date:20181113

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Matthew Knott via PacketFence-users

Thanks Mate,


That fixed it.


[Image result for 100$ note]


Much appreciated :)


Matthew


Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Wednesday, 14 November 2018 2:02 PM
To: Matthew Knott ; 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf


Ok found it.

it's 100$ ! ;-)

the unit test must be unique (like polycom_phones , security_cameras) but the 
rules too (you have 2 autoreg).

My best practice is to use integer for the rules.

So try that:

[polycom_phones]
filter = node_info.mac
operator = regex
value = ^(00:04:f2|64:16:7f).*

[autoreg1:polycom_phones]
scope = IsPhone
role = voice

[security_cameras]
filter = node_info.mac
operator = regex
value = 
^(18:68:cb|28:57:be|44:19:b6|44:47:cc|4c:bd:8f|54:c4:15|58:03:fb|64:db:8b|94:e1:ac|a4:14:37|b4:a3:82|bc:ad:28|c0:56:e3|c4:2f:90|f8:4d:fc).*

[autoreg2:security_cameras]
scope = AutoRegister
role = Security

[info_security_autoreg:security_cameras]
scope = NodeInfoForAutoReg
role = Security

[2:security_cameras]
scope = RegisteredRole
role = Security
action = modify_node
action_param = mac = $mac, unregdate = 2030-12-0923:59:59

Regards

Fabrice


Le 18-11-13 à 22 h 51, Matthew Knott a écrit :

Yep,

[polycom_phones]
filter = node_info.mac
operator = regex
value = ^(00:04:f2|64:16:7f).*

[autoreg:polycom_phones]
scope = IsPhone
role = voice

[security_cameras]
filter = node_info.mac
operator = regex
value = 
^(18:68:cb|28:57:be|44:19:b6|44:47:cc|4c:bd:8f|54:c4:15|58:03:fb|64:db:8b|94:e1:ac|a4:14:37|b4:a3:82|bc:ad:28|c0:56:e3|c4:2f:90|f8:4d:fc).*

[autoreg:security_cameras]
scope = AutoRegister
role = Security

[info_security_autoreg:security_cameras]
scope = NodeInfoForAutoReg
role = Security

[2:security_cameras]
scope = RegisteredRole
role = Security
action = modify_node
action_param = mac = $mac, unregdate = 2030-12-0923:59:59

Thanks


Matthew



Matthew Knott

IT Network & Security Administrator

E. matthew.kn...@jbssa.com.au



[JBS Australia]



T.

07 3810 2269

M.

0477733185

F.

07 3816 0535








JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304





jbssa.com.au  .  
LinkedIn


From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Wednesday, 14 November 2018 1:49 PM
To: Matthew Knott 
; 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf


Can you paste your current vlan_filters.conf ?


Le 18-11-13 à 22 h 38, Matthew Knott a écrit :
Thanks Durand,

Tried that as well,   Still not working .


Matthew



Matthew Knott

IT Network & Security Administrator

E. matthew.kn...@jbssa.com.au



[JBS Australia]



T.

07 3810 2269

M.

0477733185

F.

07 3816 0535








JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304





jbssa.com.au  .  
LinkedIn


From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, 14 November 2018 1:04 PM
To: 
packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf


Hello Matthew,

try to define the mac address in lower case.

That :

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:f2|64:16:7f).*

instead of that:

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:F2|64:16:7f).*

etc ...





Regards

Fabrice


Le 18-11-13 à 20 h 38, Matthew Knott via PacketFence-users a écrit :

Hi All,  Further to this,  Looks as tho the only reason that the Polycom Phones 
are working is because the RADIUS server is replying with a Cisco-AVPair = 
"device-traffic-class=voice" and so the Switch is putting it into the Voice

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Durand fabrice via PacketFence-users


Ok found it.

it's 100$ ! ;-)

the unit test must be unique (like polycom_phones , security_cameras) 
but the rules too (you have 2 autoreg).


My best practice is to use integer for the rules.

So try that:

[polycom_phones]
filter = node_info.mac
operator = regex
value = ^(00:04:f2|64:16:7f).*

[autoreg1:polycom_phones]
scope = IsPhone
role = voice

[security_cameras]
filter = node_info.mac
operator = regex
value = 
^(18:68:cb|28:57:be|44:19:b6|44:47:cc|4c:bd:8f|54:c4:15|58:03:fb|64:db:8b|94:e1:ac|a4:14:37|b4:a3:82|bc:ad:28|c0:56:e3|c4:2f:90|f8:4d:fc).*


[autoreg2:security_cameras]
scope = AutoRegister
role = Security

[info_security_autoreg:security_cameras]
scope = NodeInfoForAutoReg
role = Security

[2:security_cameras]
scope = RegisteredRole
role = Security
action = modify_node
action_param = mac = $mac, unregdate = 2030-12-0923:59:59

Regards

Fabrice


Le 18-11-13 à 22 h 51, Matthew Knott a écrit :


Yep,

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:f2|64:16:7f).*

[autoreg:polycom_phones]

scope = IsPhone

role = voice

[security_cameras]

filter = node_info.mac

operator = regex

value = 
^(18:68:cb|28:57:be|44:19:b6|44:47:cc|4c:bd:8f|54:c4:15|58:03:fb|64:db:8b|94:e1:ac|a4:14:37|b4:a3:82|bc:ad:28|c0:56:e3|c4:2f:90|f8:4d:fc).*


[autoreg:security_cameras]

scope = AutoRegister

role = Security

[info_security_autoreg:security_cameras]

scope = NodeInfoForAutoReg

role = Security

[2:security_cameras]

scope = RegisteredRole

role = Security

action = modify_node

action_param = mac = $mac, unregdate = 2030-12-0923:59:59

Thanks

Matthew

Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au 
JBS Australia   
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535

JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au  . LinkedIn 



*From:*Durand fabrice [mailto:fdur...@inverse.ca]
*Sent:* Wednesday, 14 November 2018 1:49 PM
*To:* Matthew Knott ; 
packetfence-users@lists.sourceforge.net

*Subject:* Re: [PacketFence-users] Issue Using vlan_filters.conf

Can you paste your current vlan_filters.conf ?

Le 18-11-13 à 22 h 38, Matthew Knott a écrit :

Thanks Durand,

Tried that as well,   Still not working .

Matthew

*Matthew Knott*

/IT Network & Security Administrator/

E. matthew.kn...@jbssa.com.au 

JBS Australia 





T.



07 3810 2269

M.



0477733185

F.



07 3816 0535

JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304

jbssa.com.au   . LinkedIn



*From:*Durand fabrice via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
*Sent:* Wednesday, 14 November 2018 1:04 PM
*To:* packetfence-users@lists.sourceforge.net

*Cc:* Durand fabrice  
*Subject:* Re: [PacketFence-users] Issue Using vlan_filters.conf

Hello Matthew,

try to define the mac address in lower case.

That :

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:f2|64:16:7f).*

instead of that:

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:F2|64:16:7f).*

etc ...

Regards

Fabrice

Le 18-11-13 à 20 h 38, Matthew Knott via PacketFence-users a écrit :

Hi All,  Further to this,  Looks as tho the only reason that the Polycom Phones 
are working is because the RADIUS server is replying with a Cisco-AVPair = 
"device-traffic-class=voice" and so the Switch is putting it into the Voice 
Vlan.

  


matthew

  

  

  

  


Matthew Knott

IT Network & Security Administrator

e.matthew.kn...@jbssa.com.au  
  


  


[JBS Australia]  

T.  07 3810 2269

M.  0477733185

F.  07 3816 0535

  

  

  

  


JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304

  

  


jbssa.com.au     .  
LinkedIn

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Matthew Knott via PacketFence-users


Yep,

[polycom_phones]
filter = node_info.mac
operator = regex
value = ^(00:04:f2|64:16:7f).*

[autoreg:polycom_phones]
scope = IsPhone
role = voice

[security_cameras]
filter = node_info.mac
operator = regex
value = 
^(18:68:cb|28:57:be|44:19:b6|44:47:cc|4c:bd:8f|54:c4:15|58:03:fb|64:db:8b|94:e1:ac|a4:14:37|b4:a3:82|bc:ad:28|c0:56:e3|c4:2f:90|f8:4d:fc).*

[autoreg:security_cameras]
scope = AutoRegister
role = Security

[info_security_autoreg:security_cameras]
scope = NodeInfoForAutoReg
role = Security

[2:security_cameras]
scope = RegisteredRole
role = Security
action = modify_node
action_param = mac = $mac, unregdate = 2030-12-0923:59:59

Thanks


Matthew


Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn

From: Durand fabrice [mailto:fdur...@inverse.ca]
Sent: Wednesday, 14 November 2018 1:49 PM
To: Matthew Knott ; 
packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf


Can you paste your current vlan_filters.conf ?


Le 18-11-13 à 22 h 38, Matthew Knott a écrit :
Thanks Durand,

Tried that as well,   Still not working .


Matthew



Matthew Knott

IT Network & Security Administrator

E. matthew.kn...@jbssa.com.au



[JBS Australia]



T.

07 3810 2269

M.

0477733185

F.

07 3816 0535








JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304





jbssa.com.au  .  
LinkedIn


From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, 14 November 2018 1:04 PM
To: 
packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf


Hello Matthew,

try to define the mac address in lower case.

That :

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:f2|64:16:7f).*

instead of that:

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:F2|64:16:7f).*

etc ...





Regards

Fabrice


Le 18-11-13 à 20 h 38, Matthew Knott via PacketFence-users a écrit :

Hi All,  Further to this,  Looks as tho the only reason that the Polycom Phones 
are working is because the RADIUS server is replying with a Cisco-AVPair = 
"device-traffic-class=voice" and so the Switch is putting it into the Voice 
Vlan.



matthew









Matthew Knott

IT Network & Security Administrator

E. 
matthew.kn...@jbssa.com.au



[JBS Australia]

T.  07 3810 2269

M.  0477733185

F.  07 3816 0535









JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304





jbssa.com.au  .  
LinkedIn





-Original Message-

From: Nicolas Quiniou-Briand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

Sent: Tuesday, 13 November 2018 10:07 PM

To: 
packetfence-users@lists.sourceforge.net

Cc: Nicolas Quiniou-Briand 

Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf



Hi Matthew,



Just to be sure to understand: you didn't succeed to auto-register your Polycom 
VoIP phones ?



In the packetfence.log you pasted, MAC address doesn't belong to a Polycom 
device. Could you paste log for a Polycom device ?

--

Nicolas Quiniou-Briand

n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
https://urldefense.proofpoint.com/v2/url?u=https-3A__inverse.ca=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=bGG1StkzfBP04MNBSe-rouHx7oi3CrCyt93g-vDJ4Gk=

Inverse inc. :: Leaders behind SOGo

Re: [PacketFence-users] Internal Radius config basics

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Ali ,

ok so no need to create a Radius Authentication source.

What you just need to do is the following:

be sure that the password encryption is nthash or cleartext.

uncomment packetfence-local-auth

create a connection profile with a filter like SSID = my_SSID

and select the source local.


Then create your switch on the PacketFence side with the same shared 
secret (pf and switch side).


Create users in the user tab and assign them the correct role and access 
duration.


And you will be good.

Regards

Fabrice


Le 18-11-13 à 22 h 35, Amjad Ali a écrit :

Hi Durand,

Much appreciate the quick response, actually our use case is such that 
we want to authenticate clients directly against PF/Radius, without 
going to portal. For that I have uncommented the 
/packetfence-local-auth/in */usr/local/pf/conf/radiusd/packetfence-tunnel*

*
*
*You think that makes sense?*
*
*
*Thanks,*
*Ali*

On Wed, Nov 14, 2018 at 11:12 AM Durand fabrice via PacketFence-users 
> wrote:


Hello Ali,

In Radius source timeout will be the time you allow the radius
source to answer and shared secret is the shared secret between
the pf and the radius server.

Btw the Radius source is a way to do the authentication on the portal.

Shared secret in the switch config is the shared secret between
the switch (you defined it in the switch configuration) and
Packetfence.

Regards

Fabrice


Le 18-11-13 à 21 h 59, Amjad Ali via PacketFence-users a écrit :

Hi All,

When setting up internal radius in PF, whats the purpose of
Timeout and Secret?
Secondly when we add a switch there is a Radius tab where we put
Secret key, whats the relations between these two keys? Why is
secret added in two different places?

Thanks
Ali

-- 
Amjad Ali



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net  

https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Amjad Ali
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Durand fabrice via PacketFence-users


Can you paste your current vlan_filters.conf ?


Le 18-11-13 à 22 h 38, Matthew Knott a écrit :


Thanks Durand,

Tried that as well,   Still not working .

Matthew

Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au 
JBS Australia   
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535

JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304
jbssa.com.au  . LinkedIn 



*From:*Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

*Sent:* Wednesday, 14 November 2018 1:04 PM
*To:* packetfence-users@lists.sourceforge.net
*Cc:* Durand fabrice 
*Subject:* Re: [PacketFence-users] Issue Using vlan_filters.conf

Hello Matthew,

try to define the mac address in lower case.

That :

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:f2|64:16:7f).*

instead of that:

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:F2|64:16:7f).*

etc ...

Regards

Fabrice

Le 18-11-13 à 20 h 38, Matthew Knott via PacketFence-users a écrit :

Hi All,  Further to this,  Looks as tho the only reason that the Polycom Phones are 
working is because the RADIUS server is replying with a Cisco-AVPair = 
"device-traffic-class=voice" and so the Switch is putting it into the Voice 
Vlan.

matthew

Matthew Knott

IT Network & Security Administrator

e.matthew.kn...@jbssa.com.au  
  


[JBS Australia]  

T.  07 3810 2269

M.  0477733185

F.  07 3816 0535

JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304

jbssa.com.au     .  
LinkedIn  


-Original Message-

From: Nicolas Quiniou-Briand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

Sent: Tuesday, 13 November 2018 10:07 PM

To:packetfence-users@lists.sourceforge.net  


Cc: Nicolas Quiniou-Briand  

Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf

Hi Matthew,

Just to be sure to understand: you didn't succeed to auto-register your 
Polycom VoIP phones ?

In the packetfence.log you pasted, MAC address doesn't belong to a Polycom 
device. Could you paste log for a Polycom device ?

--

Nicolas Quiniou-Briand

n...@inverse.ca     ::  +1.514.447.4918 *140  
::https://urldefense.proofpoint.com/v2/url?u=https-3A__inverse.ca=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=bGG1StkzfBP04MNBSe-rouHx7oi3CrCyt93g-vDJ4Gk=

Inverse inc. :: Leaders behind SOGo 
(https://urldefense.proofpoint.com/v2/url?u=https-3A__sogo.nu=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=Xx8bf2Ypz3K3E7AY6qJnuXCdQHizuQxTf08SNGrp4mo=),
 PacketFence


(https://urldefense.proofpoint.com/v2/url?u=https-3A__packetfence.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=JFmfrzKUkn4wpJXv9IT1dD_SGD6sQEFKFi562nFbuUI=)
 and Fingerbank 
(https://urldefense.proofpoint.com/v2/url?u=http-3A__fingerbank.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=igxCEgc_dlH2zk0FsNNUJmIVpOaI6lvB07d49cRDw9c=)

___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net  



https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=TSfETrWWdyXw6b28jDKWh9ThhXuNVgPkPX-w3RiG6DE=



Important Notice:

The contents of this electronic message and any attachments are intended 
only for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Matthew Knott via PacketFence-users

Thanks Durand,

Tried that as well,   Still not working .


Matthew


Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn

From: Durand fabrice via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Wednesday, 14 November 2018 1:04 PM
To: packetfence-users@lists.sourceforge.net
Cc: Durand fabrice 
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf


Hello Matthew,

try to define the mac address in lower case.

That :

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:f2|64:16:7f).*

instead of that:

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:F2|64:16:7f).*

etc ...





Regards

Fabrice


Le 18-11-13 à 20 h 38, Matthew Knott via PacketFence-users a écrit :

Hi All,  Further to this,  Looks as tho the only reason that the Polycom Phones 
are working is because the RADIUS server is replying with a Cisco-AVPair = 
"device-traffic-class=voice" and so the Switch is putting it into the Voice 
Vlan.



matthew









Matthew Knott

IT Network & Security Administrator

E. 
matthew.kn...@jbssa.com.au



[JBS Australia]

T.  07 3810 2269

M.  0477733185

F.  07 3816 0535









JBS Australia

1 Lock Way, Riverview QLD 4303

P.O. Box 139 Booval Qld 4304





jbssa.com.au  .  
LinkedIn





-Original Message-

From: Nicolas Quiniou-Briand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]

Sent: Tuesday, 13 November 2018 10:07 PM

To: 
packetfence-users@lists.sourceforge.net

Cc: Nicolas Quiniou-Briand 

Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf



Hi Matthew,



Just to be sure to understand: you didn't succeed to auto-register your Polycom 
VoIP phones ?



In the packetfence.log you pasted, MAC address doesn't belong to a Polycom 
device. Could you paste log for a Polycom device ?

--

Nicolas Quiniou-Briand

n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
https://urldefense.proofpoint.com/v2/url?u=https-3A__inverse.ca=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=bGG1StkzfBP04MNBSe-rouHx7oi3CrCyt93g-vDJ4Gk=

Inverse inc. :: Leaders behind SOGo 
(https://urldefense.proofpoint.com/v2/url?u=https-3A__sogo.nu=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=Xx8bf2Ypz3K3E7AY6qJnuXCdQHizuQxTf08SNGrp4mo=),
 PacketFence

(https://urldefense.proofpoint.com/v2/url?u=https-3A__packetfence.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=JFmfrzKUkn4wpJXv9IT1dD_SGD6sQEFKFi562nFbuUI=)
 and Fingerbank 
(https://urldefense.proofpoint.com/v2/url?u=http-3A__fingerbank.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=igxCEgc_dlH2zk0FsNNUJmIVpOaI6lvB07d49cRDw9c=)





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net

https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=TSfETrWWdyXw6b28jDKWh9ThhXuNVgPkPX-w3RiG6DE=





Important Notice:



The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to

Re: [PacketFence-users] Internal Radius config basics

2018-11-13 Thread Amjad Ali via PacketFence-users

Hi Durand,

Much appreciate the quick response, actually our use case is such that we
want to authenticate clients directly against PF/Radius, without going to
portal. For that I have uncommented the *packetfence-local-auth* in
*/usr/local/pf/conf/radiusd/packetfence-tunnel*

*You think that makes sense?*

*Thanks,*
*Ali*

On Wed, Nov 14, 2018 at 11:12 AM Durand fabrice via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> Hello Ali,
>
> In Radius source timeout will be the time you allow the radius source to
> answer and shared secret is the shared secret between the pf and the radius
> server.
>
> Btw the Radius source is a way to do the authentication on the portal.
>
> Shared secret in the switch config is the shared secret between the switch
> (you defined it in the switch configuration) and Packetfence.
>
> Regards
>
> Fabrice
>
>
> Le 18-11-13 à 21 h 59, Amjad Ali via PacketFence-users a écrit :
>
> Hi All,
>
> When setting up internal radius in PF, whats the purpose of Timeout and
> Secret?
> Secondly when we add a switch there is a Radius tab where we put Secret
> key, whats the relations between these two keys? Why is secret added in two
> different places?
>
> Thanks
> Ali
>
> --
> Amjad Ali
>
>
> ___
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>


-- 
Amjad Ali
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] getting started - interface questions

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Jessica,

strange, the trunkport is tagged to the vlan 4095 so it's not a trunk port.

We suppose to have a native vlan (the mgmt network) and the other vlans 
tagged.


So in this configuration if you add a interface vlan on the interface 
eth0 (like eth0.51) it will not work.


IMO the better option is to add on the esx side an interface in the vlan 
51 and attach it to the vm (it will be eth1 on centos).


Regards

Fabrice


Le 18-11-02 à 12 h 44, Jessica Cohen a écrit :


These are my VM settings BTW. My sysadmin guys set it up for me.

hardware

http://imagehost.phoenix-nest.com/?di=14154117691214

network

http://imagehost.phoenix-nest.com/?di=015411769415

Thanks!

*From:* Durand fabrice 
*Sent:* Thursday, November 01, 2018 8:50 PM
*To:* Jessica Cohen ; 
packetfence-users@lists.sourceforge.net

*Subject:* Re: [PacketFence-users] getting started - interface questions

Ok so in this case if you lost the access then it mean that the 
default route is changed.


check the default route before and after you play with the 
interfaces/vlan.


Le 18-11-01 à 19 h 45, Jessica Cohen a écrit :

Hi Fabrice,

It’s a single ethernet interface with all vlans tagged except vlan
50 which is untagged. I’m a network engineer so server stuff,
especially VMware is a bit new to me. I appreciate the assistance.

Jessica

*From:* Durand fabrice via PacketFence-users


*Sent:* Thursday, November 01, 2018 6:40 PM
*To:* packetfence-users@lists.sourceforge.net

*Cc:* Durand fabrice  
*Subject:* Re: [PacketFence-users] getting started - interface
questions

Hello Jessica,

it depend how you configure the esx, do you have a interface with
all the vlan tagged (only eth0 in the virtual machine) or a
virtual interface for each vlan (it appear eth0, eth1, eth2,
ethx... on the vm).

Based on that, then you will need to create a vlan on the eth0
interface or assign the correct interface as the
management/registration/isolation.

Regards

Fabrice

Le 18-10-30 à 14 h 42, Jessica Cohen via PacketFence-users a écrit :

Can someone please explain how the interfaces work or provide
a link that adequately describes them? After importing the OVA
and starting the server, it gets an IP address from our dhcp
server that’s in vlan 50. All of our network devices
management IPs are in vlan 49. When I add a new interface,
assign an IP and vlan, I suddenly lose all connectivity to the
server unless I access it from a machine that’s on the 50
vlan. Why can’t I access the server from other vlans? I
noticed that it adds a subinterface on eth0 (i.e. eth0.49) but
that shouldn’t affect intervlan routing as long as a default
gateway is provided right? Can someone help me get past this step?





___

PacketFence-users mailing list

PacketFence-users@lists.sourceforge.net  


https://lists.sourceforge.net/lists/listinfo/packetfence-users

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] getting started - interface questions

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Jessica,

sorry for the late reply.

Btw it looks good ... what is the ip of the device you use to manage 
PacketFence ?


Regards

Fabrice


Le 18-11-08 à 15 h 37, Jessica Cohen a écrit :


Apologies, just noticed I copied and pasted wrong. It should have been:

BEFORE

[root@PacketFence-ZEN ~]# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref    Use Iface

0.0.0.0 192.168.50.1 0.0.0.0 UG    0  0    0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1002   0    0 eth0

192.168.50.0    0.0.0.0 255.255.255.0   U 0  0    0 eth0

AFTER

[root@PacketFence-ZEN ~]# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref    Use Iface

0.0.0.0 192.168.50.1 0.0.0.0 UG    0  0    0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1002   0    0 eth0

192.168.50.0    0.0.0.0 255.255.255.0   U 0  0    
0 eth0


192.168.51.0    0.0.0.0 255.255.255.0   U 0  0    0 eth0.51

Logical name  IP Address Netmask  Type

eth0   192.168.50.132 255.255.255.0    Management  ADD VLAN

default network: 192.168.50.0

eth0 vlan 51   192.168.51.2 255.255.255.0    Registration    
DELETE


default network: 192.168.51.0

*From:* Jessica Cohen
*Sent:* Friday, November 02, 2018 11:14 AM
*To:* 'Durand fabrice' ; 
packetfence-users@lists.sourceforge.net

*Subject:* RE: [PacketFence-users] getting started - interface questions

Default route looks right after adding a vlan. 192.168.50.1 is the ip 
on the vlan 50 interface on the switch. 192.168.51.1 is the ip on the 
vlan 51 interface on the switch. IP routing is enabled and intervlan 
routing works fine except for this server after “add vlan”


BEFORE

[root@PacketFence-ZEN ~]# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref    Use Iface

0.0.0.0 192.168.50.1 0.0.0.0 UG    0  0    0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1002   0    0 eth0

192.168.50.0    0.0.0.0 255.255.255.0   U 0  0    0 eth0

AFTER

[root@PacketFence-ZEN ~]# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref    Use Iface

0.0.0.0 192.168.50.1 0.0.0.0 UG    0  0    0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1002   0    0 eth0

192.168.50.0    0.0.0.0 255.255.255.0   U 0  0    
0 eth0


192.168.51.0    0.0.0.0 255.255.255.0   U 0  0    0 eth0.66

Logical name  IP Address Netmask  Type

eth0   192.168.50.132 255.255.255.0    Management  ADD VLAN

default network: 192.168.50.0

eth0 vlan 51   192.168.51.2 255.255.255.0    Registration    
DELETE


default network: 192.168.51.0

*From:* Durand fabrice mailto:fdur...@inverse.ca>>
*Sent:* Thursday, November 01, 2018 8:50 PM
*To:* Jessica Cohen >; packetfence-users@lists.sourceforge.net 


*Subject:* Re: [PacketFence-users] getting started - interface questions

Ok so in this case if you lost the access then it mean that the 
default route is changed.


check the default route before and after you play with the 
interfaces/vlan.


Le 18-11-01 à 19 h 45, Jessica Cohen a écrit :

Hi Fabrice,

It’s a single ethernet interface with all vlans tagged except vlan
50 which is untagged. I’m a network engineer so server stuff,
especially VMware is a bit new to me. I appreciate the assistance.

Jessica

*From:* Durand fabrice via PacketFence-users


*Sent:* Thursday, November 01, 2018 6:40 PM
*To:* packetfence-users@lists.sourceforge.net

*Cc:* Durand fabrice  
*Subject:* Re: [PacketFence-users] getting started - interface
questions

Hello Jessica,

it depend how you configure the esx, do you have a interface with
all the vlan tagged (only eth0 in the virtual machine) or a
virtual interface for each vlan (it appear eth0, eth1, eth2,
ethx... on the vm).

Based on that, then you will need to create a vlan on the eth0
interface or assign the correct interface as the
management/registration/isolation.

Regards

Fabrice

Le 18-10-30 à 14 h 42, Jessica Cohen via PacketFence-users a écrit :

Can someone please explain how the interfaces work or provide
a link that adequately describes them? After importing the OVA
and starting the server, it gets an IP address from our dhcp
server that’s in vlan 50. All of our network devices
management IPs are in vlan 49. When I add a new interface,
assign an IP and vlan, I suddenly lose all connectivity to the
server unless I access it from a machine that’s

Re: [PacketFence-users] Disable internet Access when user no longer is part of a group

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Geert,

IMO if you use 802.1x the better option is to use autoregistration and 
use the AD source and at the end of the AD source rules add a catch_all 
that return the REJECT role.


So each time a device authenticate then PacketFence will compute the new 
role and if it's REJECT then the device is rejected in the radius answer.


Regards

Fabrice


Le 18-11-09 à 05 h 25, Geert Heremans via PacketFence-users a écrit :

Hello,

I'm using PF for the first year on our school. Each student is part of 
an AD GROUP and some of these groups are added tot the AD group that's 
being used in PF to allow internet access.


These users can then access the WIFI and register their device.

I've noticed that when I remove a group for the Wifi enabled group 
these members can still access the WIFI if they use their registered 
devices. The only thing that changes is that they then no longer are 
able to register a new device.


Is it possible to reevaluate the access every 5min for example? And 
disconnect the users when they no longer belong to the Wifi enabled AD 
group?


I'm using PF out-of-band

Best regards,
Geert


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Error trying to upgrade from 8.1 to 8.2

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Virginie,

it's not related to PacketFence, it looks that you have an issue with 
your python modules on your system.


Regards

Fabrice

Le 18-11-13 à 05 h 14, Virginie Girou via PacketFence-users a écrit :

Hi,

I try to upgrade my packetfence from 8.1 to 8.2.
I first stop pfcmd and packetfence-config and when i update i have 
this following message :



# /usr/local/pf/bin/pfcmd service pf stop
# service packetfence-config stop

#yum update packetfence --enablerepo=packetfence

Traceback (most recent call last):
  File "/usr/bin/yum", line 4, in 
    import yum
  File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 62, in 


    import rpmsack
  File "/usr/lib/python2.7/site-packages/yum/rpmsack.py", line 38, in 


    import yum.depsolve
  File "/usr/lib/python2.7/site-packages/yum/depsolve.py", line 30, in 


    from transactioninfo import TransactionMember
  File "/usr/lib/python2.7/site-packages/yum/transactioninfo.py", line 
32, in 

    from sqlitesack import YumAvailablePackageSqlite
  File "/usr/lib/python2.7/site-packages/yum/sqlitesack.py", line 31, 
in 

    from sqlutils import executeSQL, sql_esc, sql_esc_glob
  File "/usr/lib/python2.7/site-packages/yum/sqlutils.py", line 170, 
in 

    if sqlite.version_info[0] > 1:
AttributeError: 'module' object has no attribute 'version_info'


Do you have any idea ?

Thank you.

Regards,




___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] NAC administration interface

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Jessica,

Nicolas is right, we can only manage the nac from the mgmt interface.

Regards

Fabrice


Le 18-11-13 à 06 h 44, Nicolas Quiniou-Briand via PacketFence-users a 
écrit :

Hello Jessica,

On 2018-11-09 12:30 a.m., Jessica Cohen via PacketFence-users wrote:
Can you manage the NAC from any interface? Or is only accessible from 
the management interface?


Only from management interface for me. I will let Fabrice correct me 
if I'm wrong.



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] PF 8.2.0 dns filters, mac and dnscache

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Anders,

ok my bad ...

we use a cache in pfdns in order to not ask the filter engine all the 
time for the same fqdn.


https://github.com/inverse-inc/packetfence/blob/devel/go/coredns/plugin/pfdns/pfdns.go#L232

So can you open an issue on github about that and i will have a look.

Regards

Fabrice


Le 18-11-13 à 10 h 24, Anders Westerberg via PacketFence-users a écrit :


Hi

Currently playing around with the new(?) macaddress filter in 
dns_filter.conf trying to use it as a way to block nodes from getting 
access to the captive portal when using dns_enforcement since the 
reject role does not seem to work at all.


My plan was to add them like this and change the ipadress of the 
portal to something where I could just show a page like ”your device 
has been blocked”. Lets say that the correct IP for portal.test is 
192.168.0.1.


[mac_blocklist]

filter = mac

operator = regex

value = ^(aa:bb:cc:00:11:22|00:11:22:aa:bb:cc)

[portal_test]

filter = qname

operator = regex

value = portal.test

[dnsenforcement_mac_blocklist:mac_blocklist_test]

scope = dnsenforcement

answer = $qname 1 IN A 10.0.0.1

rcode = NOERROR

And this works fine, a client with a mac in the mac_blocklist will get 
10.0.0.1 returned BUT the next client asking for portal.test will also 
get 10.0.0.1 instead of 192.168.0.1, it seems like the PF nameserver 
is caching the data since I can just wait a minute or two and then a 
client not in the list will resolve portal.test to 192.168.0.1.


Strange enough it does not cache it the other way around, if a client 
not in the list asks for portal.test and it resolves to 192.168.0.1 a 
client that is in the mac_blocklist will still resolve portal.test to 
10.0.0.1 instantly.


I hope the above is clear enough J, if I’m correct and this is some 
kind of cache in the PF nameserver is there anyway to disable it?


/anders



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Internal Radius config basics

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Ali,

In Radius source timeout will be the time you allow the radius source to 
answer and shared secret is the shared secret between the pf and the 
radius server.


Btw the Radius source is a way to do the authentication on the portal.

Shared secret in the switch config is the shared secret between the 
switch (you defined it in the switch configuration) and Packetfence.


Regards

Fabrice


Le 18-11-13 à 21 h 59, Amjad Ali via PacketFence-users a écrit :

Hi All,

When setting up internal radius in PF, whats the purpose of Timeout 
and Secret?
Secondly when we add a switch there is a Radius tab where we put 
Secret key, whats the relations between these two keys? Why is secret 
added in two different places?


Thanks
Ali

--
Amjad Ali


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Internal Radius config basics

2018-11-13 Thread Amjad Ali via PacketFence-users

Hi All,

When setting up internal radius in PF, whats the purpose of Timeout and
Secret?
Secondly when we add a switch there is a Radius tab where we put Secret
key, whats the relations between these two keys? Why is secret added in two
different places?

Thanks
Ali

-- 
Amjad Ali
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Durand fabrice via PacketFence-users


Hello Matthew,

try to define the mac address in lower case.

That :

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:f2|64:16:7f).*

instead of that:

[polycom_phones]

filter = node_info.mac

operator = regex

value = ^(00:04:F2|64:16:7f).*

etc ...



Regards

Fabrice


Le 18-11-13 à 20 h 38, Matthew Knott via PacketFence-users a écrit :

Hi All,  Further to this,  Looks as tho the only reason that the Polycom Phones are 
working is because the RADIUS server is replying with a Cisco-AVPair = 
"device-traffic-class=voice" and so the Switch is putting it into the Voice 
Vlan.

matthew




Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn


-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, 13 November 2018 10:07 PM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf

Hi Matthew,

Just to be sure to understand: you didn't succeed to auto-register your Polycom 
VoIP phones ?

In the packetfence.log you pasted, MAC address doesn't belong to a Polycom 
device. Could you paste log for a Polycom device ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
https://urldefense.proofpoint.com/v2/url?u=https-3A__inverse.ca=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=bGG1StkzfBP04MNBSe-rouHx7oi3CrCyt93g-vDJ4Gk=
Inverse inc. :: Leaders behind SOGo 
(https://urldefense.proofpoint.com/v2/url?u=https-3A__sogo.nu=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=Xx8bf2Ypz3K3E7AY6qJnuXCdQHizuQxTf08SNGrp4mo=),
 PacketFence
(https://urldefense.proofpoint.com/v2/url?u=https-3A__packetfence.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=JFmfrzKUkn4wpJXv9IT1dD_SGD6sQEFKFi562nFbuUI=)
 and Fingerbank 
(https://urldefense.proofpoint.com/v2/url?u=http-3A__fingerbank.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=igxCEgc_dlH2zk0FsNNUJmIVpOaI6lvB07d49cRDw9c=)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=TSfETrWWdyXw6b28jDKWh9ThhXuNVgPkPX-w3RiG6DE=


Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Matthew Knott via PacketFence-users

Hi Nicolas,

The Polycom phones are auto-registering properly,  but other devices are not.

Matthew

Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn


-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, 13 November 2018 10:07 PM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf

Hi Matthew,

Just to be sure to understand: you didn't succeed to auto-register your Polycom 
VoIP phones ?

In the packetfence.log you pasted, MAC address doesn't belong to a Polycom 
device. Could you paste log for a Polycom device ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
https://urldefense.proofpoint.com/v2/url?u=https-3A__inverse.ca=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=bGG1StkzfBP04MNBSe-rouHx7oi3CrCyt93g-vDJ4Gk=
Inverse inc. :: Leaders behind SOGo 
(https://urldefense.proofpoint.com/v2/url?u=https-3A__sogo.nu=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=Xx8bf2Ypz3K3E7AY6qJnuXCdQHizuQxTf08SNGrp4mo=),
 PacketFence
(https://urldefense.proofpoint.com/v2/url?u=https-3A__packetfence.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=JFmfrzKUkn4wpJXv9IT1dD_SGD6sQEFKFi562nFbuUI=)
 and Fingerbank 
(https://urldefense.proofpoint.com/v2/url?u=http-3A__fingerbank.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=igxCEgc_dlH2zk0FsNNUJmIVpOaI6lvB07d49cRDw9c=)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=TSfETrWWdyXw6b28jDKWh9ThhXuNVgPkPX-w3RiG6DE=


Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Matthew Knott via PacketFence-users

Hi All,  Further to this,  Looks as tho the only reason that the Polycom Phones 
are working is because the RADIUS server is replying with a Cisco-AVPair = 
"device-traffic-class=voice" and so the Switch is putting it into the Voice 
Vlan.

matthew




Matthew Knott
IT Network & Security Administrator
E. matthew.kn...@jbssa.com.au

[JBS Australia]
T.  07 3810 2269
M.  0477733185
F.  07 3816 0535




JBS Australia
1 Lock Way, Riverview QLD 4303
P.O. Box 139 Booval Qld 4304


jbssa.com.au  .  
LinkedIn


-Original Message-
From: Nicolas Quiniou-Briand via PacketFence-users 
[mailto:packetfence-users@lists.sourceforge.net]
Sent: Tuesday, 13 November 2018 10:07 PM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand 
Subject: Re: [PacketFence-users] Issue Using vlan_filters.conf

Hi Matthew,

Just to be sure to understand: you didn't succeed to auto-register your Polycom 
VoIP phones ?

In the packetfence.log you pasted, MAC address doesn't belong to a Polycom 
device. Could you paste log for a Polycom device ?
--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  
https://urldefense.proofpoint.com/v2/url?u=https-3A__inverse.ca=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=bGG1StkzfBP04MNBSe-rouHx7oi3CrCyt93g-vDJ4Gk=
Inverse inc. :: Leaders behind SOGo 
(https://urldefense.proofpoint.com/v2/url?u=https-3A__sogo.nu=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=Xx8bf2Ypz3K3E7AY6qJnuXCdQHizuQxTf08SNGrp4mo=),
 PacketFence
(https://urldefense.proofpoint.com/v2/url?u=https-3A__packetfence.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=JFmfrzKUkn4wpJXv9IT1dD_SGD6sQEFKFi562nFbuUI=)
 and Fingerbank 
(https://urldefense.proofpoint.com/v2/url?u=http-3A__fingerbank.org=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=igxCEgc_dlH2zk0FsNNUJmIVpOaI6lvB07d49cRDw9c=)


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers=DwICAg=jqwZe_OwGxSy4yeji7eFFqcsG878Cbd3UT_ajroT5ho=iKyh1_LIxSAp0ekUXDh5LZq2hvWIOLBx4lDTG_VdVHY=fg84R87gr8ZGj04OoPoH7uLJIbbN8I_YxSiVJVfJ3DQ=TSfETrWWdyXw6b28jDKWh9ThhXuNVgPkPX-w3RiG6DE=


Important Notice:

The contents of this electronic message and any attachments are intended only 
for the addressee and may contain legally privileged or confidential 
information. They may be only used for the purposes for which they were 
supplied. If you are not the addressee, you are notified that any transmission, 
distribution, downloading, printing or photocopying of the contents of this 
message or attachments is strictly prohibited. Any privilege and/or 
confidentiality attached to this message and attachments is not waived, lost or 
destroyed by reason of mistaken delivery to you. If you have received this 
message in error you should notify the sender by return e-mail or telephone +61 
7 3810 2100, and destroy all copies of the message and any attachments.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] PF 8.2.0 dns filters, mac and dnscache

2018-11-13 Thread Anders Westerberg via PacketFence-users

Hi

Currently playing around with the new(?) macaddress filter in dns_filter.conf 
trying to use it as a way to block nodes from getting access to the captive 
portal when using dns_enforcement since the reject role does not seem to work 
at all.

My plan was to add them like this and change the ipadress of the portal to 
something where I could just show a page like "your device has been blocked". 
Lets say that the correct IP for portal.test is 192.168.0.1.

[mac_blocklist]
filter = mac
operator = regex
value = ^(aa:bb:cc:00:11:22|00:11:22:aa:bb:cc)

[portal_test]
filter = qname
operator = regex
value = portal.test

[dnsenforcement_mac_blocklist:mac_blocklist_test]
scope = dnsenforcement
answer = $qname 1 IN A 10.0.0.1
rcode = NOERROR

And this works fine, a client with a mac in the mac_blocklist will get 10.0.0.1 
returned BUT the next client asking for portal.test will also get 10.0.0.1 
instead of 192.168.0.1, it seems like the PF nameserver is caching the data 
since I can just wait a minute or two and then a client not in the list will 
resolve portal.test to 192.168.0.1.

Strange enough it does not cache it the other way around, if a client not in 
the list asks for portal.test and it resolves to 192.168.0.1 a client that is 
in the mac_blocklist will still resolve portal.test to 10.0.0.1 instantly.

I hope the above is clear enough :), if I'm correct and this is some kind of 
cache in the PF nameserver is there anyway to disable it?

/anders
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issue Using vlan_filters.conf

2018-11-13 Thread Nicolas Quiniou-Briand via PacketFence-users


Hi Matthew,

Just to be sure to understand: you didn't succeed to auto-register your 
Polycom VoIP phones ?


In the packetfence.log you pasted, MAC address doesn't belong to a 
Polycom device. Could you paste log for a Polycom device ?

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Disable internet Access when user no longer is part of a group

2018-11-13 Thread Nicolas Quiniou-Briand via PacketFence-users




Hello Geert,

On 2018-11-09 11:25 a.m., Geert Heremans via PacketFence-users wrote:
I've noticed that when I remove a group for the Wifi enabled group these 
members can still access the WIFI if they use their registered devices. 
The only thing that changes is that they then no longer are able to 
register a new device.


1. Do you use EAP-PEAP for registered these devices ?

2. Could you paste here your authentication.conf (without sensitive 
data) for the authentication source used ?


To see what's going on, you can enable debug log in:
- conf/log.conf.d/httpd.aaa.conf
- conf/log.conf.d/httpd.portal.conf

just replace INFO by DEBUG at the second line in file and restart 
httpd.aaa and httpd.portal services.


You will see detailed output in packetfence.log. A good tip is to filter 
by MAC address.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] NAC administration interface

2018-11-13 Thread Nicolas Quiniou-Briand via PacketFence-users


Hello Jessica,

On 2018-11-09 12:30 a.m., Jessica Cohen via PacketFence-users wrote:
Can you manage the NAC from any interface? Or is only accessible from 
the management interface?


Only from management interface for me. I will let Fabrice correct me if 
I'm wrong.

--
Nicolas Quiniou-Briand
n...@inverse.ca  ::  +1.514.447.4918 *140  ::  https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence 
(https://packetfence.org) and Fingerbank (http://fingerbank.org)



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Error trying to upgrade from 8.1 to 8.2

2018-11-13 Thread Virginie Girou via PacketFence-users


Hi,

I try to upgrade my packetfence from 8.1 to 8.2.
I first stop pfcmd and packetfence-config and when i update i have this 
following message :



# /usr/local/pf/bin/pfcmd service pf stop
# service packetfence-config stop

#yum update packetfence --enablerepo=packetfence

Traceback (most recent call last):
  File "/usr/bin/yum", line 4, in 
import yum
  File "/usr/lib/python2.7/site-packages/yum/__init__.py", line 62, in 


import rpmsack
  File "/usr/lib/python2.7/site-packages/yum/rpmsack.py", line 38, in 


import yum.depsolve
  File "/usr/lib/python2.7/site-packages/yum/depsolve.py", line 30, in 


from transactioninfo import TransactionMember
  File "/usr/lib/python2.7/site-packages/yum/transactioninfo.py", line 
32, in 

from sqlitesack import YumAvailablePackageSqlite
  File "/usr/lib/python2.7/site-packages/yum/sqlitesack.py", line 31, 
in 

from sqlutils import executeSQL, sql_esc, sql_esc_glob
  File "/usr/lib/python2.7/site-packages/yum/sqlutils.py", line 170, in 


if sqlite.version_info[0] > 1:
AttributeError: 'module' object has no attribute 'version_info'


Do you have any idea ?

Thank you.

Regards,

--
Virginie Girou
Equipe systeme
DSI - UT1 Capitole
Tel : +33 (0)5.61.63.39.19



___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Internal Radius config basics

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Internal Radius config basics

Re: [PacketFence-users] getting started - interface questions

Re: [PacketFence-users] getting started - interface questions

Re: [PacketFence-users] Disable internet Access when user no longer is part of a group

Re: [PacketFence-users] Error trying to upgrade from 8.1 to 8.2

Re: [PacketFence-users] NAC administration interface

Re: [PacketFence-users] PF 8.2.0 dns filters, mac and dnscache

Re: [PacketFence-users] Internal Radius config basics

[PacketFence-users] Internal Radius config basics

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Issue Using vlan_filters.conf

[PacketFence-users] PF 8.2.0 dns filters, mac and dnscache

Re: [PacketFence-users] Issue Using vlan_filters.conf

Re: [PacketFence-users] Disable internet Access when user no longer is part of a group

Re: [PacketFence-users] NAC administration interface

[PacketFence-users] Error trying to upgrade from 8.1 to 8.2

23 matches

Site Navigation

Mail list logo

Footer information