Hello Zachary,
I already performed this test, computers outside the domain using username
and password authenticate. My problem is domain computer. Please help me
resolve this.
Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via
PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu:
> Try logging in with just a username and password. No ANA\ or anything.
>
> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> Good afternoon,
>>
>> I made the suggested adjustments by activating the strip in radius,
>> created a new realm, and the error persists. User authentication searching
>> for the domain only works, manually registering the node in the
>> packetfence. Therefore, the error still remains in the database when trying
>> to register auto.
>> Below is the database error log:
>>
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from switch_ip
>> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac =>
>> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username =>
>> "ANA\iran" (pf::radius::authorize)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x
>> (pf::Connection::ProfileFactory::_from_profile)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for
>> realm 'default' (pf::config::util::filter_authentication_sources)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching
>> (pf::authentication::match2)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection (pf::LDAP::expire_if)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg
>> (pf::role::getNodeInfoForAutoReg)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran
>> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is
>> reached (pf::node::is_max_reg_nodes_reached)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded -
>> registration of d0:94:66:db:ae:77 to ANA\iran failed
>> (pf::registration::setup_node_for_registration)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes
>> per pid met or exceeded (pf::radius::authorize)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable
>> error: Cannot add or update a child row: a foreign key constraint fails
>> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES
>> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno:
>> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`,
>> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`,
>> `detect_date`, `device_class`, `device_manufacturer`, `device_score`,
>> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`,
>> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`,
>> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`,
>> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`,
>> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
>> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY
>> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?,
>> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11,
>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00,
>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL,
>> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00,
>> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute)
>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500)
>> (pf::radius::authorize)
>>
>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via
>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu:
>>
>>> Try that:
>>>
>>> pftest authentication ANA\pereira ""
>>>
>>> and
>>>
>>> pftest authentication pereira ""
>>>
>>> to see if the user is found and if it match a rule.
>>>
>>> If the second one works then in the ANA realm enable strip in radius.
>>>
>>> Regards
>>>
>>> Fabrice
>>>
>>>
>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a écrit :
>>>
>>> Gonna take a wild guess here, in your realms config turn on strip radius
>>> for null and your domain and and try logging on with just your username and
>>> password. I'm guessing your realms config isn't matching. For us we had
>>> three domains and we had to add them all. For example COMPANY.ORG,
>>> COMPANY.LAN, COMPANY.COM.
>>>
>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users <
>>> packetfence-users@lists.sourceforge.net> wrote:
>>>
>>>> Good afternoon,
>>>>
>>>> Follow the requested files attached.
>>>>
>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit <
>>>> lzam...@inverse.ca> escreveu:
>>>>
>>>>> Hello,
>>>>>
>>>>> Could you post the result fo those two commands:
>>>>>
>>>>> cat /usr/local/pf/conf/authentication.conf
>>>>>
>>>>> cat /usr/local/pf/conf/profiles.conf
>>>>>
>>>>> remove your informations.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) ::
>>>>> www.inverse.ca
>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>>> (http://packetfence.org)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users <
>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>
>>>>> Good Morning,
>>>>>
>>>>> The rules, functions are standard on the Zen packetfence 9.3 that I
>>>>> downloaded from the site, I will send some images of how the configuration
>>>>> is through the webgui, so I noticed everything is correct, what is
>>>>> happening is that the function and the rule is not being applied for some
>>>>> reason that I don't know.
>>>>>
>>>>> <image.png>
>>>>>
>>>>> <image.png>
>>>>>
>>>>> <image.png>
>>>>>
>>>>>
>>>>>
>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via
>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu:
>>>>>
>>>>>> Check and make sure your realms are defined also.
>>>>>>
>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via PacketFence-users <
>>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I know when I ran into this issue, it had to do with the
>>>>>>> authorization source for AD. In the source, I had an authentication
>>>>>>> rule
>>>>>>> that matched the sAMAccountName is member of “group name”. The group
>>>>>>> name
>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security group
>>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain
>>>>>>> suffix%
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From:* Wagner Liegio via PacketFence-users <
>>>>>>> packetfence-users@lists.sourceforge.net>
>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM
>>>>>>> *To:* packetfence-users@lists.sourceforge.net
>>>>>>> *Cc:* Wagner Liegio <wagner.lie...@gmail.com>
>>>>>>> *Subject:* [PacketFence-users] authentication sources packetfence
>>>>>>> 9.3
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Good afternoon, I'm facing the same problem only in version 9.3. I
>>>>>>> have done everything I can think of, reconfigured the domain, the
>>>>>>> connection profile, checked the rules and functions. The error follows:
>>>>>>> No
>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: ee:
>>>>>>> 7d);
>>>>>>> assumes maximum number of registered nodes is reached (pf :: node ::
>>>>>>> is_max_reg_nodes_reached)
>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac:
>>>>>>> d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded -
>>>>>>> registration of
>>>>>>> d0: 94: 66: db: ae: 7d to ANA \ pereira failed
>>>>>>> (pf :: registration :: setup_node_for_registration)
>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac:
>>>>>>> d0: 94: 66: db: ee: 7d] auto-registration of node failed max nodes per
>>>>>>> pid
>>>>>>> met or exceeded (pf :: radius :: authorize)
>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: [mac:
>>>>>>> d0: 94: 66: db: ee: 7d] Database query failed with non retryable error:
>>>>>>> Cannot add or update a child row: a foreign key constraint fails
>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) REFERENCES
>>>>>>> person (tenant_id, pid) ON DELETE CASCADE ON UPDATE CASCADE) (errno:
>>>>>>> 1452)
>>>>>>> [INSERT INTO node
>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan,
>>>>>>> category_id, computername, detect_date, device_class,
>>>>>>> device_manufacturer,
>>>>>>> device_score, device_type,
>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint,
>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, lastskip,
>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id,
>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW
>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?,
>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL,
>>>>>>> NULL,
>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, NULL,
>>>>>>> NULL, NULL, NULL, NULL,
>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:
>>>>>>> 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 00:00:00,
>>>>>>> NULL,
>>>>>>> reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ pereira, reg, 1}
>>>>>>> (pf :: dal :: db_execute)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> PacketFence-users mailing list
>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> PacketFence-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>> _______________________________________________
>>>> PacketFence-users mailing list
>>>> PacketFence-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing
>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
