Hello,
I solved the Problem.
Username was taken out of the certificate. Not from radius request.
The switch „RADIUS machine auth with username“ in System „Configuration ->
Radius -> General“ was disabled.
Regards
Stephan
Von: Kaufhold, Stephan
Gesendet: Donnerstag, 16. September 2021 13:36
An: Fabrice Durand <oeufd...@gmail.com>; packetfence-users@lists.sourceforge.net
Betreff: AW: [E] Re: [PacketFence-users] host prefix missing
Hello Fabrice,
rollback to an older Version did not solve the problem.
But I found following error. Does this help?
(430) Thu Sep 16 12:13:56 2021: Debug: sql_reject: EXPAND %{User-Name}
(430) Thu Sep 16 12:13:56 2021: Debug: sql_reject: -->
host/WEFA-SEG.custulm.local
(430) Thu Sep 16 12:13:56 2021: Debug: sql_reject: SQL-User-Name set to
'host/WEFA-SEG.custulm.local'
(430) Thu Sep 16 12:13:56 2021: ERROR: sql_reject: Insufficient space to store
pair string, needed 2088 bytes have 2048 bytes
Regards
Stephan
-----------------
Hello Stephan,
it looks that you strip the username somewhere, do you have a realm or a radius
filter who do that ?
Regards
Fabrice
Le lun. 13 sept. 2021 à 16:41, Kaufhold, Stephan via PacketFence-users
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
a écrit :
Hello,
the client host/cust-SEG.custulm.local can't authenticate.
In packetfence.log I see cust-SEG.custulm.local without "host/" prefix.
/usr/local/pf/bin/pftest authentication host/cust-SEG.custulm.local "" is
working well.
/usr/local/pf/bin/pftest authentication cust-SEG.custulm.local "" is not
working.
What can be the reason to remove the host prefix?
Thanks in advance
radius.log...
Sep 13 13:44:06 cust-NAC01 auth[1674]: Adding client
10.1.40.1/32<http://10.1.40.1/32>
Sep 13 13:44:06 cust-NAC01 auth[1674]: [mac:10:7b:44:18:ed:3a] Rejected user:
host/cust-SEG.custulm.local
Sep 13 13:44:06 cust-NAC01 auth[1674]: (150) Rejected in post-auth:
[host/cust-SEG.custulm.local] (from client 10.1.40.1/32<http://10.1.40.1/32>
port 260 cli 10:7b:44:18:ed:3a)
Sep 13 13:44:06 cust-NAC01 auth[1674]: (150) Login incorrect (sql_reject:
Insufficient space to store pair string, needed 2088 bytes have 2048 bytes):
[host/cust-SEG.custulm.local] (from client 10.1.40.1/32<http://10.1.40.1/32>
port 260 cli 10:7b:44:18:ed:3a)
packetfence.log...
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
[mac:10:7b:44:18:ed:3a] [AS-custulm INSEL] Searching for
(servicePrincipalName=cust-SEG.custulm.local), from DC=custulm,DC=local, with
scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) INFO:
[mac:10:7b:44:18:ed:3a] No rules matches or no category defined for the node,
set it as unreg. (pf::role::getNodeInfoForAutoReg)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
[mac:10:7b:44:18:ed:3a] No category computed for autoreg
(pf::role::getNodeInfoForAutoReg)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
[mac:10:7b:44:18:ed:3a] No role specified or found for pid
cust-SEG.custulm.local (MAC 10:7b:44:18:ed:3a); assume maximum number of
registered nodes is reached (pf::node::is_max_reg_nodes_reached)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] max nodes per pid met or exceeded - registration of
10:7b:44:18:ed:3a to cust-SEG.custulm.local failed
(pf::registration::setup_node_for_registration)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] auto-registration of node failed max nodes per pid met
or exceeded (pf::radius::authorize)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] Database query failed with non retryable error: Cannot
add or update a child row: a foreign key constraint fails (`pf`.`node`,
CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES `person`
(`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT
INTO `node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
`category_id`, `computername`, `detect_date`, `device_class`,
`device_manufacturer`, `device_score`, `device_type`, `device_version`,
`dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
`notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`,
`unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE
KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `tenant_id` = ?]{yes,
NULL, NULL, NULL, NULL, NULL, 2021-09-13 11:21:11, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, 0000-00-00 00:00:00,
0000-00-00 00:00:00, 10:7b:44:18:ed:3a, NULL, NULL, cust-SEG.custulm.local,
0000-00-00 00:00:00, NULL, unreg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes,
cust-SEG.custulm.local, 1} (pf::dal::db_execute)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] Cannot save 10:7b:44:18:ed:3a error (500)
(pf::radius::authorize)
Kind regards
[cid:image001.jpg@01D7BF8C.31234280]
________________________________
Celos Computer GmbH | Liststraße 1 | 89079 Ulm
www.celos.de
<https://antispam.celos.de/fmlurlsvc/?fewReq=:B:JVUzODw8My9/NDsnOS9gbTQ5ODM5OC96YG5naH18e2w0PTAwbTFsO21qbDs+PWg7OTBvaDo4OTA+ajxsP2oxbG05bWw6PjFvOy99NDg/Ojg+OTEwPDsveGBtNDgxT0pdSmRbOTk5PT4wJDgxT0pdSmRdOTk5PT4wL3tqeX00en1seWFoZydiaHxvYWZlbUlqbGVmeidtbC9qND0wL2FtZTQ5&url=http%3a%2f%2fwww.celos.de%2f>
| facebook
<https://antispam.celos.de/fmlurlsvc/?fewReq=:B:JVUzODw8My9/NDsnOS9gbTQ5ODM5OC96YG5naH18e2w0aDlqP29rOjxoaGw5Pjs+ODk6bWg+aj9tOTo4Pz45MT4xOWo/OWo5Pi99NDg/Ojg+OTEwPDsveGBtNDgxT0pdSmRbOTk5PT4wJDgxT0pdSmRdOTk5PT4wL3tqeX00en1seWFoZydiaHxvYWZlbUlqbGVmeidtbC9qNDo+L2FtZTQ5&url=https%3a%2f%2fwww.facebook.com%2fCelosComputerGmbH%2f>
| xing
<https://antispam.celos.de/fmlurlsvc/?fewReq=:B:JVUzODw8My9/NDsnOS9gbTQ5ODM5OC96YG5naH18e2w0OWg6bDA+PT4wP2w4PTg5OG1tOG1sOj0/azowMWhraDkwbDtqbWg+Py99NDg/Ojg+OTEwPDsveGBtNDgxT0pdSmRbOTk5PT4wJDgxT0pdSmRdOTk5PT4wL3tqeX00en1seWFoZydiaHxvYWZlbUlqbGVmeidtbC9qND0wL2FtZTQ5&url=https%3a%2f%2fwww.xing.com%2fcompanies%2fceloscomputergmbh>
Stephan Kaufhold
Consultant
Telefon: +49 731 96884-690 | Fax: +49 73196884-790 | E-Mail:
stephan.kaufh...@celos.de<mailto:stephan.kaufh...@celos.de>
________________________________
Besuchen Sie uns auf
[cid:image002.png@01D7BF8C.31234280]<https://antispam.celos.de/fmlurlsvc/?fewReq=:B:JVUzODw8My9/NDsnOS9gbTQ5ODM5OC96YG5naH18e2w0OjkwPm9qPjE8OTlvPjg5bDltODo7OG1qPD44bz1sPWg9P2toazxsOi99NDg/Ojg+OTEwPDsveGBtNDgxT0pdSmRbOTk5PT4wJDgxT0pdSmRdOTk5PT4wL3tqeX00en1seWFoZydiaHxvYWZlbUlqbGVmeidtbC9qNDo+L2FtZTQ5&url=https%3a%2f%2fwww.facebook.com%2fCelosComputerGmbH>[cid:image003.png@01D7BF8C.31234280]<https://antispam.celos.de/fmlurlsvc/?fewReq=:B:JVUzODw8My9/NDsnOS9gbTQ5ODM5OC96YG5naH18e2w0PT0wbGswazo4bT08MWw5Oj8wPzE9MGw8P2s4azk9OGhqOT9ob2g+OC99NDg/Ojg+OTEwPDsveGBtNDgxT0pdSmRbOTk5PT4wJDgxT0pdSmRdOTk5PT4wL3tqeX00en1seWFoZydiaHxvYWZlbUlqbGVmeidtbC9qND0wL2FtZTQ5&url=https%3a%2f%2flinkedin.com%2fcompany%2fcelos-computer-gmbh>[cid:image004.png@01D7BF8C.31234280]<https://antispam.celos.de/fmlurlsvc/?fewReq=:B:JVUzODw8My9/NDsnOS9gbTQ5ODM5OC96YG5naH18e2w0bDExMD1sbG9tajExbW9vazo/O2pvbD0+bWoxaGs8OG09P2g6MW1sMC99NDg/Ojg+OTEwPDsveGBtNDgxT0pdSmRbOTk5PT4wJDgxT0pdSmRdOTk5PT4wL3tqeX00en1seWFoZydiaHxvYWZlbUlqbGVmeidtbC9qND0wL2FtZTQ5&url=https%3a%2f%2fwww.xing.com%2fpages%2fceloscomputergmbh>
Sitz der Gesellschaft: Ulm | Rechtsform: GmbH | Amtsgericht Ulm: HRB 730872 |
Geschäftsführer: Dipl. Ing. Thomas Hoffmann
Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige
vertrauliche Informationen enthalten.
Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine
Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe ausdrücklich
untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene
E-Mail. Vielen Dank.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://antispam.celos.de/fmlurlsvc/?fewReq=:B:JVUzODw8My9/NDsnOS9gbTQ5ODM5OC96YG5naH18e2w0bT1qOjFtMTFtaGxvOztrMW1rOz8wOz46Pzw8bTo9P2gwb2s6azpoay99NDg/Ojg+OTEwPDsveGBtNDgxT0pdSmRbOTk5PT4wJDgxT0pdSmRdOTk5PT4wL3tqeX00en1seWFoZydiaHxvYWZlbUlqbGVmeidtbC9qNDw7L2FtZTQ5&url=https%3a%2f%2flists.sourceforge.net%2flists%2flistinfo%2fpacketfence-users>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
