Hi, I had a setup with 802.1x and ldap auth sources with ldap-based rules for vlan selection. It used to work quite well, but after 4.3 and now 4.4 upgrade, internal auth rules never get evaluated by httpd.webservices when an user connects. Note that radius 802.1x ldap auth works perfectly. But then there are no source matching, and the role is always the node's one.
The only changes made in my conf were to suppress custom.pm and replace it with vlan_filters for 802.1x autoregistration See log : Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] handling radius autz request: from switch_ip => (172.16.1.136), connection_type => Wireless-802.11-EAP,switch_mac => (00:60:b3:d0:96:fa), mac => [44:74:6c:50:25:e7], port => 1, username => "denis.bonnenfant" (pf::radius::authorize) Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] Username was NOT defined or unable to match a role - returning node based role 'mobiles_profs' (pf::vlan::getNormalVlan) Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] PID: "denis.bonnenfant", Status: reg. Returned VLAN: 150 (pf::vlan::fetchVlanForNode) Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] (172.16.1.136) Returning ACCEPT with VLAN 150 and role (pf::Switch::returnRadiusAccessAccept) Did i missed something during upgrade (debian packages)? Is there a way to increase verbosity for debugging purposes ? Thanks, denis Bonnenfant ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
