Re: [PacketFence-users] NO INTERNET Connection

2018-04-21 Thread nilofer fatma via PacketFence-users 
Hello Fabrice,


I am attaching my networks.conf file below.

pf.conf:

[int eth0]
ip = 192.168.1.11
type=managerment
mask=255.255.255.0
gateway=192.168.1.2

[int eth0.2]
enforcement=inlinel2
ip=192.168.2.33
type=internal, monitor
mask=255.255.255.0



> On 18 Apr 2018, at 7:13 AM, Fabrice Durand via PacketFence-users 
>  wrote:
> 
> Hello Fatma,
> 
> probaly a dns issue, can you paste your network.conf file.
> 
> Regards
> 
> Fabrice
> 
> 
> 
> Le 2018-04-16 à 13:43, nilofer fatma via PacketFence-users a écrit :
>> Hello all,
>> 
>> I have set-up packetfence 6.5.1 inline, with two interface management and 
>> inline interface.
>> 
>> After successful registration via captive portal. Packetfence is displaying 
>> message “Unable to detect network connectivity.Try restarting your web 
>> browser or opening a new tab to see if your access has been successfully 
>> enables”.
>> 
>> I can see my device as registered on the GUI -> registered. But I am not 
>> able to connect to internet. I have also enabled ipv4.ip_forward=1
>> 
>> [root@... ~]# more /etc/sysctl.conf
>> # Kernel sysctl configuration file for Red Hat Linux
>> #
>> # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
>> # sysctl.conf(5) for more details.
>> #
>> # Use '/sbin/sysctl -a' to list all possible parameters.
>> 
>> # Controls IP packet forwarding
>> net.ipv4.ip_forward = 1
>> I can also see my device under ipset -L.
>> Anybody has any idea where I am wrong? Please help.\
>> Regards,
>> Nilofer Fatma
>> 
>> 
>> 
>> 
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot 
>> 
>> 
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net 
>> 
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
>> 
> 
> -- 
> Fabrice Durand
> fdur...@inverse.ca  ::  +1.514.447.4918 (x135) ::  
> www.inverse.ca 
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu 
> ) and PacketFence (http://packetfence.org 
> ) 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! 
> http://sdm.link/slashdot___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Bind PacketFence to Active Directory

2018-04-21 Thread Xav Tauran via PacketFence-users 
Hello,

Thank you for your reply !
But now, I have an other problem since this morning... I can't connect on
the management interface (https://192.168.20.200:1443/configurator). I
don't understand why, it was working yesterday..

See below the command's result netstat -anp :

[root@localhost ~]# netstat -anp
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale  Adresse distanteEtat
PID/Program name
tcp0  0 0.0.0.0:63790.0.0.0:*   LISTEN
1365/redis-server *
tcp0  0 0.0.0.0:111 0.0.0.0:*   LISTEN
1/systemd
tcp0  0 0.0.0.0:60010.0.0.0:*   LISTEN
9908/X
tcp0  0 192.168.122.1:530.0.0.0:*   LISTEN
1747/dnsmasq
tcp0  0 0.0.0.0:22  0.0.0.0:*   LISTEN
1364/sshd
tcp0  0 127.0.0.1:631   0.0.0.0:*   LISTEN
1367/cupsd
tcp0  0 127.0.0.1:250.0.0.0:*   LISTEN
1609/master
tcp0  0 192.168.2.200:43278 172.217.19.238:443
TIME_WAIT   -
tcp0  0 192.168.2.200:43282 172.217.19.238:443
TIME_WAIT   -
tcp0  0 192.168.2.200:44144 216.58.206.226:443
ESTABLISHED 21834/firefox
tcp0  0 192.168.2.200:54210 216.58.212.131:443
ESTABLISHED 21834/firefox
tcp0  0 192.168.2.200:40774 216.58.213.142:80
 ESTABLISHED 21834/firefox
tcp0  0 192.168.2.200:51166 216.58.208.227:443
TIME_WAIT   -
tcp0  0 192.168.2.200:51156 216.58.208.227:443
ESTABLISHED 21834/firefox
tcp0  0 127.0.0.1:6379  127.0.0.1:35594
 ESTABLISHED 1365/redis-server *
tcp0  0 192.168.2.200:43276 172.217.19.238:443
TIME_WAIT   -
tcp0  0 192.168.2.200:46144 216.58.208.238:80
 ESTABLISHED 21834/firefox
tcp0  0 192.168.2.200:46194 216.58.212.142:443
ESTABLISHED 21834/firefox
tcp0  1 192.168.2.200:50796 192.168.20.200:1443
 SYN_SENT21834/firefox
tcp0  0 127.0.0.1:35594 127.0.0.1:6379
ESTABLISHED 1366/pfconfig
tcp0  1 192.168.2.200:50794 192.168.20.200:1443
 SYN_SENT21834/firefox
tcp0  0 192.168.2.200:43280 172.217.19.238:443
TIME_WAIT   -
tcp0  0 192.168.2.200:42510 172.217.19.228:443
ESTABLISHED 21834/firefox

I don't understand what is the problem...

Thank you for your return.

Regards,

Xavier TAURAN

2018-04-18 17:28 GMT+02:00 Fabrice Durand via PacketFence-users <
packetfence-users@lists.sourceforge.net>:

> Ok so the issue is because your management interface is not the same as
> the routing interface.
>
> You have to enable nat on the interface ens33 too. (conf/iptables.conf)
>
>
>
> Le 2018-04-18 à 09:17, Xav Tauran via PacketFence-users a écrit :
>
> And my interface management is ens33.20. VLAN 20 is the management's VLAN
> PacketFence run on a virtual machine on Centos 7, and I configured on this
> virtual machine, only one interface : ens33.
>
>
> see below :
>
> [root@localhost ~]# sysctl net.ipv4.ip_forward
> net.ipv4.ip_forward = 1
>
> [root@localhost ~]# ip a
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: ens33:  mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.200/24 brd 192.168.2.255 scope global ens33
>valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
>valid_lft forever preferred_lft forever
> 3: ens33.20@ens33:  mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.20.200/24 brd 192.168.20.255 scope global ens33.20
>valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
>valid_lft forever preferred_lft forever
> 4: ens33.30@ens33:  mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.30.200/24 brd 192.168.30.255 scope global ens33.30
>valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
>valid_lft forever preferred_lft forever
> 5: ens33.40@ens33:  mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
> inet 192.168.40.200/24 brd 192.168.40.255 scope global ens33.40
>valid_lft forever preferred_lft forever
> inet6 fe80::20c:29ff:fe1f:777/64 scope link
>valid_lft forever preferred_lft forever
> 6: ens33.50@ens33:  mtu 1500 qdisc
> noqueue state UP qlen 1000
> link/ether 00:0c:29:1f:07:77 brd ff:ff:ff:ff:ff:ff
>

Re: [PacketFence-users] Problem with Samba 4 authentication

2018-04-21 Thread Jeimerson C. Chaves via PacketFence-users 
[root@PacketFence-ZEN ~]# chroot /chroots/SAMBA/ ntlm_auth
--request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac
--password='Zaq!2wsx'
NT_STATUS_OK: Success (0x0)


[root@PacketFence-ZEN ~]# raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No
such file or directory
Perhaps you need to run the commands:cd /etc/raddb
ln -s sites-available/control-socket sites-enabled/control-socket
and then re-start the server?


Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users
:
> Hello Jeimerson,
>
> can you run:
>
> raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
>
> and paste the result when you try to connect.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit :
>> Hello everyone, I'm having problem with authentication, using Samba server 4.
>>
>> CLI authentication works. But, using the Cisco 2950 802.1x, does not
>> work according to the logs.
>>
>> 
>>
>> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
>> --username=nacad...@samba.nac --password='Zaq!2wsx'
>> NT_STATUS_OK: Success (0x0)
>>
>> #
>> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> (0) No reply from server for ID 149 socket 3
>>
>>
>> What could it be?
>>
>> If you can help me.
>>
>> I created a testing environment with VMware ESXi 6.5.
>>
>> #
>>
>>
>> MAC Address00:0c:29:75:9d:61
>> Auth StatusReject
>> Auth Typeeap
>> Auto Registrationno
>> Calling Station ID00:0c:29:75:9d:61
>> Computer nameN/A
>> EAP TypeMSCHAPv2
>> Event TypeRadius-Access-Request
>> IP Address
>> Is a Phoneno
>> Node statusN/A
>> DomainSAMBA
>> ProfileN/A
>> Realmsamba.nac
>> Reasonchrooted_mschap: Program returned code (1) and output 'Logon
>> failure (0xc06d)'
>> RoleN/A
>> SourceN/A
>> Stripped User Namenacadmin
>> User namenacad...@samba.nac
>> Unique ID
>>
>> 
>>
>> Switch IDN/A
>> Switch MACN/A
>> Switch IP AddressN/A
>> Called Station ID00:16:47:53:3e:08
>> Connection typeN/A
>> IfIndexN/A
>> NAS identifier
>> NAS IP Address10.190.90.24
>> NAS Port50008
>> NAS Port ID
>> NAS Port TypeEthernet
>> RADIUS Source IP Address10.190.90.24
>> Wi-Fi Network SSID
>>
>>
>> #
>>
>> request_time0
>> RADIUS RequestNAS-Port-Type = Ethernet Service-Type = Framed-User
>> Cisco-NAS-Port = "FastEthernet0/8" Called-Station-Id =
>> "00:16:47:53:3e:08" State = 0x935ca195935bbbfd2e4540e93f543f24
>> FreeRADIUS-Proxied-To = 127.0.0.1 Realm = "samba.nac" EAP-Type =
>> MSCHAPv2 NAS-IP-Addre

Re: [PacketFence-users] Problem with Samba 4 authentication

2018-04-21 Thread Jeimerson C. Chaves via PacketFence-users 
Hi.

[SAMBA.NAC]
cache_match=0
read_timeout=10
realms=
password=Zaq!2wsx
scope=sub
binddn=nacad...@samba.nac
port=389
description=Teste de Autenticacao
write_timeout=5
type=AD
basedn=DC=SAMBA,DC=NAC
set_access_level_action=
email_attribute=mail
usernameattribute=sAMAccountName
connection_timeout=5
stripped_user_name=yes
encryption=starttls
host=10.161.16.23




[SAMBA]
ntlm_cache_filter=(&(samAccountName=*)(!(|(lockoutTime=>0)(userAccountControl:1.2.840.113556.1.4.803:=2
ntlm_cache=disabled
registration=1
ntlm_cache_expiry=3600
dns_name=SAMBA.NAC
dns_servers=10.161.16.23
ou=Computers
bind_pass=Zaq!2wsx
ntlm_cache_on_connection=disabled
bind_dn=Administrator
workgroup=SAMBA
ntlm_cache_batch_one_at_a_time=disabled
sticky_dc=10.161.16.23
ad_server=10.161.16.23
ntlm_cache_batch=disabled
server_name=packetfence



##

[root@PacketFence-ZEN conf]# chroot /chroots/SAMBA/ ntlm_auth
--request-nt-key --domain=SAMBA.NAC --username=administra...@samba.nac
--password='Zaq!2wsx'
NT_STATUS_OK: Success (0x0)
[root@PacketFence-ZEN conf]# raddebug -f
/usr/local/pf/var/run/radius.sock -t 3000
radmin: Failed connecting to /usr/local/pf/var/run/radius.sock: No
such file or directory
Perhaps you need to run the commands:cd /etc/raddb
ln -s sites-available/control-socket sites-enabled/control-socket
and then re-start the server?
[root@PacketFence-ZEN conf]#



Tks.





Com os melhores cumprimentos.

Jeimerson Chaves

Aviso de Confidencialidade: Este e-mail e quaisquer ficheiros
informáticos com ele transmitidos são confidenciais, podem conter
informação privilegiada e destinam-se ao conhecimento e uso exclusivo
da pessoa ou entidade a quem são dirigidos, não podendo o conteúdo dos
mesmos ser alterado. Caso tenha recebido este e-mail indevidamente,
queira informar de imediato o remetente e proceder à destruição da
mensagem e de eventuais cópias.

Confidentiality Warning: This e-mail and any files transmitted with it
are confidential and may be privileged and are intended solely for the
use of the individual or entity to whom they are addressed. Their
contents may not be altered. lf you are not the intended recipient of
this communication please notify the sender and delete and destroy all
copies immediately.




2018-04-18 13:23 GMT+01:00 Fabrice Durand via PacketFence-users
:
> Hello Jeimerson,
>
> can you run:
>
> raddebug -f /usr/local/pf/var/run/radius.sock -t 3000
>
> and paste the result when you try to connect.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-04-12 à 04:56, Jeimerson C. Chaves via PacketFence-users a écrit :
>> Hello everyone, I'm having problem with authentication, using Samba server 4.
>>
>> CLI authentication works. But, using the Cisco 2950 802.1x, does not
>> work according to the logs.
>>
>> 
>>
>> chroot /chroots/SAMBA/ ntlm_auth --request-nt-key --domain=SAMBA.NAC
>> --username=nacad...@samba.nac --password='Zaq!2wsx'
>> NT_STATUS_OK: Success (0x0)
>>
>> #
>> radtest -t mschap nacadmin 'Zaq!2wsx' localhost 0 testing123
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> Sent Access-Request Id 149 from 0.0.0.0:40863 to 127.0.0.1:1812 length 134
>> User-Name = "nacadmin"
>> MS-CHAP-Password = "Zaq!2wsx"
>> NAS-IP-Address = 169.254.0.2
>> NAS-Port = 0
>> Message-Authenticator = 0x00
>> Cleartext-Password = "Zaq!2wsx"
>> MS-CHAP-Challenge = 0xf8d279644d3003f7
>> MS-CHAP-Response =
>> 0x0001509ae6a6dc238ef602ec579893bb1ab9d0facd15b8d5cb4f
>> (0) No reply from server for ID 149 socket 3
>>
>>
>> What could it be?
>>
>> If you can help me.
>>
>> I created a testing environment with VMware ESXi 6.5.
>>
>> #
>>
>>
>> MAC Address00:0c:29:75:9d:61
>> Auth StatusReject
>> Auth Typeeap
>> Auto Registrationno
>> Calling Station ID00:0c:29:75:9d:61
>> Computer nameN/A
>> EAP TypeMSCHAPv