Hello,
the client host/cust-SEG.custulm.local can't authenticate.
In packetfence.log I see cust-SEG.custulm.local without "host/" prefix.
/usr/local/pf/bin/pftest authentication host/cust-SEG.custulm.local "" is
working well.
/usr/local/pf/bin/pftest authentication cust-SEG.custulm.local "" is not
working.
What can be the reason to remove the host prefix?
Thanks in advance
radius.log...
Sep 13 13:44:06 cust-NAC01 auth[1674]: Adding client 10.1.40.1/32
Sep 13 13:44:06 cust-NAC01 auth[1674]: [mac:10:7b:44:18:ed:3a] Rejected user:
host/cust-SEG.custulm.local
Sep 13 13:44:06 cust-NAC01 auth[1674]: (150) Rejected in post-auth:
[host/cust-SEG.custulm.local] (from client 10.1.40.1/32 port 260 cli
10:7b:44:18:ed:3a)
Sep 13 13:44:06 cust-NAC01 auth[1674]: (150) Login incorrect (sql_reject:
Insufficient space to store pair string, needed 2088 bytes have 2048 bytes):
[host/cust-SEG.custulm.local] (from client 10.1.40.1/32 port 260 cli
10:7b:44:18:ed:3a)
packetfence.log...
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
[mac:10:7b:44:18:ed:3a] [AS-custulm INSEL] Searching for
(servicePrincipalName=cust-SEG.custulm.local), from DC=custulm,DC=local, with
scope sub (pf::Authentication::Source::LDAPSource::match_in_subclass)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) INFO:
[mac:10:7b:44:18:ed:3a] No rules matches or no category defined for the node,
set it as unreg. (pf::role::getNodeInfoForAutoReg)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
[mac:10:7b:44:18:ed:3a] No category computed for autoreg
(pf::role::getNodeInfoForAutoReg)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) WARN:
[mac:10:7b:44:18:ed:3a] No role specified or found for pid
cust-SEG.custulm.local (MAC 10:7b:44:18:ed:3a); assume maximum number of
registered nodes is reached (pf::node::is_max_reg_nodes_reached)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] max nodes per pid met or exceeded - registration of
10:7b:44:18:ed:3a to cust-SEG.custulm.local failed
(pf::registration::setup_node_for_registration)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] auto-registration of node failed max nodes per pid met
or exceeded (pf::radius::authorize)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] Database query failed with non retryable error: Cannot
add or update a child row: a foreign key constraint fails (`pf`.`node`,
CONSTRAINT `0_57` FOREIGN KEY (`tenant_id`, `pid`) REFERENCES `person`
(`tenant_id`, `pid`) ON DELETE CASCADE ON UPDATE CASCADE) (errno: 1452) [INSERT
INTO `node` ( `autoreg`, `bandwidth_balance`, `bypass_role_id`, `bypass_vlan`,
`category_id`, `computername`, `detect_date`, `device_class`,
`device_manufacturer`, `device_score`, `device_type`, `device_version`,
`dhcp6_enterprise`, `dhcp6_fingerprint`, `dhcp_fingerprint`, `dhcp_vendor`,
`last_arp`, `last_dhcp`, `last_seen`, `lastskip`, `mac`, `machine_account`,
`notes`, `pid`, `regdate`, `sessionid`, `status`, `tenant_id`, `time_balance`,
`unregdate`, `user_agent`, `voip`) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, NOW(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ON DUPLICATE
KEY UPDATE `autoreg` = ?, `last_seen` = NOW(), `pid` = ?, `tenant_id` = ?]{yes,
NULL, NULL, NULL, NULL, NULL, 2021-09-13 11:21:11, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, 0000-00-00 00:00:00, 0000-00-00 00:00:00,
0000-00-00 00:00:00, 10:7b:44:18:ed:3a, NULL, NULL, cust-SEG.custulm.local,
0000-00-00 00:00:00, NULL, unreg, 1, NULL, 0000-00-00 00:00:00, NULL, no, yes,
cust-SEG.custulm.local, 1} (pf::dal::db_execute)
Sep 13 13:44:06 cust-NAC01 packetfence_httpd.aaa: httpd.aaa(1047) ERROR:
[mac:10:7b:44:18:ed:3a] Cannot save 10:7b:44:18:ed:3a error (500)
(pf::radius::authorize)
Kind regards
[cid:[email protected]]
________________________________
Celos Computer GmbH | Liststraße 1 | 89079 Ulm
www.celos.de <http://www.celos.de/> | facebook
<https://www.facebook.com/CelosComputerGmbH/> | xing
<https://www.xing.com/companies/celoscomputergmbh>
Stephan Kaufhold
Consultant
Telefon: +49 731 96884-690 | Fax: +49 73196884-790 | E-Mail:
[email protected]
________________________________
Besuchen Sie uns auf
[cid:[email protected]]<https://www.facebook.com/CelosComputerGmbH>[cid:[email protected]]<https://linkedin.com/company/celos-computer-gmbh>[cid:[email protected]]<https://www.xing.com/pages/celoscomputergmbh>
Sitz der Gesellschaft: Ulm | Rechtsform: GmbH | Amtsgericht Ulm: HRB 730872 |
Geschäftsführer: Dipl. Ing. Thomas Hoffmann
Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige
vertrauliche Informationen enthalten.
Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine
Kenntnisnahme des Inhalts, eine Vervielfältigung oder Weitergabe ausdrücklich
untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene
E-Mail. Vielen Dank.
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
