Hi Fabrice, Unfortunately, it is the same behavior. This time the owner is recognized but the profile is not getting set.
Best, Nadim On Wed, Feb 12, 2020 at 8:54 PM Nadim El-Khoury <nel-kho...@springfield.edu> wrote: > Hi Fabrice, > > Thank you for looking into this. > I am attaching two screenshots where the GUI shows that the source is > selected but it does not show up in the profiles.conf file. > I will manually make the change in the file and report back to you. > > Best, > > Nadim > > > On Wed, Feb 12, 2020 at 8:46 PM Durand fabrice <fdur...@inverse.ca> wrote: > >> Hello Nadim, >> >> there is no source associate to the sc-eduroam-profile profile, try that: >> >> # >> # Copyright (C) 2005-2019 Inverse inc. >> # >> # See the enclosed file COPYING for license information (GPL). >> # If you did not receive this file, see >> # http://www.fsf.org/licensing/licenses/gpl.html >> [default] >> autoregister=enabled >> sources=MSAD >> >> [sc-eduroam-profile] >> filter_match_style=all >> locale= >> description=Springfield College local eduroam connections >> filter=ssid:eduroam >> sources=MSAD >> >> [incoming-eduroam-connections] >> locale= >> sources=US-Eduroam-Servers >> filter=realm:eduroam >> description=Incoming Eduroam Connections >> # >> # Copyright (C) 2005-2019 Inverse inc. >> # >> # See the enclosed file COPYING for license information (GPL). >> # If you did not receive this file, see >> # http://www.fsf.org/licensing/licenses/gpl.html >> >> let me know if it's ok now. >> >> Regards >> >> Fabrice >> Le 20-02-12 à 08 h 11, Nadim El-Khoury a écrit : >> >> Hi Fabrice, >> >> Please note that I sanitized the authentication.conf file and removed the >> shared Radius key and the password to connect to our MS LDAP. Everything >> else is intact. >> >> Thank you very much for all your help and for looking at this issue. >> >> Best, >> >> Nadim >> >> On Tue, Feb 11, 2020 at 9:02 PM Durand fabrice <fdur...@inverse.ca> >> wrote: >> >>> It's still the same in the logs. >>> >>> Can you share your prifiles.conf and authentication.conf file ? >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 20-02-11 à 12 h 02, Nadim El-Khoury a écrit : >>> >>> Hi Fabrice, >>> >>> I am sorry to report that nothing works. I am still seeing the same >>> behavior. >>> I deleted all the connection profiles and just left the default one and >>> still nothing. >>> >>> I am attaching the packetfence.log file. >>> >>> Best, >>> >>> Nadim >>> >>> On Tue, Feb 11, 2020 at 8:31 AM Fabrice Durand <fdur...@inverse.ca> >>> wrote: >>> >>>> Ok so assign the default realm in the authentication source and/or the >>>> realm springfieldcollege.edu. >>>> Le 20-02-10 à 22 h 42, Nadim El-Khoury a écrit : >>>> >>>> Hi Fabrice, >>>> >>>> I want to thank you for taking the time to look into the log file. >>>> Yes, we have AD configured as an authentication source. I added it to >>>> the source in the connection profile and will test it in the morning and >>>> report back. >>>> >>>> Best, >>>> >>>> Nadim >>>> >>>> On Mon, Feb 10, 2020 at 8:31 PM Durand fabrice <fdur...@inverse.ca> >>>> wrote: >>>> >>>>> Hello Nadim, >>>>> >>>>> here what happen: >>>>> >>>>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>>>> [mac:a4:e9:75:4e:95:5d] handling radius autz request: from switch_ip => >>>>> (10.2.75.11), connection_type => Wireless-802.11-EAP,switch_mac => >>>>> (5c:5b:35:a8:10:33), mac => [a4:e9:75:4e:95:5d], port => 0, username => >>>>> "nel-kho...@springfieldcollege.edu" >>>>> <nel-kho...@springfieldcollege.edu>, ssid => eduroam >>>>> (pf::radius::authorize) >>>>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>>>> [mac:a4:e9:75:4e:95:5d] Instantiate profile non-sc-eduroam-users >>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>>>> [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' >>>>> springfieldcollege.edu' >>>>> (pf::config::util::filter_authentication_sources) >>>>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: >>>>> [mac:a4:e9:75:4e:95:5d] No category computed for autoreg >>>>> (pf::role::getNodeInfoForAutoReg) >>>>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) WARN: >>>>> [mac:a4:e9:75:4e:95:5d] Switch type 'pf::Switch::Generic' does not support >>>>> MABFloatingDevices (pf::SwitchSupports::__ANON__) >>>>> Feb 10 13:15:08 fennec packetfence_httpd.aaa: httpd.aaa(15955) INFO: >>>>> [mac:a4:e9:75:4e:95:5d] Found authentication source(s) : '' for realm ' >>>>> springfieldcollege.edu' >>>>> (pf::config::util::filter_authentication_sources) >>>>> >>>>> PacketFence instantiate the profile non-sc-eduroam-users but is not >>>>> able to find any sources to compute the rules. >>>>> >>>>> My assumption is that you enabled auto registration on the connection >>>>> profile but you didn't defined any sources. >>>>> >>>>> So edit the connection profile and assign an authentication source on >>>>> it (you probably have an AD one). >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> >>>>> >>>>> Le 20-02-10 à 14 h 34, Nadim El-Khoury a écrit : >>>>> >>>>> Hi Fabrice, >>>>> >>>>> Please find attached the packetfence.log file. >>>>> The username is nel-kho...@springfieldcollege.edu >>>>> >>>>> Best, >>>>> >>>>> Nadim >>>>> >>>>> On Fri, Feb 7, 2020 at 10:09 PM Durand fabrice via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>>> Hello Nadim >>>>>> Le 20-02-05 à 02 h 19, Nadim El-Khoury via PacketFence-users a écrit : >>>>>> >>>>>> Hi Everyone, >>>>>> >>>>>> It does not look like that PF 9.3.0 is able to assign the right >>>>>> connection profile once a user is authenticated. >>>>>> >>>>>> Question 1) Why is the right connection profile not being picked up >>>>>> based on the created filter? >>>>>> >>>>>> probably a wrong filter >>>>>> >>>>>> Question 2) Can the default connection profile be disabled? >>>>>> >>>>>> no >>>>>> >>>>>> Question 3) Why is the system not entering the right owner for the >>>>>> registered device after successful authentication? >>>>>> >>>>>> No profile , so no source, so no user. >>>>>> >>>>>> Question 4) Why is the connection profile is set to N/A when it does >>>>>> not properly match a profile? >>>>>> >>>>>> because packetfence is not able to compute the connection profile. >>>>>> >>>>>> >>>>>> When running the /usr/local/pf/bin/pftest authentication username "" >>>>>> The command returns the right AD group the user is part of. >>>>>> >>>>>> Recomputing of roles does not seem to be working if a device is >>>>>> successfully registered with another user or owner. So, if a new user >>>>>> uses >>>>>> the same device the role is not recomputed and the new user using the >>>>>> same >>>>>> old registered device ends up with the same previous role as the previous >>>>>> user. >>>>>> >>>>>> Question 1) How can we change the above behavior? >>>>>> >>>>>> share your packetfence.log file when the device connect and we will >>>>>> have the answer. >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> Your help is very much appreciated. >>>>>> >>>>>> Best, >>>>>> >>>>>> Nadim >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing >>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> -- >>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
