What's the distinguished name of your user? The log says it found the auth source but didn't match a role.
On Fri, Mar 20, 2020, 10:42 AM Wagner Liegio <wagner.lie...@gmail.com> wrote: > Dear, > > I'm copying the analyst Leandro to follow the case and try to solve it. I > ask you to send me what you need. > > Em sex., 20 de mar. de 2020 às 14:32, Wagner Liegio < > wagner.lie...@gmail.com> escreveu: > >> No, authentication is domain \ user using the 802.1x protocol >> >> Em sex., 20 de mar. de 2020 às 11:25, Zacharry Williams < >> zachar...@gmail.com> escreveu: >> >>> Domain computers should be logging in with host\computername. Are you >>> trying to do machine auth? >>> >>> >>> On Fri, Mar 20, 2020, 5:59 AM Wagner Liegio <wagner.lie...@gmail.com> >>> wrote: >>> >>>> Hello Zachary, >>>> >>>> I already performed this test, computers outside the domain using >>>> username and password authenticate. My problem is domain computer. Please >>>> help me resolve this. >>>> >>>> Em qui., 19 de mar. de 2020 às 23:41, Zacharry Williams via >>>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu: >>>> >>>>> Try logging in with just a username and password. No ANA\ or anything. >>>>> >>>>> On Thu, Mar 19, 2020, 7:31 PM Wagner Liegio via PacketFence-users < >>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>> >>>>>> Good afternoon, >>>>>> >>>>>> I made the suggested adjustments by activating the strip in radius, >>>>>> created a new realm, and the error persists. User authentication >>>>>> searching >>>>>> for the domain only works, manually registering the node in the >>>>>> packetfence. Therefore, the error still remains in the database when >>>>>> trying >>>>>> to register auto. >>>>>> Below is the database error log: >>>>>> >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> INFO: [mac:d0:94:66:db:ae:77] handling radius autz request: from >>>>>> switch_ip >>>>>> => (10.95.10.1), connection_type => Ethernet-EAP,switch_mac => >>>>>> (c8:0c:c8:f1:25:20), mac => [d0:94:66:db:ae:77], port => 78774, username >>>>>> => >>>>>> "ANA\iran" (pf::radius::authorize) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> INFO: [mac:d0:94:66:db:ae:77] Instantiate profile 802.1x >>>>>> (pf::Connection::ProfileFactory::_from_profile) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> INFO: [mac:d0:94:66:db:ae:77] Found authentication source(s) : 'Ana' for >>>>>> realm 'default' (pf::config::util::filter_authentication_sources) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> INFO: [mac:d0:94:66:db:ae:77] Using sources Ana for matching >>>>>> (pf::authentication::match2) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> INFO: [mac:d0:94:66:db:ae:77] LDAP testing connection >>>>>> (pf::LDAP::expire_if) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> WARN: [mac:d0:94:66:db:ae:77] No category computed for autoreg >>>>>> (pf::role::getNodeInfoForAutoReg) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> WARN: [mac:d0:94:66:db:ae:77] No role specified or found for pid ANA\iran >>>>>> (MAC d0:94:66:db:ae:77); assume maximum number of registered nodes is >>>>>> reached (pf::node::is_max_reg_nodes_reached) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> ERROR: [mac:d0:94:66:db:ae:77] max nodes per pid met or exceeded - >>>>>> registration of d0:94:66:db:ae:77 to ANA\iran failed >>>>>> (pf::registration::setup_node_for_registration) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> ERROR: [mac:d0:94:66:db:ae:77] auto-registration of node failed max nodes >>>>>> per pid met or exceeded (pf::radius::authorize) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> ERROR: [mac:d0:94:66:db:ae:77] Database query failed with non retryable >>>>>> error: Cannot add or update a child row: a foreign key constraint fails >>>>>> (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) >>>>>> REFERENCES >>>>>> `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) >>>>>> (errno: >>>>>> 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, >>>>>> `bypass_role_id`, `bypass_vlan`, `category_id`, `computername`, >>>>>> `detect_date`, `device_class`, `device_manufacturer`, `device_score`, >>>>>> `device_type`, `device_version`, `dhcp6_enterprise`, `dhcp6_fingerprint`, >>>>>> `dhcp_fingerprint`, `dhcp_vendor`, `last_arp`, `last_dhcp`, `last_seen`, >>>>>> `lastskip`, `mac`, `machine_account`, `notes`, `pid`, `regdate`, >>>>>> `sessionid`, `status`, `tenant_id`, `time_balance`, `unregdate`, >>>>>> `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, >>>>>> ?, >>>>>> ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE KEY >>>>>> UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `status` = ?, >>>>>> `tenant_id` = ?]{yes, NULL, NULL, NULL, NULL, NULL, 2020-03-19 18:15:11, >>>>>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0000-00-00 >>>>>> 00:00:00, >>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, d0:94:66:db:ae:77, NULL, NULL, >>>>>> ANA\iran, 0000-00-00 00:00:00, NULL, reg, 1, NULL, 0000-00-00 00:00:00, >>>>>> NULL, no, yes, ANA\iran, reg, 1} (pf::dal::db_execute) >>>>>> Mar 19 18:15:11 aplpcktfpdin01 packetfence_httpd.aaa: httpd.aaa(6759) >>>>>> ERROR: [mac:d0:94:66:db:ae:77] Cannot save d0:94:66:db:ae:77 error (500) >>>>>> (pf::radius::authorize) >>>>>> >>>>>> Em qua., 18 de mar. de 2020 às 21:34, Durand fabrice via >>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> escreveu: >>>>>> >>>>>>> Try that: >>>>>>> >>>>>>> pftest authentication ANA\pereira "" >>>>>>> >>>>>>> and >>>>>>> >>>>>>> pftest authentication pereira "" >>>>>>> >>>>>>> to see if the user is found and if it match a rule. >>>>>>> >>>>>>> If the second one works then in the ANA realm enable strip in radius. >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> Le 20-03-18 à 20 h 13, Zacharry Williams via PacketFence-users a >>>>>>> écrit : >>>>>>> >>>>>>> Gonna take a wild guess here, in your realms config turn on strip >>>>>>> radius for null and your domain and and try logging on with just your >>>>>>> username and password. I'm guessing your realms config isn't matching. >>>>>>> For >>>>>>> us we had three domains and we had to add them all. For example >>>>>>> COMPANY.ORG, COMPANY.LAN, COMPANY.COM. >>>>>>> >>>>>>> On Wed, Mar 18, 2020, 12:43 PM Wagner Liegio via PacketFence-users < >>>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>>> >>>>>>>> Good afternoon, >>>>>>>> >>>>>>>> Follow the requested files attached. >>>>>>>> >>>>>>>> Em ter., 17 de mar. de 2020 às 14:16, Ludovic Zammit < >>>>>>>> lzam...@inverse.ca> escreveu: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> Could you post the result fo those two commands: >>>>>>>>> >>>>>>>>> cat /usr/local/pf/conf/authentication.conf >>>>>>>>> >>>>>>>>> cat /usr/local/pf/conf/profiles.conf >>>>>>>>> >>>>>>>>> remove your informations. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>>>>> www.inverse.ca >>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mar 17, 2020, at 9:42 AM, Wagner Liegio via PacketFence-users < >>>>>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>> >>>>>>>>> Good Morning, >>>>>>>>> >>>>>>>>> The rules, functions are standard on the Zen packetfence 9.3 that >>>>>>>>> I downloaded from the site, I will send some images of how the >>>>>>>>> configuration is through the webgui, so I noticed everything is >>>>>>>>> correct, >>>>>>>>> what is happening is that the function and the rule is not being >>>>>>>>> applied >>>>>>>>> for some reason that I don't know. >>>>>>>>> >>>>>>>>> <image.png> >>>>>>>>> >>>>>>>>> <image.png> >>>>>>>>> >>>>>>>>> <image.png> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Em ter., 17 de mar. de 2020 às 00:04, Zacharry Williams via >>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>>> escreveu: >>>>>>>>> >>>>>>>>>> Check and make sure your realms are defined also. >>>>>>>>>> >>>>>>>>>> On Mon, Mar 16, 2020, 4:58 PM Brandt Winchell via >>>>>>>>>> PacketFence-users <packetfence-users@lists.sourceforge.net> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> >>>>>>>>>>> I know when I ran into this issue, it had to do with the >>>>>>>>>>> authorization source for AD. In the source, I had an >>>>>>>>>>> authentication rule >>>>>>>>>>> that matched the sAMAccountName is member of “group name”. The >>>>>>>>>>> group name >>>>>>>>>>> must be the AD DN (distinguished name) of the group. CN=%security >>>>>>>>>>> group >>>>>>>>>>> you want%,OU=%OU the object resides in%,DC=%your domain%,DC=%domain >>>>>>>>>>> suffix% >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *From:* Wagner Liegio via PacketFence-users < >>>>>>>>>>> packetfence-users@lists.sourceforge.net> >>>>>>>>>>> *Sent:* Monday, March 16, 2020 1:08 PM >>>>>>>>>>> *To:* packetfence-users@lists.sourceforge.net >>>>>>>>>>> *Cc:* Wagner Liegio <wagner.lie...@gmail.com> >>>>>>>>>>> *Subject:* [PacketFence-users] authentication sources >>>>>>>>>>> packetfence 9.3 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Good afternoon, I'm facing the same problem only in version 9.3. >>>>>>>>>>> I have done everything I can think of, reconfigured the domain, the >>>>>>>>>>> connection profile, checked the rules and functions. The error >>>>>>>>>>> follows: No >>>>>>>>>>> role specified or found for pid ANA \ pereira (MAC d0: 94: 66: db: >>>>>>>>>>> ee: 7d); >>>>>>>>>>> assumes maximum number of registered nodes is reached (pf :: node :: >>>>>>>>>>> is_max_reg_nodes_reached) >>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] max nodes per pid met or exceeded - >>>>>>>>>>> registration of d0: 94: 66: db: ae: 7d to ANA \ pereira failed >>>>>>>>>>> (pf :: registration :: setup_node_for_registration) >>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] auto-registration of node failed max >>>>>>>>>>> nodes >>>>>>>>>>> per pid met or exceeded (pf :: radius :: authorize) >>>>>>>>>>> plpcktfpdin01 packetfence_httpd.aaa: httpd.aaa (9837) ERROR: >>>>>>>>>>> [mac: d0: 94: 66: db: ee: 7d] Database query failed with non >>>>>>>>>>> retryable >>>>>>>>>>> error: Cannot add or update a child row: a foreign key constraint >>>>>>>>>>> fails >>>>>>>>>>> (pf.node, CONSTRAINT 0_57 FOREIGN KEY (tenant_id, pid) >>>>>>>>>>> REFERENCES person (tenant_id, pid) ON DELETE CASCADE ON UPDATE >>>>>>>>>>> CASCADE) >>>>>>>>>>> (errno: 1452) [INSERT INTO node >>>>>>>>>>> (autoreg, bandwidth_balance, bypass_role_id, bypass_vlan, >>>>>>>>>>> category_id, computername, detect_date, device_class, >>>>>>>>>>> device_manufacturer, >>>>>>>>>>> device_score, device_type, >>>>>>>>>>> device_version, dhcp6_enterprise, dhcp6_fingerprint, >>>>>>>>>>> dhcp_fingerprint, dhcp_vendor, last_arp, last_dhcp, last_seen, >>>>>>>>>>> lastskip, >>>>>>>>>>> mac, machine_account, notes, regdate, sessionid, status, tenant_id, >>>>>>>>>>> time_balance, void, user? ?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW >>>>>>>>>>> (),?,?,?,?,?,?,?,?,?, ?,?,?,?) ON DUPLICATE KEY UPDATE autoreg = ?, >>>>>>>>>>> Last_seen = NOW (), pid = ?, Status = ?, Tenant_id` =?] {Yes, NULL, >>>>>>>>>>> NULL, >>>>>>>>>>> NULL, NULL, NULL, 2020 - 03-13 19:08:50, NULL, NULL, NULL, NULL, >>>>>>>>>>> NULL, >>>>>>>>>>> NULL, NULL, NULL, NULL, >>>>>>>>>>> 0000-00-00 00:00:00, 0000-00-00 00:00:00, 0000-00-00 00:00:00, >>>>>>>>>>> d0: 94: 66: db: ae: 7d, NULL, NULL, ANA \ pereira, 0000-00-00 >>>>>>>>>>> 00:00:00, >>>>>>>>>>> NULL, reg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes, ANA \ >>>>>>>>>>> pereira, reg, >>>>>>>>>>> 1} >>>>>>>>>>> (pf :: dal :: db_execute) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> PacketFence-users mailing list >>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing >>>>>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> PacketFence-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> PacketFence-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users