Hello Team,
I've followed what the guide says on this link:
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_eap_authentication_against_openldap
But apparently, it didn't work for me. I've also followed some of the
previous conversation/tips on
www.mail-archive.com/packetfence-users@lists.sourceforge.net
<http://www.mail-archive.com/packetfence-users@lists.sourceforge.net>
regarding on the issues and still no luck.
My equipments are:
Unifi AP AC Pro
Unifi Controller v5.10.26
Latest Packetfence ZEN
Cisco Switch 2960x
Ldap server is phpLDAPadmin
I also did some testing with Active Directory, and it all went well.
Easy peasy. Is there a way I can make it work with our openldap
server? Would really appreciate your help on this.
Here are some of my configs:
/mods-available/ldap
ldap {
server = "ldap.cloudstaff.com <http://ldap.cloudstaff.com>"
identity = "uid=csldap,dc=cloudstaff,dc=com"
password = 'HDZ+r8BC!4m6Qrk'
password_header = "{ssha}"
password_attribute = userPassword
basedn = "dc=cloudstaff,dc=com"
#filter = "(uid=%{mschap:User-Name})"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
keepalive {
# LDAP_OPT_X_KEEPALIVE_IDLE
idle = 60
# LDAP_OPT_X_KEEPALIVE_PROBES
probes = 3
# LDAP_OPT_X_KEEPALIVE_INTERVAL
interval = 3
}
}
/conf/radiusd/packetfence-tunnel
# -*- text -*-
######################################################################
#
# This is a virtual server that handles *only* inner tunnel
# requests for EAP-TTLS and PEAP types.
#
# $Id: c250afa30a78fe9ff7a97b6c9b8a7c3a419a6946 $
#
######################################################################
server packetfence-tunnel {
# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the "users" file.
#
# The order of the realm modules will determine the order that
# we try to find a matching realm.
#
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
# TTLS does not send an EAP-Message to be parsed so the eap module
# cannot assign the EAP-Type
if ( outer.EAP-Type == TTLS) {
update request {
&EAP-Type := TTLS
}
}
packetfence-set-realm-if-machine
packetfence-set-tenant-id
#
# Take a User-Name, and perform some checks on it, for spaces
and other
# invalid characters. If the User-Name appears invalid,
reject the
# request.
#
# See policy.d/filter for the definition of the
filter_username policy.
#
filter_username
#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
# Uncomment if you need to reject user who already failed
ntlm_auth (see packetfence-cache-ntlm-hit too)
# packetfence-control-ntlm-failure
mschap
#
# If you are using multiple kinds of realms, you probably
# want to set "ignore_null = yes" for all of them.
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
# Note that proxying the inner tunnel authentication means
# that the user MAY use one identity in the outer session
# (e.g. "anonymous", and a different one here
# (e.g. "u...@example.com <mailto:u...@example.com>"). The
inner session will then be
# proxied elsewhere for authentication. If you are not
# careful, this means that the user can cause you to forward
# the authentication to another RADIUS server, and have the
# accounting logs *not* sent to the other server. This makes
# it difficult to bill people for their network activity.
#
suffix
ntdomain
%%userPrincipalName%%
%%multi_domain%%
%%redis_ntlm_cache_fetch%%
%%authorize_filter%%
#
# The "suffix" module takes care of stripping the domain
# (e.g. "@example.com <http://example.com>") from the
User-Name attribute, and the
# next few lines ensure that the request is not proxied.
#
# If you want the inner tunnel request to be proxied, delete
# the next few lines.
#
update control {
&Proxy-To-Realm := LOCAL
}
#
# This module takes care of EAP-MSCHAPv2 authentication.
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
#
# The example below uses module failover to avoid querying all
# of the following modules if the EAP module returns "ok".
# Therefore, your LDAP and/or SQL servers will not be queried
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
eap {
ok = return
}
#
# Read the 'users' file
#files
# Check if PacketFence local (SQL) authentication is enabled.
# Run the packetfence-local-auth policy if it is.
rewrite_called_station_id
# Uncomment the following line to enable local PEAP authentication
packetfence-local-auth
#
# The ldap module reads passwords from the LDAP database.
ldap
if (ok){
update control {
&MS-CHAP-Use-NTLM-Auth := No
}
}
#
# Or if you want to cache the password (ex: Novell eDirectory
using Universal Password) uncomment the following
#update control {
# Cache-Status-Only = 'yes'
#}
#cache_password
#if (notfound) {
# -ldap
#}
#cache_password
#
# If no other module has claimed responsibility for
# authentication, then try to use PAP. This allows the
# other modules listed above to add a "known good" password
# to the request, and to do nothing else. The PAP module
# will then see that password, and use it to do PAP
# authentication.
#
# This module should be listed last, so that the other modules
# get a chance to set Auth-Type for themselves.
#
pap
}
# Authentication.
#
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
# that a module from the 'authorize' section adds a configuration
# attribute 'Auth-Type := FOO'. That authentication type is then
# used to pick the appropriate module from the list below.
#
# In general, you SHOULD NOT set the Auth-Type attribute. The server
# will figure it out on its own, and will do the right thing. The
# most common side effect of erroneously setting the Auth-Type
# attribute is that one authentication method will work, but the
# others will not.
#
# The common reasons to set the Auth-Type attribute by hand
# is to either forcibly reject the user, or forcibly accept him.
#
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication
Auth-Type MS-CHAP {
packetfence # increment the StatsD counter
# If there is already an NT-Password populated in the
control, we'll try it
# In the event it fails, it will fallback to an
ntlm_auth call below
if(&control:NT-Password && &control:NT-Password != "") {
mschap_local {
reject = 2
}
if (reject || fail) {
packetfence-mschap-authenticate
}
}
else {
packetfence-mschap-authenticate
}
}
# Uncomment it if you want to use ldap for authentication
#
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
#
# We do NOT recommend using this. LDAP servers are databases.
# They are NOT authentication servers. FreeRADIUS is an
# authentication server, and knows what to do with
authentication.
# LDAP servers do not.
#
# Auth-Type LDAP {
# ldap
# }
#
#
# Allow EAP authentication.
eap
}
######################################################################
#
# There are no accounting requests inside of EAP-TTLS or PEAP
# tunnels.
#
######################################################################
# Session database, used for checking Simultaneous-Use. Either the
radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
radutmp
#
# See "Simultaneous Use Checking Queries" in sql.conf
# sql
}
# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
#
# Note that the last packet of the inner-tunnel authentication
# MAY NOT BE the last packet of the outer session. So updating
# the outer reply MIGHT work, and sometimes MIGHT NOT. The
# exact functionality depends on both the inner and outer
# authentication methods.
#
# If you need to send a reply attribute in the outer session,
# the ONLY safe way is to set "use_tunneled_reply = yes", and
# then update the inner-tunnel reply.
post-auth {
packetfence-set-tenant-id
if !( ("%{client:shortname}" =~ /eduroam_tlrs/) ||
(&request:PacketFence-SHortName && &request:PacketFence-ShortName =~
/eduroam_tlrs/)) {
rest
}
update {
&request:User-Password := "******"
}
if (&control:PacketFence-Authorization-Status == "deny") {
packetfence-audit-log-reject
reject
} else {
packetfence-audit-log-accept
}
#
# Un-comment the following if you have set
# 'edir_account_policy_check = yes' in the ldap module
sub-section of
# the 'modules' section.
#
#ldap
#
# These attributes are for the inner session only.
# They MUST NOT be sent in the outer reply.
#
# If you uncomment the previous block and leave
# this one commented out, WiFi WILL NOT WORK,
# because the client will get two MS-MPPE-keys
#
update outer.session-state {
&MS-MPPE-Encryption-Policy !* ANY
&MS-MPPE-Encryption-Types !* ANY
&MS-MPPE-Send-Key !* ANY
&MS-MPPE-Recv-Key !* ANY
&Message-Authenticator !* ANY
&EAP-Message !* ANY
&Proxy-State !* ANY
}
#
# Access-Reject packets are sent through the REJECT
sub-section of the
# post-auth section.
#
# Add the ldap module name (or instance) if you have set
# 'edir_account_policy_check = yes' in the ldap module
configuration
#
Post-Auth-Type REJECT {
# Uncomment if you need to limit failed ntlm
authentication (see packetfence-control-ntlm-failure too)
# packetfence-cache-ntlm-hit
packetfence-set-tenant-id
update {
&request:User-Password := "******"
}
packetfence-audit-log-reject
attr_filter.access_reject
#
# Let the outer session know which module failed, and
why.
#
update outer.session-state {
&Module-Failure-Message :=
&request:Module-Failure-Message
}
}
}
#
# When the server decides to proxy a request to a home server,
# the proxied request is first passed through the pre-proxy
# stage. This stage can re-write the request, or decide to
# cancel the proxy.
#
# Only a few modules currently have this method.
#
pre-proxy {
# Uncomment the following line if you want to change attributes
# as defined in the preproxy_users file.
# files
# Uncomment the following line if you want to filter requests
# sent to remote servers based on the rules defined in the
# 'attrs.pre-proxy' file.
# attr_filter.pre-proxy
# If you want to have a log of packets proxied to a home
# server, un-comment the following line, and the
# 'detail pre_proxy_log' section, above.
# pre_proxy_log
}
#
# When the server receives a reply to a request it proxied
# to a home server, the request may be massaged here, in the
# post-proxy stage.
#
post-proxy {
# If you want to have a log of replies from a home server,
# un-comment the following line, and the 'detail post_proxy_log'
# section, above.
# post_proxy_log
# Uncomment the following line if you want to filter replies from
# remote proxies based on the rules defined in the 'attrs' file.
# attr_filter.post-proxy
#
# If you are proxying LEAP, you MUST configure the EAP
# module, and you MUST list it here, in the post-proxy
# stage.
#
# You MUST also use the 'nostrip' option in the 'realm'
# configuration. Otherwise, the User-Name attribute
# in the proxied request will not match the user name
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
eap
}
} # inner-tunnel server block
server packetfence-tunnel-fast {
# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the "users" file.
#
# The order of the realm modules will determine the order that
# we try to find a matching realm.
#
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
#
# Take a User-Name, and perform some checks on it, for spaces
and other
# invalid characters. If the User-Name appears invalid,
reject the
# request.
#
# See policy.d/filter for the definition of the
filter_username policy.
#
filter_username
#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
mschap
#
# If you are using multiple kinds of realms, you probably
# want to set "ignore_null = yes" for all of them.
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
# Note that proxying the inner tunnel authentication means
# that the user MAY use one identity in the outer session
# (e.g. "anonymous", and a different one here
# (e.g. "u...@example.com <mailto:u...@example.com>"). The
inner session will then be
# proxied elsewhere for authentication. If you are not
# careful, this means that the user can cause you to forward
# the authentication to another RADIUS server, and have the
# accounting logs *not* sent to the other server. This makes
# it difficult to bill people for their network activity.
#
suffix
ntdomain
%%multi_domain%%
%%redis_ntlm_cache_fetch%%
#
# The "suffix" module takes care of stripping the domain
# (e.g. "@example.com <http://example.com>") from the
User-Name attribute, and the
# next few lines ensure that the request is not proxied.
#
# If you want the inner tunnel request to be proxied, delete
# the next few lines.
#
update control {
&Proxy-To-Realm := LOCAL
}
#
# This module takes care of EAP-MSCHAPv2 authentication.
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
#
# The example below uses module failover to avoid querying all
# of the following modules if the EAP module returns "ok".
# Therefore, your LDAP and/or SQL servers will not be queried
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
eap {
ok = return
}
#
# Read the 'users' file
#files
# Check if PacketFence local (SQL) authentication is enabled.
# Run the packetfence-local-auth policy if it is.
rewrite_called_station_id
# Uncomment the following line to enable local PEAP authentication
# packetfence-local-auth
#
# The ldap module reads passwords from the LDAP database.
#-ldap
#if (ok) {
# update control {
# &MS-CHAP-Use-NTLM-Auth := No
#}
#
# Or if you want to cache the password (ex: Novell eDirectory
using Universal Password) uncomment the following
#update control {
# Cache-Status-Only = 'yes'
#}
#cache_password
#if (notfound) {
# -ldap
#}
#cache_password
#
# If no other module has claimed responsibility for
# authentication, then try to use PAP. This allows the
# other modules listed above to add a "known good" password
# to the request, and to do nothing else. The PAP module
# will then see that password, and use it to do PAP
# authentication.
#
# This module should be listed last, so that the other modules
# get a chance to set Auth-Type for themselves.
#
pap
}
# Authentication.
#
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
# that a module from the 'authorize' section adds a configuration
# attribute 'Auth-Type := FOO'. That authentication type is then
# used to pick the appropriate module from the list below.
#
# In general, you SHOULD NOT set the Auth-Type attribute. The server
# will figure it out on its own, and will do the right thing. The
# most common side effect of erroneously setting the Auth-Type
# attribute is that one authentication method will work, but the
# others will not.
#
# The common reasons to set the Auth-Type attribute by hand
# is to either forcibly reject the user, or forcibly accept him.
#
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
}
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}
#
# MSCHAP authentication
Auth-Type MS-CHAP {
packetfence # increment the StatsD counter
packetfence-mschap-authenticate
}
# Uncomment it if you want to use ldap for authentication
#
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
#
# We do NOT recommend using this. LDAP servers are databases.
# They are NOT authentication servers. FreeRADIUS is an
# authentication server, and knows what to do with
authentication.
# LDAP servers do not.
#
# Auth-Type LDAP {
# ldap
# }
#
# Allow EAP authentication.
eap
}
######################################################################
#
# There are no accounting requests inside of EAP-TTLS or PEAP
# tunnels.
#
######################################################################
# Session database, used for checking Simultaneous-Use. Either the
radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
radutmp
#
# See "Simultaneous Use Checking Queries" in sql.conf
# sql
}
# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
#
# Note that the last packet of the inner-tunnel authentication
# MAY NOT BE the last packet of the outer session. So updating
# the outer reply MIGHT work, and sometimes MIGHT NOT. The
# exact functionality depends on both the inner and outer
# authentication methods.
#
# If you need to send a reply attribute in the outer session,
# the ONLY safe way is to set "use_tunneled_reply = yes", and
# then update the inner-tunnel reply.
post-auth {
packetfence-set-tenant-id
rest
update {
&request:User-Password := "******"
}
if (&control:PacketFence-Authorization-Status == "deny") {
packetfence-audit-log-reject
reject
} else {
packetfence-audit-log-accept
}
#
# Un-comment the following if you have set
# 'edir_account_policy_check = yes' in the ldap module
sub-section of
# the 'modules' section.
#
#ldap
#
# These attributes are for the inner session only.
# They MUST NOT be sent in the outer reply.
#
# If you uncomment the previous block and leave
# this one commented out, WiFi WILL NOT WORK,
# because the client will get two MS-MPPE-keys
#
update outer.session-state {
&MS-MPPE-Encryption-Policy !* ANY
&MS-MPPE-Encryption-Types !* ANY
&MS-MPPE-Send-Key !* ANY
&MS-MPPE-Recv-Key !* ANY
&Message-Authenticator !* ANY
&EAP-Message !* ANY
&Proxy-State !* ANY
}
#
# Access-Reject packets are sent through the REJECT
sub-section of the
# post-auth section.
#
# Add the ldap module name (or instance) if you have set
# 'edir_account_policy_check = yes' in the ldap module
configuration
#
Post-Auth-Type REJECT {
packetfence-set-tenant-id
update {
&request:User-Password := "******"
}
packetfence-audit-log-reject
attr_filter.access_reject
#
# Let the outer session know which module failed, and
why.
#
update outer.session-state {
&Module-Failure-Message :=
&request:Module-Failure-Message
}
}
}
#
# When the server decides to proxy a request to a home server,
# the proxied request is first passed through the pre-proxy
# stage. This stage can re-write the request, or decide to
# cancel the proxy.
#
# Only a few modules currently have this method.
#
pre-proxy {
# Uncomment the following line if you want to change attributes
# as defined in the preproxy_users file.
# files
# Uncomment the following line if you want to filter requests
# sent to remote servers based on the rules defined in the
# 'attrs.pre-proxy' file.
# attr_filter.pre-proxy
# If you want to have a log of packets proxied to a home
# server, un-comment the following line, and the
# 'detail pre_proxy_log' section, above.
# pre_proxy_log
}
#
# When the server receives a reply to a request it proxied
# to a home server, the request may be massaged here, in the
# post-proxy stage.
#
post-proxy {
# If you want to have a log of replies from a home server,
# un-comment the following line, and the 'detail post_proxy_log'
# section, above.
# post_proxy_log
# Uncomment the following line if you want to filter replies from
# remote proxies based on the rules defined in the 'attrs' file.
# attr_filter.post-proxy
#
# If you are proxying LEAP, you MUST configure the EAP
# module, and you MUST list it here, in the post-proxy
# stage.
#
# You MUST also use the 'nostrip' option in the 'realm'
# configuration. Otherwise, the User-Name attribute
# in the proxied request will not match the user name
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
eap
}
} # inner-tunnel server block
Error Logs:
*radius.log*
*
*
Sep 4 01:52:04 PacketFence-ZEN auth[1620]: Need 7 more connections to
reach 10 spares
Sep 4 01:52:04 PacketFence-ZEN auth[1620]: rlm_sql (sql): Opening
additional connection (7), 1 of 61 pending slots used
Sep 4 01:52:04 PacketFence-ZEN auth[1620]: Need 3 more connections to
reach min connections (5)
Sep 4 01:52:04 PacketFence-ZEN auth[1620]: rlm_ldap (ldap): Opening
additional connection (7), 1 of 8 pending slots used
Sep 4 01:52:05 PacketFence-ZEN auth[1620]: (72) mschap: ERROR:
Program returned code (1) and output 'Reading winbind reply failed!
(0xc0000001)'
Sep 4 01:52:05 PacketFence-ZEN auth[1620]: Need 6 more connections to
reach 10 spares
Sep 4 01:52:05 PacketFence-ZEN auth[1620]: rlm_sql (sql): Opening
additional connection (8), 1 of 60 pending slots used
Sep 4 01:52:05 PacketFence-ZEN auth[1620]: (72) Login incorrect
(mschap: Program returned code (1) and output 'Reading winbind reply
failed! (0xc0000001)'): [patrickb] (from client 10.4.200.52 port 0 cli
88:6b:6e:37:63:07 via TLS tunnel)
Sep 4 01:52:05 PacketFence-ZEN auth[1620]: [mac:88:6b:6e:37:63:07]
Rejected user: patrickb
Sep 4 01:52:05 PacketFence-ZEN auth[1620]: (73) Login incorrect
(eap_peap: The users session was previously rejected: returning reject
(again.)): [patrickb] (from client 10.4.200.52 port 0 cli
88:6b:6e:37:63:07)
*unifi ap logs*
*
*
Thu Sep 5 15:30:44 2019 daemon.info <http://daemon.info> hostapd:
ath4: STA fe:ec:da:f8:18:87 DRIVER: Sead AUTH addr=88:6b:6e:37:63:07
status_code=0
Thu Sep 5 15:30:44 2019 daemon.info <http://daemon.info> hostapd:
ath4: STA 88:6b:6e:37:63:07 IEEE 802.11: associated
Thu Sep 5 15:30:44 2019 user.info <http://user.info> libubnt[26089]:
wevent[26089]: wevent.ubnt_custom_event(): EVENT_STA_JOIN ath4:
88:6b:6e:37:63:07 / 1
Thu Sep 5 15:30:44 2019 kern.warn kernel: [531998.408007]
ieee80211_ioctl_set_ratelimit: node with aid 1 and mac
88:6b:6e:37:63:07 has been tagged non rate-limiting
Thu Sep 5 15:30:44 2019 kern.warn kernel: [531998.817154] [wifi1]
FWLOG: [7904215] RATE: ChainMask 3, phymode 1044489, ni_flags
0x02233006, vht_mcs_set 0xfffa, ht_mcs_set 0xffff, legacy_rate_set
0xffc0401
Thu Sep 5 15:30:45 2019 daemon.warn hostapd: ath4: STA
88:6b:6e:37:63:07 IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)
Thu Sep 5 15:30:45 2019 user.info <http://user.info> libubnt[26089]:
wevent[26089]: wevent.ubnt_custom_event(): EVENT_STA_LEAVE ath4:
88:6b:6e:37:63:07 / 1
Thu Sep 5 15:30:45 2019 kern.warn kernel: [531999.817245] [wifi1]
FWLOG: [7905564] WAL_DBGID_SET_HW_FILTER ( 0x4380c4 )
Thu Sep 5 15:30:50 2019 daemon.info <http://daemon.info> hostapd:
ath4: STA 88:6b:6e:37:63:07 IEEE 802.11: deauthenticated due to local
deauth request
Thu Sep 5 15:30:54 2019 user.info <http://user.info> : stahtd[26090]:
[STA-TRACKER].stahtd_dump_event():
{"assoc_delta":"10000","mac":"88:6b:6e:37:63:07","event_type":"failure","message_type":"STA_ASSOC_TRACKER","vap":"ath4","radius_auth_status":"failure","wpa_auth_failures":"1","assoc_status":"0","radius_auth_delta":"1310000","auth_delta":"0","event_id":"2","auth_ts":"531998.307935"}
Also, is radius vlan also possible on open network with Unifi? thank
you so much!
--
Patrick Bituin
Network Security Team
PH: +639062012879
LinkedIn: View my profile
<http://www.linkedin.com/in/patrick-bituin-1670b4115/>
Skype: patrickb
www.cloudstaff.com <https://www.cloudstaff.com/>
patri...@cloudstaff.com <mailto:patri...@cloudstaff.com?subject=Hello!>
<https://www.cloudstaff.com/>
<http://www.linkedin.com/company/2271585?trk=tyah>
<https://www.facebook.com/pages/Cloudstaff/482248108531645>
<https://www.google.com/+CloudstaffIncAngeles>
<https://twitter.com/Cloud_Staff>
<https://www.youtube.com/channel/UCye5np9S2NaP_9UHpbEBnfA>
The information contained in this email and any attachments may be
confidential. This email and any attachments are also subject to
copyright. No part of them may be reproduced, adapted or transmitted
without the written permission of the copyright owner. If you are not
the intended recipient, any use, interference with, disclosure or
copying of this information is unauthorised and prohibited. If you
have received this email in error, please immediately advise the
sender by return email and delete the message from your system. Email
communications may be stored for archival purposes.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users