Re: [PacketFence-users] Guest WiFi Setup on Ruckus Access Point
Hello Andrew, for standalone AP i am not sure that you can do web auth. So you can do an inline setup. Regards Fabrice Le 20-01-05 à 09 h 41, Andrew Mwakudua via PacketFence-users a écrit : HI; New here. Kindly I would Like to request for assistance in setting up a guest network on packetfence. I have a standalone ruckus access point and my aim is to: Setup up a Guest SSID on the device from which guests can connect to it and be re directed to a registration portal . I would like to achieve this via packefence. I have no access to the switches. Kind regards; -- Andrew Mwakina Mwakudua Tel:+254725700539 ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Failed to join domain
Hello Christian, can you try to see if the following command return the mgmt interface ? ip route get 10.0.1.101 Also can you check if ip_forwarding is enabled on the packetfence server ? Regards Fabrice Le 20-01-05 à 06 h 05, Christian Hillebrand via PacketFence-users a écrit : Hi, I am new to packetfence and currently trying to setup packetfence to work as a VLAN enforcement and radius authenticationServer. I worked through the installation documentation and everything went fine so far. However when trying to join my AD domain I am getting the Error: Joining domain failed. Failed to join domain: failed to find DC for domain - Undetermined error. I first suspected that I am not getting any DNS responses by my AD DNS. However a quick nslookup successfully returned correct DNS entries. The entries which I tested are: _msdcs. _ldap._tcp.pdc._msdcs. _ldap._tcp.gc._msdcs. _ldap._tcp.dc._msdcs. _kerberos._tcp.dc._msdcs. ._msdcs. After some research I tried to join the domain manually by executing: net ads join -U Administrator However this also returned with an error: Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: This operation is only allowed for the PDC of the domain. So after researching a bit I checked that my Server is known by my DC, which is the case. I also checked that both system have the correct time and installed and configured ntp on my packetfence machine. However this did not resolve any of my issues. Here my current setup: Firewall/Router: pfSense ( just a basic configuration to provide my VLAN's ) hostname: pfsense Version:2.4.4-RELEASE-p3 IP in Management VLAN: ^10.0.1.1 NAS with DC: QNAP ts-432XU Hostname: nas0 Firmware: 4.4.1.1146 build 20191206 IP: 10.0.1.101 (VLAN 101 Management) & 10.0.0.101 (VLAN 100) My Users are in the main Users CN, the Computers are in the main "Computers" CN, I did not configure any additional OU's packetfence: Debian 4.9.0-11-amd-64 Hostname: nac0 IP Management: 10.0.1.2 ( in all my VLAN's pfSense is assigned to the second IP ) IP Registration:10.0.253.2 IP Isolation: 10.0.254.2 ... AD Domain settings in packetfence: Workgroup: (without tld) DNS name of this domain: This server's name: %h Active Directory server:nas0. DNS server(s): 10.0.1.101 OU: Computers Ntlm2 only: false Allow on registration: false So what am I missing? Is packetfence searching for any additional DNS entries to connect to the DC? I tried joining the domain with realmd which worked, so I am not sure where I am doing something wrong... Thanks! Best regards, Christian ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] PFDns will not start
Hello Steve, just stop DNSMasq. Regards Fabrice Le 20-01-03 à 23 h 22, Steve Stone via PacketFence-users a écrit : New to packetfence. Installing it on Centos 7 and follow all suggestion in guide but when I get to start packetfence PFDNS will not start. I check pfdns.log and it states: listen tcp :53: bind: address already in use. I check and DNSMasq Is using that port. What should be done to help resolve this? Thank you, Steve Stone ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Radius issue on wifi client reconnection
Hello Enrico, Session-Context-Not-Found mean that the device is not connected on the ssid. When you delete the client, is it on the WLC ? Regards Fabrice Le 20-01-02 à 03 h 48, Enrico Pasqualotto via PacketFence-users a écrit : Dear all, some month ago I got an issue with a compatibility between PacketFence and my Cisco WLC mobility express (v8.5) because that version had a buggy CoA support. Now I have upgraded to WLC 8.10.x but when client reconnect I saw this error on PF logs: Disconnect-NAK received with Error-Cause: Session-Context-Not-Found On client browser the captive portale says in red to try close and reopen a tab/browser and customer can't do anything. If I delete the client/node and retry a new connection from scratch all is working. Anyone have this issue like me? Thanks -- Enrico Pasqualotto Le informazioni contenute in questo messaggio di posta elettronica e negli eventuali allegati sono riservate e confidenziali e sono indirizzate esclusivamente al destinatario. Si prega di non fare copia, inoltrare a terzi o conservare tale messaggio se non si è il legittimo destinatario dello stesso. Qualora questo messaggio sia stato ricevuto per errore, si prega di rinviarlo al mittente e di cancellarlo permanentemente dal proprio computer. The information contained in this message and in any attachment is intended exclusively for the recipient. If you are not the intended recipient you are hereby notified not to copy, save, disclose, or distribute it to any third party. If you erroneously received this message you are kindly requested to return it to the sender and eliminate it permanently from your computer. ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Custom Switch Commands
Probably here: https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/WLC.pm#L399 Le 19-12-28 à 09 h 42, Ryan Radschlag via PacketFence-users a écrit : We're trying to test the useability of DPSK. Our WLC does support generating keys via command line. I have added the command to our switch.pm file in one of the functions for testing and pf does send the command to create the key successfully. My issue is, where would I add the command so it gets sent at the same time the radius-accept gets sent when the user logs in? Right now I just shoved it in the macdeauth section for testing but that isn't idea. Also trying to figure out how to extract the username, email, role, and dpsk from the current session to build the command out. Thanks! -Ryan / This e-mail message together with any attachments or reply should not be considered private or confidential because it may be archived and subject to public disclosure under certain circumstances, such as requests made pursuant to Wisconsin public records law. The message is intended solely for the use of the individual or entity to which they are addressed. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that the views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the School District of Hartford Jt. #1. Any unauthorized use, distribution, copying or disclosure by you or to any other person is prohibited./ ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Connection Profile SSID Filter
Hello Ryan, it's coming from the locationlog table in the db. Btw there is a bug in the admin gui and it looks that you can't add a ssid that doesn't already exist. (edit profiles.conf if you want to add it manually) It will be fixed next week. Regards Fabrice Le 19-12-27 à 11 h 37, Ryan Radschlag via PacketFence-users a écrit : When going to create alternate connection profiles and setting up filters, where does the SSID filter list come from? When I look at a node and then location, I see the SSID name that my controller sent to packetfence, but the SSID list is still empty. Is there a config file somewhere or is this generated in some other fashion? Thanks! -Ryan / This e-mail message together with any attachments or reply should not be considered private or confidential because it may be archived and subject to public disclosure under certain circumstances, such as requests made pursuant to Wisconsin public records law. The message is intended solely for the use of the individual or entity to which they are addressed. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that the views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the School District of Hartford Jt. #1. Any unauthorized use, distribution, copying or disclosure by you or to any other person is prohibited./ ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] MAC Authentication Rejected
Hello Ryan,
it looks that you enabled autoregister on the connection profile.
Disable it and retry.
Regards
Fabrice
Le 19-12-25 à 10 h 08, Ryan Radschlag via PacketFence-users a écrit :
We're trying to get down to having one open ssid, having people be
dumped into the registration vlan by default, sending them to the
captive portal if not yet registered, and then having packetfence put
people in the correct vlans after registering their node. So I have
unrouted isolation and registration vlans directly attached to
packetfence/wlan controller and then the other vlans are only attached
to the wlan controller.
I have a mac blacklist enabled on the wlan controller to force it to
do a RADIUS request to packetfence for authentication. If I disable
that I'm directed to the portal (no RADIUS requests though, which is
as it should be) so I know I'm on the correct vlan and the nodes can
see the packetfence server.
So, I connect to the wireless network. And I see the wlan controller
send the radius request with the mac address of the machine as the
username and the mac address as the password. But then I see
packetfence send a reject message to the wlan controller. When I look
in the web interface under the RADIUS audit log. All of the requests
from nodes that are supposed to be mac based authentication don't have
anything in the mac address field or the Calling-Station-Id field and
you see the [mac:[undef]] in the packetfence.log. My question is,
should the fields be populated by the mac address when doing mac auth
or am I looking in the wrong direction? Is packetfence parsing the
RADIUS request incorrectly? Is there a way to do a rewrite and graft
the username into the mac address/calling-station-id field if that is
the case? If I do 802.1x auth, the mac address and calling-station-id
fields are populated correctly. I've included the packetfence and
radius logs below.
RADIUS.LOG:
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_sql (sql): Closing
connection (0): Hit idle_timeout, was idle for 383 seconds
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_sql (sql): Closing
connection (2): Hit idle_timeout, was idle for 383 seconds
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_sql (sql): Closing
connection (1): Hit idle_timeout, was idle for 383 seconds
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_sql (sql): Opening
additional connection (3), 1 of 64 pending slots used
Dec 24 10:37:42 hsd-pf-1 auth[12979]: Need 2 more connections to reach
min connections (3)
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_sql (sql): Opening
additional connection (4), 1 of 63 pending slots used
Dec 24 10:37:42 hsd-pf-1 auth[12979]: Adding client *REDACTED*
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_rest (rest): Closing
connection (0): Hit idle_timeout, was idle for 383 seconds
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_rest (rest): Closing
connection (1): Hit idle_timeout, was idle for 383 seconds
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_rest (rest): Opening
additional connection (2), 1 of 64 pending slots used
Dec 24 10:37:42 hsd-pf-1 auth[12979]: (28) rest: ERROR: Server returned:
Dec 24 10:37:42 hsd-pf-1 auth[12979]: (28) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Authentication
failed on PacketFence"}
Dec 24 10:37:42 hsd-pf-1 auth[12979]: Need 2 more connections to reach
min connections (3)
Dec 24 10:37:42 hsd-pf-1 auth[12979]: rlm_rest (rest): Opening
additional connection (3), 1 of 63 pending slots used
Dec 24 10:37:42 hsd-pf-1 auth[12979]: [mac:] Rejected user:
a8:1d:16:7d:c8:11
Dec 24 10:37:42 hsd-pf-1 auth[12979]: (28) Rejected in post-auth:
[a8:1d:16:7d:c8:11] (from client *REDACTED* port 0)
Dec 24 10:37:42 hsd-pf-1 auth[12979]: (28) Login incorrect (rest:
Server returned:): [a8:1d:16:7d:c8:11] (from client *REDACTED* port 0)
PACKETFENCE.LOG
Dec 24 10:37:42 hsd-pf-1 packetfence_httpd.aaa: httpd.aaa(2339) WARN:
[mac:[undef]] Trying to match IP address with an invalid MAC address
'undef' (pf::ip4log::mac2ip)
Dec 24 10:37:42 hsd-pf-1 packetfence_httpd.aaa: httpd.aaa(2339) INFO:
[mac:[undef]] Instantiate profile default
(pf::Connection::ProfileFactory::_from_profile)
Dec 24 10:37:42 hsd-pf-1 packetfence_httpd.aaa: httpd.aaa(2339) INFO:
[mac:[undef]] Found authentication source(s) : 'local,file1,LDAP-1'
for realm 'null' (pf::config::util::filter_authentication_sources)
Dec 24 10:37:42 hsd-pf-1 packetfence_httpd.aaa: httpd.aaa(2339) INFO:
[mac:[undef]] LDAP testing connection (pf::LDAP::expire_if)
Dec 24 10:37:42 hsd-pf-1 packetfence_httpd.aaa: httpd.aaa(2339) WARN:
[mac:[undef]] [LDAP-1] No entries found (0) with filter
(cn=a8:1d:16:7d:c8:11) from o=*REDACTED* on *REDACTED*:636
(pf::Authentication::Source::LDAPSource::authenticate)
Dec 24 10:37:42 hsd-pf-1 packetfence_httpd.aaa: httpd.aaa(2339) INFO:
[mac:[undef]] User a8:1d:16:7d:c8:11 tried to login in
00:50:56:8f:b0:a6 but authentication failed (pf::radius::switch_access)
Any pointers would be
Re: [PacketFence-users] Admin password problem
Hello Pasquale, you can do that: htpasswd -c /usr/local/pf/conf/admin.conf bob Then log with the bob username and password you defined. Regards Fabrice Le 19-12-20 à 06 h 38, Pasquale Lo Bello via PacketFence-users a écrit : Hello i installed pf in a cluster environment using thee virtual machines. After the first login when i try to login again as administrator itr seems that the password becomes incorrect (!!!) Obviously it is correct. have you any ideas about how to solve or reset the admin password? Thanks Pasquale ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] pfmon service don't act as expected in cluster mode.
Hello Dmitry, run /usr/local/pf/addons/pf-maint.pl and restart pfmon Regards Fabrice Le 19-12-25 à 05 h 42, Dmitry A. Avtonomov via PacketFence-users a écrit : Hello after conversion 3 standalone servers to cluster, pfmon don't act as expected. it don't unregister nodes. all registred nodes remains in registred state in spite of unregistration field. there is clean installation of PF9.2 on CentOS release 7.7.1908 (Minimal installation) cluster configuration gone whithout problem; node_maintance service is started in GUI (see attach) mysql query (show status like 'wsrep%';) answers as expected on all nodes. all services started. [root@core-s-pf03 pf]# systemctl status packetfence-pfmon.service ● packetfence-pfmon.service - PacketFence pfmon Service Loaded: loaded (/usr/lib/systemd/system/packetfence-pfmon.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2019-12-25 11:37:08 MSK; 1h 57min ago Main PID: 2001 (pfmon) Status: "Ready" CGroup: /packetfence.slice/packetfence-pfmon.service └─2001 pfmon С уважением, Автономов Дмитрий *Эксперт функционального направления * *Отдел поддержки сетевых инфраструктур* АО «Гринатом» Общий центр обслуживания Госкорпорации «Росатом» Адрес:115230, г. Москва, 1-й Нагатинский пр., д. 10, стр. 1 Телефон:+7 (499) 9492999 или вн. 5801 КТС:(115) 5801 ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Failed to join domain
Hi, I am new to packetfence and currently trying to setup packetfence to work as a VLAN enforcement and radius authenticationServer. I worked through the installation documentation and everything went fine so far. However when trying to join my AD domain I am getting the Error: Joining domain failed. Failed to join domain: failed to find DC for domain - Undetermined error. I first suspected that I am not getting any DNS responses by my AD DNS. However a quick nslookup successfully returned correct DNS entries. The entries which I tested are: _msdcs. _ldap._tcp.pdc._msdcs. _ldap._tcp.gc._msdcs. _ldap._tcp.dc._msdcs. _kerberos._tcp.dc._msdcs. ._msdcs. After some research I tried to join the domain manually by executing: net ads join -U Administrator However this also returned with an error: Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: This operation is only allowed for the PDC of the domain. So after researching a bit I checked that my Server is known by my DC, which is the case. I also checked that both system have the correct time and installed and configured ntp on my packetfence machine. However this did not resolve any of my issues. Here my current setup: Firewall/Router: pfSense ( just a basic configuration to provide my VLAN's ) hostname: pfsense Version:2.4.4-RELEASE-p3 IP in Management VLAN: ^10.0.1.1 NAS with DC: QNAP ts-432XU Hostname: nas0 Firmware: 4.4.1.1146 build 20191206 IP: 10.0.1.101 (VLAN 101 Management) & 10.0.0.101 (VLAN 100) My Users are in the main Users CN, the Computers are in the main "Computers" CN, I did not configure any additional OU's packetfence: Debian 4.9.0-11-amd-64 Hostname: nac0 IP Management: 10.0.1.2 ( in all my VLAN's pfSense is assigned to the second IP ) IP Registration:10.0.253.2 IP Isolation: 10.0.254.2 ... AD Domain settings in packetfence: Workgroup: (without tld) DNS name of this domain: This server's name: %h Active Directory server:nas0. DNS server(s): 10.0.1.101 OU: Computers Ntlm2 only: false Allow on registration: false So what am I missing? Is packetfence searching for any additional DNS entries to connect to the DC? I tried joining the domain with realmd which worked, so I am not sure where I am doing something wrong... Thanks! Best regards, Christian ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PFDns will not start
New to packetfence. Installing it on Centos 7 and follow all suggestion in guide but when I get to start packetfence PFDNS will not start. I check pfdns.log and it states: listen tcp :53: bind: address already in use. I check and DNSMasq Is using that port. What should be done to help resolve this? Thank you, Steve Stone ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] PFDNS
New to packetfence. Installing it on Centos 7 and follow all suggestion in guide but when I get to start packetfence PFDNS will not start. I check pfdns.log and it states: listen tcp :53: bind: address already in use. I check and DNSMasq Is using that port. What should be done to help resolve this? Steve Stone ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Failed to join domain
Hi, I am new to packetfence and currently trying to setup packetfence to work as a VLAN enforcement and radius authenticationServer. I worked through the installation documentation and everything went fine so far. However when trying to join my AD domain I am getting the Error: Joining domain failed. Failed to join domain: failed to find DC for domain - Undetermined error. I first suspected that I am not getting any DNS responses by my AD DNS. However a quick nslookup successfully returned correct DNS entries. The entries which I tested are: _msdcs. _ldap._tcp.pdc._msdcs. _ldap._tcp.gc._msdcs. _ldap._tcp.dc._msdcs. _kerberos._tcp.dc._msdcs. ._msdcs. After some research I tried to join the domain manually by executing: net ads join -U Administrator However this also returned with an error: Host is not configured as a member server. Invalid configuration. Exiting Failed to join domain: This operation is only allowed for the PDC of the domain. So after researching a bit I checked that my Server is known by my DC, which is the case. I also checked that both system have the correct time and installed and configured ntp on my packetfence machine. However this did not resolve any of my issues. Here my current setup: Firewall/Router: pfSense ( just a basic configuration to provide my VLAN's ) hostname: pfsense Version:2.4.4-RELEASE-p3 IP in Management VLAN: ^10.0.1.1 NAS with DC: QNAP ts-432XU Hostname: nas0 Firmware: 4.4.1.1146 build 20191206 IP: 10.0.1.101 (VLAN 101 Management) & 10.0.0.101 (VLAN 100) My Users are in the main Users CN, the Computers are in the main "Computers" CN, I did not configure any additional OU's packetfence: Debian 4.9.0-11-amd-64 Hostname: nac0 IP Management: 10.0.1.2 ( in all my VLAN's pfSense is assigned to the second IP ) IP Registration:10.0.253.2 IP Isolation: 10.0.254.2 ... AD Domain settings in packetfence: Workgroup: (without tld) DNS name of this domain: This server's name: %h Active Directory server:nas0. DNS server(s): 10.0.1.101 OU: Computers Ntlm2 only: false Allow on registration: false So what am I missing? Is packetfence searching for any additional DNS entries to connect to the DC? I tried joining the domain with realmd which worked, so I am not sure where I am doing something wrong... Thanks! Best regards, Christian ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Guest WiFi Setup on Ruckus Access Point
HI; New here. Kindly I would Like to request for assistance in setting up a guest network on packetfence. I have a standalone ruckus access point and my aim is to: Setup up a Guest SSID on the device from which guests can connect to it and be re directed to a registration portal . I would like to achieve this via packefence. I have no access to the switches. Kind regards; -- Andrew Mwakina Mwakudua Tel:+254725700539 ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
