[PacketFence-users] Aruba External Portal, COA..

[Tim DeNike]

I had this working 6 months ago when we demo'd the Aruba equipment.. Now
that we physically have it, I can't remember for the life of me how I got
it to work.

I know I setup roles in the Aruba controller but I can't seem to get PF to
do a COA to change the role after the registration.  PF is returning the
role I defined for portal redirection.  The user is redirected.  Logs in
and PF registers the device, but no COA is sent.  I think PF isn't doing
anything because the VLAN isn't changing, only the role.  Would that make
sense?

I think I was on 5.0 or 5.1 when I tested the Aruba, now I'm on 5.3.
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Aruba External Portal, COA..

[Fabrice DURAND]

Hello Tim,

here an example:
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-integrate-Aruba-Controller-with-CPPM-to-perform-Captive/ta-p/192291

Regards
Fabrice

Le 2015-11-20 08:29, Tim DeNike a écrit :
> I had this working 6 months ago when we demo'd the Aruba equipment..
> Now that we physically have it, I can't remember for the life of me
> how I got it to work.
>
> I know I setup roles in the Aruba controller but I can't seem to get
> PF to do a COA to change the role after the registration.  PF is
> returning the role I defined for portal redirection.  The user is
> redirected.  Logs in and PF registers the device, but no COA is sent. 
> I think PF isn't doing anything because the VLAN isn't changing, only
> the role.  Would that make sense?
>
> I think I was on 5.0 or 5.1 when I tested the Aruba, now I'm on 5.3.
>
>
>
>
> --
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 



0xF78F957E.asc
Description: application/pgp-keys
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DKIM fails while sending packetfence emails.

[Andy A]

Hi Louis

Thanks for opening the bug. Another test I did was use the email template 
directly as the source as below and that passed DKIM verification as well. So 
it's definitely not postfix.

mail -s "test" email-test...@verifier.port25.com < 
/usr/local/pf/conf/templates/emails-guest_admin_pregistration.txt.tt.orig

The reason I thought it was postfix was because when using opendkim, you can 
use temporary files to see the canonicalized header and body messages that are 
signed. The messages in these temporary files looked like the original template 
i.e. not truncated.

Could you point me to any source files for the templating engine as well? So I 
can have a look to speed up the investigation.

Thanks


> From: lmu...@inverse.ca 
> Date: Thu, 19 Nov 2015 12:27:04 -0500 
> To: packetfence-users@lists.sourceforge.net 
> Subject: Re: [PacketFence-users] DKIM fails while sending packetfence emails. 
> 
> 
> 
> On Nov 19, 2015, at 8:49 , Andy A 
> mailto:andthereitg...@hotmail.com>> wrote: 
> 
> Hi Louis. 
> 
> Hope you are well. Thanks for your reply. Answers to your questions below: 
> 
> - No, there are no other mail relays involved. Just Postfix 2.6.6 which 
> is installed on the same machine as Packetfence. Sendmail has also been 
> uninstalled. 
> - No relayhost is set in Postfix. 
> - As for default settings, I am guessing you are referring to 
> smtpserver=localhost, which is kept as default. We do have different 
> values for fromaddr and emailaddr which pertain to our domain. 
> 
> Interestingly when I sent your test email, here's the result of it - it 
> passed DKIM verification. I am using port25 to verify emails. 
> 
> Then it does not really look like a postfix problem to me. 
> 
> It could be in the templating engine or in the MIME::Lite module. 
> I’ve opened an issue on github for that one. 
> 
> https://github.com/inverse-inc/packetfence/issues/1023 
> 
> Regards, 
> -- 
> Louis Munro 
> lmu...@inverse.ca :: 
> www.inverse.ca 
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) 
> and PacketFence (www.packetfence.org) 
> 
> --
>  
> ___ PacketFence-users 
> mailing list PacketFence-users@lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
  
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] DKIM fails while sending packetfence emails.

[Louis Munro]

> On Nov 20, 2015, at 9:08 , Andy A  wrote:
> 
> Could you point me to any source files for the templating engine as well? So 
> I can have a look to speed up the investigation.


Hi Andy,
The templating uses the perl Template Toolkiit. 

Look at lib/pf/activation.pm under send_email() .

Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcplistener configuration

[Derek Wuelfrath]

Josep,

Yes it is working. I just tried and worked first time. On two different setups.

Can you try the following:

/usr/local/pf/bin/pfcmd configreload hard
/usr/local/pf/bin/pfcmd service pfdhcplistener restart

Thanks

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Nov 19, 2015, at 8:34 AM, Josep M. Torné  wrote:
> 
> Hi,
>  
> Anyone has tried this configuration and got it to work?
> Listening to DHCP traffic through VLAN interface configured 
> /usr/local/pf/conf/pf.conf as “type=dhcp-listener”?
>  
> At this point, I have packetfence running an assigning VLANs correctly based 
> on MACs (not 802.1x) on Cisco switches.
> BUT once the VLAN is assigned to the client, I can’t keep track of assigned 
> IP addresses.
> That’s the missing part to get this to work.
>  
> Any advice would be greatly appreciated!
> Thanks,
>  
>  
>  
> De: Josep M. Torné [mailto:jm.to...@tsiic.com] 
> Enviado el: lunes, 16 de noviembre de 2015 18:26
> Para: packetfence-users@lists.sourceforge.net
> Asunto: Re: [PacketFence-users] dhcplistener configuration
>  
> Hi Derek,
>  
> Thanks for your answer.
> Here you have the requested output.
>  
> VLAN1 (management VLAN): subnet 192.168.110.0/24
> VLAN100 (production VLAN): subnet 192.168.100.0/24
> VLAN200 (registration VLAN): subnet 172.22.0.0/24
>  
> I’ve slightly changed the numbers for VLAN and IP subnet for security reasons 
> (call me paranoid :).
>  
> -- BEGIN --
> # ifconfig
> eth0  Link encap:Ethernet  HWaddr 00:50:56:9A:AA:53
>   inet addr:192.168.110.156  Bcast:192.168.110.255  Mask:255.255.255.0
>   inet6 addr: fe80::250:56ff:fe9a:aa53/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:1991164 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:209700 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:181578443 (173.1 MiB)  TX bytes:250558804 (238.9 MiB)
>  
> eth0.100  Link encap:Ethernet  HWaddr 00:50:56:9A:AA:53
>   inet addr:192.168.100.1  Bcast:192.168.100.255  Mask:255.255.255.0
>   inet6 addr: fe80::250:56ff:fe9a:aa53/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:215311 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:14085396 (13.4 MiB)  TX bytes:1644 (1.6 KiB)
>  
> eth0.200  Link encap:Ethernet  HWaddr 00:50:56:9A:AA:53
>   inet addr:172.22.0.2  Bcast:172.22.0.255  Mask:255.255.255.0
>   inet6 addr: fe80::250:56ff:fe9a:aa53/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:3129 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:1677 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:294083 (287.1 KiB)  TX bytes:305954 (298.7 KiB)
>  
>  
> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Mask:255.0.0.0
>   inet6 addr: ::1/128 Scope:Host
>   UP LOOPBACK RUNNING  MTU:65536  Metric:1
>   RX packets:3291151 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:3291151 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:2415838425 (2.2 GiB)  TX bytes:2415838425 (2.2 GiB)
>  
> -- END –
>  
> -- BEGIN –
> # service packetfence status
> service|shouldBeStarted|pid
> carbon-cache|1|2525
> carbon-relay|1|2532
> collectd|1|2535
> dhcpd|1|2552
> haproxy|0|0
> httpd.aaa|1|2554
> httpd.admin|1|2497
> httpd.graphite|1|2565
> httpd.portal|1|2581
> httpd.proxy|0|0
> httpd.webservices|1|2605
> iptables|1|-1
> memcached|1|2481
> pfbandwidthd|0|0
> pfdetect|0|0
> pfdhcplistener_eth0.200|1|2639
> pfdhcplistener_eth0|1|2648
> pfdhcplistener_eth0.100|1|0
> pfdns|1|2651
> pfmon|1|2677
> pfsetvlan|0|0
> radiusd|1|2723
> radsniff3|1|2732
> snmptrapd|0|0
> snort|0|0
> statsd|1|0
> suricata|0|0
> keepalived|0|0
> -- END –
>  
> The line “pfdhcplistener_eth0.100|1|0” is actually in red.
>  
> In Pfence web GUI, Configuration à interfaces, what should be the type for 
> the interface? Right now, eth0 is set to Management, eth0.100 is set to 
> Other, and eth0.200 is set to Registration.
> I actually did create the new interface eth0.100 through the web GUI, and 
> later modified the /usr/local/pf/conf/pf.conf file to add the 
> “type=dhcp-listener” to the section “eth0.100”. 
> Is this correct?
>  
>  
> Is there any way to improve logging level, to help debugging?
> Any clue about what could be wrong?
>  
>  
> Best regards,
>  
>  
>  
> Josep M. Torne
>  
> De: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca 
> ] 
> Enviado el: lunes, 16 de noviembre de 2015 16:44
> Para: ML P

Re: [PacketFence-users] dhcplistener configuration

[Arthur Emerson]

Silly question.  Did you configure the DHCP helper on your Cisco
switch(es)?  This would certainly explain why your dhcplistener logs
DHCP packets clients on the registration VLAN (local interface), but
cannot hear their DHCP once they switch VLAN (needs Cisco helper to
forward DHCP packets to PF)...

-Arthur

-
Arthur Emerson III Email:  
emer...@msmc.edu
Network Administrator  InterNIC:   AE81
Mount Saint Mary College   MaBell: (845) 561-0800 Ext. 3109
330 Powell Ave.Fax:(845) 562-6762
Newburgh, NY  12550SneakerNet: Aquinas Hall Room 008-A


On Nov 19, 2015, at 8:34 AM, Josep M. Torné 
mailto:jm.to...@tsiic.com>> wrote:

Hi,

Anyone has tried this configuration and got it to work?
Listening to DHCP traffic through VLAN interface configured 
/usr/local/pf/conf/pf.conf as “type=dhcp-listener”?

At this point, I have packetfence running an assigning VLANs correctly based on 
MACs (not 802.1x) on Cisco switches.
BUT once the VLAN is assigned to the client, I can’t keep track of assigned IP 
addresses.
That’s the missing part to get this to work.

Any advice would be greatly appreciated!
Thanks,

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] dhcplistener configuration

[Derek Wuelfrath]

Good suggestion Arthur but that would not cause the listener on PacketFence not 
to start, which is what we are seeing.

Cheers!
dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Nov 20, 2015, at 10:59 AM, Arthur Emerson  wrote:
> 
> Silly question.  Did you configure the DHCP helper on your Cisco
> switch(es)?  This would certainly explain why your dhcplistener logs
> DHCP packets clients on the registration VLAN (local interface), but
> cannot hear their DHCP once they switch VLAN (needs Cisco helper to
> forward DHCP packets to PF)...
> 
> -Arthur
> 
> -
> Arthur Emerson III Email:  emer...@msmc.edu 
> 
> Network Administrator  InterNIC:   AE81
> Mount Saint Mary College   MaBell: (845) 561-0800 Ext. 3109
> 330 Powell Ave.Fax:(845) 562-6762
> Newburgh, NY  12550SneakerNet: Aquinas Hall Room 008-A
> 
> 
>>> On Nov 19, 2015, at 8:34 AM, Josep M. Torné >> > wrote:
>>> 
>>> Hi,
>>>  
>>> Anyone has tried this configuration and got it to work?
>>> Listening to DHCP traffic through VLAN interface configured 
>>> /usr/local/pf/conf/pf.conf as “type=dhcp-listener”?
>>>  
>>> At this point, I have packetfence running an assigning VLANs correctly 
>>> based on MACs (not 802.1x) on Cisco switches.
>>> BUT once the VLAN is assigned to the client, I can’t keep track of assigned 
>>> IP addresses.
>>> That’s the missing part to get this to work.
>>>  
>>> Any advice would be greatly appreciated!
>>> Thanks,
>> 
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Xbox live via Inline mode

[Max McGrath]

Hello -

We are running PF 5.1 and utilize Inline mode in some of our residence
halls.

We are getting a lot of reports of Xbox users not being able to connect to
Xbox live.  The Xbox gets an IP address just fine and gets the proper DNS
settings, but it just refuses to connect to Xbox live.  If you throw a PC
on inline mode -- all is fine -- web browsing, gaming ,etc.

Has anybody else seen this with Xboxes via Inline mode?

Max
--
Max McGrath  
Network Administrator
Carthage College
262-552-5512
mmcgr...@carthage.edu
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users