[PacketFence-users] Reply-Message = "max nodes per pid met or exceeded"

2018-10-17 Thread Cox, Eric via PacketFence-users 
I have read the other emails about this issue and I'm still not able to resolve 
it.  Could the "host/" in front of the computer name be the issue?   How do you 
remove "host/".   I have a nps server setup and pointed to the same OU it works 
just fine.What am I missing in PF?

Here is the log:
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] application/json (pf::WebAPI::handler)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] instantiating new pf::radius object (pf::radius::new)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] instantiating switch (pf::radius::authorize)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] cache get for namespace='switch.overlay', 
key='10.100.4.248', cache='DBI', time='0ms': MISS (not in cache) 
(CHI::Driver::_log_get_result)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] creating new pf::Switch::Brocade object 
(pf::SwitchFactory::instantiate)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] Setting current tenant ID to 1 (pf::dal::set_tenant)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) INFO: 
[mac:c8:5b:76:9f:c7:2d] handling radius autz request: from switch_ip => 
(10.100.4.248), connection_type => Ethernet-EAP,switch_mac => (Unknown), mac => 
[c8:5b:76:9f:c7:2d], port => 35, username => "host/WJC-ENG-046A.wjcc.k12.va.us" 
(pf::radius::authorize)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) INFO: 
[mac:c8:5b:76:9f:c7:2d] is doing machine auth with account 
'host/WJC-ENG-046A.wjcc.k12.va.us'. (pf::radius::authorize)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] instantiating new pf::role object (pf::role::new)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] instantiating new pf::access_filter::vlan 
(pf::access_filter::new)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] No engine found for IsPhone (pf::access_filter::test)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] determining if c8:5b:76:9f:c7:2d is VoIP phone through 
discovery protocols (pf::Switch::isPhoneAtIfIndex)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] VoIP not enabled on network device 10.100.4.248: no 
phones returned (pf::Switch::getPhonesDPAtIfIndex)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] Trying to match IP address to MAC 'c8:5b:76:9f:c7:2d' 
using SQL 'ip4log' table (pf::ip4log::mac2ip)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] Viewing an 'ip4log' table entry for the following MAC 
address 'c8:5b:76:9f:c7:2d' (pf::ip4log::_view_by_mac)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) INFO: 
[mac:c8:5b:76:9f:c7:2d] Instantiate profile WJCC-Wired-Device 
(pf::Connection::ProfileFactory::_from_profile)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] instantiating new pf::Connection::Profile object 
(pf::Connection::Profile::new)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] instantiating new pf::access_filter::vlan 
(pf::access_filter::new)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] No engine found for AutoRegister 
(pf::access_filter::test)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] Autoregistration set on profile WJCC-Wired-Device 
(pf::role::shouldAutoRegister)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] instantiating new pf::access_filter::vlan 
(pf::access_filter::new)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] No engine found for NodeInfoForAutoReg 
(pf::access_filter::test)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) DEBUG: 
[mac:c8:5b:76:9f:c7:2d] EAP connection with a username 
"host/WJC-ENG-046A.wjcc.k12.va.us". Trying to match rules from authentication 
sources. (pf::role::getNodeInfoForAutoReg)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) INFO: 
[mac:c8:5b:76:9f:c7:2d] Found authentication source(s) : 'WJCC-AuthSource' for 
realm 'null' (pf::config::util::filter_authentication_sources)
Oct 17 13:51:50 PktFncTestSrv packetfence_httpd.aaa: httpd.aaa(2954) WARN: 
[mac:c8:5b:76:9f:c7:2d] Use of uninitialized value in concatenation (.) or 
string at

[PacketFence-users] radiusd failed to start

2018-10-17 Thread Wifi Guy via PacketFence-users 
Hi All,

Im getting an issue where radiusd will not start correctly.

Job for packetfence-radiusd-acct.service failed because the control process
exited with error code. See "systemctl status
packetfence-radiusd-acct.service" and "journalctl -xe" for details.

radiusd-acct|not started

Job for packetfence-radiusd-auth.service failed because the control process
exited with error code. See "systemctl status
packetfence-radiusd-auth.service" and "journalctl -xe" for details.

radiusd-auth|not started


This seems to be the error


Wed Oct 17 15:24:17 2018 : Error: Failed binding to auth address
161.73.241.15 port 1812 bound to server packetfence: Address already in use

Wed Oct 17 15:24:17 2018 : Error: /usr/local/pf/raddb/auth.conf[18]: Error
binding to port for 161.73.241.15 port 1812


Where is best to start troubleshooting this issue?
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] No authentication context provided at /usr/local/pf/lib/pf/authentication.pm

2018-10-17 Thread Nicolas Quiniou-Briand via PacketFence-users 

For the record, issue reopened here [0].

[0] https://github.com/inverse-inc/packetfence/issues/3676
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] radiusd failed to start

2018-10-17 Thread Nicolas Quiniou-Briand via PacketFence-users 

Hello,

On 2018-10-17 02:29 PM, Wifi Guy via PacketFence-users wrote:
Wed Oct 17 15:24:17 2018 : Error: Failed binding to auth address 
161.73.241.15 port 1812 bound to server packetfence: Address already in use


"Address already in use" means that a process is already bind on 
161.73.241.15 port 1812.


Check result of `ss -lnp|grep 1812` to find pid of the process.
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] No authentication context provided at /usr/local/pf/lib/pf/authentication.pm

2018-10-17 Thread Chris Abel via PacketFence-users 
I have tested this issue with a clean install of packetfence 8.1 in CentOS
7 with VLAN enforcement and have found that the issue is there. This is NOT
my setup, but appears to be a bug in packetfence. Nicholas, do you mind
reopening the bug report that you had originally closed?

Let me know if I can help in any way.

Thank you,
Chris

On Tue, Oct 16, 2018 at 10:14 AM Chris Abel 
wrote:

> Thanks for the help thus far Nicholas. Here is the DEBUG log when trying
> to register:
>
>
> Oct 16 09:47:40 pf packetfence_httpd.portal: httpd.portal(32415) DEBUG:
> [mac:00:11:22:33:44:55] AUP is required and it's value is : 1
> (captiveportal::PacketFence::Form::Authentication::check_aup_form)
>
> Oct 16 09:47:40 pf packetfence_httpd.portal: httpd.portal(32415) INFO:
> [mac:00:11:22:33:44:55] Validating e-mail for user em...@gmail.com
> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Null::authenticate)
>
> Oct 16 09:47:40 pf packetfence_httpd.portal: httpd.portal(32415) DEBUG:
> [mac:00:11:22:33:44:55] cache set for namespace='httpd.portal',
> key='user_session:62f28acd1f36d1d2bccab0585fca5e19d9447e6b', size=30,
> expires='6h', cache='Redis', time='0ms' (CHI::Driver::_log_set_result)
>
> Oct 16 09:47:40 pf packetfence_httpd.portal: httpd.portal(32415) ERROR:
> [mac:00:11:22:33:44:55] Caught exception in
> captiveportal::Controller::Root->dynamic_application "No authentication
> context provided at /usr/local/pf/lib/pf/authentication.pm line 226."
> (captiveportal::PacketFence::Controller::Root::end)
>
>
>
> Compared to when lines 226 and 228 in authentication.pm are commented out
> and registration is successful:
>
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) DEBUG:
> [mac:00:11:22:33:44:55] AUP is required and it's value is : 1
> (captiveportal::PacketFence::Form::Authentication::check_aup_form)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) INFO:
> [mac:00:11:22:33:44:55] Validating e-mail for user em...@gmail.com
> (captiveportal::PacketFence::DynamicRouting::Module::Authentication::Null::authenticate)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) DEBUG:
> [mac:00:11:22:33:44:55] Authenticating 'em...@gmail.com' from source(s)
> BYOD (pf::authentication::authenticate)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) INFO:
> [mac:00:11:22:33:44:55] Authentication successful for em...@gmail.com in
> source BYOD (Null) (pf::authentication::authenticate)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) INFO:
> [mac:00:11:22:33:44:55] User em...@gmail.com has authenticated on the
> portal. (Class::MOP::Class:::after)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) DEBUG:
> [mac:00:11:22:33:44:55] Executing action unregdate_from_source with params :
> (captiveportal::PacketFence::DynamicRouting::Module::execute_actions)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) INFO:
> [mac:00:11:22:33:44:55] User em...@gmail.com has authenticated on the
> portal. (Class::MOP::Class:::after)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) DEBUG:
> [mac:00:11:22:33:44:55] Match called with parameters context => portal,
> realm => undef, SSID => undef, connection_type => undef, mac =>
> 00:11:22:33:44:55, username => em...@gmail.com (pf::authentication::match)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) DEBUG:
> [mac:00:11:22:33:44:55] Stripping username is disabled in this context
> (portal). Will return the username as is with the realm.
> (pf::config::util::strip_username_if_needed)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) WARN:
> [mac:00:11:22:33:44:55] Calling match with empty/invalid rule class.
> Defaulting to 'authentication' (pf::authentication::match)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) INFO:
> [mac:00:11:22:33:44:55] Using sources BYOD for matching
> (pf::authentication::match)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) INFO:
> [mac:00:11:22:33:44:55] Matched rule (BYOD) in source BYOD, returning
> actions. (pf::Authentication::Source::match_rule)
>
> Oct 16 09:53:39 pf packetfence_httpd.portal: httpd.portal(2522) INFO:
> [mac:00:11:22:33:44:55] Matched rule (BYOD) in source BYOD, returning
> actions. (pf::Authentication::Source::match)
>
>
>
> It appears that PF is unable to validate the e-mail in
> captiveportal::PacketFence::DynamicRouting::Module::Authentication::Null::authenticate?
>
> On Mon, Oct 15, 2018 at 2:43 PM Nicolas Quiniou-Briand 
> wrote:
>
>> On 2018-10-15 01:33 PM, Chris Abel wrote:
>> > Yes, I have applied all steps of the upgrade process. I have re-ran the
>> > script and those commands and still seeing this issue.
>>
>> Ok.
>>
>> > I understand you tried the null source on a fresh install of 8.1, but
>> > did you try the null source with the "Email Required" option? That is
>> > the option that is giving me the

[PacketFence-users] radiusd failed to start

2018-10-17 Thread Wifi Guy via PacketFence-users 
Hi All,

Im getting an issue where radiusd will not start correctly.

Job for packetfence-radiusd-acct.service failed because the control process
exited with error code. See "systemctl status
packetfence-radiusd-acct.service" and "journalctl -xe" for details.

radiusd-acct|not started

Job for packetfence-radiusd-auth.service failed because the control process
exited with error code. See "systemctl status
packetfence-radiusd-auth.service" and "journalctl -xe" for details.

radiusd-auth|not started


This seems to be the error


Wed Oct 17 15:24:17 2018 : Error: Failed binding to auth address
161.73.241.15 port 1812 bound to server packetfence: Address already in use

Wed Oct 17 15:24:17 2018 : Error: /usr/local/pf/raddb/auth.conf[18]: Error
binding to port for 161.73.241.15 port 1812


Where is best to start troubleshooting this issue?
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] MAC Authentication fails on hp 1920

2018-10-17 Thread Oscar Nogales via PacketFence-users 
Hi everyone,

I'm working on a NAC deployment with Packetfence in offline mode. I have
working the 802.1x authentication, but I want to do the MAC address
authentication failover in case no 802.1x agent is connected to the switch.

All my switches are HPE V1910-48G Switch with Software Version Release
1519P03 (last version on HP website).

Apparently all is working: the switch send to the packetfence the mac
address as username and password, the radius authenticates it correctly and
send back the response with the correct attributes:
Tunnel-Type = VLAN
Tunnel-Private-Group-Id = "3"
Tunnel-Medium-Type = IEEE-802

The switch register on its log that the user is authenticated and the vlan
is 3. But the pc has no connection, doesn't get any IP by DHCP (there is
dhcp on vlan 3) or if I configure a static ip address, I cannot reach any
other IP on the vlan (is like if the switch blocks my packets).

This is the configuration of the HP Switch:

#

 port-security enable

#

 dot1x timer tx-period 10

 dot1x timer supp-timeout 10

 dot1x authentication-method eap

#

#

 mac-authentication domain macauth.local

 mac-authentication user-name-format mac-address with-hyphen

#

domain macauth.local

authentication default radius-scheme radiusnac

authentication lan-access radius-scheme radiusnac

authorization lan-access radius-scheme radiusnac

access-limit disable

state active

idle-cut disable

self-service-url disable

#

domain mydomain

 authentication lan-access radius-scheme radiusnac

 authorization lan-access radius-scheme radiusnac

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

radius scheme radiusnac

 primary authentication 10.0.10.220

 key authentication cipher $c$3$ZFDWjqDlNi7UGtNNLnrRiL+w/7MTioLgW3p0Ds1617Xc

 security-policy-server 10.0.10.220

 user-name-format keep-original

 nas-ip 172.18.1.19

#

#

interface GigabitEthernet1/0/16

 port link-type hybrid

 port hybrid vlan 1 3 117 untagged

 port hybrid pvid vlan 117

 mac-vlan enable

 stp edged-port enable

 mac-authentication max-user 2

 mac-authentication host-mode multi-vlan

 port-security port-mode userlogin-secure-or-mac

 dot1x re-authenticate

 dot1x guest-vlan 117

 undo dot1x handshake

 undo dot1x multicast-trigger

#

snmp-agent community read myreadcommunity

snmp-agent community write mywritecommunity mib-view All

snmp-agent target-host trap address udp-domain 10.0.10.220 params
securityname NAC v2c

#


And this is the configuration on packetfence:


[172.18.1.19]

description=sw19_test

group=RoverMotta-HP

deauthMethod=SNMP

GR_NAC_Rmotta_vlan20Vlan=20

GR_NAC_Rmotta_vlan3Vlan=3

type=H3C::S5120

cliPwd=supersecurepass

cliUser=admin

cliEnablePwd=megasecurepass

useCoA=N


[group RoverMotta-HP]

description=1910

SNMPCommunityRead=myreadcommunity

SNMPCommunityWrite=mywritecommunity

isolationVlan=118

radiusSecret=RadiusPassword

SNMPVersion=2c

registrationVlan=117

defaultVlan=3


And I show you the logs that shows that the MAB is working:


[radius.log]

Oct 17 15:54:00 censvnac auth[12460]: [mac:f0:de:f1:3c:7b:c3] Accepted
user:  and returned VLAN 3

Oct 17 15:54:00 censvnac auth[12460]: (854) Login OK:
[f0-de-f1-3c-7b-c3@macauth.local] (from client 172.18.1.19 port 16842869
cli f0:de:f1:3c:7b:c3)


[packetfence.log]

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] handling radius autz request: from switch_ip =>
(172.18.1.19), connection_type => WIRED_MAC_AUTH,switch_mac => (Unknown),
mac => [f0:de:f1:3c:7b:c3], port => 16, username =>
"f0-de-f1-3c-7b-c3@macauth.local" (pf::radius::authorize)

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] Instantiate profile 802.1x
(pf::Connection::ProfileFactory::_from_profile)

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] Connection type is WIRED_MAC_AUTH. Getting role
from node_info (pf::role::getRegisteredRole)

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] Username was defined
"f0-de-f1-3c-7b-c3@macauth.local" - returning role 'GR_NAC_Rmotta_vlan3'
(pf::role::getRegisteredRole)

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] PID: "default", Status: reg Returned VLAN:
(undefined), Role: GR_NAC_Rmotta_vlan3 (pf::role::fetchRoleForNode)

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] (172.18.1.19) Added VLAN 3 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] violation 133 force-closed for
f0:de:f1:3c:7b:c3 (pf::violation::violation_force_close)

Oct 17 15:54:00 censvnac packetfence_httpd.aaa: httpd.aaa(11262) INFO:
[mac:f0:de:f1:3c:7b:c3] Instantiate profile 802.1x
(pf::Connection::ProfileFactory::_from_profile)

Oct 17 15:54:09

Re: [PacketFence-users] ZEN 8.1.0 | Problem with Webinterface

2018-10-17 Thread Nicolas Quiniou-Briand via PacketFence-users 

Hello Manuel,

Welcome on list !

I installed a fresh CentOS 7 yesterday with packetfence 8.1.0 and I 
didn't reproduce your issue.


Did you check prerequisities for your server ? [0]

You can safely ignore logs messages related to DB: this is because you 
have not yet configured database in configurator.



[0] 
https://packetfence.org/doc/PacketFence_Installation_Guide.html#_minimum_hardware_requirements

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] ZEN 8.1.0 | Problem with Webinterface

2018-10-17 Thread Hilgert Manuel via PacketFence-users 
Fresh „install“ of PacketFence Zen 8.1.0
- Webinterface of configurator sometimes load, sometimes not
- when i want to save the first network configuration there ist he error 
„unable to connect to server. Try again later“
- TOP shows 100% CPU load on usr/sbin/httpd
-  Packetfence log shows:
Oct 17 14:32:15 packetfence packetfence: FATAL -e(689): unable to connect to 
database: Access denied for user 'pf'@'localhost' (using password: YES) at -e 
line 1.
(pf::db::db_connect)


I then installed a fresh centos7 and packetfence -> same error….

I’m lost :/

Mit freundlichen Grüßen

Manuel Hilgert
IT-Abteilung

Tel +49 8751 8605-146
Fax +49 8751 8605-740
Mobil +49 176 18605018

[cid:image40e38e.PNG@98d9efe9.459d6d70]
Simon H. Steiner, Hopfen, GmbH
Auhofstrasse 18 - 84048 Mainburg - Germany
Geschäftssitz Mainburg, Amtsgericht Regensburg HRB-9334
Geschäftsführer: Joachim Gehde, Pascal Piroué,
Werner Sellmer, Louis S. Gimbel 3rd, Louis S. Gimbel 4th
http://www.hopsteiner.de



[Hopsteiner]
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error while communicating with the Fingerbank collector. 401 Unauthorized

2018-10-17 Thread Roberto Lulli via PacketFence-users 

Hi Nicolas,

thank you for your reply. Yes everything seems ok, I can see that 
section and I can follow the link to my fingerbank account.


Rob

Il 16/10/18 19:55, Nicolas Quiniou-Briand via PacketFence-users ha scritto:

Hello Roberto,

Welcome on list !

Check you key in Configuration -> Compliance -> Fingerbank profiling.

If your key is correct, you should see a section called : "Account 
information on api.fingerbank.org".


--
System & Network Administrator

Dipartimento di Fisica - Università di Roma Tor Vergata
INFN - Sez. di Roma Tor Vergata

Via della Ricerca Scientifica, 1
00133 - Rome - Italy

Tel.: +39-06-72594527E-Mail: roberto.lu...@roma2.infn.it




smime.p7s
Description: Firma crittografica S/MIME
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error while communicating with the Fingerbank collector. 401 Unauthorized

2018-10-17 Thread Roberto Lulli via PacketFence-users 

Hi Kalcho,

thank you very much! this seems to have solved the problem even if I 
keep seeing logs like


Oct 17 10:11:20 pf pfqueue: pfqueue(19648) ERROR: [mac:unknown] Error 
handling fingerbank_process : Not a HASH reference at 
/usr/local/pf/lib/pf/fingerbank.pm line 168.


or

Oct 17 10:11:20 pf pfqueue: Use of uninitialized value $mac in 
concatenation (.) or string at /usr/local/pf/lib/pf/fingerbank.pm line 92.
Oct 17 10:11:20 pf pfqueue: pfqueue(19602) WARN: [mac:unknown] Use of 
uninitialized value $mac in concatenation (.) or string at 
/usr/local/pf/lib/pf/fingerbank.pm line 161.

 (pf::fingerbank::endpoint_attributes)

I have also discovered that in a test environment with only one 
configured switch I have already exceeded the time limit of requests to 
fingerbank. Too bad because their pricing is a bit high for our 
institution, but having packetfence configured without the profiling of 
fingerbanks is a big limit.


Regards,

Roberto


Il 16/10/18 20:33, Kalcho ha scritto:

I had same problem,
this helped resolving mine:

/usr/local/pf/bin/pfcmd cache fingerbank expire

and after that:
/usr/local/pf/bin/pfcmd cache fingerbank clear

   On Tue, 16 Oct 2018 14:09:39 +0200 Roberto Lulli via PacketFence-users 
 wrote 
  > Hi,
  >
  > I am trying to configure Fingerbank on my Packetfence 8.1.0 (fresh
  > install) through logging into my personal github account. I have
  > correctly set the API key but something goes wrong:
  >
  > Oct 16 13:56:34 pf pfqueue: pfqueue(2624) ERROR: [mac:unknown] Error
  > while communicating with the Fingerbank collector. 401 Unauthorized
  > (pf::fingerbank::endpoint_attributes)
  > Oct 16 13:56:34 pf pfqueue: pfqueue(2624) ERROR: [mac:unknown] Unable to
  > fetch query arguments for Fingerbank query. Aborting.
  > (pf::fingerbank::process)
  >
  > Do I have missed something? On the previously version (7.1) I do not
  > remember doing anything else and everything was fine.
  >
  > Regards,
  >
  > Roberto
  >
  > --
  > System & Network Administrator
  >
  > Dipartimento di Fisica - Università di Roma Tor Vergata
  > INFN - Sez. di Roma Tor Vergata
  >
  > Via della Ricerca Scientifica, 1
  > 00133 - Rome - Italy
  >
  > Tel.: +39-06-72594527E-Mail: roberto.lu...@roma2.infn.it
  >
  >
  > ___
  > PacketFence-users mailing list
  > PacketFence-users@lists.sourceforge.net
  > https://lists.sourceforge.net/lists/listinfo/packetfence-users
  >




--
System & Network Administrator

Dipartimento di Fisica - Università di Roma Tor Vergata
INFN - Sez. di Roma Tor Vergata

Via della Ricerca Scientifica, 1
00133 - Rome - Italy

Tel.: +39-06-72594527E-Mail: roberto.lu...@roma2.infn.it




smime.p7s
Description: Firma crittografica S/MIME
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users