What's the distinguished name of your user? The log says it found the
auth source but didn't match a role.
On Fri, Mar 20, 2020, 10:42 AM Wagner Liegio <wagner.lie...@gmail.com>
wrote:
> Dear,
>
> I'm copying the analyst Leandro to follow the case and try to solve it. I
> ask you to send me what you need.
>
> Em sex., 20 de mar. de 2020 às 14:32, Wagner Liegio <
> wagner.lie...@gmail.com> escreveu:
>
>> No, authentication is domain \ user using the 802.1x protocol
>>
>> Em sex., 20 de mar. de 2020 às 11:25, Zacharry Williams <
>> zachar...@gmail.com> escreveu:
>>
>>> Domain computers should be logging in with host\computername. Are you
>>> trying to do machine auth?
>>>
>>>
>>> On Fri, Mar 20, 2020, 5:59 AM Wagner Liegio <wagner.lie...@gmail.com>
>>> wrote:
>>>
>>>> Hello Zachary,
>>>>
>>>> I already performed this test, computers outside the domain using
>>>> username and password authenticate. My problem is domain computer. Please
>>>> help me resolve this.
>>>>
>>>> Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via
>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu:
>>>>
>>>>> Try logging in with just a username and password. No ANA\ or anything.
>>>>>
>>>>> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users <
>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>
>>>>>> Good afternoon,
>>>>>>
>>>>>> I made the suggested adjustments by activating the strip in radius,
>>>>>> created a new realm, and the error persists. User authentication
>>>>>> searching
>>>>>> for the domain only works, manually registering the node in the
>>>>>> packetfence. Therefore, the error still remains in the database when
>>>>>> trying
>>>>>> to register auto.
>>>>>> Below is the database error log:
>>>>>>
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from
>>>>>> switch_ip
>>>>>> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac =>
>>>>>> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username
>>>>>> =>
>>>>>> "ANA\iran" (pf::radius::authorize)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x
>>>>>> (pf::Connection::ProfileFactory::_from_profile)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for
>>>>>> realm 'default' (pf::config::util::filter_authentication_sources)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching
>>>>>> (pf::authentication::match2)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection
>>>>>> (pf::LDAP::expire_if)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg
>>>>>> (pf::role::getNodeInfoForAutoReg)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran
>>>>>> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is
>>>>>> reached (pf::node::is_max_reg_nodes_reached)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded -
>>>>>> registration of d0:94:66:db:ae:77 to ANA\iran failed
>>>>>> (pf::registration::setup_node_for_registration)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes
>>>>>> per pid met or exceeded (pf::radius::authorize)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable
>>>>>> error: Cannot add or update a child row: a foreign key constraint fails
>>>>>> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`)
>>>>>> REFERENCES
>>>>>> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE)
>>>>>> (errno:
>>>>>> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`,
>>>>>> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`,
>>>>>> `detect_date`, `device_class`, `device_manufacturer`, `device_score`,
>>>>>> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`,
>>>>>> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`,
>>>>>> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`,
>>>>>> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`,
>>>>>> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
>>>>>> ?,
>>>>>> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY
>>>>>> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?,
>>>>>> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11,
>>>>>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00
>>>>>> 00:00:00,
>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL,
>>>>>> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00,
>>>>>> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute)
>>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759)
>>>>>> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500)
>>>>>> (pf::radius::authorize)
>>>>>>
>>>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via
>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu:
>>>>>>
>>>>>>> Try that:
>>>>>>>
>>>>>>> pftest authentication ANA\pereira ""
>>>>>>>
>>>>>>> and
>>>>>>>
>>>>>>> pftest authentication pereira ""
>>>>>>>
>>>>>>> to see if the user is found and if it match a rule.
>>>>>>>
>>>>>>> If the second one works then in the ANA realm enable strip in radius.
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> Fabrice
>>>>>>>
>>>>>>>
>>>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a
>>>>>>> écrit :
>>>>>>>
>>>>>>> Gonna take a wild guess here, in your realms config turn on strip
>>>>>>> radius for null and your domain and and try logging on with just your
>>>>>>> username and password. I'm guessing your realms config isn't matching.
>>>>>>> For
>>>>>>> us we had three domains and we had to add them all. For example
>>>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM.
>>>>>>>
>>>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users <
>>>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>>>
>>>>>>>> Good afternoon,
>>>>>>>>
>>>>>>>> Follow the requested files attached.
>>>>>>>>
>>>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit <
>>>>>>>> lzam...@inverse.ca> escreveu:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> Could you post the result fo those two commands:
>>>>>>>>>
>>>>>>>>> cat /usr/local/pf/conf/authentication.conf
>>>>>>>>>
>>>>>>>>> cat /usr/local/pf/conf/profiles.conf
>>>>>>>>>
>>>>>>>>> remove your informations.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) ::
>>>>>>>>> www.inverse.ca
>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>>>>>>>>> PacketFence (http://packetfence.org)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users <
>>>>>>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>>>>>>
>>>>>>>>> Good Morning,
>>>>>>>>>
>>>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that
>>>>>>>>> I downloaded from the site, I will send some images of how the
>>>>>>>>> configuration is through the webgui, so I noticed everything is
>>>>>>>>> correct,
>>>>>>>>> what is happening is that the function and the rule is not being
>>>>>>>>> applied
>>>>>>>>> for some reason that I don't know.
>>>>>>>>>
>>>>>>>>> <image.png>
>>>>>>>>>
>>>>>>>>> <image.png>
>>>>>>>>>
>>>>>>>>> <image.png>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via
>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net>
>>>>>>>>> escreveu:
>>>>>>>>>
>>>>>>>>>> Check and make sure your realms are defined also.
>>>>>>>>>>
>>>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via
>>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> I know when I ran into this issue, it had to do with the
>>>>>>>>>>> authorization source for AD. In the source, I had an
>>>>>>>>>>> authentication rule
>>>>>>>>>>> that matched the sAMAccountName is member of “group name”. The
>>>>>>>>>>> group name
>>>>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security
>>>>>>>>>>> group
>>>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain
>>>>>>>>>>> suffix%
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *From:* Wagner Liegio via PacketFence-users <
>>>>>>>>>>> packetfence-users@lists.sourceforge.net>
>>>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM
>>>>>>>>>>> *To:* packetfence-users@lists.sourceforge.net
>>>>>>>>>>> *Cc:* Wagner Liegio <wagner.lie...@gmail.com>
>>>>>>>>>>> *Subject:* [PacketFence-users] authentication sources
>>>>>>>>>>> packetfence 9.3
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Good afternoon, I'm facing the same problem only in version 9.3.
>>>>>>>>>>> I have done everything I can think of, reconfigured the domain, the
>>>>>>>>>>> connection profile, checked the rules and functions. The error
>>>>>>>>>>> follows: No
>>>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db:
>>>>>>>>>>> ee: 7d);
>>>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node ::
>>>>>>>>>>> is_max_reg_nodes_reached)
>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR:
>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded -
>>>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed
>>>>>>>>>>> (pf :: registration :: setup_node_for_registration)
>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR:
>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max
>>>>>>>>>>> nodes
>>>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize)
>>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR:
>>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non
>>>>>>>>>>> retryable
>>>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint
>>>>>>>>>>> fails
>>>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid)
>>>>>>>>>>> REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE
>>>>>>>>>>> CASCADE)
>>>>>>>>>>> (errno: 1452) [INSERT INTO node
>>>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan,
>>>>>>>>>>> category_id, computername, detect_date, device_class,
>>>>>>>>>>> device_manufacturer,
>>>>>>>>>>> device_score, device_type,
>>>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint,
>>>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen,
>>>>>>>>>>> lastskip,
>>>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id,
>>>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW
>>>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?,
>>>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL,
>>>>>>>>>>> NULL,
>>>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL,
>>>>>>>>>>> NULL,
>>>>>>>>>>> NULL, NULL, NULL, NULL,
>>>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00,
>>>>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00
>>>>>>>>>>> 00:00:00,
>>>>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \
>>>>>>>>>>> pereira, reg,
>>>>>>>>>>> 1}
>>>>>>>>>>> (pf :: dal :: db_execute)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> PacketFence-users mailing list
>>>>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> PacketFence-users mailing list
>>>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> PacketFence-users mailing list
>>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>> PacketFence-users mailing list
>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> PacketFence-users mailing
>>>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> PacketFence-users mailing list
>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>
>>>>>> _______________________________________________
>>>>>> PacketFence-users mailing list
>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> PacketFence-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
