Re: [PacketFence-users] PacketFence 8.x You do not have permission to register a device with this username
Hello Nicholas I removed all the conditions and It worked. while before It was without conditions but it didnt work. I have made a copy of the authentication.conf file to aid in posterity. On Wed, Feb 13, 2019 at 1:02 PM Nicolas Quiniou-Briand via PacketFence-users wrote: > > Hello, > > pftest show you that you didn't match any rules: > > > Authenticating against 'htbAD' in context 'admin' > > Authentication SUCCEEDED against htbAD (Authentication successful.) > > Did not match against htbAD for 'authentication' rules > > Did not match against htbAD for 'administration' rules > > > > Authenticating against 'htbAD' in context 'portal' > > Authentication SUCCEEDED against htbAD (Authentication successful.) > > Did not match against htbAD for 'authentication' rules > > Did not match against htbAD for 'administration' rules > > Consequently, your device didn't get any role. > > You need to adjust your authentication rule: > ``` > [htbAD rule myRule] > action0=set_role=Staff > condition0=memberOf,equals,Staff > match=any > class=authentication > action1=set_access_duration=1h > description=Rule > ``` > > In condition0, Staff should be a LDAP DN. > > -- > Nicolas Quiniou-Briand > n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca > Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence > (https://packetfence.org) and Fingerbank (http://fingerbank.org) > > > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > authentication.conf Description: Binary data ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PacketFence 8.x You do not have permission to register a device with this username
Hello, pftest show you that you didn't match any rules: Authenticating against 'htbAD' in context 'admin' Authentication SUCCEEDED against htbAD (Authentication successful.) Did not match against htbAD for 'authentication' rules Did not match against htbAD for 'administration' rules Authenticating against 'htbAD' in context 'portal' Authentication SUCCEEDED against htbAD (Authentication successful.) Did not match against htbAD for 'authentication' rules Did not match against htbAD for 'administration' rules Consequently, your device didn't get any role. You need to adjust your authentication rule: ``` [htbAD rule myRule] action0=set_role=Staff condition0=memberOf,equals,Staff match=any class=authentication action1=set_access_duration=1h description=Rule ``` In condition0, Staff should be a LDAP DN. -- Nicolas Quiniou-Briand n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank (http://fingerbank.org) ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PacketFence 8.x You do not have permission to register a device with this username
Hello Guys, Am back again, I am having issues with Active Directory Authentication being that my user is able to authenticate but I get at error that says "You do not have permission to register a device with this username" as you can observe in the logs below and "Feb 13 11:04:45 pf packetfence_httpd.portal: httpd.portal(31025) INFO: [mac:00:11:22:00:00:51] User firstname.lastname has authenticated on the portal. (Class::MOP::Class:::after) Feb 13 11:04:45 pf packetfence_httpd.portal: httpd.portal(31025) WARN: [mac:00:11:22:00:00:51] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Feb 13 11:04:45 pf packetfence_httpd.portal: httpd.portal(31025) INFO: [mac:00:11:22:00:00:51] Using sources htbAD for matching (pf::authentication::match) Feb 13 11:04:45 pf packetfence_httpd.portal: httpd.portal(31025) INFO: [mac:00:11:22:00:00:51] LDAP testing connection (pf::LDAP::expire_if) Feb 13 11:04:45 pf packetfence_httpd.portal: httpd.portal(31025) INFO: [mac:00:11:22:00:00:51] Found source htbAD in session. (Class::MOP::Class:::around)" and when I do pftest the results can be found below: /usr/local/pf/bin/pftest authentication firstname.lastname P@55w0rd htbAD Testing authentication for " firstname.lastname" Authenticating against 'htbAD' in context 'admin' * Authentication SUCCEEDED against htbAD (Authentication successful.)* * Did not match against htbAD for 'authentication' rules* * Did not match against htbAD for 'administration' rules* Authenticating against 'htbAD' in context 'portal' * Authentication SUCCEEDED against htbAD (Authentication successful.)* *Did not match against htbAD for 'authentication' rules* * Did not match against htbAD for 'administration' rules* I am wondering what is wrong with my config as I have assigned only a Role which is staff and an access duration of an Hour. Below is a semblance of how my authentication.conf is laid. [htbAD] cache_match=0 read_timeout=10 realms= password=1 searchattributes=sAMAccountName scope=sub port=389 description=my HTB write_timeout=5 type=AD basedn=CN=Users,DC=mydomain,DC=htb monitor=1 set_access_level_action= shuffle=0 email_attribute=mail usernameattribute=UserPrincipalName connection_timeout=1 encryption=none host=172.17.1.248 binddn=CN=Administrator,CN=Users,DC=mydomain,DC=htb [htbAD rule my] action0=set_access_level=ALL match=any class=administration description=my [htbAD rule myRule] action0=set_role=Staff condition0=memberOf,equals,Staff match=any class=authentication action1=set_access_duration=1h description=Rule ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence 8 Log duration
Ok that helps me. Many thanks. Regards Hubert Am 23.08.2018 um 03:51 schrieb Durand fabrice via PacketFence-users: Hello Hubert, by default it's based on that file: https://github.com/inverse-inc/packetfence/blob/devel/packetfence.logrotate So you can adapt it as you want. Regards Fabrice Le 2018-08-21 à 08:28, Hubert Kupper via PacketFence-users a écrit : Hi all, how long is the standard duration for the packetfence logging? Regards, Hubert -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence 8 Log duration
Hello Hubert, by default it's based on that file: https://github.com/inverse-inc/packetfence/blob/devel/packetfence.logrotate So you can adapt it as you want. Regards Fabrice Le 2018-08-21 à 08:28, Hubert Kupper via PacketFence-users a écrit : Hi all, how long is the standard duration for the packetfence logging? Regards, Hubert -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Packetfence 8 Log duration
Hi all, how long is the standard duration for the packetfence logging? Regards, Hubert -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PacketFence 8 installation problems
Hello Annibal, if the admin is not able to start then you probably miss some resources on the system. Can you share with me memory/number of cpus ? Also first step should be: top to see what is running on the system. And also have a look in packetfence.log when you restart packetfence with "/usr/local/pf/bin/pfcmd service pf restart". Regards Fabrice Le 2018-05-20 à 10:26, Annibal Abreu via PacketFence-users a écrit : Hi I have just fineshed to install PacketFence 8 Now, I can not access configurator nor admin. It seems computer is too slow. What can I do to check what is going on? How to check if the installation went fine? How to restart packetfence? What is the minimum configuration to have only Radius Server running. Annibal -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PacketFence 8 installation problems
Hi I have just fineshed to install PacketFence 8 Now, I can not access configurator nor admin. It seems computer is too slow. What can I do to check what is going on? How to check if the installation went fine? How to restart packetfence? What is the minimum configuration to have only Radius Server running. Annibal -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PacketFence 8
Hello Jeimerson, it looks that your authentication source doesn't return any role. Create a rule and assign a role and an access duration in your authentication source. Regards Fabrice Le 2018-05-02 à 11:59, Jeimerson C. Chaves via PacketFence-users a écrit : Hi, all. In tests with PacketFence 8. i not sucess login. Log May 2 15:48:44 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:[undef]] CLI Access is not permit on this switch 10.190.90.25 (pf::radius::switch_access) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.25), connection_type => Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac => [00:0c:29:75:9d:61], port => 10010, username => "administra...@samba.nac" (pf::radius::authorize) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through discovery protocols for ifIndex 10010 (pf::Switch::getPhonesDPAtIfIndex) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN pfqueue: pfqueue(4059) INFO: [mac:unknown] undefined source id provided (pf::lookup::person::lookup_person) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/role.pm line 731. (pf::role::_check_bypass) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478. (pf::role::getRegisteredRole) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 768. (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 771. (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in conf/switches.conf for the switch 10.190.90.25 (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in hash element at /usr/local/pf/lib/pf/Switch.pm line 751. (pf::Switch::getRoleByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 754. (pf::Switch::getRoleByName) May 2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.25), connection_type => Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac =>
[PacketFence-users] PacketFence 8
Hi, all. In tests with PacketFence 8. i not sucess login. Log May 2 15:48:44 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:[undef]] CLI Access is not permit on this switch 10.190.90.25 (pf::radius::switch_access) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.25), connection_type => Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac => [00:0c:29:75:9d:61], port => 10010, username => "administra...@samba.nac" (pf::radius::authorize) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through discovery protocols for ifIndex 10010 (pf::Switch::getPhonesDPAtIfIndex) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN pfqueue: pfqueue(4059) INFO: [mac:unknown] undefined source id provided (pf::lookup::person::lookup_person) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value in string eq at /usr/local/pf/lib/pf/role.pm line 731. (pf::role::_check_bypass) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Found authentication source(s) : 'SAMBA.NAC' for realm 'samba.nac' (pf::config::util::filter_authentication_sources) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Using sources SAMBA.NAC for matching (pf::authentication::match2) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $role in concatenation (.) or string at /usr/local/pf/lib/pf/role.pm line 478. (pf::role::getRegisteredRole) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Username was NOT defined or unable to match a role - returning node based role '' (pf::role::getRegisteredRole) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] PID: "administra...@samba.nac", Status: reg Returned VLAN: (undefined), Role: (undefined) (pf::role::fetchRoleForNode) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in hash element at /usr/local/pf/lib/pf/Switch.pm line 768. (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $vlanName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 771. (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] No parameter Vlan found in conf/switches.conf for the switch 10.190.90.25 (pf::Switch::getVlanByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in hash element at /usr/local/pf/lib/pf/Switch.pm line 751. (pf::Switch::getRoleByName) May 2 15:48:48 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) WARN: [mac:00:0c:29:75:9d:61] Use of uninitialized value $roleName in concatenation (.) or string at /usr/local/pf/lib/pf/Switch.pm line 754. (pf::Switch::getRoleByName) May 2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] violation 133 force-closed for 00:0c:29:75:9d:61 (pf::violation::violation_force_close) May 2 15:48:49 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) May 2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] handling radius autz request: from switch_ip => (10.190.90.25), connection_type => Ethernet-EAP,switch_mac => (00:26:98:96:21:8a), mac => [00:0c:29:75:9d:61], port => 10010, username => "administra...@samba.nac" (pf::radius::authorize) May 2 15:51:41 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2227) INFO: [mac:00:0c:29:75:9d:61] Could not find any IP phones through discovery protocols for ifIndex 10010