[PacketFence-users] Secondary PF server radius issues

[Morris, Andi]

Hi all,
I wonder whether anyone can help me.

I have a secondary packetfence server setup and ready, as a cold standby in 
case the first box ever falls over.  The thought being that I can just start 
the services on the second and authentication will continue.  All my switches 
are setup to have the second packetfence server as the secondary radius server. 
 However, if I test the setup, but stopping the services on the primary, and 
starting them on the secondary only my wireless clients can successfully 
authenticate, any connections from the wired switches don't respond to the EAP 
access-challenge and the freeradius server shows the certificate_compatibility 
message in the debug.

I simply can't see why the wireless and the wired would behave differently from 
the two boxes, the setup is mimicked from one server to the other.

Currently server validation is switched off for all clients, although I intend 
to rectify this very soon by creating and deploying the root CA created by the 
freeradius server(s).

Hopefully somebody can help.
Cheers,
Andi
---
Andi Morris
Technical Security Analyst
Systems and Communications Services
Information Services Division
Cardiff Metropolitan University
Cardiff
Wales
CF5 2YB

02920 205720
--



>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan 
>University. From the 6th December 2011, as part of this change, all email 
>addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All 
>emails sent from Cardiff Metropolitan University will now be sent from the new 
>@cardiffmet.ac.uk address. Please could you ensure that all of your contact 
>records and databases are updated to reflect this change. Further information 
>can be found on the website 
>here.

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan 
Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n 
cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a 
ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o'r cyfeiriad 
@cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion 
cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar 
y wefan yma.

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence 3.5.0 released!

[Dominique]

Hi Francis,

Although a native French speaker myself, it was my first translation 
into my language in so many years, I expected some modifications to be 
made. I would have appreciated some feedback when I finished the 
translation more than a month ago but it seems no one was looking after 
the translations at all. I'll look again at the spanish one and try to 
refine a bit more.

The main difficulty is not the languages themselves but the context.

Dominique

On 01/08/2012 20:40, Francis Lachapelle wrote:
> Hi Dominique
>
> On 2012-08-01, at 1:33 PM, Dominique wrote:
>
>> Can you confirm if the translations for French and Spanish are included
>> in this version?
>
> No. As native French-speakers, we wanted to review the French translation. 
> I've noticed to much errors to integrate it as is.
>
> We'll update the translations in the next minor release.
>
> BTW -- please don't translate the language names. We keep them in their 
> native language (French =>  Français, not Francés!).
>
> Thanks for your contribution!
>
>
> Francis
>
> --
> flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca
> Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence 
> (http://packetfence.org)
>
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 3.5 upgrade dependency issue

[Kim Culhan]

On Wed, Aug 1, 2012 at 1:34 PM, Durand Fabrice  wrote:
> Hi Thomas,
> with PacketFence 3.5 you must add the openfusion repository, it's in
> the doc.

Where is that doc located?

It doesn't appear to be in the 3.5.0 administration guide.

thanks
-kim

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 3.5 upgrade dependency issue

[Francois Gaudreault]

You should definitely learn how to use the search function.  It's a key 
feature of all PDF readers.

Page 9.

On 2012-08-02 7:53 AM, Kim Culhan wrote:
> On Wed, Aug 1, 2012 at 1:34 PM, Durand Fabrice  wrote:
>> Hi Thomas,
>> with PacketFence 3.5 you must add the openfusion repository, it's in
>> the doc.
>
> Where is that doc located?
>
> It doesn't appear to be in the 3.5.0 administration guide.
>
> thanks
> -kim
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Secondary PF server radius issues

[Francois Gaudreault]

Hi Andi,

> I have a secondary packetfence server setup and ready, as a cold standby
> in case the first box ever falls over.  The thought being that I can
> just start the services on the second and authentication will continue.
> All my switches are setup to have the second packetfence server as the
> secondary radius server.  However, if I test the setup, but stopping the
> services on the primary, and starting them on the secondary only my
> wireless clients can successfully authenticate, any connections from the
> wired switches don’t respond to the EAP access-challenge and the
> freeradius server shows the certificate_compatibility message in the debug.
>
> I simply can’t see why the wireless and the wired would behave
> differently from the two boxes, the setup is mimicked from one server to
> the other.
>
> Currently server validation is switched off for all clients, although I
> intend to rectify this very soon by creating and deploying the root CA
> created by the freeradius server(s).
I am not sure this is related to PF at all :S  It is more a 
RADIUS/Supplicant kind of issue.  You should investigate also on the 
client side to see what happens.

>
> Hopefully somebody can help.
>
> Cheers,
>
> Andi
>
> ---
> Andi Morris
> Technical Security Analyst
>
> Systems and Communications Services
> Information Services Division
> Cardiff Metropolitan University
> Cardiff
> Wales
> CF5 2YB
>
> 02920 205720
>
> --
>
> 
>
>  >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
> University. From the 6th December 2011, as part of this change, all
> email addresses which included @uwic.ac.uk have changed to
> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University
> will now be sent from the new @cardiffmet.ac.uk address. *Please could
> you ensure that all of your contact records and databases are updated to
> reflect this change.* Further information can be found on the website
> here. 
>
> Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan
> Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad
> e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr
> holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu
> danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. *Gwnewch yn siwr eich bod
> yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu
> hyn.* Gellir cael rhagor o wybodaeth ar y wefan yma.
> 
>
>
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>


-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 3.5 upgrade dependency issue

[Ian Manson]

My 0.02- I don't mean to rub anyone the wrong way with this, but: I
did find it in the PDF, although maybe it could go on the site
alongside where the other repos are explained, like here:
http://www.packetfence.org/download/releases.html  ...on this page the
epel/rpmforge stuff is spoken of.

PS Thanks to all for their efforts!!

On Thu, Aug 2, 2012 at 1:03 PM, Francois Gaudreault
 wrote:
> You should definitely learn how to use the search function.  It's a key
> feature of all PDF readers.
>
> Page 9.
>
> On 2012-08-02 7:53 AM, Kim Culhan wrote:
>> On Wed, Aug 1, 2012 at 1:34 PM, Durand Fabrice  wrote:
>>> Hi Thomas,
>>> with PacketFence 3.5 you must add the openfusion repository, it's in
>>> the doc.
>>
>> Where is that doc located?
>>
>> It doesn't appear to be in the 3.5.0 administration guide.
>>
>> thanks
>> -kim
>>
>> --
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Francois Gaudreault, ing. jr
> fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Perl conflicts on upgrade

[Mark Holmes]

Anyone else run into conflicts when upgrading via yum?


Transaction Check Error:
  file /usr/share/man/man3/Cwd.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::Cygwin.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::Epoc.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::Functions.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::Mac.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::OS2.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::Unix.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::VMS.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386
  file /usr/share/man/man3/File::Spec::Win32.3pm.gz from install of 
perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
perl-5.8.8-38.el5.i386

Mark


Nuffield College is a Registered Charity No. 1137506. Registered Office: 
Nuffield College, New Road, Oxford, OX1 1NF

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Perl conflicts on upgrade

[Francois Gaudreault]

Hi Mark,

You need to exclude perl-File-Spec in your rpmforge repository 
configuration (/etc/yum.repos.d/rpmforge.repo).  It is written in the 
administration guide, but it is not very well outlined.

Thanks.

On 2012-08-02 10:21 AM, Mark Holmes wrote:
> Anyone else run into conflicts when upgrading via yum?
>
>
> Transaction Check Error:
>file /usr/share/man/man3/Cwd.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::Cygwin.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::Epoc.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::Functions.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::Mac.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::OS2.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::Unix.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::VMS.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>file /usr/share/man/man3/File::Spec::Win32.3pm.gz from install of 
> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
> perl-5.8.8-38.el5.i386
>
> Mark
>
>
> Nuffield College is a Registered Charity No. 1137506. Registered Office: 
> Nuffield College, New Road, Oxford, OX1 1NF
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 3.5 upgrade dependency issue

[Kim Culhan]

On Thu, Aug 2, 2012 at 8:03 AM, Francois Gaudreault
 wrote:
> You should definitely learn how to use the search function.  It's a key
> feature of all PDF readers.

Please consider there is no 'upgrade' info on Page 9, which is what
ttsai was looking for when posting the original question.

-kim

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 3.5 upgrade dependency issue

[Derek Wuelfrath]

We HIGHLY suggest to read the UPGRADE (which can be find here: 
https://github.com/inverse-inc/packetfence/blob/stable/UPGRADE )document 
when upgrading.


The introduction of the OpenFusion repository is part of this document.

On 8/2/12 08:17 , Kim Culhan wrote:

On Thu, Aug 2, 2012 at 8:03 AM, Francois Gaudreault
  wrote:

You should definitely learn how to use the search function.  It's a key
feature of all PDF readers.

Please consider there is no 'upgrade' info on Page 9, which is what
ttsai was looking for when posting the original question.

-kim

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Derek Wuelfrath
dwuelfr...@inverse.ca  :: +1.514.447.4918 
x110 :: www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu ) 
and PacketFence (www.packetfence.org )
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Guest management user?

[Sean Nelson]

Is there a way to create a user on the web interface that has access only to
manage guests?  For example, I would like to give this access to school
secretaries who would greet vendors and visiting staff at the main office of
each school building.

 

Sean Nelson

 



smime.p7s
Description: S/MIME cryptographic signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] VLAN assignment by AD Group membership

[Sean Nelson]

This FAQ article outlines modifying custom.pm
/usr/local/pf/lib/pf/vlan/custom.pm to bump users in to a specific VLAN
based on their node category.  I would like to have the VLAN assigned by the
authentication module that the user chose at the captive portal.  Is that
practical?

 

I have 2 LDAP modules - One for students, one for staff.  The only
difference between the two is the AD Group membership that it looks for.  I
would like all staff in VLAN 508 and students in VLAN 509.

 

 

Sean Nelson

 



smime.p7s
Description: S/MIME cryptographic signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] VLAN assignment by AD Group membership

[Francois Gaudreault]

Hi Sean,

> This FAQ article outlines modifying custom.pm
> /usr/local/pf/lib/pf/vlan/custom.pm to bump users in to a specific VLAN
> based on their node category.  I would like to have the VLAN assigned by
> the authentication module that the user chose at the captive portal.  Is
> that practical?
>
> I have 2 LDAP modules – One for students, one for staff.  The only
> difference between the two is the AD Group membership that it looks
> for.  I would like all staff in VLAN 508 and students in VLAN 509.
You can categorize the node depending of the authentication module, it 
is already possible and quite easy to do.  Look in lib/pf/web/auth.pm 
for the sub getNodeAttributes.  You need to redefine it in your ldap 
modules, and assign the proper category.  Then, in vlan/custom.pm, just 
map the category to the right VLAN.

Hope it helps!

-- 
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] VLAN assignment by AD Group membership

[Sean Nelson]

Sounds like exactly what I was looking for.  Thank you!

-Original Message-
From: Francois Gaudreault [mailto:fgaudrea...@inverse.ca] 
Sent: Thursday, August 02, 2012 1:34 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] VLAN assignment by AD Group membership

Hi Sean,

> This FAQ article outlines modifying custom.pm 
> /usr/local/pf/lib/pf/vlan/custom.pm to bump users in to a specific 
> VLAN based on their node category.  I would like to have the VLAN 
> assigned by the authentication module that the user chose at the 
> captive portal.  Is that practical?
>
> I have 2 LDAP modules - One for students, one for staff.  The only 
> difference between the two is the AD Group membership that it looks 
> for.  I would like all staff in VLAN 508 and students in VLAN 509.
You can categorize the node depending of the authentication module, it is
already possible and quite easy to do.  Look in lib/pf/web/auth.pm for the
sub getNodeAttributes.  You need to redefine it in your ldap modules, and
assign the proper category.  Then, in vlan/custom.pm, just map the category
to the right VLAN.

Hope it helps!

--
Francois Gaudreault, ing. jr
fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)


--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and threat
landscape has changed and how IT managers can respond. Discussions will
include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
*** DoubleCheck identified this as CLEAN. Give feedback:
*** This is SPAM: http://dcem.cccp.com/ms?k=RdHX6lBg5CGX
*** More options: http://dcem.cccp.com/md?k=RdHX6lBg5CGX


smime.p7s
Description: S/MIME cryptographic signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Perl conflicts on upgrade

[Mark Holmes]

Ah - Thanks very much Francois, now it upgrades fine.

Mark


On 2 Aug 2012, at 15:34, "Francois Gaudreault"  wrote:

> Hi Mark,
>
> You need to exclude perl-File-Spec in your rpmforge repository
> configuration (/etc/yum.repos.d/rpmforge.repo).  It is written in the
> administration guide, but it is not very well outlined.
>
> Thanks.
>
> On 2012-08-02 10:21 AM, Mark Holmes wrote:
>> Anyone else run into conflicts when upgrading via yum?
>>
>>
>> Transaction Check Error:
>>   file /usr/share/man/man3/Cwd.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::Cygwin.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::Epoc.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::Functions.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::Mac.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::OS2.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::Unix.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::VMS.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>   file /usr/share/man/man3/File::Spec::Win32.3pm.gz from install of 
>> perl-File-Spec-3.30-1.el5.rf.i386 conflicts with file from package 
>> perl-5.8.8-38.el5.i386
>>
>> Mark
>>
>>
>> Nuffield College is a Registered Charity No. 1137506. Registered Office: 
>> Nuffield College, New Road, Oxford, OX1 1NF
>>
>> --
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> --
> Francois Gaudreault, ing. jr
> fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
> --
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

Nuffield College is a Registered Charity No. 1137506. Registered Office: 
Nuffield College, New Road, Oxford, OX1 1NF

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] To Upgrade or not to Upgrade?

[Sallee, Stephen (Jake)]

We upgraded our WLC from a 4402 to a 5508, and I am wondering if I should 
upgrade my PF install to the latest BEFORE I bother porting all of the 
customizations we did in 3.2 to get the WLC working, or does the module for the 
WLC in 3.5 work out of the box and not require those customizations, and 
therefore I should upgrade and only make the necessary changes?


Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 3.5 upgrade dependency issue

[Kim Culhan]

On Thu, Aug 2, 2012 at 10:45 AM, Derek Wuelfrath  wrote:
> We HIGHLY suggest to read the UPGRADE (which can be find here:
> https://github.com/inverse-inc/packetfence/blob/stable/UPGRADE )document
> when upgrading.
>
> The introduction of the OpenFusion repository is part of this document.
>
>
> On 8/2/12 08:17 , Kim Culhan wrote:
>
> On Thu, Aug 2, 2012 at 8:03 AM, Francois Gaudreault
>  wrote:
>
> You should definitely learn how to use the search function.  It's a key
> feature of all PDF readers.
>
> Please consider there is no 'upgrade' info on Page 9, which is what
> ttsai was looking for when posting the original question.

This is exactly what I was looking for.

thanks
-kim

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Guest management user?

[Sean Nelson]

Nevermind - Found this FAQ:

 

http://www.packetfence.org/support/faqs/article/how-can-i-provide-different-
rights-to-users-of-the-administrative-ui.html?no_cache=1
 &cHash=1a493ee66fa552defd1e64f7bde3aaba

 

From: Sean Nelson [mailto:sean.nel...@cccp.com] 
Sent: Thursday, August 02, 2012 11:17 AM
To: packetfence-users@lists.sourceforge.net
Subject: [PacketFence-users] Guest management user?

 

Is there a way to create a user on the web interface that has access only to
manage guests?  For example, I would like to give this access to school
secretaries who would greet vendors and visiting staff at the main office of
each school building.

 

Sean Nelson

 



smime.p7s
Description: S/MIME cryptographic signature
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 3.5 upgrade dependency issue

[Thomas Tsai]

Thanks all - I read the upgrade docs now that I know where it is --  updating 
the sql schema sounds important :)

From: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca]
Sent: Thursday, August 02, 2012 7:45 AM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] 3.5 upgrade dependency issue

We HIGHLY suggest to read the UPGRADE (which can be find here: 
https://github.com/inverse-inc/packetfence/blob/stable/UPGRADE )document when 
upgrading.

The introduction of the OpenFusion repository is part of this document.

On 8/2/12 08:17 , Kim Culhan wrote:

On Thu, Aug 2, 2012 at 8:03 AM, Francois Gaudreault

 wrote:

You should definitely learn how to use the search function.  It's a key

feature of all PDF readers.



Please consider there is no 'upgrade' info on Page 9, which is what

ttsai was looking for when posting the original question.



-kim



--

Live Security Virtual Conference

Exclusive live event will cover all the ways today's security and

threat landscape has changed and how IT managers can respond. Discussions

will include endpoint security, mobile security and the latest in malware

threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 x110 :: 
www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and 
PacketFence (www.packetfence.org)


**
Email Disclaimer:

This email, including attachments, may contain
proprietary, confidential or privileged information. If you
are not the intended recipient, please (i) do not use,
disclose, save or retransmit this message or any
attachments, (ii) alert the sender by reply email and (iii)
destroy or delete this message and any attachments.
Delivery of this email to a person other than the intended
recipient(s) shall not constitute a waiver of privilege or
confidentiality.

CP Investments, member FINRA and SIPC, serves as
placement agent for investment products advised by
Canyon Capital Advisors LLC. This email is not intended to
be an offer to sell or a solicitation of an offer to buy any
security in any jurisdiction. We review and retain
electronic communications traveling through our network.

**--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] vlan enforcement no longer working : (

[Sallee, Stephen (Jake)]

I am getting the following error in the log and my users are not getting their 
vlan switched when their status changes (reg/unreg/violation etc.)

I masked out my MAC address ... I am feeling a bit extra security conscious for 
now : )

Aug 02 21:05:37 register.cgi(0) INFO: 10.11.30.15 - XX:XX:XX::XX:XX on 
registration page 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Aug 02 21:05:37 register.cgi(0) INFO: performing node registration MAC: 
XX:XX:XX::XX:XX pid: jake.sallee (pf::web::_sanitize_and_register)
Aug 02 21:05:37 register.cgi(0) DEBUG: changed registration status for mac 
XX:XX:XX::XX:XX from unreg to reg; unregdate has not been specified -> 
calculating it now (pf::node::node_modify)
Aug 02 21:05:37 register.cgi(0) INFO: re-evaluating access for node 
XX:XX:XX::XX:XX (manage_register called) (pf::enforcement::reevaluate_access)
Aug 02 21:05:37 register.cgi(0) WARN: Can't re-evaluate access for mac 
XX:XX:XX::XX:XX because no open locationlog entry was found 
(pf::enforcement::reevaluate_access)
Aug 02 21:05:38 register.cgi(0) INFO: 10.11.30.15 - XX:XX:XX::XX:XX on 
registration page 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Aug 02 21:06:18 redir.cgi(0) INFO: XX:XX:XX::XX:XX being redirected 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Aug 02 21:06:18 redir.cgi(0) INFO: Updating node XX:XX:XX::XX:XX user_agent 
with useragent: 'OC/4.0.7577.4103 (Microsoft Lync 2010)' 
(pf::web::web_node_record_user_agent)
Aug 02 21:06:18 redir.cgi(0) DEBUG: node-useragent record XX:XX:XX::XX:XX 
updated (pf::useragent::node_useragent_update)
Aug 02 21:06:18 redir.cgi(0) INFO: MAC XX:XX:XX::XX:XX shouldn't reach here. 
Calling access re-evaluation. Make sure your network device configuration is 
correct. 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
By the error it looks like a location log is not getting opened when the node 
hits the network ... but I don't know how to find out why.  I will be looking 
into it but I would appreciate any help.


Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users