Re: [PacketFence-users] Compatibility double check for our environment

2017-08-10 Thread Durand fabrice via PacketFence-users 

Hello Yan,


Le 2017-08-09 à 04:11, Yan Kimiko via PacketFence-users a écrit :

Hello Durand, Thank you very much for your reply.

I have a question about you reply and hope I can get your further help.

For identification part, you said we can use 802.1x+mab. I don’t 
understand why we need mab. Our current environment is already using 
802.1x via cisco acs, and mab is not enabled in our current 
environment and it also works well.
Or did I misunderstanding something, you mean use 802.1x for the 
normal office users and use mab for those VoIP and printers ?
Yes, by default printers and VoIP are not configured to do 802.1x so it 
will work with MAB.


Our requirement:
1.Identification
—802.1x based on user info from AD source or based on device’s MAC address.

Your reply:802.1x and mac auth bypass seems to be ok for both.


For compliance check part, our AD servers are controlled by another 
team and We are not so familiar about this part’s setup, and neither 
do another team. Do you have any setup suggestion or setup guidance or 
sample or something on how to use WMI checking if specific software 
installed in a device ?
You need an account that is allowed to connect on each computers in 
order to do a wmi scan.
And another solution we thought is : Keep monitoring PF syslog, once 
find a device passed 802.1x, immediately send a controlled-device 
check request to our antivirus server(there is a condition here:if a 
device has installed our antivirus agent , it must be found in our 
antivirus server), if the check response is yes, we’ll know this 
device has installed the agent, and then we can move it to normal 
VLAN, otherwise redirect a portal to user with the remediation 
solution for him.

Yes it can also work.


2.Compliance and health check when registering to office network.
—When a device logs in, checking if the device has installed our official
antivirus software before giving the device normal network’s access.Isolated
the device from normal inner network but gives it restricted network access 
so
that they can have a way to install the required software.

Your reply:wmi scan


For this part our thinking solution is the same as you mentioned: Once 
our antivirus server find a dangerous device, send an alert syslog to 
PF, PF use the received alert syslog to trigger a violation and to do 
the next control. Hope it works.


3.Isolation dangerous device from normal network
—When our antivirus agent find some threat exists in the device, update the
device’s VLAN to an isolation VLAN so that the threat won’t spread to other
inner network.

Your reply:you need to find a way to trigger a webservice api call 
from the antivirus management console or send the syslog to packetfence.



Finally, when PF do the 802.1x authentication, can we trigger wmi scan 
in the mean time ? We want to use pf as our weapon to force people 
install our security agent before he can get normal network access.
dhcp request trigger a wmi scan, so you need to send the dhcp traffic to 
packetfence. It is also possible to trigger a violation with the vlan 
filter when a device connect with 802.1x.
Or if not happening in the same time, after every device passed 802.1x 
auth, we just put it in evaluation VLAN(with limit network access), 
and trigger a violation to do the WMI scan when a device found in 
evaluation VLAN, if the device has installed the agent, move the 
device to normal VLAN, others redirect url to tell this user he should 
install our agent first, and give a link in url for his to download agent.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


It looks that you want to configure PacketFence in an advanced mode, in 
my opinion you can ask inverse for professional consulting.
It's not to force you but we can guide you and let you know what is 
possible or no.


Regards
Fabrice


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] OpenVAS v9 integration

2017-08-10 Thread Durand fabrice via PacketFence-users 

Not yet but probably in futur version.


Le 2017-08-09 à 10:45, Cristian Mammoli via PacketFence-users a écrit :

Does Packetfence work with OpenVAS-9 (Greenbone OS 4)?




--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] R: R: R: R: network-access-detection

2017-08-10 Thread Durand fabrice via PacketFence-users 

Hello Alessandro,

what is the result of ? :

cat /proc/sys/net/ipv4/ip_forward

From the pf server are you able to do a query ?
nslookup
> server 153.47.30.113
> inverse.ca

Regards
Fabrice


Le 2017-08-10 à 13:42, Alessandro Canella via PacketFence-users a écrit :


Here some test:

BEFORE LOGIN

Suffisso DNS specifico per connessione: inlinel2.feo-cer.net

Indirizzo IPv4. . . . . . . . . . . . : 192.168.30.14(Preferenziale)

Gateway predefinito . . . . . . . . . : 192.168.30.1

Server DHCP . . . . . . . . . . . . . : 192.168.30.1

   Server DNS . . . . . . . . . . . . .  : 153.47.30.113

C:\Users\aless>nslookup

Server predefinito:  UnKnown

Address:  153.47.30.113

lancelot.feo-cer.net

Server:  UnKnown

Address:  153.47.30.113

Nome:percival.feo-cer.net

Address:  192.168.30.1

Aliases: lancelot.feo-cer.net.inlinel2.feo-cer.net

AFTER LOGIN

C:\Users\aless>nslookup

DNS request timed out.

timeout was 2 seconds.

Server predefinito:  UnKnown

Address:  153.47.30.113

> server 192.168.30.1

DNS request timed out.

timeout was 2 seconds.

Server predefinito:  [192.168.30.1]

Address:  192.168.30.1

As you see from image attached, portscan …works….query not….

*Da:*Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

*Inviato:* giovedì 10 agosto 2017 09.42
*A:* packetfence-users@lists.sourceforge.net
*Cc:* Alessandro Canella 
*Oggetto:* [PacketFence-users] R: R: R: network-access-detection

Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and 
cannot reach a remote DNS too. Note that other proto seems ok.


*Da:*Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

*Inviato:* martedì 8 agosto 2017 14.37
*A:* packetfence-users@lists.sourceforge.net 


*Cc:* Fabrice Durand >
*Oggetto:* Re: [PacketFence-users] R: R: network-access-detection

Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice

Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :

I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be
retrieved.

But not only : from a successful registered client, I cannot query
DNS. And any other packet works fine….

How I can check where is “deny” that stops me?

*Da:*Alessandro Canella via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
*Inviato:* venerdì 4 agosto 2017 08.18
*A:* Ludovic Zammit 
;
packetfence-users@lists.sourceforge.net

*Cc:* Alessandro Canella 

*Oggetto:* [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the
first reachable is not correct…) I’ve leaved Vlan Enforce due to
incopatibility of switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in
new tab.

Later I will recap tests.

Thanks in advance.

*Da:*Ludovic Zammit [mailto:lzam...@inverse.ca]
*Inviato:* giovedì 3 agosto 2017 19.40
*A:* packetfence-users@lists.sourceforge.net

*Cc:* Alessandro Canella >
*Oggetto:* Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?


By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will
need to check if you have placed into the correct vlan (In VLAN
enforcement mode) and got the proper IP address.

Check also if you have internet, it's known for Mac OS X devices
that they are slow to release their IP and pickup the new one
(~90secs).

Try to have a tab open on the network-access-detection.gif and see
if it loads after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca   ::  +1.514.447.4918 (x145) 
::www.inverse.ca 

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

On Aug 3, 2017, at 11:41 AM, Alessandro Canella via
PacketFence-users > wrote:

Hello all,

I still have problem detecting
/common/network-access-detection.gif after access is granted.
I’m using ZEN version.

I’ve tried lot of different config. All seems fine, gif is

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Akala Kehinde via PacketFence-users 
Hi Cristian,

The 100024 id doesn't trigger. No logs, nothin. Only the 100025 does.
Just to be sure of the Reg. and Post Reg scan operations, the Reg.scan
works just when authenticating and the Post Reg. after authentication. And
does the violation (the wmi violation itself) self close when you don't fix
it?

Regards,
Kehinde

On Thu, Aug 10, 2017 at 3:57 PM, Cristian Mammoli  wrote:

> WMI works for me on production network, what issues are you having?
>
> Il 10/08/2017 14:37, Akala Kehinde ha scritto:
>
> Hi Cristian,
>
> Took me some time too to have the WMI scan running, but even only works
> for pre-reg. Failed for Reg and Post-reg scans.Had any success with that?
>
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Akala Kehinde via PacketFence-users 
Hi Christian,

Is the ssl config change you made in the nessus6.pm file necessary, because
I only made the change in the REST.pm file, and I could connect.
But the issue I am having is with the "scanner name doesn't exist" even
after settign as "Local Scanner".
Can you send me your nessu6.pm file. Want to compare with mine.

Thanks.

Regards,
Kehinde

On Thu, Aug 10, 2017 at 11:04 AM, Cristian Mammoli 
wrote:

> Thanks Akala, I think the Nessus::REST shipped by inverse repo has
> multiple problems
>
> [root@srvpf pf]# rpm -qf /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm
> perl-Net-Nessus-REST-0.2-4.1.noarch
> [root@srvpf pf]# yum info perl-Net-Nessus-REST-0.2-4.1.noarch
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
>  * atomic: www4.atomicorp.com
>  * base: it.centos.contactlab.it
>  * extras: it.centos.contactlab.it
>  * updates: it.centos.contactlab.it
> Installed Packages
> Name: perl-Net-Nessus-REST
> Arch: noarch
> Version : 0.2
> Release : 4.1
> Size: 23 k
> Repo: installed
> From repo   : packetfence
> Summary : Communicate with Nessus scanner(v6+) via REST
> URL : http://search.cpan.org/~grousse/Net-Nessus-REST-0.2/
> License : Artistic/GPL
> Description : This is Perl interface for communication with Nessus scanner
> over XMLRPC. You
> : can start, stop, pause and resume scan. Watch progress and
> status of scan,
> : download report, etc.
>
> There is no  ssl_opts => { verify_hostname => 0 } (even if this coul be
> passed directly by nessus6.pm). The function get_scanner_id is missing
>
> I brutally replaced /usr/share/perl5/vendor_perl/Net/Nessus/REST.pm with
> the last upstream version:
>
> wget http://cpansearch.perl.org/src/GROUSSE/Net-Nessus-REST-v0.7.
> 0/lib/Net/Nessus/REST.pm -O /usr/share/perl5/vendor_perl/N
> et/Nessus/REST.pm
>
> and modified lib/pf/scan/nessus6.pm like this:
>
> --- lib/pf/scan/nessus6.pm.orig 2017-08-10 11:02:24.977268702 +0200
> +++ lib/pf/scan/nessus6.pm  2017-08-10 10:45:59.439102230 +0200
> @@ -92,7 +92,7 @@
>  my $scanner_name= $self->{_scannername};
>  my $format  = $self->{_format};
>
> -my $nessus = Net::Nessus::REST->new(url => 'https://
> '.$host.':'.$port);
> +my $nessus = Net::Nessus::REST->new(url => 'https://'.$host.':'.$port,
> ssl_opts => { verify_hostname => 0 });
>  $nessus->create_session(username => $user, password => $pass);
>
>  # Verify nessus policy ID on the server, nessus remote scanner id,
> set scan name and launch the scan
>
> My scan.conf is this:
>
> [nessus6_scan]
> ip=srvpf.gruppoapra.com
> duration=180s
> categories=employees
> port=8834
> registration=0
> username=admin
> post_registration=1
> password=REDACTED
> pre_registration=0
> oses=1
> type=nessus6
> scannername=Local Scanner
> nessus_clientpolicy=PacketFenceScan
>
> Now the scan starts:
>
> Aug 10 11:03:41 srvpf pfqueue: pfqueue(8101) INFO: [mac:20:cf:30:36:7c:bb]
> Nessus is scanning 192.168.15.80 (pf::scan::nessus6::startScan)
>
>
> Il 09/08/2017 20:40, Akala Kehinde ha scritto:
>
>> FYI below..
>> Had to cc. the mail add.. for anyone interested in the ongoing convo...
>>
>> Regards,
>> Kehinde
>>
>> On Thu, Aug 3, 2017 at 11:08 PM, Juan Camilo Valencia <
>> juan.valen...@seguratec.com.co >
>> wrote:
>>
>> Hi Kehinde,
>>
>> Yeah could be something really more simple but what looks like is
>> that the variable is not getting initialize probably because the
>> app is not delivering any data,or the scanner name is not correct,
>> let me see with the lab how to get that info manually and debug
>> this thing correctly.
>>
>> Best regards
>>
>> 2017-08-03 13:27 GMT-05:00 Akala Kehinde > >:
>>
>> HI Juan,
>>
>> Actualy did that before sending the last mai, but to no avail.
>> Problem still persist.
>>
>> [MAWOH_NESSUS_SCAN]
>> ip=127.0.0.1
>> duration=30s
>> categories=guest,staff
>> port=8843
>> registration=1
>> username=nessusadmin
>> post_registration=1
>> password=password
>> pre_registration=1
>> oses=1
>> nessus_clientpolicy=testpolicy
>> type=nessus6
>> scannername=Local
>>
>> Aug  3 20:27:06 egelsbach pfqueue: Use of uninitialized value
>> $scanner_id in string eq at
>> /usr/local/pf/lib/pf/scan/nessus6.pm  line
>> 107.
>> Aug  3 20:27:06 egelsbach pfqueue: Use of uninitialized value
>> $scanner_id in concatenation (.) or string at
>> /usr/local/pf/lib/pf/scan/nessus6.pm  line
>> 108.
>> Aug  3 20:27:06 egelsbach pfqueue: pfqueue(31127) WARN:
>> [mac:44:8a:5b:43:55:02] Nessus scanner name doesn't exist
>>

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Akala Kehinde via PacketFence-users 
Hi Cristian,

Took me some time too to have the WMI scan running, but even only works for
pre-reg. Failed for Reg and Post-reg scans.Had any success with that?

Regards,
Kehinde

On Thu, Aug 10, 2017 at 2:31 PM, Cristian Mammoli via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> And now, even if Nessus returns no vulns the built in trigger 124 does
> not get self closed.
>
> I give up, after 3 days trying to get a scan system working beyond WMI:
>
> openvas should be installed on the pf box but can't because there is a
> conflict between a perl wmi library shipped by inverse. Furthermore I think
> pf requires an old version of openvas which is nowhere to be found
> Nessus 5 can't be downloaded anymore from tenable website
> Nessus 6 integration is utterly broken
>
> And I'm using the ZEN appliance which, I suppose, has all the pieces in
> place.
>
> Can someone of the devs provide a tested working combination before I hang
> myself out of frustration?
>
> Thanks
>
> Cristian
>
> Il 10/08/2017 13:51, Cristian Mammoli via PacketFence-users ha scritto:
>
> Hi Akala, the result is the same for the ssl_options. It only tells LWP
> UserAgent to not verify the hostname. I just wanted to avoid editing
> something external to packetfence.
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Cristian Mammoli via PacketFence-users 

WMI works for me on production network, what issues are you having?

Il 10/08/2017 14:37, Akala Kehinde ha scritto:

Hi Cristian,

Took me some time too to have the WMI scan running, but even only 
works for pre-reg. Failed for Reg and Post-reg scans.Had any success 
with that?


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error communicatin with Nessus

2017-08-10 Thread Cristian Mammoli via PacketFence-users 
Hi Akala, the result is the same for the ssl_options. It only tells LWP 
UserAgent to not verify the hostname. I just wanted to avoid editing 
something external to packetfence.


I attached my nessus6.pm, but try to update 
/usr/share/perl5/vendor_perl/Net/Nessus/REST.pm with the latest upstream 
version like I did.


Furhermore, if you manage to get the scan running, there is another 
problem you will face: the violation reported by nessus6 will be ignored 
because there is no nessus6 type in lib/pf/factory/condition/violation.pm


I fixed it this way:

--- lib/pf/factory/condition/violation.pm.orig  2017-08-10 
12:14:46.302911023 +0200
+++ lib/pf/factory/condition/violation.pm   2017-08-10 
12:55:01.346003541 +0200

@@ -37,6 +37,7 @@
 'mac'   => {type => 'regex', key => 'mac'},
 'mac_vendor'=> {type => 'equals',key => 
'mac_vendor_id'},
 'nessus'=> {type => 'equals',key => 
'last_nessus_id',  event => $TRUE},
+'nessus6'   => {type => 'equals',key => 
'last_nessus6_id', event => $TRUE},
 'openvas'   => {type => 'equals',key => 
'last_openvas_id', event => $TRUE},
 'metadefender'  => {type => 'equals',key => 
'last_metadefender_id',event => $TRUE},
 'provisioner'   => {type => 'equals',key => 
'last_provisioner_id', event => $TRUE},


and added the ids as nessus6 in my violation

Il 10/08/2017 13:43, Akala Kehinde ha scritto:

Hi Christian,

Is the ssl config change you made in the nessus6.pm 
 file necessary, because I only made the change in 
the REST.pm file, and I could connect.
But the issue I am having is with the "scanner name doesn't exist" 
even after settign as "Local Scanner".
Can you send me your nessu6.pm  file. Want to 
compare with mine.
package pf::scan::nessus6;

=head1 NAME

pf::scan::nessus6

=cut

=head1 DESCRIPTION

pf::scan::nessus6 is a module to add Nessus v6 scanning option.

=cut

use strict;
use warnings;

use Log::Log4perl;
use Readonly;

use base ('pf::scan');

use pf::config;
use pf::scan;
use pf::util;
use pf::node;
use pf::constants::scan qw($SCAN_VID $PRE_SCAN_VID $POST_SCAN_VID 
$STATUS_STARTED);
use Net::Nessus::REST;

sub description { 'Nessus6 Scanner' }

=head1 SUBROUTINES

=over

=item new

Create a new Nessus6 scanning object with the required attributes

=cut

sub new {
my ( $class, %data ) = @_;
my $logger = Log::Log4perl::get_logger(__PACKAGE__);

$logger->debug("instantiating new ". __PACKAGE__ . " object");

my $self = bless {
'_id'  => undef,
'_host'=> undef,
'_port'=> undef,
'_username'=> undef,
'_password'=> undef,
'_scanIp'  => undef,
'_scanMac' => undef,
'_report'  => undef,
'_file'=> undef,
'_policy'  => undef,
'_type'=> undef,
'_status'  => undef,
'_scannername' => undef,
'_format'  => 'csv',
'_oses'=> undef,
'_categories'  => undef,
}, $class;

foreach my $value ( keys %data ) {
$self->{'_' . $value} = $data{$value};
}

return $self;
}

=item startScan

=cut

# WARNING: A lot of extra single quoting has been done to fix perl taint mode 
issues: #1087
sub startScan {
my ( $self ) = @_;
my $logger = Log::Log4perl::get_logger(__PACKAGE__);

# nessus scan setup
my $id  = $self->{_id};
my $hostaddr= $self->{_scanIp};
my $mac = $self->{_scanMac};
my $host= $self->{_ip};
my $port= $self->{_port};
my $user= $self->{_username};
my $pass= $self->{_password};
my $nessus_clientpolicy = $self->{_nessus_clientpolicy};
my $scanner_name= $self->{_scannername};
my $format  = $self->{_format};

my $nessus = Net::Nessus::REST->new(url => 'https://'.$host.':'.$port, 
ssl_opts => { verify_hostname => 0 });
$nessus->create_session(username => $user, password => $pass);

# Verify nessus policy ID on the server, nessus remote scanner id, set scan 
name and launch the scan

my $policy_id = $nessus->get_policy_id(name => $nessus_clientpolicy);
if ($policy_id eq "") {
$logger->warn("Nessus policy doesnt exist ".$nessus_clientpolicy);
return 1;
}

my $scanner_id = $nessus->get_scanner_id(name => $scanner_name);
if ($scanner_id eq ""){
$logger->warn("Nessus scanner name doesn't exist ".$scanner_id);
return 1;
}

#This is neccesary because the way of the new nessus API works, if the scan 
fails most likely
# is in this function.
my $policy_uuid = $nessus->get_template_id( name => 'custom', type => 
'scan');

[PacketFence-users] R: R: R: network-access-detection

2017-08-10 Thread Alessandro Canella via PacketFence-users 
Fabrice,

I made a test with nslookup. My first hop (PF inline IF) is closed and cannot 
reach a remote DNS too. Note that other proto seems ok.



Da: Fabrice Durand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: martedì 8 agosto 2017 14.37
A: packetfence-users@lists.sourceforge.net
Cc: Fabrice Durand 
Oggetto: Re: [PacketFence-users] R: R: network-access-detection


Hello Alessandro,

you probably missconfigured the dns.

Can you give me your networks.conf ?

Regards

Fabrice



Le 2017-08-07 à 11:51, Alessandro Canella via PacketFence-users a écrit :
I’ve retried and checked traffic.

As wrotten, I’m in inline, users authenticate but GIF cannot be retrieved.

But not only : from a successful registered client, I cannot query DNS. And any 
other packet works fine….


How I can check where is “deny” that stops me?



Da: Alessandro Canella via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Inviato: venerdì 4 agosto 2017 08.18
A: Ludovic Zammit ; 
packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 

Oggetto: [PacketFence-users] R: network-access-detection

Hello Ludovic,

I’ve tried with Win10, tested with both IP (I know, if I test the first 
reachable is not correct…) I’ve leaved Vlan Enforce due to incopatibility of 
switches, so I’m in inline mode.

I will try to raise timeout to 90 secs and to open it by hand in new tab.

Later I will recap tests.

Thanks in advance.





Da: Ludovic Zammit [mailto:lzam...@inverse.ca]
Inviato: giovedì 3 agosto 2017 19.40
A: 
packetfence-users@lists.sourceforge.net
Cc: Alessandro Canella 
>
Oggetto: Re: [PacketFence-users] network-access-detection

Hello Alessandra,

Are you using Mac OS X ? Which PacketFence version are you using ?

By default on the ZEN it will try to reach our public IP.

Once you get authorize after the registration process you will need to check if 
you have placed into the correct vlan (In VLAN enforcement mode) and got the 
proper IP address.

Check also if you have internet, it's known for Mac OS X devices that they are 
slow to release their IP and pickup the new one (~90secs).

Try to have a tab open on the network-access-detection.gif and see if it loads 
after the registration process.

Thanks,

Ludovic Zammit

lzam...@inverse.ca ::  +1.514.447.4918 (x145) ::  
www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)



On Aug 3, 2017, at 11:41 AM, Alessandro Canella via PacketFence-users 
>
 wrote:

Hello all,

I still have problem detecting  /common/network-access-detection.gif after 
access is granted. I’m using ZEN version.

I’ve tried lot of different config. All seems fine, gif is reachable from both 
side of inline mode but “unable to detect” is the last portal page that I seen.

Any ideas about which log explore?



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! 
http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users





--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

Fabrice Durand

fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  
www.inverse.ca

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users