Re: [PacketFence-users] guest registration immediately forcing clients back to registration vlan

2016-03-03 Thread Louis Munro 
Hi Casey,

It looks like the devices are being assigned a very short registration time.

Can you check what is the value of email_activation_timeout in 
conf/authentication.conf for the email source? 
Check the rules too. It could be that the access duration is set too low.

Post your conf/authentication.conf file if you are not sure.
Make sure to remove the passwords from it...


Regards,
--
Louis Munro
lmu...@inverse.ca  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Mar 3, 2016, at 14:29 , Casey Feskens  wrote:
> 
> I've recently run into an issue with guest registration and vlan enforcement 
> on our packetfence installation, since upgrading to 5.5.2.  As opposed to 
> providing 10 minutes of network access after accessing the registration 
> portal, packetfence seems to be consistently setting ports back to the 
> registration VLAN  after 10-30 seconds.
> 
> Here's the example output from packetfence.log from the time the node joins 
> the network, through the initial registration.  In this case, VLAN 84 is the 
> registration VLAN and 244 is the access VLAN:
> 
> Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d] handling 
> radius autz request: from switch_ip => (158.104.249.7), connection_type => 
> Wireless-802.11-NoEAP,switch_mac => (e4:c7:22:aa:60:20), mac => 
> [00:23:6c:85:ff:9d], port => 13, username => "00236c85ff9d", ssid => WITS 
> Guest Test (pf::radius::authorize)
> Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d] is of status 
> unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
> Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d] 
> (158.104.249.7) Added VLAN 84 to the returned RADIUS reply 
> (pf::Switch::returnRadiusAccessAccept)
> Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d] 
> (158.104.249.7) Returning ACCEPT with VLAN 84 and role  
> (pf::Switch::returnRadiusAccessAccept)
> Mar 03 10:20:28 httpd.portal(41370) INFO: [mac:00:23:6c:85:ff:9d] Memory 
> configuration is not valid anymore for key config::Profiles in local 
> cached_hash (pfconfig::cached::is_valid)
> Mar 03 10:20:28 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d] Memory 
> configuration is not valid anymore for key config::Profiles in local 
> cached_hash (pfconfig::cached::is_valid)
> Mar 03 10:20:28 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d] Instantiate 
> profile wuguest (pf::Portal::ProfileFactory::_from_profile)
> Mar 03 10:20:28 httpd.portal(41370) INFO: [mac:00:23:6c:85:ff:9d] Instantiate 
> profile wuguest (pf::Portal::ProfileFactory::_from_profile)
> Mar 03 10:20:29 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d] Memory 
> configuration is not valid anymore for key config::Profiles in local 
> cached_hash (pfconfig::cached::is_valid)
> Mar 03 10:20:29 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d] Instantiate 
> profile wuguest (pf::Portal::ProfileFactory::_from_profile)
> Mar 03 10:20:29 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d] Updating 
> node user_agent with useragent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 
> 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 
> Safari/537.36' 
> (captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAgent)
> Mar 03 10:20:31 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d] redirected 
> to guests self registration page on wuguest portal 
> (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
> Mar 03 10:20:31 httpd.portal(41370) INFO: [mac:00:23:6c:85:ff:9d] redirected 
> to guests self registration page on wuguest portal 
> (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
> Mar 03 10:20:31 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d] redirected 
> to guests self registration page on wuguest portal 
> (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
> Mar 03 10:20:31 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d] Memory 
> configuration is not valid anymore for key config::Profiles in local 
> cached_hash (pfconfig::cached::is_valid)
> Mar 03 10:20:31 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d] Instantiate 
> profile wuguest (pf::Portal::ProfileFactory::_from_profile)
> Mar 03 10:20:31 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d] redirected 
> to guests self registration page on wuguest portal 
> (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
> Mar 03 10:20:32 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d] Instantiate 
> profile wuguest (pf::Portal::ProfileFactory::_from_profile)
> Mar 03 10:20:32 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d] Instantiate 
> profile wuguest (pf::Portal::ProfileFactory::_from_profile)
> Mar 03 10:20:32 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d] redirected 
> to guests self registration page on wuguest portal 
> (captiveportal::PacketFence::Control

[PacketFence-users] guest registration immediately forcing clients back to registration vlan

2016-03-03 Thread Casey Feskens 
I've recently run into an issue with guest registration and vlan
enforcement on our packetfence installation, since upgrading to 5.5.2.  As
opposed to providing 10 minutes of network access after accessing the
registration portal, packetfence seems to be consistently setting ports
back to the registration VLAN  after 10-30 seconds.

Here's the example output from packetfence.log from the time the node joins
the network, through the initial registration.  In this case, VLAN 84 is
the registration VLAN and 244 is the access VLAN:

Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d] handling
radius autz request: from switch_ip => (158.104.249.7), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (e4:c7:22:aa:60:20), mac =>
[00:23:6c:85:ff:9d], port => 13, username => "00236c85ff9d", ssid => WITS
Guest Test (pf::radius::authorize)
Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d]
(158.104.249.7) Added VLAN 84 to the returned RADIUS reply
(pf::Switch::returnRadiusAccessAccept)
Mar 03 10:20:22 httpd.aaa(32978) INFO: [mac:00:23:6c:85:ff:9d]
(158.104.249.7) Returning ACCEPT with VLAN 84 and role
 (pf::Switch::returnRadiusAccessAccept)
Mar 03 10:20:28 httpd.portal(41370) INFO: [mac:00:23:6c:85:ff:9d] Memory
configuration is not valid anymore for key config::Profiles in local
cached_hash (pfconfig::cached::is_valid)
Mar 03 10:20:28 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d] Memory
configuration is not valid anymore for key config::Profiles in local
cached_hash (pfconfig::cached::is_valid)
Mar 03 10:20:28 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:28 httpd.portal(41370) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:29 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d] Memory
configuration is not valid anymore for key config::Profiles in local
cached_hash (pfconfig::cached::is_valid)
Mar 03 10:20:29 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:29 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d] Updating
node user_agent with useragent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X
10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116
Safari/537.36'
(captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAgent)
Mar 03 10:20:31 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d]
redirected to guests self registration page on wuguest portal
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Mar 03 10:20:31 httpd.portal(41370) INFO: [mac:00:23:6c:85:ff:9d]
redirected to guests self registration page on wuguest portal
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Mar 03 10:20:31 httpd.portal(41380) INFO: [mac:00:23:6c:85:ff:9d]
redirected to guests self registration page on wuguest portal
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Mar 03 10:20:31 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d] Memory
configuration is not valid anymore for key config::Profiles in local
cached_hash (pfconfig::cached::is_valid)
Mar 03 10:20:31 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:31 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d]
redirected to guests self registration page on wuguest portal
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Mar 03 10:20:32 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:32 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:32 httpd.portal(41916) INFO: [mac:00:23:6c:85:ff:9d]
redirected to guests self registration page on wuguest portal
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Mar 03 10:20:49 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:49 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d]
Instantiate profile wuguest (pf::Portal::ProfileFactory::_from_profile)
Mar 03 10:20:49 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d]
Validating mandatory and custom fields for 'email' based self-registration
(captiveportal::PacketFence::Controller::Signup::validateMandatoryFields)
Mar 03 10:20:49 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d]
registering 00:23:6c:85:ff:9d guest by email
(captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration)
Mar 03 10:20:49 httpd.portal(41416) INFO: [mac:00:23:6c:85:ff:9d] Matched
rule (catchall) in sou

Re: [PacketFence-users] Change MAC Display To Cisco Format

2016-03-03 Thread Tim DeNike 
I'd like to see it be selectable. For instance. We're switching away from
extreme which uses the : notation to brocade which uses the Cisco dotted
notation.
Also. Searches used to be flexible where you could search with or without
colons or dashes and now they require : only (after upgrade to 5.7).

Sent from my iPhone

On Mar 3, 2016, at 11:19 AM, Michael R. Haag <
michael.h...@madisoncounty.ny.gov> wrote:

It would save me a bit of time if I could set Packetfence’s admin GUI to
display MAC addresses in cisco format rather than standard (for copy/paste
purposes). For example:



“001a.a01c.0890” instead of” 00:1a:a0:1c:08:09”



Is this something I could implement with an easy change in the code
somewhere?



It would be best if I could toggle the view from standard to cisco and
back, or keep it saved as a user preference.





Thank you,



Michael R. Haag

Computer Services Technician

Department of Information Technology

Madison County, NY

(315) 366-2204



--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Change MAC Display To Cisco Format

2016-03-03 Thread Michael R. Haag 
It would save me a bit of time if I could set Packetfence's admin GUI to 
display MAC addresses in cisco format rather than standard (for copy/paste 
purposes). For example:

"001a.a01c.0890" instead of" 00:1a:a0:1c:08:09"

Is this something I could implement with an easy change in the code somewhere?

It would be best if I could toggle the view from standard to cisco and back, or 
keep it saved as a user preference.


Thank you,

Michael R. Haag
Computer Services Technician
Department of Information Technology
Madison County, NY
(315) 366-2204

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Saving Node Search Criteria in 5.7.0

2016-03-03 Thread Antoine Amacher 

Hello Micheal,

this is a bug, here is the link toward the git issue while we are 
working on it.

https://github.com/inverse-inc/packetfence/issues/1221

Thank you

On 03/03/2016 11:06 AM, Michael R. Haag wrote:


I noticed that if I save a node search in 5.7.0, and I choose 
“Hostname” “STARTS WITH” and a partial hostname, the saved search 
turns the “starts with” into “is”. Does everyone see the same behavior?


(I’m using Google Chrome, in case that’s relevant)

Thank you,

Michael R. Haag

Computer Services Technician

Department of Information Technology

Madison County, NY

(315) 366-2204



--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Antoine Amacher
aamac...@inverse.ca  ::  +1.514.447.4918 *130  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Saving Node Search Criteria in 5.7.0

2016-03-03 Thread Michael R. Haag 
I noticed that if I save a node search in 5.7.0, and I choose "Hostname" 
"STARTS WITH" and a partial hostname, the saved search turns the "starts with" 
into "is". Does everyone see the same behavior?

(I'm using Google Chrome, in case that's relevant)


Thank you,

Michael R. Haag
Computer Services Technician
Department of Information Technology
Madison County, NY
(315) 366-2204

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] autoreg with vlan filter not working

2016-03-03 Thread Morris, Andi 
Bingo! Thanks Fabrice.

From: Fabrice DURAND [mailto:fdur...@inverse.ca]
Sent: 03 March 2016 13:34
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] autoreg with vlan filter not working

let's try with regex but user_name instead of username.

Fabrice

Le 2016-03-03 08:19, Morris, Andi a écrit :
Hi Fabrice,
No luck there sorry. I changed that, restarted packetfence, packetfence-config 
and also performed a configreload hard but I still see the following in the 
packetfence.log:

Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] handling radius 
autz request: from switch_ip => (192.168.142.13), connection_type => 
Wireless-802.11-EAP,switch_mac => (00:3a:98:d0:1e:c0), mac => 
[30:10:b3:13:be:37], port => 13, username => 
"testu...@cardiffmet.ac.uk", ssid => 
eduroam_dev (pf::radius::authorize)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] is of status 
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] (192.168.142.13) 
Added VLAN 60 to the returned RADIUS reply 
(pf::Switch::returnRadiusAccessAccept)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] (192.168.142.13) 
Returning ACCEPT with VLAN 60  (pf::Switch::returnRadiusAccessAccept)

Cheers,
Andi

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 03 March 2016 12:29
To: 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] autoreg with vlan filter not working

Hi Andi,

replace match by regex.

Regards
Fabrice


Le 2016-03-03 06:43, Morris, Andi a écrit :
Hi,
Running version 5.7.0 on CentOS.

I'm trying to get autoreg working through vlan_filters like I have on my 5.0.1 
production install but it doesn't seem to be taking effect and new devices are 
being sent into the registration network after a radius access-accept message.

My vlan filter is as below, which is directly lifted from my 5.0.1 config. Has 
anything changed with vlan filters? I've tried switching 'match' for 'regex' as 
I've seen that mentioned in the documentation and on this list. The only major 
different in my config on the newer version is that I'm using the built-in 
domain/realm config in the GUI, which I didn't do on my 5.0.1 install. I'm not 
sure if that has a bearing as I'm trying to filter on the realm name.

[home_user]
filter = username
operator = match
value = 
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$)

[autoreg:home_user]
scope = AutoRegister
role = eduroam_home

realm.conf is:
[cardiffmet.ac.uk]
domain=myDomainlabel
options=strip

[uwic.ac.uk]
domain= myDomainlabel
options=strip

Cheers,
Andi

-
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: amor...@cardiffmet.ac.uk
--



[Image removed by sender. Cardiff Metropolitan  University 
- 150 years of nurturing talent]




--

Site24x7 APM Insight: Get Deep Visibility into Application Performance

APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month

Monitor end-to-end web transactions and take corrective actions now

Troubleshoot faster and improve end-user experience. Signup Now!

http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users





--

Site24x7 APM Insight: Get Deep Visibility into Application Performance

APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month

Monitor end-to-end web transactions and take corrective actions now

Troubleshoot faster and improve end-user experience. Signup Now!

http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users




--

Fabrice Durand

fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  
www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
---

Re: [PacketFence-users] autoreg with vlan filter not working

2016-03-03 Thread Fabrice DURAND 
let's try with regex but user_name instead of username.

Fabrice

Le 2016-03-03 08:19, Morris, Andi a écrit :
>
> Hi Fabrice,
>
> No luck there sorry. I changed that, restarted packetfence,
> packetfence-config and also performed a configreload hard but I still
> see the following in the packetfence.log:
>
>  
>
> Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] handling
> radius autz request: from switch_ip => (192.168.142.13),
> connection_type => Wireless-802.11-EAP,switch_mac =>
> (00:3a:98:d0:1e:c0), mac => [30:10:b3:13:be:37], port => 13, username
> => "testu...@cardiffmet.ac.uk", ssid => eduroam_dev
> (pf::radius::authorize)
>
> Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] is of
> status unreg; belongs into registration VLAN
> (pf::role::getRegistrationRole)
>
> Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37]
> (192.168.142.13) Added VLAN 60 to the returned RADIUS reply
> (pf::Switch::returnRadiusAccessAccept)
>
> Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37]
> (192.168.142.13) Returning ACCEPT with VLAN 60 
> (pf::Switch::returnRadiusAccessAccept)
>
>  
>
> Cheers,
>
> Andi
>
>  
>
> *From:*Durand fabrice [mailto:fdur...@inverse.ca]
> *Sent:* 03 March 2016 12:29
> *To:* packetfence-users@lists.sourceforge.net
> *Subject:* Re: [PacketFence-users] autoreg with vlan filter not working
>
>  
>
> Hi Andi,
>
> replace match by regex.
>
> Regards
> Fabrice
>
> Le 2016-03-03 06:43, Morris, Andi a écrit :
>
> Hi,
>
> Running version 5.7.0 on CentOS.
>
>  
>
> I’m trying to get autoreg working through vlan_filters like I have
> on my 5.0.1 production install but it doesn’t seem to be taking
> effect and new devices are being sent into the registration
> network after a radius access-accept message.
>
>  
>
> My vlan filter is as below, which is directly lifted from my 5.0.1
> config. Has anything changed with vlan filters? I’ve tried
> switching ‘match’ for ‘regex’ as I’ve seen that mentioned in the
> documentation and on this list. The only major different in my
> config on the newer version is that I’m using the built-in
> domain/realm config in the GUI, which I didn’t do on my 5.0.1
> install. I’m not sure if that has a bearing as I’m trying to
> filter on the realm name.
>
>  
>
> [home_user]
>
> filter = username
>
> operator = match
>
> value =
> 
> ^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$)
>
>  
>
> [autoreg:home_user]
>
> scope = AutoRegister
>
> role = eduroam_home
>
>  
>
> realm.conf is:
>
> [cardiffmet.ac.uk]
>
> domain=myDomainlabel
>
> options=strip
>
>  
>
> [uwic.ac.uk]
>
> domain= myDomainlabel
>
> options=strip
>
>  
>
> Cheers,
>
> Andi
>
>  
>
> -
>
> Andi Morris
>
> IT Security Officer
> Cardiff Metropolitan University
>
> T: 02920 205720
> E: amor...@cardiffmet.ac.uk 
>
> --
>
>  
>
> 
>
>
> Image removed by sender. Cardiff Metropolitan University - 150
> years of nurturing talent 
>
>
> 
> --
>
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>
> Monitor end-to-end web transactions and take corrective actions now
>
> Troubleshoot faster and improve end-user experience. Signup Now!
>
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>
>
>
>
> ___
>
> PacketFence-users mailing list
>
> PacketFence-users@lists.sourceforge.net
> 
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>  
>
>
>
> --
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 



0xF78F957E.asc
Description: applicat

Re: [PacketFence-users] Disable automatic VOIP detection, PF 5.7 QUICKLY!!! THANKS!

2016-03-03 Thread Fabrice DURAND 
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L191

# my$isPhone= $switch->isPhoneAtIfIndex($mac, $port) ||
defined($result); my $isPhone; Le 2016-03-03 07:48, Tim DeNike a écrit :
> I had this working fine in 5.3 and prior by disabling th
>
> #if ($args->{'isPhone'}) {
> #$node_info{'voip'} = $VOIP;
> #}
>
>
> section in vlan.pm , but it doesn't seem to work now..
> I'm guessing its finger bank that is to fault.
>
> I disabled the same section in role/custom.pm , but
> its still doing it.
>
> I need to completely disable the automatic detection of VOIP devices. 
> Its screwing  up my network right now.. finger bank thinks VDIs are
> phones and PF is sending a tagged port back to the switch for the devices.
>
>
> Quick!
>
> Thanks!
>
>
> --
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 



0xF78F957E.asc
Description: application/pgp-keys
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] autoreg with vlan filter not working

2016-03-03 Thread Morris, Andi 
Hi Fabrice,
No luck there sorry. I changed that, restarted packetfence, packetfence-config 
and also performed a configreload hard but I still see the following in the 
packetfence.log:

Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] handling radius 
autz request: from switch_ip => (192.168.142.13), connection_type => 
Wireless-802.11-EAP,switch_mac => (00:3a:98:d0:1e:c0), mac => 
[30:10:b3:13:be:37], port => 13, username => "testu...@cardiffmet.ac.uk", ssid 
=> eduroam_dev (pf::radius::authorize)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] is of status 
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] (192.168.142.13) 
Added VLAN 60 to the returned RADIUS reply 
(pf::Switch::returnRadiusAccessAccept)
Mar 03 13:17:18 httpd.aaa(8299) INFO: [mac:30:10:b3:13:be:37] (192.168.142.13) 
Returning ACCEPT with VLAN 60  (pf::Switch::returnRadiusAccessAccept)

Cheers,
Andi

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: 03 March 2016 12:29
To: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] autoreg with vlan filter not working

Hi Andi,

replace match by regex.

Regards
Fabrice

Le 2016-03-03 06:43, Morris, Andi a écrit :
Hi,
Running version 5.7.0 on CentOS.

I'm trying to get autoreg working through vlan_filters like I have on my 5.0.1 
production install but it doesn't seem to be taking effect and new devices are 
being sent into the registration network after a radius access-accept message.

My vlan filter is as below, which is directly lifted from my 5.0.1 config. Has 
anything changed with vlan filters? I've tried switching 'match' for 'regex' as 
I've seen that mentioned in the documentation and on this list. The only major 
different in my config on the newer version is that I'm using the built-in 
domain/realm config in the GUI, which I didn't do on my 5.0.1 install. I'm not 
sure if that has a bearing as I'm trying to filter on the realm name.

[home_user]
filter = username
operator = match
value = 
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$)

[autoreg:home_user]
scope = AutoRegister
role = eduroam_home

realm.conf is:
[cardiffmet.ac.uk]
domain=myDomainlabel
options=strip

[uwic.ac.uk]
domain= myDomainlabel
options=strip

Cheers,
Andi

-
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: amor...@cardiffmet.ac.uk
--



[Image removed by sender. Cardiff Metropolitan University - 150 years of 
nurturingtalent]



--

Site24x7 APM Insight: Get Deep Visibility into Application Performance

APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month

Monitor end-to-end web transactions and take corrective actions now

Troubleshoot faster and improve end-user experience. Signup Now!

http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Disable automatic VOIP detection, PF 5.7 QUICKLY!!! THANKS!

2016-03-03 Thread Fabrice DURAND 
Apply this pull request on your setup and you will be able to select in
the switch config how you want to detect voip.

https://github.com/inverse-inc/packetfence/pull/1205
https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/1205.diff

Le 2016-03-03 08:17, Tim DeNike a écrit :
>if (defined($node_info->{dhcp_fingerprint}) &&
> $node_info->{dhcp_fingerprint} =~ /VoIP Phone/) {
> $logger->debug("DHCP fingerprint for $mac indicates VoIP phone");
> return 1;
> }
>
> changing to return 0 fixes it.
>
> This was the offending code in pf/Switch.pm
>
> Id like to put a formal request in to disable automatic VOIP detection
> with a simple checkbox instead of having to hack the code every time. 
> Fingerprints just aren't accurate enough and we have scripts that
> automatically register/flag all of our phones as voip.
>
> We don't have the tagged vlan set on our switch ports in an idle
> state.  We return VSAs with a tagged port and to enable LLDP directing
> the phone to the tagged vlan, so if something is mis-identified (like
> almost all of our VDIs in this case), it causes a huge issue.
>
> Ive always just gotten by by disabling the same code in every upgrade,
> but as you guys change stuff, i have to track it down again and again.
>
> A simple checkbox "Disable automatic VOIP dhcp fingerprint detection"
> would be great.  :D
>
>
>
> On Thu, Mar 3, 2016 at 7:48 AM, Tim DeNike  > wrote:
>
> I had this working fine in 5.3 and prior by disabling th
>
> #if ($args->{'isPhone'}) {
> #$node_info{'voip'} = $VOIP;
> #}
>
>
> section in vlan.pm , but it doesn't seem to work
> now.. I'm guessing its finger bank that is to fault.
>
> I disabled the same section in role/custom.pm ,
> but its still doing it.
>
> I need to completely disable the automatic detection of VOIP
> devices.  Its screwing  up my network right now.. finger bank
> thinks VDIs are phones and PF is sending a tagged port back to the
> switch for the devices.
>
>
> Quick!
>
> Thanks!
>
>
>
>
> --
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 



0xF78F957E.asc
Description: application/pgp-keys
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Disable automatic VOIP detection, PF 5.7 QUICKLY!!! THANKS!

2016-03-03 Thread Tim DeNike 
   if (defined($node_info->{dhcp_fingerprint}) &&
$node_info->{dhcp_fingerprint} =~ /VoIP Phone/) {
$logger->debug("DHCP fingerprint for $mac indicates VoIP phone");
return 1;
}

changing to return 0 fixes it.

This was the offending code in pf/Switch.pm

Id like to put a formal request in to disable automatic VOIP detection with
a simple checkbox instead of having to hack the code every time.
Fingerprints just aren't accurate enough and we have scripts that
automatically register/flag all of our phones as voip.

We don't have the tagged vlan set on our switch ports in an idle state.  We
return VSAs with a tagged port and to enable LLDP directing the phone to
the tagged vlan, so if something is mis-identified (like almost all of our
VDIs in this case), it causes a huge issue.

Ive always just gotten by by disabling the same code in every upgrade, but
as you guys change stuff, i have to track it down again and again.

A simple checkbox "Disable automatic VOIP dhcp fingerprint detection" would
be great.  :D



On Thu, Mar 3, 2016 at 7:48 AM, Tim DeNike  wrote:

> I had this working fine in 5.3 and prior by disabling th
>
> #if ($args->{'isPhone'}) {
> #$node_info{'voip'} = $VOIP;
> #}
>
>
> section in vlan.pm, but it doesn't seem to work now.. I'm guessing its
> finger bank that is to fault.
>
> I disabled the same section in role/custom.pm, but its still doing it.
>
> I need to completely disable the automatic detection of VOIP devices.  Its
> screwing  up my network right now.. finger bank thinks VDIs are phones and
> PF is sending a tagged port back to the switch for the devices.
>
>
> Quick!
>
> Thanks!
>
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Disable automatic VOIP detection, PF 5.7 QUICKLY!!! THANKS!

2016-03-03 Thread Tim DeNike 
I had this working fine in 5.3 and prior by disabling th

#if ($args->{'isPhone'}) {
#$node_info{'voip'} = $VOIP;
#}


section in vlan.pm, but it doesn't seem to work now.. I'm guessing its
finger bank that is to fault.

I disabled the same section in role/custom.pm, but its still doing it.

I need to completely disable the automatic detection of VOIP devices.  Its
screwing  up my network right now.. finger bank thinks VDIs are phones and
PF is sending a tagged port back to the switch for the devices.


Quick!

Thanks!
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] autoreg with vlan filter not working

2016-03-03 Thread Durand fabrice 

Hi Andi,

replace match by regex.

Regards
Fabrice


Le 2016-03-03 06:43, Morris, Andi a écrit :


Hi,

Running version 5.7.0 on CentOS.

I’m trying to get autoreg working through vlan_filters like I have on 
my 5.0.1 production install but it doesn’t seem to be taking effect 
and new devices are being sent into the registration network after a 
radius access-accept message.


My vlan filter is as below, which is directly lifted from my 5.0.1 
config. Has anything changed with vlan filters? I’ve tried switching 
‘match’ for ‘regex’ as I’ve seen that mentioned in the documentation 
and on this list. The only major different in my config on the newer 
version is that I’m using the built-in domain/realm config in the GUI, 
which I didn’t do on my 5.0.1 install. I’m not sure if that has a 
bearing as I’m trying to filter on the realm name.


[home_user]

filter = username

operator = match

value = 
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$)


[autoreg:home_user]

scope = AutoRegister

role = eduroam_home

realm.conf is:

[cardiffmet.ac.uk]

domain=myDomainlabel

options=strip

[uwic.ac.uk]

domain= myDomainlabel

options=strip

Cheers,

Andi

-

Andi Morris

IT Security Officer
Cardiff Metropolitan University

T: 02920 205720
E: amor...@cardiffmet.ac.uk 

--



Cardiff Metropolitan University - 150 years of nurturing talent 




--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] autoreg with vlan filter not working

2016-03-03 Thread Morris, Andi 
Hi,
Running version 5.7.0 on CentOS.

I'm trying to get autoreg working through vlan_filters like I have on my 5.0.1 
production install but it doesn't seem to be taking effect and new devices are 
being sent into the registration network after a radius access-accept message.

My vlan filter is as below, which is directly lifted from my 5.0.1 config. Has 
anything changed with vlan filters? I've tried switching 'match' for 'regex' as 
I've seen that mentioned in the documentation and on this list. The only major 
different in my config on the newer version is that I'm using the built-in 
domain/realm config in the GUI, which I didn't do on my 5.0.1 install. I'm not 
sure if that has a bearing as I'm trying to filter on the realm name.

[home_user]
filter = username
operator = match
value = 
^(.+@[Cc][Aa][Rr][Dd][Ii][Ff][Ff][Mm][Ee][Tt]\.[Aa][Cc]\.[Uu][Kk]$|.+@[Uu][Ww][Ii][Cc]\.[Aa][Cc]\.[Uu][Kk]$)

[autoreg:home_user]
scope = AutoRegister
role = eduroam_home

realm.conf is:
[cardiffmet.ac.uk]
domain=myDomainlabel
options=strip

[uwic.ac.uk]
domain= myDomainlabel
options=strip

Cheers,
Andi

-
Andi Morris
IT Security Officer
Cardiff Metropolitan University
T: 02920 205720
E: amor...@cardiffmet.ac.uk
--



[Cardiff Metropolitan University - 150 years of nurturing 
talent]
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users