Hello Denis, can you try that:
./pftest authentication denis.bonnenfant password and see if the user match a source and a rule ? Regards Fabrice Le 2014-10-07 10:36, denis bonnenfant a écrit : > Le 26/09/2014 18:26, denis.bonnenfant a écrit : >> Hi, >> >> I had a setup with 802.1x and ldap auth sources with ldap-based rules >> for vlan selection. It used to work quite well, but after 4.3 and now >> 4.4 upgrade, internal auth rules never get evaluated by >> httpd.webservices when an user connects. >> Note that radius 802.1x ldap auth works perfectly. But then there are no >> source matching, and the role is always the node's one. >> > I answer the question again, as i'm getting really stuck with this > problem. > I removed all my sources and create it again, removed vlan_filters, and > the result is still the same : roles from auth sources never gets > evaluated during 802.1x connexion. I tried with catchall rules in > sources, it was exactly the same. >> See log : >> >> Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] >> handling radius autz request: from switch_ip => (172.16.1.136), >> connection_type => Wireless-802.11-EAP,switch_mac => >> (00:60:b3:d0:96:fa), mac => [44:74:6c:50:25:e7], port => 1, username => >> "denis.bonnenfant" (pf::radius::authorize) >> Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] >> Username was NOT defined or unable to match a role - returning node >> based role 'mobiles_profs' (pf::vlan::getNormalVlan) > I don't understand this line : why "Username not defined", as it is > displayed just one line before in the log ? Is it a problem with some > config file from my radius conf being erased during update ? how > username is passed from radius auth to getnormalvlan ? Is there any > changes here in 4.3 or 4.4 ? > >> Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] PID: >> "denis.bonnenfant", Status: reg. Returned VLAN: 150 >> (pf::vlan::fetchVlanForNode) >> Sep 26 18:06:19 httpd.webservices(23455) INFO: [44:74:6c:50:25:e7] >> (172.16.1.136) Returning ACCEPT with VLAN 150 and role >> (pf::Switch::returnRadiusAccessAccept) >> >> > Thanks in advance for help ! > > > Denis Bonnenfant > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
