Well the HP swtiches as supplicants does not support EAP, they only supp chap md5…
Still the username SHOULD match the role ? BR, Anton. Från: Ludovic Zammit <lzam...@inverse.ca> Skickat: den 8 oktober 2020 14:22 Till: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com> Kopia: packetfence-users@lists.sourceforge.net Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => (10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => (08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => "vim-foradsgatan-d1s1-a1@xxxx.local<mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" (pf::radius::authorize) It’s definitely a wired mac authentication. Maybe the EAP Type is wrong on your switch, it should be EAP PEAP MSCHAPv2 and not EAP PAP, CHAP or MD5. You should see connection_type => Ethernet-EAP. Check the EAP Type in the auditing section. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) On Oct 7, 2020, at 5:26 PM, Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> wrote: This is what I don’t understand why does it state this ?... Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) INFO: [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 'default' (pf::config::util::filter_authentication_sources) Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) WARN: [mac:f8:60:f0:33:00:80] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) INFO: [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 'default' (pf::config::util::filter_authentication_sources) Oct 7 23:24:16 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(79281) INFO: [mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH.Getting role from node_info (pf::role::getRegisteredRole) Connection type is MAC-AUTH. Since it’s a user calling in it’s clearly NOT MAC-ATH 0_0 BR, Anton. Från: Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> Skickat: den 29 september 2020 18:54 Till: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> Kopia: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... It looks like that you try to match a UPN (UserPrincipalName) so maybe try to not strip the username in the realm. Is vim-foradsgatan-d1s1-a1@xxxx.local<mailto:vim-foradsgatan-d1s1-a1@xxxx.local> the UPN for that object? It looks like that connection match on the default realm, so don’t strip the username on the default realm. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On Sep 28, 2020, at 8:08 PM, Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> wrote: Here is the complete auth.conf # Copyright (C) Inverse inc. [local] description=Local Users type=SQL dynamic_routing_module=AuthModule [sms] description=SMS-based registration sms_carriers=100056,100057,100061,100058,100059,100060,100062,100063,100071,100064,100116,100066,100117,100112,100067,100065,100068,100069,100070,100118,100115,100072,100073,100074,100075,100076,100077,100085,100086,100080,100079,100081,100083,100082,100084,100087,100088,100111,100089,100090,1 00091,100092,100093,100094,100095,100096,100098,100097,100099,100100,100101,100113,100102,100103,100104,100106,100105,100107,100108,100109,100114,100110,100078,100119,100120,100121,100122,100123,100124,100125,100126,100127,100128 type=SMS create_local_account=no local_account_logins=0 message=PIN: $pin hash_passwords=bcrypt sms_activation_timeout=10m dynamic_routing_module=AuthModule password_length=8 pin_code_length=6 [sms rule catchall] description= class=authentication match=all action0=set_role=guest action1=set_access_duration=1D status=enabled [email] description=Email-based registration email_activation_timeout=10m type=Email allow_localdomain=yes create_local_account=no local_account_logins=0 dynamic_routing_module=AuthModule hash_passwords=bcrypt password_length=8 [email rule catchall] description= class=authentication match=all action0=set_role=guest action1=set_access_duration=1D status=enabled [sponsor] description=Sponsor-based registration type=SponsorEmail allow_localdomain=yes create_local_account=no hash_passwords=bcrypt dynamic_routing_module=AuthModule local_account_logins=0 password_length=8 sources= email_activation_timeout=30m validate_sponsor=yes lang= [sponsor rule catchall] description= class=authentication match=all action0=set_role=guest action1=set_access_duration=1D status=enabled [null] description=Null Source type=Null email_required=no dynamic_routing_module=AuthModule [null rule catchall] description=catchall class=authentication match=all action0=set_role=guest action1=set_access_duration=1D status=enabled [XXXXX] realms=default,local,null,XXXXX cache_match=0 set_access_durations_action= usernameattribute=UserPrincipalName scope=sub port=389 email_attribute=mail read_timeout=10 basedn=DC=xxxxx,DC=LOCAL shuffle=0 host=xxxx.local connection_timeout=1 description=xxxx.local type=AD encryption=none monitor=1 write_timeout=5 searchattributes=uid,distinguishedName,memberOf,sAMAccountName binddn=CN=####### password=####### dynamic_routing_module=AuthModule [xxxxx rule SWITCH] action1=set_access_duration=1D match=all action0=set_role=Office_Switch condition0=memberOf,equals,CN=ACCESS_SWITCH,OU=NETWORK_DEVICES,OU=Devices,OU=xxxxx,DC=xxxxx,DC=local class=authentication status=enabled [xxxxx rule GUEST] action1=set_access_duration=5D match=all class=authentication action0=set_role=guest status=enabled [file1] description=Legacy Source path=/usr/local/pf/conf/admin.conf type=Htpasswd realms=null dynamic_routing_module=AuthModule [file1 rule admins] description=All admins class=administration match=all action0=set_access_level=ALL status=enabled Från: Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> Skickat: den 28 september 2020 13:41 Till: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> Kopia: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... Hello, Could you paste your conf/authentication.conf, remove private infos. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On Sep 28, 2020, at 3:57 AM, Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> wrote: vim-foradsgatan-d1s1-a1 is the account name yes, I tried to set the role to unset as it was before with the same result still not matching any ad rule. The AD rule is matched in the pftest though.. Why doesn’t it match my AD rule ? It should at least match my catch all guest rule ? <image001.png> Thanks a lot for help and input. BR, Anton Från: Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> Skickat: den 25 september 2020 14:28 Till: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> Kopia: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... Correct, it works because you have assigned manually and the issue there is that it does not match the rule of your AD thus not getting any authorization. Fix that and it will fix your issue. Is vim-foradsgatan-d1s1-a1 a samaccountname ? Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On Sep 24, 2020, at 5:43 PM, Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> wrote: Thanks, tried but the same result. User Gets approved but role get decided by the “node” so if I don’t assign a role after the node is registered it does the same. If i assign a role the node / mac the system assign the role to the user as expected. This is how it looks with a role assigned to the node. My vlan is assigned correctly, but since I now have to set the vlan manually for every node my user group rules does squat… Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => (10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => (08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => "vim-foradsgatan-d1s1-a1@xxxx.local<mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" (pf::radius::authorize) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) WARN: [mac:08:f1:ea:3f:11:40] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Username was defined "vim-foradsgatan-d1s1-a1@xxxx.local<mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" - returning role 'Office_Switch' (pf::role::getRegisteredRole) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] PID: "default", Status: reg Returned VLAN: (undefined), Role: Office_Switch (pf::role::fetchRoleForNode) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] (10.0.10.11) Added VLAN 1 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] security_event 1300003 force-closed for 08:f1:ea:3f:11:40 (pf::security_event::security_event_force_close) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] handling radius autz request: from switch_ip => (10.0.10.11), connection_type => Ethernet-NoEAP,switch_mac => (08:f1:ea:64:c4:00), mac => [08:f1:ea:3f:11:40], port => 8, username => "vim-foradsgatan-d1s1-a1@xxxx.local<mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" (pf::radius::authorize) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) WARN: [mac:08:f1:ea:3f:11:40] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Found authentication source(s) : 'xxxxx' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Username was defined "vim-foradsgatan-d1s1-a1@xxxx.local<mailto:vim-foradsgatan-d1s1-a1@xxxx.local>" - returning role 'Office_Switch' (pf::role::getRegisteredRole) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] PID: "default", Status: reg Returned VLAN: (undefined), Role: Office_Switch (pf::role::fetchRoleForNode) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] (10.0.10.11) Added VLAN 1 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] security_event 1300003 force-closed for 08:f1:ea:3f:11:40 (pf::security_event::security_event_force_close) Sep 24 20:01:07 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(2126) INFO: [mac:08:f1:ea:3f:11:40] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) “] Connection type is MAC-AUTH. Getting role from node_info” Why does it claim mac auth at all after the user auth ? BR, Anton. Från: Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> Skickat: den 24 september 2020 16:56 Till: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Kopia: Fetakungen Virtual Adventurer <fetakun...@gabenpirates.com<mailto:fetakun...@gabenpirates.com>> Ämne: Re: [PacketFence-users] Packetfence set role by mac not user... Hello there, You need to split the username in your default realm: <image001.png> Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On Sep 23, 2020, at 5:59 PM, Fetakungen Virtual Adventurer via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi I’ve stil have problem with my role assignment when im trying to use radius auth for my HP Access Switches. The config is aaa authentication port-access chap-radius Server-group "XX” / aaa port-access authenticator X/XX on the Authenticating switch which in this case is 10.0.20.2 and the access switch (supplicant) config is : aaa port-access supplicant 25 identity office-1@xxxx.local<mailto:office-1@xxxx.local> secret yyyyy The authentication request is approved but instead of using the username for role assignment it seems to use the “node” role which is put on the access switch mac in this case f8:60:f0:33:00:80 when the node is “auto registered” as the role by default is no role, no role is assigned. So there is the “explantion”, but why is this happening ? In the authentication source which is being used the rule are to put the switch with role “office_switch”. But since packetfence only authenticate the user and then try so assign role by mac this fails/ are being skipped.. This rule works fine with pftest… The output of pftest is this: Authenticating against 'VEMAB' in context 'admin' Authentication SUCCEEDED against VEMAB (Authentication successful.) Matched against VEMAB for 'authentication' rule SWITCH set_role : Office_Switch set_access_duration : 1D Did not match against VEMAB for 'administration' rules Authenticating against 'VEMAB' in context 'portal' Authentication SUCCEEDED against VEMAB (Authentication successful.) Matched against VEMAB for 'authentication' rule SWITCH set_role : Office_Switch set_access_duration : 1D Did not match against VEMAB for 'administration' rules The output of packetfence.log when doing real auth is this: Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] handling radius autz request: from switch_ip => (10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => (38:21:c7:4e:d1:22), mac => [f8:60:f0:33:00:80], port => 27, username => "office-1@xxxx.local<mailto:office-1@xxxx.local>" (pf::radius::authorize) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 489. (pf::role::getRegisteredRole) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] PID: "default", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 608. (pf::Switch::getVlanByName) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 611. (pf::Switch::getVlanByName) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] No parameter Vlan found in conf/switches.conf for the switch 10.0.20.2 (pf::Switch::getVlanByName) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] security_event 1300003 force-closed for f8:60:f0:33:00:80 (pf::security_event::security_event_force_close) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] handling radius autz request: from switch_ip => (10.0.20.2), connection_type => Ethernet-NoEAP,switch_mac => (38:21:c7:4e:d1:22), mac => [f8:60:f0:33:00:80], port => 27, username => "office-1@xxxx.local<mailto:office-1@xxxx.local>" (pf::radius::authorize) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] No category computed for autoreg (pf::role::getNodeInfoForAutoReg) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Found authentication source(s) : 'VEMAB' for realm 'default' (pf::config::util::filter_authentication_sources) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 489. (pf::role::getRegisteredRole) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] PID: "default", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 608. (pf::Switch::getVlanByName) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 611. (pf::Switch::getVlanByName) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) WARN: [mac:f8:60:f0:33:00:80] No parameter Vlan found in conf/switches.conf for the switch 10.0.20.2 (pf::Switch::getVlanByName) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] security_event 1300003 force-closed for f8:60:f0:33:00:80 (pf::security_event::security_event_force_close) Sep 23 23:26:08 RADIUS-1 packetfence_httpd.aaa: httpd.aaa(1303) INFO: [mac:f8:60:f0:33:00:80] Instantiate profile LAN (pf::Connection::ProfileFactory::_from_profile) Why does it claim this to be “Connection type is MAC-AUTH” ? BR, Anton. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
