Re: [PacketFence-users] Machine authentication not getting role

Mon, 14 Aug 2017 07:04:53 -0700

Hi Ludovic. Thanks. I'm using machine authentication against active directory. Right now I'm trying to get a catch all rule to assign a role just to make sure I have that part working, so that I can ultimately assign different roles according to the OU that the machine account resides in. Right now I'm not testing for the ou, just assigning a role to test that my rule works.

In the packetfence log I see the authentication success, but no role assignment. 

Machine auth works, as I can autoregister and I get on the management network, but any role I put in the authentication rule doesn't get assigned to the machine.

Thanks
Darryl




-------- Original message --------
From: Ludovic Zammit via PacketFence-users <[email protected]>
Date: 8/14/17 7:47 AM (GMT-05:00)
Cc: Ludovic Zammit <[email protected]>
Subject: Re: [PacketFence-users] Machine authentication not getting role

PS: /usr/local/pf/bin/pftest authentication username password

You can put "" if you don't want to display the password in the CLI.

Thanks,
Ludovic Zammit
[email protected] ::  +1.514.447.4918 (x145) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)



On Aug 14, 2017, at 7:43 AM, Ludovic Zammit via PacketFence-users <[email protected]> wrote:

Hello,

Are you doing user authentication ? If yes, please check the tool /usr/local/pf/bin/pftest username password you will see if your username bring any access settings.

If you check in the /usr/local/pf/logs/packetfence.log you should be able to see all the action taken after the radius request.

Thanks,
Ludovic Zammit
[email protected] ::  +1.514.447.4918 (x145) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)



On Aug 11, 2017, at 4:13 PM, Sokolowski, Darryl via PacketFence-users <[email protected]> wrote:

Hi everyone,
Can anyone help me with this please?
I have the machine authentication source looking at active directory,  and a rule to assign role and access duration.
I am able to automatically register the device via machine authentication, but I can’t get the role assigned when it registers.
On the switch I see 
%AUTHMGR-5-START: Starting 'dot1x' for client
%DOT1X-5-SUCCESS: Authentication successful for client
%AUTHMGR-5-SUCCESS: Authorization succeeded for client
 
But the role is not sent.
 
Raddebug shows the correct realm is identified and used, and the machine authentication source is defined in the realm.
 
In the nodes in packetfence, I see the node is registered with the owner as the machine name but no role is assigned.
 
I don’t know what I’m missing.
 
Thanks
Darryl
 
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to