Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-15 Thread E.P. via PacketFence-users 
Ok, let’s try tackle this issue again.

As Fabrice suggested me initially I was supposed to install two patches.

I did my best but as Ian rightfully noticed I don’t have them applied properly.

Is there anything else I can do to forcefully install them ?

Moreover, do they really have to do with an error in matching conditions ?

Once again, this is what I see in packetfence.log file about it

 

+

Mar 15 07:40:23 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) INFO: 
[mac:3c:2e:ff:3b:c7:ca] Instantiate profile Staff-connection-profile 
(pf::Connection::ProfileFactory::_from_profile)

Mar 15 07:40:23 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) INFO: 
[mac:3c:2e:ff:3b:c7:ca] Found authentication source(s) : 'OPTIONS-AD-SOURCE' 
for realm 'options' (pf::config::util::filter_authentication_sources)

Mar 15 07:40:23 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) WARN: 
[mac:3c:2e:ff:3b:c7:ca] Calling match with empty/invalid rule class. Defaulting 
to 'authentication' (pf::authentication::match2)

Mar 15 07:40:23 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) INFO: 
[mac:3c:2e:ff:3b:c7:ca] Using sources OPTIONS-AD-SOURCE for matching 
(pf::authentication::match2)

++

 

And here’s an extract from authentication.conf file defining my source

 

+++

 

[OPTIONS-AD-SOURCE]

cache_match=0

read_timeout=10

realms=options

password=

scope=base

binddn=CN=ADintegrator,CN=Users,DC=options,DC=bc,DC=ca

port=389

description=Options-AD-Source

write_timeout=5

type=AD

basedn=CN=Users,DC=options,DC=bc,DC=ca

set_access_level_action=

usernameattribute=sAMAccountName

connection_timeout=5

stripped_user_name=no

encryption=none

host=172.16.0.104

email_attribute=mail

 

[OPTIONS-AD-SOURCE rule Staff-WiFi]

action0=set_role=Staff

condition0=memberOf,equals,CN=Staff-WiFi,CN=Users,DC=options,DC=bc,DC=ca

match=any

class=authentication

action1=set_unreg_date=2019-12-31

description=Evaluates Staff-WiFi AD group membership

++

 

Eugene

 

From: E.P. [mailto:ype...@gmail.com] 
Sent: Tuesday, March 13, 2018 6:46 PM
To: packetfence-users@lists.sourceforge.net
Cc: 'Ian MacDonald' 
Subject: RE: [PacketFence-users] No roles assignment and no rules matching in 
the authentication source

 

Hi Ian,

I’d love to make sure that the patch is applied properly and that’s why I sent 
the output to this list hoping to hear from Fabrice (someone) as to why it 
failed. I have no idea honestly what is going on. The patch didn’t want to 
apply via curl command and I pulled it by wget.

Then tried to apply it as shown below and the results are also shown.

Sort of desperate already and leaving a hope that PF is a solution free of 
surprises/unknowns and an excessive administrative overhead.

 

Eugene

 

 

From: Ian MacDonald via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Monday, March 12, 2018 10:17 AM
To: packetfence-users@lists.sourceforge.net 
 
Cc: Ian MacDonald  >
Subject: Re: [PacketFence-users] No roles assignment and no rules matching in 
the authentication source

 

Eugene, 

 

On the note of patch application;  Are you sure you applied the entire patch? 
The output of your patching below indicates 3 hunks that still need to be 
manually applied. 

 

cheers,

Ian 

 

 [root@PacketFence-ZEN pf]# patch -p1 < 
./34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff

 patching file lib/pf/config.pm   

 Hunk #1 succeeded at 326 (offset 5 lines).

 Hunk #2 FAILED at 947.

 1 out of 2 hunks FAILED -- saving rejects to file lib/pf/config.pm.rej

 

 

 [root@PacketFence-ZEN pf]# patch -p1 < 
1eef967ad1ee589136a097166c440cb30107ddfb.diff

 patching file lib/pf/enforcement.pm   

 Reversed (or previously applied) patch detected!  Assume -R? [n] n

 Apply anyway? [n] y

 Hunk #1 FAILED at 43.

 Hunk #2 FAILED at 169.

 2 out of 2 hunks FAILED -- saving rejects to file lib/pf/enforcement.pm.rej

 

On Sun, Mar 11, 2018 at 6:44 PM, E.P. via PacketFence-users 
 > wrote:

And also this issue still bothers me, Fabrice.

I applied the patch but it is all about deauthentication

What does it have to do with role assignment and not matching conditions in the 
authentication source?

Is there any other logs or outputs to analyze to find the root cause ?

 

Eugene

 

From: Fabrice Durand [mailto:fdur...@inverse.ca  ] 
Sent: Thursday, March 08, 2018 11:30 AM


To: E.P.  >;

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-12 Thread Ian MacDonald via PacketFence-users 
Eugene,

On the note of patch application;  Are you sure you applied the entire
patch? The output of your patching below indicates 3 hunks that still need
to be manually applied.

cheers,
Ian

 [root@PacketFence-ZEN pf]# patch -p1 <
./34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff
 patching file lib/pf/config.pm
 Hunk #1 succeeded at 326 (offset 5 lines).
 Hunk #2 FAILED at 947.
 1 out of 2 hunks FAILED -- saving rejects to file lib/pf/config.pm.rej


 [root@PacketFence-ZEN pf]# patch -p1 <
1eef967ad1ee589136a097166c440cb30107ddfb.diff
 patching file lib/pf/enforcement.pm
 Reversed (or previously applied) patch detected!  Assume -R? [n] n
 Apply anyway? [n] y
 Hunk #1 FAILED at 43.
 Hunk #2 FAILED at 169.
 2 out of 2 hunks FAILED -- saving rejects to file lib/pf/enforcement.pm.rej

On Sun, Mar 11, 2018 at 6:44 PM, E.P. via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> And also this issue still bothers me, Fabrice.
>
> I applied the patch but it is all about deauthentication
>
> What does it have to do with role assignment and not matching conditions
> in the authentication source?
>
> Is there any other logs or outputs to analyze to find the root cause ?
>
>
>
> Eugene
>
>
>
> *From:* Fabrice Durand [mailto:fdur...@inverse.ca]
> *Sent:* Thursday, March 08, 2018 11:30 AM
>
> *To:* E.P. ; packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] No roles assignment and no rules
> matching in the authentication source
>
>
>
> cd /usr/local/pf
>
> patch -p1 
>
>
>
> Le 2018-03-08 à 13:57, E.P. a écrit :
>
> And what file are we patching ?
>
>
>
> *patch -p1 < 1eef967ad1ee589136a097166c440cb30107ddfb.diff*
>
> *can't find file to patch at input line 5*
>
> *Perhaps you used the wrong -p or --strip option?*
>
> *The text leading up to this was:*
>
> *--*
>
> *|diff --git a/lib/pf/enforcement.pm 
> b/lib/pf/enforcement.pm *
>
> *|index 8ff56b4252b..05589bba682 100644*
>
> *|--- a/lib/pf/enforcement.pm *
>
> *|+++ b/lib/pf/enforcement.pm *
>
> *--*
>
> *File to patch:*
>
>
>
>
>
>
>
> *From:* Fabrice Durand [mailto:fdur...@inverse.ca ]
> *Sent:* Thursday, March 08, 2018 5:28 AM
> *To:* E.P.  ; packetfence-users@lists.
> sourceforge.net
> *Subject:* Re: [PacketFence-users] No roles assignment and no rules
> matching in the authentication source
>
>
>
> https://github.com/inverse-inc/packetfence/pull/2735/commits/
> 1eef967ad1ee589136a097166c440cb30107ddfb.diff is suppose to return that:
>
>
>
> diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
>
> index 8ff56b4252b..05589bba682 100644
>
> --- a/lib/pf/enforcement.pm
>
> +++ b/lib/pf/enforcement.pm
>
> @@ -43,6 +43,7 @@ use pf::config qw(
>
>  %connection_type_explained
>
>  $WIRED
>
>  $WIRELESS
>
> +$WEBAUTH
>
>  );
>
>  use pf::inline::custom $INLINE_API_LEVEL;
>
>  use pf::iptables;
>
> @@ -169,7 +170,7 @@ sub _vlan_reevaluation {
>
>  $client->notify( 'ReAssignVlan', %data );
>
>  }
>
>  }
>
> -elsif ( ( $conn_type & $WIRELESS ) == $WIRELESS ) {
>
> +elsif ( ( ( $conn_type & $WIRELESS ) == $WIRELESS ) || ( ( 
> $conn_type & $WEBAUTH ) == $WEBAUTH ) ) {
>
>  $logger->debug("Calling API with desAssociate request on switch 
> (".$switch_id.")");
>
>  if ($cluster_deauth) {
>
>  $client->notify( 'desAssociate_in_queue', %data );
>
>
>
> And it work on my side, so do wget instead and after patch -p1 <
> 1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Same for the other patch.
>
> Regards
>
> Fabrice
>
>
>
>
>
>
>
> Le 2018-03-08 à 00:48, E.P. a écrit :
>
> Am I applying this patch in the wrong way ?
>
>
>
> [root@PacketFence-ZEN conf]# curl https://github.com/inverse-
> inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440c
> b30107ddfb.diff | patch -p1
>
>
>   % Total% Received % Xferd  Average Speed   TimeTime Time
> Current
>
>  Dload  Upload   Total   SpentLeft
> Speed
>
> 100   1610   1610 0241  0 --:--:-- --:--:-- --:--:--
>  242
>
> patch unexpectedly ends in middle of line
>
> *patch:  Only garbage was found in the patch input.*
>
>
>
> [root@PacketFence-ZEN conf]# curl https://github.com/inverse-
> inc/packetfence/pull/2735/commits/34405d44b203ce2fd4a4dac435ff62
> d69c4ed00f.diff | patch -p1
>
>  % Total% Received % Xferd  Average Speed   TimeTime Time
> Current
>
>  Dload  Upload   Total   SpentLeft
> Speed
>
> 100   1610   1610 0218  0 --:--:-- --:--:-- --:--:--
> 218
>
> patch unexpectedly ends in middle of line
>
> *patch:  Only garbage was found in the patch input*
>
>
>
> wget seems to fetch this file
>
>
>
>

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-12 Thread E.P. via PacketFence-users 
And also this issue still bothers me, Fabrice.

I applied the patch but it is all about deauthentication

What does it have to do with role assignment and not matching conditions in
the authentication source?

Is there any other logs or outputs to analyze to find the root cause ?

 

Eugene

 

From: Fabrice Durand [mailto:fdur...@inverse.ca] 
Sent: Thursday, March 08, 2018 11:30 AM
To: E.P. ; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] No roles assignment and no rules matching
in the authentication source

 

cd /usr/local/pf

patch -p1 

 

Le 2018-03-08 à 13:57, E.P. a écrit :

And what file are we patching ?

 

patch -p1 < 1eef967ad1ee589136a097166c440cb30107ddfb.diff

can't find file to patch at input line 5

Perhaps you used the wrong -p or --strip option?

The text leading up to this was:

--

|diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm

|index 8ff56b4252b..05589bba682 100644

|--- a/lib/pf/enforcement.pm

|+++ b/lib/pf/enforcement.pm

--

File to patch:

 

 

 

From: Fabrice Durand [mailto:fdur...@inverse.ca] 
Sent: Thursday, March 08, 2018 5:28 AM
To: E.P.   ;
packetfence-users@lists.sourceforge.net
 
Subject: Re: [PacketFence-users] No roles assignment and no rules matching
in the authentication source

 

https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff is suppose to return that:

 

diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
index 8ff56b4252b..05589bba682 100644
--- a/lib/pf/enforcement.pm
+++ b/lib/pf/enforcement.pm
@@ -43,6 +43,7 @@ use pf::config qw(
 %connection_type_explained
 $WIRED
 $WIRELESS
+$WEBAUTH
 );
 use pf::inline::custom $INLINE_API_LEVEL;
 use pf::iptables;
@@ -169,7 +170,7 @@ sub _vlan_reevaluation {
 $client->notify( 'ReAssignVlan', %data );
 }
 }
-elsif ( ( $conn_type & $WIRELESS ) == $WIRELESS ) {
+elsif ( ( ( $conn_type & $WIRELESS ) == $WIRELESS ) || ( (
$conn_type & $WEBAUTH ) == $WEBAUTH ) ) {
 $logger->debug("Calling API with desAssociate request on switch
(".$switch_id.")");
 if ($cluster_deauth) {
 $client->notify( 'desAssociate_in_queue', %data );
 

And it work on my side, so do wget instead and after patch -p1 <
1eef967ad1ee589136a097166c440cb30107ddfb.diff

Same for the other patch.

Regards

Fabrice

 

 

 

Le 2018-03-08 à 00:48, E.P. a écrit :

Am I applying this patch in the wrong way ?

 

[root@PacketFence-ZEN conf]# curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff | patch -p1


  % Total% Received % Xferd  Average Speed   TimeTime Time
Current

 Dload  Upload   Total   SpentLeft
Speed

100   1610   1610 0241  0 --:--:-- --:--:-- --:--:--
242

patch unexpectedly ends in middle of line

patch:  Only garbage was found in the patch input.

 

[root@PacketFence-ZEN conf]# curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2
fd4a4dac435ff62d69c4ed00f.diff | patch -p1

 % Total% Received % Xferd  Average Speed   TimeTime Time
Current

 Dload  Upload   Total   SpentLeft
Speed

100   1610   1610 0218  0 --:--:-- --:--:-- --:--:--
218

patch unexpectedly ends in middle of line

patch:  Only garbage was found in the patch input

 

wget seems to fetch this file

 

[root@PacketFence-ZEN conf]# wget
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff 

--2018-03-08 05:45:34--
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff

Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112

Connecting to github.com (github.com)|192.30.253.113|:443... connected.

HTTP request sent, awaiting response... 302 Found

Location:
https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c
440cb30107ddfb.diff [following]

--2018-03-08 05:45:35--
https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c
440cb30107ddfb.diff

Reusing existing connection to github.com:443.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/plain]

Saving to: '1eef967ad1ee589136a097166c440cb30107ddfb.diff'

[ <=>
] 831 --.-K/s   in 0s  

2018-03-08 05:45:35 (59.3 MB/s) -
'1eef967ad1ee589136a097166c440cb30107ddfb.diff' saved [831]

 

Eugene

 

From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Wednesday, March 07, 2018 2:08 PM
To: packetfence-users@lists.sourceforge.net
 
Cc: Fabrice Durand

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-08 Thread Fabrice Durand via PacketFence-users 
cd /usr/local/pf

patch -p1 


Le 2018-03-08 à 13:57, E.P. a écrit :
>
> And what file are we patching ?
>
>  
>
> /patch -p1 < 1eef967ad1ee589136a097166c440cb30107ddfb.diff/
>
> /can't find file to patch at input line 5/
>
> /Perhaps you used the wrong -p or --strip option?/
>
> /The text leading up to this was:/
>
> /--/
>
> /|diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm/
>
> /|index 8ff56b4252b..05589bba682 100644/
>
> /|--- a/lib/pf/enforcement.pm/
>
> /|+++ b/lib/pf/enforcement.pm/
>
> /--/
>
> /File to patch:/
>
>  
>
>  
>
>  
>
> *From:*Fabrice Durand [mailto:fdur...@inverse.ca]
> *Sent:* Thursday, March 08, 2018 5:28 AM
> *To:* E.P. ; packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] No roles assignment and no rules
> matching in the authentication source
>
>  
>
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
> is suppose to return that:
>
>  
>
> diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
> index 8ff56b4252b..05589bba682 100644
> --- a/lib/pf/enforcement.pm
> +++ b/lib/pf/enforcement.pm
> @@ -43,6 +43,7 @@ use pf::config qw(
>  %connection_type_explained
>  $WIRED
>  $WIRELESS
> +    $WEBAUTH
>  );
>  use pf::inline::custom $INLINE_API_LEVEL;
>  use pf::iptables;
> @@ -169,7 +170,7 @@ sub _vlan_reevaluation {
>  $client->notify( 'ReAssignVlan', %data );
>  }
>  }
> -    elsif ( ( $conn_type & $WIRELESS ) == $WIRELESS ) {
> +    elsif ( ( ( $conn_type & $WIRELESS ) == $WIRELESS ) || ( ( 
> $conn_type & $WEBAUTH ) == $WEBAUTH ) ) {
>  $logger->debug("Calling API with desAssociate request on switch 
> (".$switch_id.")");
>  if ($cluster_deauth) {
>  $client->notify( 'desAssociate_in_queue', %data );
>  
>
> And it work on my side, so do wget instead and after patch -p1 <
> 1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Same for the other patch.
>
> Regards
>
> Fabrice
>
>  
>
>  
>
>  
>
> Le 2018-03-08 à 00:48, E.P. a écrit :
>
> Am I applying this patch in the wrong way ?
>
>  
>
> [root@PacketFence-ZEN conf]# curl
> 
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
> | patch -p1 
>    
>
>   % Total    % Received % Xferd  Average Speed   Time    Time
> Time  Current
>
>  Dload  Upload   Total   Spent   
> Left  Speed
>
> 100   161    0   161    0 0    241  0 --:--:-- --:--:--
> --:--:--   242
>
> patch unexpectedly ends in middle of line
>
> *patch:  Only garbage was found in the patch input.*
>
>  
>
> [root@PacketFence-ZEN conf]# curl
> 
> https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff
> | patch -p1
>
>  % Total    % Received % Xferd  Average Speed   Time    Time
> Time  Current
>
>  Dload  Upload   Total   Spent   
> Left  Speed
>
> 100   161    0   161    0 0    218  0 --:--:-- --:--:--
> --:--:--   218
>
> patch unexpectedly ends in middle of line
>
> *patch:  Only garbage was found in the patch input*
>
>  
>
> wget seems to fetch this file
>
>  
>
> [root@PacketFence-ZEN conf]# wget
> 
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
>
> --2018-03-08 05:45:34-- 
> 
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
>
> Connecting to github.com (github.com)|192.30.253.113|:443...
> connected.
>
> HTTP request sent, awaiting response... 302 Found
>
> Location:
> 
> https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c440cb30107ddfb.diff
> [following]
>
> --2018-03-08 05:45:35-- 
> 
> https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Reusing existing connection to github.com:443.
>
> HTTP request sent, awaiting response... 200 OK
>
> Length: unspecified [text/plain]
>
> Saving to: '1eef967ad1ee589136a097166c440cb30107ddfb.diff'
>
>     [
> <=>   
>   
> 
> ] 831 --.-K/s   in 0s 
>
> 2018-03-08 05:45:35 (59.3 MB/s) -
> '1eef967ad1ee589136a097166c440cb30107ddfb.diff' saved [831]
>
>  
>
> Eugene
>
>  
>
> *From:*Fabrice Durand via PacketFence-users
>

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-08 Thread E.P. via PacketFence-users 
And what file are we patching ?

 

patch -p1 < 1eef967ad1ee589136a097166c440cb30107ddfb.diff

can't find file to patch at input line 5

Perhaps you used the wrong -p or --strip option?

The text leading up to this was:

--

|diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm

|index 8ff56b4252b..05589bba682 100644

|--- a/lib/pf/enforcement.pm

|+++ b/lib/pf/enforcement.pm

--

File to patch:

 

 

 

From: Fabrice Durand [mailto:fdur...@inverse.ca] 
Sent: Thursday, March 08, 2018 5:28 AM
To: E.P. ; packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] No roles assignment and no rules matching
in the authentication source

 

https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff is suppose to return that:

 

diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
index 8ff56b4252b..05589bba682 100644
--- a/lib/pf/enforcement.pm
+++ b/lib/pf/enforcement.pm
@@ -43,6 +43,7 @@ use pf::config qw(
 %connection_type_explained
 $WIRED
 $WIRELESS
+$WEBAUTH
 );
 use pf::inline::custom $INLINE_API_LEVEL;
 use pf::iptables;
@@ -169,7 +170,7 @@ sub _vlan_reevaluation {
 $client->notify( 'ReAssignVlan', %data );
 }
 }
-elsif ( ( $conn_type & $WIRELESS ) == $WIRELESS ) {
+elsif ( ( ( $conn_type & $WIRELESS ) == $WIRELESS ) || ( (
$conn_type & $WEBAUTH ) == $WEBAUTH ) ) {
 $logger->debug("Calling API with desAssociate request on switch
(".$switch_id.")");
 if ($cluster_deauth) {
 $client->notify( 'desAssociate_in_queue', %data );
 

And it work on my side, so do wget instead and after patch -p1 <
1eef967ad1ee589136a097166c440cb30107ddfb.diff

Same for the other patch.

Regards

Fabrice

 

 

 

Le 2018-03-08 à 00:48, E.P. a écrit :

Am I applying this patch in the wrong way ?

 

[root@PacketFence-ZEN conf]# curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff | patch -p1


  % Total% Received % Xferd  Average Speed   TimeTime Time
Current

 Dload  Upload   Total   SpentLeft
Speed

100   1610   1610 0241  0 --:--:-- --:--:-- --:--:--
242

patch unexpectedly ends in middle of line

patch:  Only garbage was found in the patch input.

 

[root@PacketFence-ZEN conf]# curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2
fd4a4dac435ff62d69c4ed00f.diff | patch -p1

 % Total% Received % Xferd  Average Speed   TimeTime Time
Current

 Dload  Upload   Total   SpentLeft
Speed

100   1610   1610 0218  0 --:--:-- --:--:-- --:--:--
218

patch unexpectedly ends in middle of line

patch:  Only garbage was found in the patch input

 

wget seems to fetch this file

 

[root@PacketFence-ZEN conf]# wget
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff 

--2018-03-08 05:45:34--
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff

Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112

Connecting to github.com (github.com)|192.30.253.113|:443... connected.

HTTP request sent, awaiting response... 302 Found

Location:
https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c
440cb30107ddfb.diff [following]

--2018-03-08 05:45:35--
https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c
440cb30107ddfb.diff

Reusing existing connection to github.com:443.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/plain]

Saving to: '1eef967ad1ee589136a097166c440cb30107ddfb.diff'

[ <=>
] 831 --.-K/s   in 0s  

2018-03-08 05:45:35 (59.3 MB/s) -
'1eef967ad1ee589136a097166c440cb30107ddfb.diff' saved [831]

 

Eugene

 

From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Wednesday, March 07, 2018 2:08 PM
To: packetfence-users@lists.sourceforge.net
 
Cc: Fabrice Durand   
Subject: Re: [PacketFence-users] No roles assignment and no rules matching
in the authentication source

 

Hello Eugene,

i suppose you apply the PR 2735 on github.

I have push 2 new commits so can you try to apply them and make another try
?

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff | patch -p1

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2
fd4a4dac435ff62d69c4ed00f.diff | patch -p1

Regards
Fabrice

Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit :

There’s another challenge in the endless string of them…

My PEAP connection from Windows

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-08 Thread Fabrice Durand via PacketFence-users 
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
is suppose to return that:


diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm
index 8ff56b4252b..05589bba682 100644
--- a/lib/pf/enforcement.pm
+++ b/lib/pf/enforcement.pm
@@ -43,6 +43,7 @@ use pf::config qw(
 %connection_type_explained
 $WIRED
 $WIRELESS
+$WEBAUTH
 );
 use pf::inline::custom $INLINE_API_LEVEL;
 use pf::iptables;
@@ -169,7 +170,7 @@ sub _vlan_reevaluation {
 $client->notify( 'ReAssignVlan', %data );
 }
 }
-elsif ( ( $conn_type & $WIRELESS ) == $WIRELESS ) {
+elsif ( ( ( $conn_type & $WIRELESS ) == $WIRELESS ) || ( ( $conn_type 
& $WEBAUTH ) == $WEBAUTH ) ) {
 $logger->debug("Calling API with desAssociate request on switch 
(".$switch_id.")");
 if ($cluster_deauth) {
 $client->notify( 'desAssociate_in_queue', %data );

And it work on my side, so do wget instead and after patch -p1 <
1eef967ad1ee589136a097166c440cb30107ddfb.diff

Same for the other patch.

Regards

Fabrice




Le 2018-03-08 à 00:48, E.P. a écrit :
>
> Am I applying this patch in the wrong way ?
>
>  
>
> [root@PacketFence-ZEN conf]# curl
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
> | patch -p1 
>    
>
>   % Total    % Received % Xferd  Average Speed   Time    Time
> Time  Current
>
>  Dload  Upload   Total   Spent   
> Left  Speed
>
> 100   161    0   161    0 0    241  0 --:--:-- --:--:--
> --:--:--   242
>
> patch unexpectedly ends in middle of line
>
> *patch:  Only garbage was found in the patch input.*
>
>  
>
> [root@PacketFence-ZEN conf]# curl
> https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff
> | patch -p1
>
>  % Total    % Received % Xferd  Average Speed   Time    Time Time 
> Current
>
>  Dload  Upload   Total   Spent   
> Left  Speed
>
> 100   161    0   161    0 0    218  0 --:--:-- --:--:--
> --:--:--   218
>
> patch unexpectedly ends in middle of line
>
> *patch:  Only garbage was found in the patch input*
>
>  
>
> wget seems to fetch this file
>
>  
>
> [root@PacketFence-ZEN conf]# wget
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
>
> --2018-03-08 05:45:34-- 
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112
>
> Connecting to github.com (github.com)|192.30.253.113|:443... connected.
>
> HTTP request sent, awaiting response... 302 Found
>
> Location:
> https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c440cb30107ddfb.diff
> [following]
>
> --2018-03-08 05:45:35-- 
> https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c440cb30107ddfb.diff
>
> Reusing existing connection to github.com:443.
>
> HTTP request sent, awaiting response... 200 OK
>
> Length: unspecified [text/plain]
>
> Saving to: '1eef967ad1ee589136a097166c440cb30107ddfb.diff'
>
>     [
> <=>   
>   
> 
> ] 831 --.-K/s   in 0s 
>
> 2018-03-08 05:45:35 (59.3 MB/s) -
> '1eef967ad1ee589136a097166c440cb30107ddfb.diff' saved [831]
>
>  
>
> Eugene
>
>  
>
> *From:*Fabrice Durand via PacketFence-users
> [mailto:packetfence-users@lists.sourceforge.net]
> *Sent:* Wednesday, March 07, 2018 2:08 PM
> *To:* packetfence-users@lists.sourceforge.net
> *Cc:* Fabrice Durand 
> *Subject:* Re: [PacketFence-users] No roles assignment and no rules
> matching in the authentication source
>
>  
>
> Hello Eugene,
>
> i suppose you apply the PR 2735 on github.
>
> I have push 2 new commits so can you try to apply them and make
> another try ?
>
> curl
> https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
> | patch -p1
>
> curl
> https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff
> | patch -p1
>
> Regards
> Fabrice
>
> Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit :
>
> There’s another challenge in the endless string of them…
>
> My PEAP connection from Windows based supplicant lands on the
> connection profile and wheels start rotating, i.e. the profile
> uses the authentication source
>
> The connection and authentication completes but there’s no role
> assignment and I see that my conditions are not matched.
>
> Here’s an extract from packetfence.log
>
>  
>
> 
>

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-08 Thread E.P. via PacketFence-users 
Am I applying this patch in the wrong way ?

 

[root@PacketFence-ZEN conf]# curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff | patch -p1


  % Total% Received % Xferd  Average Speed   TimeTime Time
Current

 Dload  Upload   Total   SpentLeft
Speed

100   1610   1610 0241  0 --:--:-- --:--:-- --:--:--
242

patch unexpectedly ends in middle of line

patch:  Only garbage was found in the patch input.

 

[root@PacketFence-ZEN conf]# curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2
fd4a4dac435ff62d69c4ed00f.diff | patch -p1

 % Total% Received % Xferd  Average Speed   TimeTime Time
Current

 Dload  Upload   Total   SpentLeft
Speed

100   1610   1610 0218  0 --:--:-- --:--:-- --:--:--
218

patch unexpectedly ends in middle of line

patch:  Only garbage was found in the patch input

 

wget seems to fetch this file

 

[root@PacketFence-ZEN conf]# wget
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff 

--2018-03-08 05:45:34--
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff

Resolving github.com (github.com)... 192.30.253.113, 192.30.253.112

Connecting to github.com (github.com)|192.30.253.113|:443... connected.

HTTP request sent, awaiting response... 302 Found

Location:
https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c
440cb30107ddfb.diff [following]

--2018-03-08 05:45:35--
https://github.com/inverse-inc/packetfence/commit/1eef967ad1ee589136a097166c
440cb30107ddfb.diff

Reusing existing connection to github.com:443.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/plain]

Saving to: '1eef967ad1ee589136a097166c440cb30107ddfb.diff'

[ <=>
] 831 --.-K/s   in 0s  

2018-03-08 05:45:35 (59.3 MB/s) -
'1eef967ad1ee589136a097166c440cb30107ddfb.diff' saved [831]

 

Eugene

 

From: Fabrice Durand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net] 
Sent: Wednesday, March 07, 2018 2:08 PM
To: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Subject: Re: [PacketFence-users] No roles assignment and no rules matching
in the authentication source

 

Hello Eugene,

i suppose you apply the PR 2735 on github.

I have push 2 new commits so can you try to apply them and make another try
?

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589
136a097166c440cb30107ddfb.diff | patch -p1

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2
fd4a4dac435ff62d69c4ed00f.diff | patch -p1

Regards
Fabrice

Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit :

There’s another challenge in the endless string of them…

My PEAP connection from Windows based supplicant lands on the connection
profile and wheels start rotating, i.e. the profile uses the authentication
source

The connection and authentication completes but there’s no role assignment
and I see that my conditions are not matched.

Here’s an extract from packetfence.log

 


++

Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) INFO:
[mac:70:1a:04:2c:52:ff] handling radius autz request: from switch_ip =>
(172.19.254.2), connection_type => Wireless-802.11-EAP,switch_mac => (

24:a4:3c:5e:c1:00), mac => [70:1a:04:2c:52:ff], port => 0, username =>
"OPTIONS\test", ssid => SecStaff (pf::radius::authorize)

Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
ERROR: [mac:70:1a:04:2c:52:ff] Can't bind : IO::Socket::INET: connect:
Connection refused

(pf::ip4log::_get_lease_from_omapi)

Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) INFO:
[mac:70:1a:04:2c:52:ff] Instantiate profile Staff-connection-profile
(pf::Connection::ProfileFactory::_from_profile)

Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) INFO:
[mac:70:1a:04:2c:52:ff] Found authentication source(s) : 'OPTIONS-AD-SOURCE'
for realm 'default' (pf::config::util::filter_authentication_sour

ces)

Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) WARN:
[mac:70:1a:04:2c:52:ff] Calling match with empty/invalid rule class.
Defaulting to 'authentication' (pf::authentication::match2)

Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) INFO:
[mac:70:1a:04:2c:52:ff] Using sources OPTIONS-AD-SOURCE for matching
(pf::authentication::match2)

Mar  5 07:43:32 PacketFence-ZEN pfqueue: pfqueue(16161) INFO: [mac:unknown]
undefined source id provided (pf::lookup::person::lookup_person)

Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653) WARN:
[mac:70:1a:04:2c:52:ff] Can't find

Re: [PacketFence-users] No roles assignment and no rules matching in the authentication source

2018-03-07 Thread Fabrice Durand via PacketFence-users 
Hello Eugene,

i suppose you apply the PR 2735 on github.

I have push 2 new commits so can you try to apply them and make another
try ?

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/1eef967ad1ee589136a097166c440cb30107ddfb.diff
| patch -p1

curl
https://github.com/inverse-inc/packetfence/pull/2735/commits/34405d44b203ce2fd4a4dac435ff62d69c4ed00f.diff
| patch -p1

Regards
Fabrice

Le 2018-03-06 à 22:53, E.P. via PacketFence-users a écrit :
>
> There’s another challenge in the endless string of them…
>
> My PEAP connection from Windows based supplicant lands on the
> connection profile and wheels start rotating, i.e. the profile uses
> the authentication source
>
> The connection and authentication completes but there’s no role
> assignment and I see that my conditions are not matched.
>
> Here’s an extract from packetfence.log
>
>  
>
> ++
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] handling radius autz request: from
> switch_ip => (172.19.254.2), connection_type =>
> Wireless-802.11-EAP,switch_mac => (
>
> 24:a4:3c:5e:c1:00), mac => [70:1a:04:2c:52:ff], port => 0, username =>
> "OPTIONS\test", ssid => SecStaff (pf::radius::authorize)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> ERROR: [mac:70:1a:04:2c:52:ff] */Can't bind : IO::Socket::INET:
> connect: Connection refused/*
>
> (pf::ip4log::_get_lease_from_omapi)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Instantiate profile
> Staff-connection-profile (pf::Connection::ProfileFactory::_from_profile)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Found authentication source(s) :
> 'OPTIONS-AD-SOURCE' for realm 'default'
> (pf::config::util::filter_authentication_sour
>
> ces)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] */Calling match with empty/invalid rule
> class. Defaulting to 'authentication' (pf::authentication::match2)/*
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Using sources OPTIONS-AD-SOURCE for
> matching (pf::authentication::match2)
>
> Mar  5 07:43:32 PacketFence-ZEN pfqueue: pfqueue(16161) INFO:
> [mac:unknown] undefined source id provided
> (pf::lookup::person::lookup_person)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Can't find provisioner for
> 70:1a:04:2c:52:ff since we don't have it's OS
> (pf::Connection::Profile::findProvisioner)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Use of uninitialized value in string eq
> at /usr/local/pf/lib/pf/role.pm line 728.
>
> (pf::role::_check_bypass)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Connection type is WIRELESS_MAC_AUTH.
> Getting role from node_info (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> WARN: [mac:70:1a:04:2c:52:ff] Use of uninitialized value $role in
> concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 476.
>
> (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Username was NOT defined or unable to
> match a role - returning node based role '' (pf::role::getRegisteredRole)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] PID: "OPTIONS\test", Status: reg
> Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] violation 133 force-closed for
> 70:1a:04:2c:52:ff (pf::violation::violation_force_close)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> ERROR: [mac:70:1a:04:2c:52:ff] Can't bind : IO::Socket::INET: connect:
> Connection refused
>
> (pf::ip4log::_get_lease_from_omapi)
>
> Mar  5 07:43:32 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(1653)
> INFO: [mac:70:1a:04:2c:52:ff] Instantiate profile
> Staff-connection-profile (pf::Connection::ProfileFactory::_from_profile)
>
> Mar  5 07:43:33 PacketFence-ZEN pfqueue: pfqueue(16150) ERROR:
> [mac:34:17:eb:de:f0:b4] Can't bind : IO::Socket::INET: connect:
> Connection refused
>
> +
>
>  
>
> Why do I see all those errors? Why do I see the connection is refused,
> e.g. Can't bind : IO::Socket::INET: connect: Connection refused
>
> Why there’s no matching, e.g. Calling match with empty/invalid rule class
>
>  
>
> Here’s an extract from