Le 26/09/2014 18:26, denis.bonnenfant a écrit : > Hi, > > I had a setup with 802.1x and ldap auth sources with ldap-based rules > for vlan selection. It used to work quite well, but after 4.3 and now > 4.4 upgrade, internal auth rules never get evaluated by > httpd.webservices when an user connects. > Note that radius 802.1x ldap auth works perfectly. But then there are no > source matching, and the role is always the node's one. > I answer the question again, as i'm getting really stuck with this problem. I removed all my sources and create it again, removed vlan_filters, and the result is still the same : roles from auth sources never gets evaluated during 802.1x connexion. I tried with catchall rules in sources, it was exactly the same. > See log : > > Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] > handling radius autz request: from switch_ip => (172.16.1.136), > connection_type => Wireless-802.11-EAP,switch_mac => > (00:60:b3:d0:96:fa), mac => [44:74:6c:50:25:e7], port => 1, username => > "denis.bonnenfant" (pf::radius::authorize) > Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] > Username was NOT defined or unable to match a role - returning node > based role 'mobiles_profs' (pf::vlan::getNormalVlan) I don't understand this line : why "Username not defined", as it is displayed just one line before in the log ? Is it a problem with some config file from my radius conf being erased during update ? how username is passed from radius auth to getnormalvlan ? Is there any changes here in 4.3 or 4.4 ?
> Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] PID: > "denis.bonnenfant", Status: reg. Returned VLAN: 150 > (pf::vlan::fetchVlanForNode) > Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] > (172.16.1.136) Returning ACCEPT with VLAN 150 and role > (pf::Switch::returnRadiusAccessAccept) > > Thanks in advance for help ! Denis Bonnenfant ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
