Re: [PacketFence-users] User accounts

2017-06-06 Thread Tim DeNike via PacketFence-users 
Samba AD server.

Sent from my iPhone

> On Jun 6, 2017, at 4:56 PM, Jason 'XenoPhage' Frisvold via PacketFence-users 
>  wrote:
>
> Greetings,
>
>In a previous life, we used Packetfence for a campus network with
> thousands of users.  The user database was a well established LDAP
> directory that had been in existence for a while.
>
>In my current life, however, we have no such database.  I'm looking for
> a solution.  I was hoping to just have Packetfence serve as that
> database, at least for now, but I don't see a way for users to manage
> their accounts..  ie, how do they change passwords?  Is it better to
> just pop up a local ldap instance and populate that?
>
> Any thoughts appreciated!
>
> Thanks,
>
> --
> ---
> Jason 'XenoPhage' Frisvold
> xenoph...@godshell.com
> ---
>
> "Any sufficiently advanced magic is indistinguishable from technology."
> - Niven's Inverse of Clarke's Third Law
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] User accounts

2017-06-06 Thread Jason 'XenoPhage' Frisvold via PacketFence-users 
Greetings,

In a previous life, we used Packetfence for a campus network with
thousands of users.  The user database was a well established LDAP
directory that had been in existence for a while.

In my current life, however, we have no such database.  I'm looking for
a solution.  I was hoping to just have Packetfence serve as that
database, at least for now, but I don't see a way for users to manage
their accounts..  ie, how do they change passwords?  Is it better to
just pop up a local ldap instance and populate that?

Any thoughts appreciated!

Thanks,

-- 
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---

"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Problem with iDevices re-registerring

2017-06-06 Thread Hans Johnson via PacketFence-users 
Hi Everyone,

I've recently deployed PF 6.5.1 with pretty good success. I'm running in a
basic captive-portal setup, with my users connecting to an SSID, and
getting presented with a captive portal page. They log in, which is checked
against AD via LDAP, and then get re-directed to their operational VLAN.

The setup is such that the registration is valid for 5 days, after which my
intent is that they should have to re-agree to the ToS, and log in again to
get another 5 days of access.

It's this latter part that is causing me issues with iOS devices. As the
first batch of registrations has timed out, for whatever reason my users
that are using iPhones and iPads and the like aren't getting the captive
portal again, or so is being reported to me. I've looked at the PF logs,
and it appears that they are being appropriately deregistered and sent back
to the registration VLAN.

This smells to me like it is an interaction between DHCP lease time, DHCP
implementation, and changing the network out underneath the client. On my
operational network (VLAN 12), DHCP is serviced by a pair of Windows Server
2012 DHCP servers running in high availability/failover mode. The lease
time there is set for 1 day. I have the packetfence DHCP forwarder running
on both of these servers, which are the servers for my entire network. The
exception is on my registration VLAN, which is served by Packetfence, and
issuing 30 second leases.

Conversely, when I manually deregister a node through the administration
interface, they get kicked back to the captive portal pretty quickly. Is
there a difference in the way that this happens?

Any thoughts on how to resolve this would be appreciated.

Regards,

Hans
-- 
-
Hans Johnson (hans.john...@gmail.com)
B.ASc, Computer Engineering
Simon Fraser University

... Si hoc legere scis numium eruditionis habes. -- Anonymous
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] e-mail portal login

2017-06-06 Thread Will Halsall via PacketFence-users 
Hi Folks,

Testing pf 7.1 I noticed that when using email portal login the password is 
displayed and is also included in the activation e-mail. Is this action desired 
?


WillH


[http://fcot5.farn-ct.ac.uk/Email_Signature_Open_Events.jpg] 


This message is intended only for the use of the person(s) to
whom it is addressed, and may contain privileged and confidential information.
If it has come to you in error, please contact the sender as soon as possible,
and note that you must take no action based on the content, nor must you copy,
distribute, or show the content to any other person.


In accordance with its legal obligations, Farnborough College of
Technology reserves the right to monitor the content of e-mails sent and
received, but will not do so routinely.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Cluster but need Inline also

2017-06-06 Thread Sokolowski, Darryl via PacketFence-users 
Hi All,
What might be a way to set up both a cluster for redundancy and also enable 
Inline mode?
I have a need for both, but am unsure that I should try to add it to the 
clustered machines.
Should I have a separate PF installation for the inline?

To clarify my intentions a bit:
What we wanted to try to do is to put any unregistered machine into our guest 
network after accepting the terms in the aup-text via the captive portal, to 
protect our wired connections within the office.
Easy enough, and already achieved using a PF 7 cluster.  But I see that Inline 
mode is not supported on the clustered machines.

We had originally planned on using Inline mode for wireless connections.  Right 
now, our policy is not to allow any wireless connections to our internal 
network, so our wireless is really just guest access, but we want to make 
wireless users accept the same aup-text terms before granting access. So we 
were supposing we could use packetfence as a hotspot to present the terms and 
conditions and to control the wireless access. And have an easy route to our 
internal network should the emergency need arise, or policies change.

Should I use a WLAN controller instead? (But then the controller is a single 
point of failure.)

Has anyone set up anything similar? Looking for ideas on how this could be 
achieved.

Thanks





>>> CONFIDENTIALITY NOTICE <<<

This electronic mail (e-mail) message, including any and/or all attachments, is 
for the sole use of the intended recipient(s), and may contain confidential 
and/or privileged information, pertaining to business conducted under the 
direction and supervision of EarthColor, Inc. All e-mail messages, which may 
have been established as expressed views and/or opinions (stated either within 
the e-mail message or any of its attachments), are left to the sole 
responsibility of that of the sender, and are not necessarily attributed to 
EarthColor, Inc. Unauthorized interception, review, use, disclosure or 
distribution of any such information contained within this e-mail message 
and/or its attachment(s), is(are) strictly prohibited. If you are not the 
intended recipient, please contact the sender by replying to this e-mail 
message, along with the destruction of all copies of the original e-mail 
message (along with any attachments).
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users