub cache_match=0 encryption=starttls email_attribute=mail write_timeout=5 searchattributes= type=AD description=Domain Controller connection_timeout=1 host=192.168.10.20 verify=none port=389 realms=default,null binddn=CN=nac,OU=Services,DC=x,DC=local password=BlaBla dynamic_routing_module=AuthModule [DC rule client] action0=set_role=DC_Client class=authentication action1=set_access_duration=5D match=all status=enabled [null-source] description=null-source set_access_durations_action= type=Null email_required=no dynamic_routing_module=AuthModule [null-source rule catchall] action0=set_role=Guest class=authentication action1=set_access_duration=12h status=enabled match=all profiles.conf [Connection_Profile] advanced_filter= filter=connection_type:Ethernet-EAP description=Connection Profile autoregister=enabled sources=DC top_op=and dot1x_unset_on_unmatch=enabled dot1x_recompute_role_from_portal=disabled unreg_on_acct_stop=enabled [registration] sources=null-source locale= description=null-source advanced_filter= dot1x_recompute_role_from_portal=disabled filter=vlan:140 rules.conf [DC_Client] max_nodes_per_pid=0 notes=Domain Members Vlan 99 inherit_vlan=disabled inherit_web_auth_url=disabled inherit_role=disabled [Guest] max_nodes_per_pid=0 inherit_web_auth_url=disabled inherit_role=disabled inherit_vlan=disabled notes=Guest Vlan 97 realm.conf [1 DEFAULT] radius_auth_proxy_type=keyed-balance eduroam_radius_auth= radius_acct= radius_auth_compute_in_pf=enabled radius_acct_proxy_type=load-balance eduroam_radius_auth_proxy_type=keyed-balance domain=xlocal eduroam_radius_auth_compute_in_pf=enabled radius_auth= permit_custom_attributes=disabled eduroam_radius_acct_proxy_type=load-balance eduroam_radius_acct= [1 NULL] permit_custom_attributes=disabled eduroam_radius_acct_proxy_type=load-balance eduroam_radius_acct= radius_acct= radius_auth_compute_in_pf=enabled radius_auth_proxy_type=keyed-balance eduroam_radius_auth= eduroam_radius_auth_compute_in_pf=enabled radius_auth= radius_acct_proxy_type=load-balance eduroam_radius_auth_proxy_type=keyed-balance domain=xlocal
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
