Hello Albert, As the logs say:
Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) INFO: [mac:00:1c:42:59:98:e3] No rules matches or no category defined for the node, set it as unreg. It looks like that your username does not match anything. I might know why. Where is located your AD account ? Because you search only one level down from “etad” OU. You can test the rules with that command: /usr/local/pf/bin/pftest authentication USERNAME “" Yu could give me the full log as well: grep 00:1c:42:59:98:e3 /usr/local/pf/logs/packetence.log Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Dec 13, 2021, at 5:23 PM, Albert Yung via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hi All, > > I am using PF 11.0.0 and got an error while trying to authenticate against > the AD server, the message was in the packetfence.log file: > > Dec 13 20:02:20 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > WARN: [mac:00:1c:42:59:98:e3] [etad-auth catchall] Searching for > (sAMAccountName=etad\albert), from CN=Users,DC=etad,DC=tw,DC=lab, with scope > base (pf::Authentication::Source::LDAPSource::match_in_subclass) > Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > INFO: [mac:00:1c:42:59:98:e3] No rules matches or no category defined for the > node, set it as unreg. (pf::role::getNodeInfoForAutoReg) > Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > WARN: [mac:00:1c:42:59:98:e3] No category computed for autoreg > (pf::role::getNodeInfoForAutoReg) > Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > WARN: [mac:00:1c:42:59:98:e3] No role specified or found for pid etad\albert > (MAC 00:1c:42:59:98:e3); assume maximum number of registered nodes is reached > (pf::node::is_max_reg_nodes_reached) > Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > ERROR: [mac:00:1c:42:59:98:e3] no role computed by any sources - registration > of 00:1c:42:59:98:e3 to etad\albert failed > (pf::registration::setup_node_for_registration) > Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > ERROR: [mac:00:1c:42:59:98:e3] auto-registration of node failed no role > computed by any sources (pf::radius::authorize) > Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > ERROR: [mac:00:1c:42:59:98:e3] Database query failed with non retryable > error: Cannot add or update a child row: a foreign key constraint fails > (`pf`.`node`, CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES > `person` (`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: > 1452) [INSERT INTO `node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, > `bypass_vlan`, `category_id`, `computername`, `detect_date`, `device_class`, > `device_manufacturer`, `device_score`, `device_type`, `device_version`, > `dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`, > `last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`, > `notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, > `time_balance`, `unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, > ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? > ) ON DUPLICATE KEY UPDATE `autoreg` = ?, `last_seen` = ?, `pid` = ?, > `tenant_id` = ?]{yes, NULL, NULL, , NULL, WinDev2110Eval, 2021-12-08 > 17:06:46, NULL, NULL, NULL, NULL, NULL, NULL, NULL, > 1,3,6,15,31,33,43,44,46,47,119,121,249,252, MSFT 5.0, 0000-00-00 00:00:00, > 2021-12-11 15:06:10, 2021-12-13 20:02:20, 0000-00-00 00:00:00, > 00:1c:42:59:98:e3, NULL, , etad\albert, 0000-00-00 00:00:00, , unreg, 1, > NULL, 0000-00-00 00:00:00, , no, yes, 2021-12-13 20:02:20, etad\albert, 1} > (pf::dal::db_execute) > Dec 13 20:02:21 packetfence packetfence_httpd.aaa[25866]: httpd.aaa(16362) > ERROR: [mac:00:1c:42:59:98:e3] Cannot save 00:1c:42:59:98:e3 error (500) > (pf::radius::authorize) > Dec 13 20:02:22 packetfence pfqueue[31315]: pfqueue(31315) INFO: > [mac:unknown] Inserting 'NTHASH:etad01:albert' => > '68813ac50cec72b1b0ae5c43a5beceec' (pf::api::insert_user_in_redis_cache) > Dec 13 20:02:22 packetfence pfqueue[31323]: pfqueue(31323) INFO: > [mac:unknown] Cached user albert for domain etad01 > (pf::domain::ntlm_cache::cache_user) > > I have tried another user account such as administrator but the result is the > same > > Auth source configuration: > <image.png> > > > Bind AD Test is successful > Authentication Rule: > > > <image.png> > Radius audit log: > <image.png> > > > It seems that no role can be obtained for the new user and I couldn't figure > out why. > > > > Thanks! > > Best regards, > Albert > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!FLMuNwvsI6LbCOX7b1XBkoNJRTJbor_t95cGBVJUxrBWnVJjN3yybCqIadWS_Gkb$ >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users