Re: [PacketFence-users] PacketFence 8

Fabrice Durand via PacketFence-users Wed, 02 May 2018 09:31:59 -0700

Hello Jeimerson,

it looks that your authentication source doesn't return any role.

Create a rule and assign a role and an access duration in yourauthentication source.


Regards

Fabrice



Le 2018-05-02 à 11:59, Jeimerson C. Chaves via PacketFence-users a écrit :

Hi, all.


In tests with PacketFence 8. i not sucess login.

Log


May  2 15:48:44 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:[undef]] CLI Access is not permit on this switch
10.190.90.25 (pf::radius::switch_access)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.25), connection_type =>
Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac =>
[00:0c:29:75:9d:61], port => 10010, username =>
"administra...@samba.nac" (pf::radius::authorize)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through
discovery protocols for ifIndex 10010
(pf::Switch::getPhonesDPAtIfIndex)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:48:48 PacketFence-ZEN pfqueue: pfqueue(4059) INFO:
[mac:unknown] undefined source id provided
(pf::lookup::person::lookup_person)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 731.
  (pf::role::_check_bypass)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478.
  (pf::role::getRegisteredRole)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to
match a role - returning node based role ''
(pf::role::getRegisteredRole)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status:
reg Returned VLAN: (undefined), Role: (undefined)
(pf::role::fetchRoleForNode)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 768.
  (pf::Switch::getVlanByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
771.
  (pf::Switch::getVlanByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in
conf/switches.conf for the switch 10.190.90.25
(pf::Switch::getVlanByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 751.
  (pf::Switch::getRoleByName)
May  2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
754.
  (pf::Switch::getRoleByName)
May  2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] violation 1300003 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.25), connection_type =>
Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac =>
[00:0c:29:75:9d:61], port => 10010, username =>
"administra...@samba.nac" (pf::radius::authorize)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through
discovery protocols for ifIndex 10010
(pf::Switch::getPhonesDPAtIfIndex)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 731.
  (pf::role::_check_bypass)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:51:41 PacketFence-ZEN pfqueue: pfqueue(5057) INFO:
[mac:unknown] undefined source id provided
(pf::lookup::person::lookup_person)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478.
  (pf::role::getRegisteredRole)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to
match a role - returning node based role ''
(pf::role::getRegisteredRole)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status:
reg Returned VLAN: (undefined), Role: (undefined)
(pf::role::fetchRoleForNode)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 768.
  (pf::Switch::getVlanByName)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
771.
  (pf::Switch::getVlanByName)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in
conf/switches.conf for the switch 10.190.90.25
(pf::Switch::getVlanByName)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 751.
  (pf::Switch::getRoleByName)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
754.
  (pf::Switch::getRoleByName)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] violation 1300003 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:52:03 PacketFence-ZEN pfipset[2121]:
t=2018-05-02T15:52:03+0000 lvl=info msg="Reloading ipsets" pid=2121
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from
switch_ip => (10.190.90.25), connection_type =>
Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac =>
[00:0c:29:75:9d:61], port => 10010, username =>
"administra...@samba.nac" (pf::radius::authorize)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through
discovery protocols for ifIndex 10010
(pf::Switch::getPhonesDPAtIfIndex)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule
class. Defaulting to 'authentication' (pf::authentication::match2)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq
at /usr/local/pf/lib/pf/role.pm line 731.
  (pf::role::_check_bypass)
May  2 15:52:30 PacketFence-ZEN pfqueue: pfqueue(5062) INFO:
[mac:unknown] undefined source id provided
(pf::lookup::person::lookup_person)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) :
'SAMBA.NAC' for realm 'samba.nac'
(pf::config::util::filter_authentication_sources)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching
(pf::authentication::match2)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in
concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478.
  (pf::role::getRegisteredRole)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to
match a role - returning node based role ''
(pf::role::getRegisteredRole)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status:
reg Returned VLAN: (undefined), Role: (undefined)
(pf::role::fetchRoleForNode)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 768.
  (pf::Switch::getVlanByName)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
771.
  (pf::Switch::getVlanByName)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in
conf/switches.conf for the switch 10.190.90.25
(pf::Switch::getVlanByName)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
hash element at /usr/local/pf/lib/pf/Switch.pm line 751.
  (pf::Switch::getRoleByName)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in
concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line
754.
  (pf::Switch::getRoleByName)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] violation 1300003 force-closed for
00:0c:29:75:9d:61 (pf::violation::violation_force_close)
May  2 15:52:30 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227)
INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
May  2 15:52:33 PacketFence-ZEN packetfence_httpd.webservices:
httpd.webservices(2253) INFO: [mac:[undef]] Sending fingerbank
component update to local queue.
(pf::api::fingerbank_update_component)

Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence 8

Reply via email to