Re: [PacketFence-users] 802.1X fails authentication - No role computed by any sources - registration failed
ah ah there is a guy who replied on reddit https://www.reddit.com/r/PacketFence/comments/12pw62q/8021x_fails_authentication_no_role_computed_by/ Le mar. 18 avr. 2023 à 18:09, Dan Clancey via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello - > > I am currently in the process of evaluating packetfence as a NAC solution > and am following the installation guide at > https://www.packetfence.org/doc/PacketFence_Installation_Guide.html to > get started. > > After completing the steps in "Section 5: Getting Started." I connected a > laptop to the configured switchport and the network adapter in windows > states "Authentication Failed." > I have confirmed that packetfence successfully joined the Domain and that > the Authentication Source tests successfully.The sAMAccountName in AD > matches DOMAIN\UserName listed below. > > When I check auditing I get the following information: > >> 04/17/2023 03:35 PM Accept 10.7.14.16 Unregistered b445065c08d7 10.248.0.5 >> 04/17/2023 03:35 PM Reject 10.7.14.16 >> Unregistered DOMAIN\UserName 10.248.0.5 >> 04/17/2023 03:35 PM Reject 10.7.14.16 >> Unregistered DOMAIN\UserName 10.248.0.5 > > > here is the output from packetfence.log: > > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> INFO: [mac:b4:45:06:5c:08:d7] handling radius autz request: from switch_ip >> => (10.248.0.5), connection_type => Ethernet-EAP,switch_mac => >> (28:34:a2:1a:56:b0), mac => [b4:45:06:5c:08:d7], port => 10148, username => >> "DOMAIN\UserName" (pf::radius::authorize) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> INFO: [mac:b4:45:06:5c:08:d7] Instantiate profile 8021x >> (pf::Connection::ProfileFactory::_from_profile) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> INFO: [mac:b4:45:06:5c:08:d7] Found authentication source(s) : 'DC01' for >> realm 'default' (pf::config::util::filter_authentication_sources) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> INFO: [mac:b4:45:06:5c:08:d7] Using sources DC01 for matching >> (pf::authentication::match2) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> WARN: [mac:b4:45:06:5c:08:d7] [DC01 catchall] Searching for >> (sAMAccountName= DOMAIN\UserName ), from DC=domain,DC=local, with scope >> sub (pf::Authentication::Source::LDAPSource::match_in_subclass) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> INFO: [mac:b4:45:06:5c:08:d7] No rules matches or no category defined for >> the node, set it as unreg. (pf::role::getNodeInfoForAutoReg) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> WARN: [mac:b4:45:06:5c:08:d7] No category computed for autoreg >> (pf::role::getNodeInfoForAutoReg) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> WARN: [mac:b4:45:06:5c:08:d7] No role specified or found for pid >> DOMAIN\UserName (MAC b4:45:06:5c:08:d7); assume maximum number of >> registered nodes is reached (pf::node::is_max_reg_nodes_reached) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> ERROR: [mac:b4:45:06:5c:08:d7] no role computed by any sources - >> registration of b4:45:06:5c:08:d7 to DOMAIN\UserName failed >> (pf::registration::setup_node_for_registration) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> ERROR: [mac:b4:45:06:5c:08:d7] auto-registration of node failed no role >> computed by any sources (pf::radius::authorize) >> Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) >> ERROR: [mac:b4:45:06:5c:08:d7] Database query failed with non retryable >> error: Cannot add or update a child row: a foreign key constraint fails >> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`pid`) REFERENCES `person` >> (`pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT INTO >> `node` ( `autoreg`, `bandwidth_balance`, `bypass_acls`, `bypass_role_id`, >> `bypass_vlan`, `category_id`, `computername`, `detect_date`, >> `device_class`, `device_manufacturer`, `device_score`, `device_type`, >> `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, >> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, >> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, >> `sessionid`, `status`, `time_balance`, `unregdate`, `user_agent`, `voip`) >> VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, >> ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY UPDATE `autoreg` = ?, >> `last_seen` = ?, `pid` = ?]{yes, NULL, NULL, NULL, NULL, NULL, NULL, >> 2023-04-17 14:46:50, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, >> -00-00 00:00:00, -00-00 00:00:00, 2023-04-17 15:35:12, -00-00 >> 00:00:00, b4:45:06:5c:08:d7, NULL, NULL, DOMAIN\UserName , -00-00 >> 00:00:00, NULL, unreg, NULL, -00-00 00:00:00, NULL, no, yes, 2023-04-17 >> 15:35:12, DOMAIN\UserName }
[PacketFence-users] 802.1X fails authentication - No role computed by any sources - registration failed
Hello - I am currently in the process of evaluating packetfence as a NAC solution and am following the installation guide at https://www.packetfence.org/doc/PacketFence_Installation_Guide.html to get started. After completing the steps in "Section 5: Getting Started." I connected a laptop to the configured switchport and the network adapter in windows states "Authentication Failed." I have confirmed that packetfence successfully joined the Domain and that the Authentication Source tests successfully.The sAMAccountName in AD matches DOMAIN\UserName listed below. When I check auditing I get the following information: > 04/17/2023 03:35 PM Accept 10.7.14.16 Unregistered b445065c08d7 10.248.0.5 > 04/17/2023 03:35 PM Reject 10.7.14.16 > Unregistered DOMAIN\UserName 10.248.0.5 > 04/17/2023 03:35 PM Reject 10.7.14.16 > Unregistered DOMAIN\UserName 10.248.0.5 here is the output from packetfence.log: Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > INFO: [mac:b4:45:06:5c:08:d7] handling radius autz request: from switch_ip > => (10.248.0.5), connection_type => Ethernet-EAP,switch_mac => > (28:34:a2:1a:56:b0), mac => [b4:45:06:5c:08:d7], port => 10148, username => > "DOMAIN\UserName" (pf::radius::authorize) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > INFO: [mac:b4:45:06:5c:08:d7] Instantiate profile 8021x > (pf::Connection::ProfileFactory::_from_profile) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > INFO: [mac:b4:45:06:5c:08:d7] Found authentication source(s) : 'DC01' for > realm 'default' (pf::config::util::filter_authentication_sources) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > INFO: [mac:b4:45:06:5c:08:d7] Using sources DC01 for matching > (pf::authentication::match2) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > WARN: [mac:b4:45:06:5c:08:d7] [DC01 catchall] Searching for > (sAMAccountName= DOMAIN\UserName ), from DC=domain,DC=local, with scope > sub (pf::Authentication::Source::LDAPSource::match_in_subclass) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > INFO: [mac:b4:45:06:5c:08:d7] No rules matches or no category defined for > the node, set it as unreg. (pf::role::getNodeInfoForAutoReg) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > WARN: [mac:b4:45:06:5c:08:d7] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > WARN: [mac:b4:45:06:5c:08:d7] No role specified or found for pid > DOMAIN\UserName (MAC b4:45:06:5c:08:d7); assume maximum number of > registered nodes is reached (pf::node::is_max_reg_nodes_reached) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > ERROR: [mac:b4:45:06:5c:08:d7] no role computed by any sources - > registration of b4:45:06:5c:08:d7 to DOMAIN\UserName failed > (pf::registration::setup_node_for_registration) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > ERROR: [mac:b4:45:06:5c:08:d7] auto-registration of node failed no role > computed by any sources (pf::radius::authorize) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > ERROR: [mac:b4:45:06:5c:08:d7] Database query failed with non retryable > error: Cannot add or update a child row: a foreign key constraint fails > (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`pid`) REFERENCES `person` > (`pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT INTO > `node` ( `autoreg`, `bandwidth_balance`, `bypass_acls`, `bypass_role_id`, > `bypass_vlan`, `category_id`, `computername`, `detect_date`, > `device_class`, `device_manufacturer`, `device_score`, `device_type`, > `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, > `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, > `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, > `sessionid`, `status`, `time_balance`, `unregdate`, `user_agent`, `voip`) > VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, > ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY UPDATE `autoreg` = ?, > `last_seen` = ?, `pid` = ?]{yes, NULL, NULL, NULL, NULL, NULL, NULL, > 2023-04-17 14:46:50, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > -00-00 00:00:00, -00-00 00:00:00, 2023-04-17 15:35:12, -00-00 > 00:00:00, b4:45:06:5c:08:d7, NULL, NULL, DOMAIN\UserName , -00-00 > 00:00:00, NULL, unreg, NULL, -00-00 00:00:00, NULL, no, yes, 2023-04-17 > 15:35:12, DOMAIN\UserName } (pf::dal::db_execute) > Apr 17 15:35:12 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > ERROR: [mac:b4:45:06:5c:08:d7] Cannot save b4:45:06:5c:08:d7 error (500) > (pf::radius::authorize) > Apr 17 15:35:25 packetfence httpd.aaa-docker-wrapper[3008]: httpd.aaa(7) > INFO: [mac:b4:45:06:5c:08:d7] handling radius autz request: from switch_ip > =>