I am using the latest PacketFence ZEN VM.
I am able to authenticate 802.1x and pick up an IP from PacketFence.
Devices are placed into the unregistered status in the PacketFence website.
However, two issues. One is that it is automatically assigning me the
inline VLAN when I am out of band. My understanding is that PacketFence
should first place me into the registration VLAN. Second, I am not forced
to the captive portal authentication page. However, I can manually type
the captive portal URL, and login fine. Basically, I can bypass the
captive portal screen to access the internet.
All services are started except pfdetect, pfredirect and snort.
pfdhcplistener appears to be running on all DHCP interfaces as I see
multiple PIDs.
Here is my pf.conf file. Any help is appreciated.
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=mydomain
#
# general.hostname
#
# Hostname of PacketFence system. This is concatenated with the domain in
Apache rewriting rules and therefore must be resolvable by clients.
hostname=pf
#
# general.dnsservers
#
# Comma-delimited list of DNS servers. Passthroughs are created to allow
queries to these servers from even "trapped" nodes.
dnsservers=10.10.10.3,10.10.10.4,10.10.10.5
#
# general.dhcpservers
#
# Comma-delimited list of DHCP servers. Passthroughs are created to allow
DHCP transactions from even "trapped" nodes.
dhcpservers=10.10.20.3,10.10.30.3,10.10.40.3,10.10.50.3
timezone=America/Chicago
[trapping]
# trapping.range
#
# Comma-delimited list of address ranges/CIDR blocks that PacketFence will
monitor/detect/trap on. Gateway, network, and
# broadcast addresses are ignored.
range=10.10.20.0/24,10.10.30.0/24,10.10.40.0/24,10.10.50.0/24
#
# trapping.registration
#
# If enabled, nodes will be required to register on first network access.
Further registration options are configured in the
# registration section.
registration=enabled
#Redirection
redirecturl=https://pf.mydomain
#detection=enabled
always_use_redirecturl=disabled
#passthrough=iptables
#
# trapping.dectection
#
# If enabled, nodes will be trapped if triggering a SNORT rules.
#detection=disabled
#
[database]
#
# database.pass
#
# Password for the mysql database used by PacketFence.
pass=pfz3n
[interface eth0.50]
ip=10.10.10.2
mask=255.255.255.0
type=management
gateway=10.10.10.1
[interface eth0.100]
ip=10.10.20.2
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=10.10.20.1
[alerting]
emailaddr=myemail
wins_server=10.10.10.3
admin_netbiosname=pf
# REMOVE COMMENT TO ENABLE VLAN MODE
[interface eth0.95]
ip=10.10.30.2
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=10.10.30.1
[interface eth0.96]
ip=10.10.40.2
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=10.10.40.1
[interface eth0.98]
ip=10.10.50.2
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=10.10.50.1
[inline]
portal_redirect=ip
[registration]
range=10.10.20.0/24,10.10.30.0/24,10.10.40.0/24,10.10.50.0/24
[captive_portal]
network_detection_ip=10.10.20.2
------------------------------------------------------------------------------
Systems Optimization Self Assessment
Improve efficiency and utilization of IT resources. Drive out cost and
improve service delivery. Take 5 minutes to use this Systems Optimization
Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
