Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => (10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => (08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => "vim-foradsgatan-d1s1-a1@xxxx.local <mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" (pf::radius::authorize)
It’s definitely a wired mac authentication. Maybe the EAP Type is wrong on your switch, it should be EAP PEAP MSCHAPv2 and not EAP PAP, CHAP or MD5. You should see connection_type => Ethernet-EAP. Check the EAP Type in the auditing section. Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Oct 7, 2020, at 5:26 PM, Fetakungen Virtual Adventurer > <fetakun...@gabenpirates.com> wrote: > > This is what I don’t understand why does it state this ?... > > Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) INFO: > [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm > 'default' (pf::config::util::filter_authentication_sources) > Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) WARN: > [mac:f8:60:f0:33:00:80] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) INFO: > [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm > 'default' (pf::config::util::filter_authentication_sources) > Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) INFO: > [mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH.Getting role from > node_info (pf::role::getRegisteredRole) > > Connection type is MAC-AUTH. > > Since it’s a user calling in it’s clearly NOT MAC-ATH > > 0_0 > > BR, > Anton. > Från: Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca>> > Skickat: den 29 september 2020 18:54 > Till: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com> > Kopia: packetfence-users@lists.sourceforge.net > Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... > > It looks like that you try to match a UPN (UserPrincipalName) so maybe try to > not strip the username in the realm. > > Is vim-foradsgatan-d1s1-a1@xxxx.local > <mailto:vim-foradsgatan-d1s1-a1@xxxx.local> the UPN for that object? > > It looks like that connection match on the default realm, so don’t strip the > username on the default realm. > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > On Sep 28, 2020, at 8:08 PM, Fetakungen Virtual Adventurer > <fetakun...@gabenpirates.com <mailto:fetakun...@gabenpirates.com>> wrote: > > Here is the complete auth.conf > > # Copyright (C) Inverse inc. > [local] > description=Local Users > type=SQL > dynamic_routing_module=AuthModule > > [sms] > description=SMS-based registration > sms_carriers=100056,100057,100061,100058,100059,100060,100062,100063,100071,100064,100116,100066,100117,100112,100067,100065,100068,100069,100070,100118,100115,100072,100073,100074,100075,100076,100077,100085,100086,100080,100079,100081,100083,100082,100084,100087,100088,100111,100089,100090,1 > 00091,100092,100093,100094,100095,100096,100098,100097,100099,100100,100101,100113,100102,100103,100104,100106,100105,100107,100108,100109,100114,100110,100078,100119,100120,100121,100122,100123,100124,100125,100126,100127,100128 > type=SMS > create_local_account=no > local_account_logins=0 > message=PIN: $pin > hash_passwords=bcrypt > sms_activation_timeout=10m > dynamic_routing_module=AuthModule > password_length=8 > pin_code_length=6 > > [sms rule catchall] > description= > class=authentication > match=all > action0=set_role=guest > action1=set_access_duration=1D > status=enabled > > [email] > description=Email-based registration > email_activation_timeout=10m > type=Email > allow_localdomain=yes > create_local_account=no > local_account_logins=0 > dynamic_routing_module=AuthModule > hash_passwords=bcrypt > password_length=8 > > [email rule catchall] > description= > class=authentication > match=all > action0=set_role=guest > action1=set_access_duration=1D > status=enabled > > [sponsor] > description=Sponsor-based registration > type=SponsorEmail > allow_localdomain=yes > create_local_account=no > hash_passwords=bcrypt > dynamic_routing_module=AuthModule > local_account_logins=0 > password_length=8 > sources= > email_activation_timeout=30m > validate_sponsor=yes > lang= > > [sponsor rule catchall] > description= > class=authentication > match=all > action0=set_role=guest > action1=set_access_duration=1D > status=enabled > > [null] > description=Null Source > type=Null > email_required=no > dynamic_routing_module=AuthModule > > [null rule catchall] > description=catchall > class=authentication > match=all > action0=set_role=guest > action1=set_access_duration=1D > status=enabled > > [XXXXX] > realms=default,local,null,XXXXX > cache_match=0 > set_access_durations_action= > usernameattribute=UserPrincipalName > scope=sub > port=389 > email_attribute=mail > read_timeout=10 > basedn=DC=xxxxx,DC=LOCAL > shuffle=0 > host=xxxx.local > connection_timeout=1 > description=xxxx.local > type=AD > encryption=none > monitor=1 > write_timeout=5 > searchattributes=uid,distinguishedName,memberOf,sAMAccountName > binddn=CN=####### > password=####### > dynamic_routing_module=AuthModule > > [xxxxx rule SWITCH] > action1=set_access_duration=1D > match=all > action0=set_role=Office_Switch > condition0=memberOf,equals,CN=ACCESS_SWITCH,OU=NETWORK_DEVICES,OU=Devices,OU=xxxxx,DC=xxxxx,DC=local > class=authentication > status=enabled > > [xxxxx rule GUEST] > action1=set_access_duration=5D > match=all > class=authentication > action0=set_role=guest > status=enabled > > [file1] > description=Legacy Source > path=/usr/local/pf/conf/admin.conf > type=Htpasswd > realms=null > dynamic_routing_module=AuthModule > > [file1 rule admins] > description=All admins > class=administration > match=all > action0=set_access_level=ALL > status=enabled > > Från: Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca>> > Skickat: den 28 september 2020 13:41 > Till: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com > <mailto:fetakun...@gabenpirates.com>> > Kopia: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... > > Hello, > > Could you paste your conf/authentication.conf, remove private infos. > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > > > On Sep 28, 2020, at 3:57 AM, Fetakungen Virtual Adventurer > <fetakun...@gabenpirates.com <mailto:fetakun...@gabenpirates.com>> wrote: > > vim-foradsgatan-d1s1-a1 is the account name yes, I tried to set the role to > unset as it was before with the same result still not matching any ad rule. > The AD rule is matched in the pftest though.. > > Why doesn’t it match my AD rule ? It should at least match my catch all guest > rule ? > > <image001.png> > > Thanks a lot for help and input. > > BR, > Anton > > Från: Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca>> > Skickat: den 25 september 2020 14:28 > Till: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com > <mailto:fetakun...@gabenpirates.com>> > Kopia: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... > > Correct, it works because you have assigned manually and the issue there is > that it does not match the rule of your AD thus not getting any authorization. > > Fix that and it will fix your issue. > > Is vim-foradsgatan-d1s1-a1 a samaccountname ? > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > > > > > On Sep 24, 2020, at 5:43 PM, Fetakungen Virtual Adventurer > <fetakun...@gabenpirates.com <mailto:fetakun...@gabenpirates.com>> wrote: > > Thanks, tried but the same result. User Gets approved but role get decided by > the “node” so if I don’t assign a role after the node is registered it does > the same. If i assign a role the node / mac the system assign the role to the > user as expected. > > This is how it looks with a role assigned to the node. My vlan is assigned > correctly, but since I now have to set the vlan manually for every node my > user group rules does squat… > > > > > > > > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => > (10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => > (08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => > "vim-foradsgatan-d1s1-a1@xxxx.local > <mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" (pf::radius::authorize) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) WARN: > [mac:08:f1:ea:3f:11:40] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Connection type is MAC-AUTH. Getting role from > node_info (pf::role::getRegisteredRole) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Username was defined > "vim-foradsgatan-d1s1-a1@xxxx.local > <mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" - returning role 'Office_Switch' > (pf::role::getRegisteredRole) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] PID: "default", Status: reg Returned VLAN: > (undefined), Role: Office_Switch (pf::role::fetchRoleForNode) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] (10.0.10.11) Added VLAN 1 to the returned RADIUS > Access-Accept (pf::Switch::returnRadiusAccessAccept) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] security_event 1300003 force-closed for > 08:f1:ea:3f:11:40 (pf::security_event::security_event_force_close) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => > (10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => > (08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => > "vim-foradsgatan-d1s1-a1@xxxx.local > <mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" (pf::radius::authorize) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) WARN: > [mac:08:f1:ea:3f:11:40] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Connection type is MAC-AUTH. Getting role from > node_info (pf::role::getRegisteredRole) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Username was defined > "vim-foradsgatan-d1s1-a1@xxxx.local > <mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" - returning role 'Office_Switch' > (pf::role::getRegisteredRole) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] PID: "default", Status: reg Returned VLAN: > (undefined), Role: Office_Switch (pf::role::fetchRoleForNode) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] (10.0.10.11) Added VLAN 1 to the returned RADIUS > Access-Accept (pf::Switch::returnRadiusAccessAccept) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] security_event 1300003 force-closed for > 08:f1:ea:3f:11:40 (pf::security_event::security_event_force_close) > Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: > [mac:08:f1:ea:3f:11:40] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > > > “] Connection type is MAC-AUTH. Getting role from node_info” Why does it > claim mac auth at all after the user auth ? > > BR, > Anton. > > Från: Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca>> > Skickat: den 24 september 2020 16:56 > Till: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Kopia: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com > <mailto:fetakun...@gabenpirates.com>> > Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... > > Hello there, > > You need to split the username in your default realm: > > <image001.png> > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > > > > > > > On Sep 23, 2020, at 5:59 PM, Fetakungen Virtual Adventurer via > PacketFence-users <packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net>> wrote: > > Hi I’ve stil have problem with my role assignment when im trying to use > radius auth for my HP Access Switches. > > The config is aaa authentication port-access chap-radius Server-group "XX” / > aaa port-access authenticator X/XX on the Authenticating switch which in this > case is 10.0.20.2 and the access switch (supplicant) config is : aaa > port-access supplicant 25 identity office-1@xxxx.local > <mailto:office-1@xxxx.local> secret yyyyy > > The authentication request is approved but instead of using the username for > role assignment it seems to use the “node” role which is put on the access > switch mac in this case f8:60:f0:33:00:80 when the node is “auto registered” > as the role by default is no role, no role is assigned. So there is the > “explantion”, but why is this happening ? > > In the authentication source which is being used the rule are to put the > switch with role “office_switch”. But since packetfence only authenticate the > user and then try so assign role by mac this fails/ are being skipped.. > > This rule works fine with pftest… The output of pftest is this: > > Authenticating against 'VEMAB' in context 'admin' > Authentication SUCCEEDED against VEMAB (Authentication successful.) > Matched against VEMAB for 'authentication' rule SWITCH > set_role : Office_Switch > set_access_duration : 1D > Did not match against VEMAB for 'administration' rules > > Authenticating against 'VEMAB' in context 'portal' > Authentication SUCCEEDED against VEMAB (Authentication successful.) > Matched against VEMAB for 'authentication' rule SWITCH > set_role : Office_Switch > set_access_duration : 1D > Did not match against VEMAB for 'administration' rules > > > > > > > The output of packetfence.log when doing real auth is this: > > > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] handling radius autz request: from switch_ip => > (10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => > (38:21:c7:4e:d1:22), mac => [f8:60:f0:33:00:80], port => 27, username => > "office-1@xxxx.local <mailto:office-1@xxxx.local>" (pf::radius::authorize) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH. Getting role from > node_info (pf::role::getRegisteredRole) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] Use of uninitialized value $role in concatenation (.) > or string at /usr/local/pf/lib/pf/role.pm line 489. > (pf::role::getRegisteredRole) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Username was NOT defined or unable to match a role - > returning node based role '' (pf::role::getRegisteredRole) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] PID: "default", Status: reg Returned VLAN: > (undefined), Role: (undefined) (pf::role::fetchRoleForNode) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in hash element > at /usr/local/pf/lib/pf/Switch.pm line 608. > (pf::Switch::getVlanByName) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in concatenation > (.) or string at /usr/local/pf/lib/pf/Switch.pm line 611. > (pf::Switch::getVlanByName) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] No parameter Vlan found in conf/switches.conf for the > switch 10.0.20.2 (pf::Switch::getVlanByName) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] security_event 1300003 force-closed for > f8:60:f0:33:00:80 (pf::security_event::security_event_force_close) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] handling radius autz request: from switch_ip => > (10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => > (38:21:c7:4e:d1:22), mac => [f8:60:f0:33:00:80], port => 27, username => > "office-1@xxxx.local <mailto:office-1@xxxx.local>" (pf::radius::authorize) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm > 'default' (pf::config::util::filter_authentication_sources) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH. Getting role from > node_info (pf::role::getRegisteredRole) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] Use of uninitialized value $role in concatenation (.) > or string at /usr/local/pf/lib/pf/role.pm line 489. > (pf::role::getRegisteredRole) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Username was NOT defined or unable to match a role - > returning node based role '' (pf::role::getRegisteredRole) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] PID: "default", Status: reg Returned VLAN: > (undefined), Role: (undefined) (pf::role::fetchRoleForNode) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in hash element > at /usr/local/pf/lib/pf/Switch.pm line 608. > (pf::Switch::getVlanByName) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in concatenation > (.) or string at /usr/local/pf/lib/pf/Switch.pm line 611. > (pf::Switch::getVlanByName) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: > [mac:f8:60:f0:33:00:80] No parameter Vlan found in conf/switches.conf for the > switch 10.0.20.2 (pf::Switch::getVlanByName) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] security_event 1300003 force-closed for > f8:60:f0:33:00:80 (pf::security_event::security_event_force_close) > Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: > [mac:f8:60:f0:33:00:80] Instantiate profile LAN > (pf::Connection::ProfileFactory::_from_profile) > > Why does it claim this to be “Connection type is MAC-AUTH” ? > > > BR, > Anton. > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users