[PacketFence-users] Remote Sites not switching to Registration or Guest vlan

2013-11-15 Thread Dan Nelson 
I have been using packetfence for years and had the remote sites working and 
now they are not working.  I have been racking my brain to try and figure this 
out.  I am running 3.6.1.

In the Packetfence.log it shows but doesn’t switch the port over.  I am using 
MAB authentication and I see it hitting the Radius server as well.
Nov 15 12:14:24 pfdhcplistener(5100) INFO: DHCPREQUEST from MAC 
ADDRESS(192.168.68.10) (main::parse_dhcp_request)
Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP. DHCP 
Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp = 
2013-11-15 12:14:24,computername = PCNAME,dhcp_fingerprint = 
1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP. DHCP 
Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 2013-11-15 
12:14:24,computername = ,dhcp_fingerprint = 1,3,6,15,44,46,47,66,67 
(main::listen_dhcp)
Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP. DHCP 
Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 2013-11-15 
12:14:24,computername = ,dhcp_fingerprint = 1,3,6,15,44,46,47,66,67 
(main::listen_dhcp)
Nov 15 12:14:26 pfdhcplistener(5100) INFO: 00:15:70:37:a1:ca requested an IP. 
DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 2013-11-15 
12:14:26,computername = ,dhcp_fingerprint = 1,3,6,15,44,46,47,66,67 
(main::listen_dhcp)
Nov 15 12:14:32 pfdhcplistener(5100) INFO: 00:15:70:af:c7:cc requested an IP. 
DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 2013-11-15 
12:14:32,computername = ,dhcp_fingerprint = 1,3,6,15,44,46,47,66,67 
(main::listen_dhcp)
Nov 15 12:14:33 pf::WebAPI(5367) INFO: handling radius autz request: from 
switch_ip => 192.168.68.2, connection_type => Ethernet-NoEAP mac => 
00:23:18:dc:3f:56, port => 50024, username => MAC ADDRESS 
(pf::radius::authorize)
Nov 15 12:14:33 pf::WebAPI(5367) INFO: MAC: MAC ADDRESS is of status unreg; 
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Nov 15 12:14:33 pf::WebAPI(5367) WARN: Role-based Network Access Control is not 
supported on network device type pf::SNMP::Cisco::Catalyst_3560G.  
(pf::SNMP::supportsRoleBasedEnforcement)


If I manually put the port into the Reg vlan I get the captive portal.

On the cisco 3560G switch I am getting
Nov 15 19:12:38.072: %AUTHMGR-5-START: Starting 'mab' for client (MAC) on 
Interface Gi0/24 AuditSessionID C0A8440200190102BD76
Nov 15 19:12:38.265: %MAB-5-SUCCESS: Authentication successful for client (MAC) 
on Interface Gi0/24 AuditSessionID C0A8440200190102BD76
Nov 15 19:12:38.265: %AUTHMGR-7-RESULT: Authentication result 'success' from 
'mab' for client (MAC) on Interface Gi0/24 AuditSessionID 
C0A8440200190102BD76
Nov 15 19:12:39.297: %AUTHMGR-5-SUCCESS: Authorization succeeded for client 
(MAC) on Interface Gi0/24 AuditSessionID C0A8440200190102BD76
Nov 15 19:12:39.624: %LINK-3-UPDOWN: Interface GigabitEthernet0/24, changed 
state to up
Nov 15 19:12:40.631: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
GigabitEthernet0/24, changed state to up

Something else interesting is that if I switch the device on the NODES to 
registered it does make the connection and switches the port via SNMP.


Any help would be greatly appreciated.

Thanks
Dan Nelson
Network Administrator
Nutraceutical Corporation
Office 801-334-3702

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Using PacketFence with Aradial RADIUS server

2013-11-15 Thread Nigel Quinn 
Hi,

I am looking to use PacketFence with our Aradial RADIUS server for user auth 
and user accounting.  I haven't seen anyone do this before on the mailing 
lists, have you any suggestions on a good place to start to configure this?

Regards,

Nigel


NSSLGlobal Limited

Support Desk Telephone +44 (0)1737 648 864
Main Switchboard +44 (0)1737 648 800
Main Fax +44 (0)1737 648 888
Skype: nsslglobal.support
Web Site: http://www.nsslglobal.com

Company Registration 3879526 England
Registered Office: 6 Wells Place, Gatton Park Business Centre, Redhill, Surrey, 
RH1 3DR, United Kingdom
--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Web portal

2013-11-15 Thread Decoursey, Jason B CADET MIL USA USMA 
After fixing some bugs I needed to restart packetfence but now I cannot access 
the web portal and don't know how to fix it. I am on  a test machine on a test 
network. I set the host and domain as localhost and localhost.
Any ideas?

My relevant configs are below:

[root@localhost /]# service packetfence start
Starting PacketFence...Set name-type for VLAN subsystem. Should be visible in 
/proc/net/vlan/config
httpd: Could not reliably determine the server's fully qualified domain name, 
using ::1 for ServerName
httpd.admin|start
Checking configuration sanity...
service|command
config files|start
iptables|start
pfdns|start
Use of uninitialized value $net{"dhcpd"} in string eq at 
/usr/local/pf/lib/pf/services/dhcpd.pm line 68.
Internet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not 
specified in the config file
Wrote 1 leases to leases file.
Listening on LPF/eth0.5/00:0c:29:83:e5:95/192.168.5.0/24
Sending on   LPF/eth0.5/00:0c:29:83:e5:95/192.168.5.0/24
Listening on LPF/eth0.3/00:0c:29:83:e5:95/192.168.3.0/24
Sending on   LPF/eth0.3/00:0c:29:83:e5:95/192.168.3.0/24
Sending on   Socket/fallback/fallback-net
dhcpd|start
pfdetect|start
snort|start
suricata|start
radiusd|start
httpd: Could not reliably determine the server's fully qualified domain name, 
using ::1 for ServerName
httpd.webservices|start
httpd: Could not reliably determine the server's fully qualified domain name, 
using ::1 for ServerName
httpd.portal|start
snmptrapd|start
pfsetvlan|start
pfdhcplistener|start
pfmon|start
[root@localhost /]#

[root@localhost /]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@localhost /]#

[root@localhost conf]# ifconfig
eth0  Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95
  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:30050 errors:0 dropped:0 overruns:0 frame:0
  TX packets:12873 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:13438860 (12.8 MiB)  TX bytes:1635676 (1.5 MiB)

eth0.2Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95
  inet addr:192.168.2.253  Bcast:192.168.2.255  Mask:255.255.255.0
  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:10471 errors:0 dropped:0 overruns:0 frame:0
  TX packets:7314 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:7374834 (7.0 MiB)  TX bytes:898558 (877.4 KiB)

eth0.3Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95
  inet addr:192.168.3.254  Bcast:192.168.3.255  Mask:255.255.255.0
  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:2210 errors:0 dropped:0 overruns:0 frame:0
  TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:110500 (107.9 KiB)  TX bytes:720 (720.0 b)

eth0.5Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95
  inet addr:192.168.5.254  Bcast:192.168.5.255  Mask:255.255.255.0
  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:2211 errors:0 dropped:0 overruns:0 frame:0
  TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:110550 (107.9 KiB)  TX bytes:720 (720.0 b)

eth0.10   Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95
  inet addr:192.168.10.249  Bcast:192.168.10.255  Mask:255.255.255.0
  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:2286 errors:0 dropped:0 overruns:0 frame:0
  TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:114369 (111.6 KiB)  TX bytes:978 (978.0 b)

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:1418 errors:0 dropped:0 overruns:0 frame:0
  TX packets:1418 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:83491 (81.5 KiB)  TX bytes:83491 (81.5 KiB)
[root@localhost conf]#

[root@localhost conf]# cat pf.conf
[general]
#
# general.domain
#
# Domain name of PacketFence system.
domain=localhost
#
# general.hostname
#
# Hostname of PacketFence system.  This is concatenated with the domain in 
Apache rewriting rules and therefore

Re: [PacketFence-users] Remote Sites not switching to Registration or Guest vlan

2013-11-15 Thread Fletcher Haynes 
This looks fun... =)

Has it stopped working on all of your switches, or just this one?

Can you issue debug mab all on your switch and try again and paste the
result, or was that what you pasted?


On Fri, Nov 15, 2013 at 11:20 AM, Dan Nelson  wrote:

>  I have been using packetfence for years and had the remote sites working
> and now they are not working.  I have been racking my brain to try and
> figure this out.  I am running 3.6.1.
>
> In the Packetfence.log it shows but doesn’t switch the port over.  I am
> using MAB authentication and I see it hitting the Radius server as well.
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: DHCPREQUEST from MAC
> ADDRESS(192.168.68.10) (main::parse_dhcp_request)
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP.
> DHCP Fingerprint: OS::100 (Microsoft Windows XP). Modified node with
> last_dhcp = 2013-11-15 12:14:24,computername = PCNAME,dhcp_fingerprint =
> 1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP.
> DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp =
> 2013-11-15 12:14:24,computername = ,dhcp_fingerprint =
> 1,3,6,15,44,46,47,66,67 (main::listen_dhcp)
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP.
> DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp =
> 2013-11-15 12:14:24,computername = ,dhcp_fingerprint =
> 1,3,6,15,44,46,47,66,67 (main::listen_dhcp)
> Nov 15 12:14:26 pfdhcplistener(5100) INFO: 00:15:70:37:a1:ca requested an
> IP. DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp =
> 2013-11-15 12:14:26,computername = ,dhcp_fingerprint =
> 1,3,6,15,44,46,47,66,67 (main::listen_dhcp)
> Nov 15 12:14:32 pfdhcplistener(5100) INFO: 00:15:70:af:c7:cc requested an
> IP. DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp =
> 2013-11-15 12:14:32,computername = ,dhcp_fingerprint =
> 1,3,6,15,44,46,47,66,67 (main::listen_dhcp)
> Nov 15 12:14:33 pf::WebAPI(5367) INFO: handling radius autz request: from
> switch_ip => 192.168.68.2, connection_type => Ethernet-NoEAP mac =>
> 00:23:18:dc:3f:56, port => 50024, username => MAC
> ADDRESS (pf::radius::authorize)
> Nov 15 12:14:33 pf::WebAPI(5367) INFO: MAC: MAC ADDRESS is of status
> unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
> Nov 15 12:14:33 pf::WebAPI(5367) WARN: Role-based Network Access Control
> is not supported on network device type pf::SNMP::Cisco::Catalyst_3560G.
> (pf::SNMP::supportsRoleBasedEnforcement)
>
>
> If I manually put the port into the Reg vlan I get the captive portal.
>
> On the cisco 3560G switch I am getting
> Nov 15 19:12:38.072: %AUTHMGR-5-START: Starting 'mab' for client (MAC) on
> Interface Gi0/24 AuditSessionID C0A8440200190102BD76
> Nov 15 19:12:38.265: %MAB-5-SUCCESS: Authentication successful for client
> (MAC) on Interface Gi0/24 AuditSessionID C0A8440200190102BD76
> Nov 15 19:12:38.265: %AUTHMGR-7-RESULT: Authentication result 'success'
> from 'mab' for client (MAC) on Interface Gi0/24 AuditSessionID
> C0A8440200190102BD76
> Nov 15 19:12:39.297: %AUTHMGR-5-SUCCESS: Authorization succeeded for
> client (MAC) on Interface Gi0/24 AuditSessionID C0A8440200190102BD76
> Nov 15 19:12:39.624: %LINK-3-UPDOWN: Interface GigabitEthernet0/24,
> changed state to up
> Nov 15 19:12:40.631: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet0/24, changed state to up
>
> Something else interesting is that if I switch the device on the NODES to
> registered it does make the connection and switches the port via SNMP.
>
>
> Any help would be greatly appreciated.
>
> Thanks
> Dan Nelson
> Network Administrator
> Nutraceutical Corporation
> Office 801-334-3702
>
>
>
> --
> DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
> Free app hosting. Or install the open source package on any LAMP server.
> Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
> http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


-- 
Fletcher Haynes 
Systems Administrator/Network Services Consultant
Willamette Integrated Technology Services
Willamette University, Salem, OR
Phone: 503.370.6016
--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk

Re: [PacketFence-users] Remote Sites not switching to Registration or Guest vlan

2013-11-15 Thread Louis Munro 
Hi Dan,
Try raising the loglevel for log4perl.category.pf.SNMP to at least INFO in 
/usr/local/pf/conf/log.conf.

That should give you a bit more information to work with.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 *125  :: +1 (866) 353-6153 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

On 2013-11-15, at 14:20 , Dan Nelson  wrote:

> I have been using packetfence for years and had the remote sites working and 
> now they are not working.  I have been racking my brain to try and figure 
> this out.  I am running 3.6.1. 
> 
> In the Packetfence.log it shows but doesn’t switch the port over.  I am using 
> MAB authentication and I see it hitting the Radius server as well.
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: DHCPREQUEST from MAC 
> ADDRESS(192.168.68.10) (main::parse_dhcp_request)
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP. DHCP 
> Fingerprint: OS::100 (Microsoft Windows XP). Modified node with last_dhcp = 
> 2013-11-15 12:14:24,computername = PCNAME,dhcp_fingerprint = 
> 1,15,3,6,44,46,47,31,33,249,43 (main::listen_dhcp)
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP. DHCP 
> Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 2013-11-15 
> 12:14:24,computername = ,dhcp_fingerprint = 1,3,6,15,44,46,47,66,67 
> (main::listen_dhcp)
> Nov 15 12:14:24 pfdhcplistener(5100) INFO: MAC ADDRESS requested an IP. DHCP 
> Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 2013-11-15 
> 12:14:24,computername = ,dhcp_fingerprint = 1,3,6,15,44,46,47,66,67 
> (main::listen_dhcp)
> Nov 15 12:14:26 pfdhcplistener(5100) INFO: 00:15:70:37:a1:ca requested an IP. 
> DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 
> 2013-11-15 12:14:26,computername = ,dhcp_fingerprint = 
> 1,3,6,15,44,46,47,66,67 (main::listen_dhcp)
> Nov 15 12:14:32 pfdhcplistener(5100) INFO: 00:15:70:af:c7:cc requested an IP. 
> DHCP Fingerprint: OS::1113 (Palm OS). Modified node with last_dhcp = 
> 2013-11-15 12:14:32,computername = ,dhcp_fingerprint = 
> 1,3,6,15,44,46,47,66,67 (main::listen_dhcp)
> Nov 15 12:14:33 pf::WebAPI(5367) INFO: handling radius autz request: from 
> switch_ip => 192.168.68.2, connection_type => Ethernet-NoEAP mac => 
> 00:23:18:dc:3f:56, port => 50024, username => MAC ADDRESS 
> (pf::radius::authorize)
> Nov 15 12:14:33 pf::WebAPI(5367) INFO: MAC: MAC ADDRESS is of status unreg; 
> belongs into registration VLAN (pf::vlan::getRegistrationVlan)
> Nov 15 12:14:33 pf::WebAPI(5367) WARN: Role-based Network Access Control is 
> not supported on network device type pf::SNMP::Cisco::Catalyst_3560G.  
> (pf::SNMP::supportsRoleBasedEnforcement)
> 
> 
> If I manually put the port into the Reg vlan I get the captive portal. 
> 
> On the cisco 3560G switch I am getting
> Nov 15 19:12:38.072: %AUTHMGR-5-START: Starting 'mab' for client (MAC) on 
> Interface Gi0/24 AuditSessionID C0A8440200190102BD76
> Nov 15 19:12:38.265: %MAB-5-SUCCESS: Authentication successful for client 
> (MAC) on Interface Gi0/24 AuditSessionID C0A8440200190102BD76
> Nov 15 19:12:38.265: %AUTHMGR-7-RESULT: Authentication result 'success' from 
> 'mab' for client (MAC) on Interface Gi0/24 AuditSessionID 
> C0A8440200190102BD76
> Nov 15 19:12:39.297: %AUTHMGR-5-SUCCESS: Authorization succeeded for client 
> (MAC) on Interface Gi0/24 AuditSessionID C0A8440200190102BD76
> Nov 15 19:12:39.624: %LINK-3-UPDOWN: Interface GigabitEthernet0/24, changed 
> state to up
> Nov 15 19:12:40.631: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
> GigabitEthernet0/24, changed state to up
> 
> Something else interesting is that if I switch the device on the NODES to 
> registered it does make the connection and switches the port via SNMP.
> 
> 
> Any help would be greatly appreciated.
> 
> Thanks
> Dan Nelson
> Network Administrator
> Nutraceutical Corporation
> Office 801-334-3702
> 
> --
> DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
> Free app hosting. Or install the open source package on any LAMP server.
> Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
> http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads

Re: [PacketFence-users] Using PacketFence with Aradial RADIUS server

2013-11-15 Thread Fabrice DURAND 

Hello Nigel,

you can probably packetfence´s freeradius as a proxy for your own radius 
server.


Regards
Fabrice

Le 2013-11-15 13:54, Nigel Quinn a écrit :


Hi,

I am looking to use PacketFence with our Aradial RADIUS server for 
user auth and user accounting.  I haven't seen anyone do this before 
on the mailing lists, have you any suggestions on a good place to 
start to configure this?


Regards,

Nigel

*NSSL*Global Limited
Support Desk Telephone +44 (0)1737 648 864
Main Switchboard +44 (0)1737 648 800
Main Fax +44 (0)1737 648 888

Skype: nsslglobal.support
Web Site http://www.nsslglobal.com

Company Registration 3879526 England
Registered Office: 6 Wells Place, Gatton Park Business Centre, 
Redhill, Surrey, RH1 3DR, United Kingdom




--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Web portal

2013-11-15 Thread Fabrice DURAND 

Hello Jason,

type=vlan-guest ?

Regards
Fabrice


Le 2013-11-15 11:56, Decoursey, Jason B CADET MIL USA USMA a écrit :


After fixing some bugs I needed to restart packetfence but now I 
cannot access the web portal and don't know how to fix it. I am on  a 
test machine on a test network. I set the host and domain as localhost 
and localhost.


Any ideas?

My relevant configs are below:

[root@localhost /]# service packetfence start

Starting PacketFence...Set name-type for VLAN subsystem. Should be 
visible in /proc/net/vlan/config


httpd: Could not reliably determine the server's fully qualified 
domain name, using ::1 for ServerName


httpd.admin|start

Checking configuration sanity...

service|command

config files|start

iptables|start

pfdns|start

Use of uninitialized value $net{"dhcpd"} in string eq at 
/usr/local/pf/lib/pf/services/dhcpd.pm line 68.


Internet Systems Consortium DHCP Server 4.1.1-P1

Copyright 2004-2010 Internet Systems Consortium.

All rights reserved.

For info, please visit https://www.isc.org/software/dhcp/

Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were 
not specified in the config file


Wrote 1 leases to leases file.

Listening on LPF/eth0.5/00:0c:29:83:e5:95/192.168.5.0/24

Sending on LPF/eth0.5/00:0c:29:83:e5:95/192.168.5.0/24

Listening on LPF/eth0.3/00:0c:29:83:e5:95/192.168.3.0/24

Sending on LPF/eth0.3/00:0c:29:83:e5:95/192.168.3.0/24

Sending on   Socket/fallback/fallback-net

dhcpd|start

pfdetect|start

snort|start

suricata|start

radiusd|start

httpd: Could not reliably determine the server's fully qualified 
domain name, using ::1 for ServerName


httpd.webservices|start

httpd: Could not reliably determine the server's fully qualified 
domain name, using ::1 for ServerName


httpd.portal|start

snmptrapd|start

pfsetvlan|start

pfdhcplistener|start

pfmon|start

[root@localhost /]#

[root@localhost /]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 
localhost4.localdomain4


::1 localhost localhost.localdomain localhost6 
localhost6.localdomain6


[root@localhost /]#

[root@localhost conf]# ifconfig

eth0  Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95

  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link

  UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

  RX packets:30050 errors:0 dropped:0 overruns:0 frame:0

  TX packets:12873 errors:0 dropped:0 overruns:0 carrier:0

  collisions:0 txqueuelen:1000

  RX bytes:13438860 (12.8 MiB)  TX bytes:1635676 (1.5 MiB)

eth0.2Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95

  inet addr:192.168.2.253 Bcast:192.168.2.255  Mask:255.255.255.0

  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link

  UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

  RX packets:10471 errors:0 dropped:0 overruns:0 frame:0

  TX packets:7314 errors:0 dropped:0 overruns:0 carrier:0

  collisions:0 txqueuelen:0

  RX bytes:7374834 (7.0 MiB)  TX bytes:898558 (877.4 KiB)

eth0.3Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95

  inet addr:192.168.3.254 Bcast:192.168.3.255  Mask:255.255.255.0

  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link

  UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

  RX packets:2210 errors:0 dropped:0 overruns:0 frame:0

  TX packets:12 errors:0 dropped:0 overruns:0 carrier:0

  collisions:0 txqueuelen:0

  RX bytes:110500 (107.9 KiB)  TX bytes:720 (720.0 b)

eth0.5Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95

  inet addr:192.168.5.254 Bcast:192.168.5.255  Mask:255.255.255.0

  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link

  UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

  RX packets:2211 errors:0 dropped:0 overruns:0 frame:0

  TX packets:12 errors:0 dropped:0 overruns:0 carrier:0

  collisions:0 txqueuelen:0

  RX bytes:110550 (107.9 KiB)  TX bytes:720 (720.0 b)

eth0.10   Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95

  inet addr:192.168.10.249 Bcast:192.168.10.255  
Mask:255.255.255.0


  inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link

  UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1

  RX packets:2286 errors:0 dropped:0 overruns:0 frame:0

  TX packets:16 errors:0 dropped:0 overruns:0 carrier:0

  collisions:0 txqueuelen:0

  RX bytes:114369 (111.6 KiB)  TX bytes:978 (978.0 b)

loLink encap:Local Loopback

  inet addr:127.0.0.1 Mask:255.0.0.0

  inet6 addr: ::1/128 Scope:Host

  UP LOOPBACK RUNNING  MTU:16436 Metric:1

  RX packets:1418 errors:0 dropped:0 overruns:0 frame:0

  TX packets:1418 errors:0 dropped:0 overruns:0 carrier:0

  collisions:0 txqueuelen:0

  RX bytes:83491 (81.5 KiB)  TX bytes:83491 (81.5 KiB)

[root@localhost conf]#

[root@localhost conf]# cat pf.conf

[general]

#

# g

Re: [PacketFence-users] Captive portal with facebook and gmail

2013-11-15 Thread Fabrice DURAND 
Hello,

if you configure packetfence in inline mode, by default all the packet 
will be forward on the management interface (you can change that).

By the way you can easily configure in the source a facebook and gmail 
source and select these source in the default portal profile.
In the google and facebook authentication don´t forget to define all the 
correct Authorized domains.


Regards
Fabrice

Le 2013-11-14 10:46, Per Johansson a écrit :
> Hello
>
> I have trying to setup a captive portal with packetfence in vmware, i
> have been using the "PacketFence-ZEN-4.0.2.zip " in my vmware server.
>
> I would like to set packetfence with a simple solution with 3 interfaces:
>
> management
> "outside"
> client-interface (vlan from wlan controller)
>
> My wifi clients would connect and get to the captive portal and the be
> able to login with there facebook and gmail account (OAuth2)
>
>
>
> Can anyone point in the right direction to get this to work ?
>
> //pER
>
>
>
>
> --
> DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
> Free app hosting. Or install the open source package on any LAMP server.
> Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
> http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Active Directory authentication

2013-11-15 Thread Fabrice DURAND 

Hello Jacky,

try scope=sub and maybe use tcpdump on the port 389 to see the ldap traffic.

Regards
Fabrice


Le 2013-11-13 18:26, forbmsyn a écrit :
I created a  Active Directory "Sources" from PF Web UI call "testpf1", 
and tested it successfully.


The I created a user call testpf2 on our Windows 2000 AD server, under 
OU "Users".


When I tried to login at Catptiv Portal with the username testpf2 the 
packetfence.log gave me the following error:


Nov 13 18:07:27 register.cgi(0) WARN: No entries found (0) with filter 
(sAMAccountName=pftest2) from OU=Users,DC=test,DC=com on 10.0.0.12:389 
 for source testpf1 
(pf::Authentication::Source::LDAPSource::authenticate)



Below are part of the authentication.conf


[testpf1]
description=packetfence test user
scope=one
basedn=OU=Users,DC=test,DC=com
usernameattribute=sAMAccountName
encryption=none
port=389
type=AD
host=10.0.0.12

[testpf1 rule employees]
description=Rule for all employee
match=all
action0=set_role=default
action1=set_unreg_date=2013-11-14



I can login to our AD domain with the new created User. How do I let 
PF to use this credential? Thank you!


Regards,
Jacky



--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to monitor Nessus? - Your system is being scanned

2013-11-15 Thread Fabrice DURAND 

Hello Jacky,
what happen in the nessus´s admin interface, do you see the scanning 
task running ?


Regards
Fabrice


Le 2013-11-13 14:49, forbmsyn a écrit :
Now the device is always under  "Your system is still being scanned 
right now. The process ." status and I can not do anything 
with it.  Can I simply remove the record from MySQL table "scan"?



On Tue, Nov 12, 2013 at 6:16 PM, forbmsyn > wrote:


ON PF I chose Nessus as scan Engine. After sign in from
captive-portal the page shows "Your system is still being scanned
right now. The process .". A few hours later I refresh the
page but got the same message.  How to know if Nessus scan is
finished or not?  How do I stop the scan and enable the node to
the vlan it supposed to be?  On PF I could see the node is already
at "registered" status but on the switch its port is still on
registration vlan.

Thanks in advance for your advice.

Regard,
Jacky




--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] VLAN-Enforcement-Mode - works as designed?

2013-11-15 Thread Fabrice DURAND 

Hello Mark,

where is connected the registration interface ?

Is the packetfence network interface card is directly connected to the 
switch (like eth1 on a port access 302) ?


Regards
Fabrice

Le 2013-11-13 04:54, Mark Gmeiner a écrit :

So, I've got PacketFence up and running now - partly ...
My gear:
PF 4.0.6-2 on a Centos 6.4 x64 Server
Extreme Networks Summit X460-48t, XOS 15.3.1.4-patch19, all ports 
configured into macregistration-vlan (tag 302)
PacketFence properly learns all the nodes on my network, I can 
manually pre-register these nodes and they got dropped into the 
correct role/vlan. So far so good ...

But ...
An directly attached, unregistered node (that stays in 
macregistration-vlan) gets blackholed in the fdb and - ergo - can't 
connect to the captive-portal for user-self-registration:

switch1 # show netlogin port 11
Port  : 11
Port Restart  : Disabled
Allow Egress  : None
Vlan  : macregistration
Authentication: mac-based
Port State: Enabled
Guest Vlan: Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
MACIP address   Authenticated Type 
ReAuth-Timer   User
00:1b:78:3c:8f:99  0.0.0.0  Yes(B), RadiusMAC 
7106   001B783C8F99

---
(B) - Client entry Blackholed in FDB
while a virtual machine on a registered node or a node on a miniswitch 
with some other registered node can properly connect to the 
captive-portal, register and connect to its target vlan!

PF-Radius says:
Wed Nov 13 10:45:18 2013 : Auth: Login OK: [001B783C8F99] (from client 
10.4.201.18 port 1011 cli 00-1B-78-3C-8F-99)
Wed Nov 13 10:45:18 2013 : Auth: rlm_perl: Returning vlan 302 to 
request from 00:1b:78:3c:8f:99 port 1011
So, as far as I can see, the unregistered node is authenticated 
correctly to the macregistration-vlan (302) and SHOULD get an 
ipaddress for further proceeding. But instead I got no network 
connectivity at all.
Am I missing something? Because configuration actually was pretty 
straightforward (switch- and PF-side) ...
FYI: When I deselect the "force-registration"-checkbox in PF, the 
unregistered nodes get a correct macregistration-ipaddress, but then 
there is no captive-portal to register (works as designed, I guess).

Thanks in advance!
regards
Mark


--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to create an user account for new device to sign in.

2013-11-15 Thread Fabrice DURAND 

Hello Jacky,

did you select local as an authentication source on the default portal 
profile ?


Regards
Fabrice


Le 2013-11-12 18:23, forbmsyn a écrit :
So fare when a new device connected on the captive-portal login page I 
can use the admin account to sign in. All the users I create from the 
Web UI Configuration page won't accept by the system. On the page it 
shows username or passord not correct. On the packetfence.log it shows 
"Jun 15 01:06:20 register.cgi(0) INFO: Password validation failed for 
sadmin: password not yet valid 
(pf::temporary_password::validate_password)".


I am pretty sure the username/password is correct.

How do I create the account that would allow a new device to sign in?

Thanks.

Regards,
Jacky



--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PacketFence on AWS EC2

2013-11-15 Thread Fabrice DURAND 

Hello Kyle,

it´s technically possible but we have to do custom stuff and be aware 
about the security.


Regards
Fabrice

Le 2013-11-12 15:40, Kyle McLaren a écrit :

Hey all,

I've been googling all day but can't find an answer to my question: 
can you run PacketFence from an AWS Ubuntu instance? If so are there 
any good guides that can help me do so?


I just want to experiment a bit and am not ready to invest in my own 
infrastructure.


Appreciate any help.

Kyle


--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Web portal

2013-11-15 Thread Louis Munro 
Hi Jason,

What kind of error are you getting when you try to connect to the GUI?

Make sure the httpd.admin service is really running:

# pgrep -lf httpd.admin

checkout if the process is actually listening for connections:

# netstat -tnlp | grep 1443


Then if it really is, run tcpdump and try to see if you are actully hitting the 
server:

# tcpdump -tnl -i any port 1443


If you can see packets coming in, make sure the are sent to the right IP. Check 
to see if the TCP handshake completes.
If you only see packets coming one way, try shutting down iptables to see if 
you have a firewall issue.

Keep us informed.

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 *125  :: +1 (866) 353-6153 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

On 2013-11-15, at 11:56 , "Decoursey, Jason B CADET MIL USA USMA" 
 wrote:

> After fixing some bugs I needed to restart packetfence but now I cannot 
> access the web portal and don’t know how to fix it. I am on  a test machine 
> on a test network. I set the host and domain as localhost and localhost.
> Any ideas?
>  
> My relevant configs are below:
>  
> [root@localhost /]# service packetfence start
> Starting PacketFence...Set name-type for VLAN subsystem. Should be visible in 
> /proc/net/vlan/config
> httpd: Could not reliably determine the server's fully qualified domain name, 
> using ::1 for ServerName
> httpd.admin|start
> Checking configuration sanity...
> service|command
> config files|start
> iptables|start
> pfdns|start
> Use of uninitialized value $net{"dhcpd"} in string eq at 
> /usr/local/pf/lib/pf/services/dhcpd.pm line 68.
> Internet Systems Consortium DHCP Server 4.1.1-P1
> Copyright 2004-2010 Internet Systems Consortium.
> All rights reserved.
> For info, please visit https://www.isc.org/software/dhcp/
> Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not 
> specified in the config file
> Wrote 1 leases to leases file.
> Listening on LPF/eth0.5/00:0c:29:83:e5:95/192.168.5.0/24
> Sending on   LPF/eth0.5/00:0c:29:83:e5:95/192.168.5.0/24
> Listening on LPF/eth0.3/00:0c:29:83:e5:95/192.168.3.0/24
> Sending on   LPF/eth0.3/00:0c:29:83:e5:95/192.168.3.0/24
> Sending on   Socket/fallback/fallback-net
> dhcpd|start
> pfdetect|start
> snort|start
> suricata|start
> radiusd|start
> httpd: Could not reliably determine the server's fully qualified domain name, 
> using ::1 for ServerName
> httpd.webservices|start
> httpd: Could not reliably determine the server's fully qualified domain name, 
> using ::1 for ServerName
> httpd.portal|start
> snmptrapd|start
> pfsetvlan|start
> pfdhcplistener|start
> pfmon|start
> [root@localhost /]#
>  
> [root@localhost /]# cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
> [root@localhost /]#
>  
> [root@localhost conf]# ifconfig
> eth0  Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95 
>   inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:30050 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:12873 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:13438860 (12.8 MiB)  TX bytes:1635676 (1.5 MiB)
>  
> eth0.2Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95 
>   inet addr:192.168.2.253  Bcast:192.168.2.255  Mask:255.255.255.0
>   inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:10471 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:7314 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:7374834 (7.0 MiB)  TX bytes:898558 (877.4 KiB)
>  
> eth0.3Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95 
>   inet addr:192.168.3.254  Bcast:192.168.3.255  Mask:255.255.255.0
>   inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:2210 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:110500 (107.9 KiB)  TX bytes:720 (720.0 b)
>  
> eth0.5Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95 
>   inet addr:192.168.5.254  Bcast:192.168.5.255  Mask:255.255.255.0
>   inet6 addr: fe80::20c:29ff:fe83:e595/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:2211 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:110550 (107.9 KiB)  TX bytes:720 (720.0 b)
>  
> eth0.10   Link encap:Ethernet  HWaddr 00:0C:29:83:E5:95 
>   inet

Re: [PacketFence-users] How to monitor Nessus? - Your system is being scanned

2013-11-15 Thread forbmsyn 
Hi Fabrice,

Just figured out nessus may not be running because I could neither see it
under "Status -> Services" from PF Web UI, nor through ps -ef in the linux
box, even I have chosen it as scan Engine.

How do I enable nessus within PF? Thanks.

Regards,
Jacky





On Fri, Nov 15, 2013 at 3:27 PM, Fabrice DURAND  wrote:

>  Hello Jacky,
> what happen in the nessus´s admin interface, do you see the scanning task
> running ?
>
> Regards
> Fabrice
>
>
>
--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Active Directory authentication

2013-11-15 Thread forbmsyn 
Hi Fabrice,

Changing the scope didn't help. And there is ldap traffic when I login from
portal.

Regards,
Jacky



On Fri, Nov 15, 2013 at 3:26 PM, Fabrice DURAND  wrote:

>  Hello Jacky,
>
> try scope=sub and maybe use tcpdump on the port 389 to see the ldap
> traffic.
>
> Regards
> Fabrice
>
>
>
--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to create an user account for new device to sign in.

2013-11-15 Thread forbmsyn 
Thank you Fabirce. That works.

Regards,
Jacky



On Fri, Nov 15, 2013 at 3:32 PM, Fabrice DURAND  wrote:

>  Hello Jacky,
>
> did you select local as an authentication source on the default portal
> profile ?
>
> Regards
> Fabrice
>
>
>
--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] How to monitor Nessus? - Your system is being scanned

2013-11-15 Thread Fabrice DURAND 
In fact you have to install nessus on the current server or on a second 
server and configure scan in packetfence


Configuration -> scan:
Engine : Nessus
...



Regards
Fabrice

Le 2013-11-15 16:48, forbmsyn a écrit :

Hi Fabrice,

Just figured out nessus may not be running because I could neither see 
it under "Status -> Services" from PF Web UI, nor through ps -ef in 
the linux box, even I have chosen it as scan Engine.


How do I enable nessus within PF? Thanks.

Regards,
Jacky





On Fri, Nov 15, 2013 at 3:27 PM, Fabrice DURAND > wrote:


Hello Jacky,
what happen in the nessus´s admin interface, do you see the
scanning task running ?

Regards
Fabrice




--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Active Directory authentication

2013-11-15 Thread Fabrice DURAND 

Yes of course there is traffic, but what inside ?
Do you took a pcap file and check if ldap traffic was normal ?

Regards
Fabrice



Le 2013-11-15 17:46, forbmsyn a écrit :

Hi Fabrice,

Changing the scope didn't help. And there is ldap traffic when I login 
from portal.


Regards,
Jacky



On Fri, Nov 15, 2013 at 3:26 PM, Fabrice DURAND > wrote:


Hello Jacky,

try scope=sub and maybe use tcpdump on the port 389 to see the
ldap traffic.

Regards
Fabrice




--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x with Machine Auth issue

2013-11-15 Thread Fabrice DURAND 
Hello,

is the mac address is the same in dot1x and mac-auth ?
Do you have a ip phone between the windows computer and the switch ?

Do you have switch log ?

Regards
Fabrice

Le 2013-11-14 17:03, Thomas Tsai a écrit :
> I've combed the docs and the lists, and don't see this particular issue 
> raised.
>
> I'm running into the following issue:
>
> If I plug in a windows computer that is not signed in, PF does what I would 
> expect and performs machine authentication.  This works fine.  The vlan is 
> returned and everything is happy.
>
> However, after about another 10-15 seconds, I get a notice in packetfence.log 
> regarding another radius autz request conenctiong "WIRED_MAC_AUTH".  This 
> does the MAC authentication, and then throws the computer into the MACDETECT 
> vlan.   Is this supposed to happen?  I would think no, but apparently based 
> on some other threads, this happens.
>
> So my question is, how do people get around this issue?  I am doing machine 
> authentication to throw the client into a vlan where user identification can 
> occur with domain controllers.
>
> What am I missing here?Could be an issue between keyboard and chair
>
> Please help :-)
>
>
> **
> Email Disclaimer:
>
> This email, including attachments, may contain
> proprietary, confidential or privileged information. If you
> are not the intended recipient, please (i) do not use,
> disclose, save or retransmit this message or any
> attachments, (ii) alert the sender by reply email and (iii)
> destroy or delete this message and any attachments.
> Delivery of this email to a person other than the intended
> recipient(s) shall not constitute a waiver of privilege or
> confidentiality.
>
> CP Investments, member FINRA and SIPC, serves as
> placement agent for investment products advised by
> Canyon Capital Advisors LLC. This email is not intended to
> be an offer to sell or a solicitation of an offer to buy any
> security in any jurisdiction. We review and retain
> electronic communications traveling through our network.
>
> **
>
> --
> DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
> Free app hosting. Or install the open source package on any LAMP server.
> Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
> http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


--
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users