Re: [PacketFence-users] Routed VLAN DHCP

2022-04-08 Thread Zammit, Ludovic via PacketFence-users 
Hello Baptiste,

When you added the route network did you restart all the pf service ? If not do 
it :

/usr/local/pf/bin/pfcmd service pf restart

My guess is that pfdhcp is not aware of the new scope.

You n double check with the command:

https://github.com/inverse-inc/packetfence/tree/devel/go/dhcp

curl http://127.0.0.1:2/api/v1/dhcp/stats/eth1.137 | python -m json.tool

Where eth1.137 is your registration interface on PF, you should see your new 
scope.

You can also check if the route is installed with:

route -n

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 2, 2022, at 10:26 AM, Baptiste Leroy via PacketFence-users 
>  wrote:
> 
> Hello. I have read the mailing list a lot to solve my problem but the 
> resolution I found did not work for me (sysctl.conf edit, enabling dhcp 
> detector and pf-maint.update).
> 
> I have the exact same topology than here : 
> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_routed_networks
>  
> 
> 
> My problem is that PF does not deliver an address to my vlan 20 
> (registration) client.
> I have configured dhcp helper on the router. When i add static IP in the vlan 
> 20 pc I can ping PF. 
> 
> I did wireshark on the PF-1st switch link (gns3) and the dhcp requests reache 
> PF but it never got any response. I know that the dhcp service is working 
> because when I try to get vlan2 address it works.
> 
> Can you help me pls :)
> Thank you
> 
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!D0I-43jTQHC8Xkqcd55Rx3MYNt2SBS511wh5t3c_oVY-WurA8jLVXSwBr1pm07ST$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

2022-04-08 Thread Zammit, Ludovic via PacketFence-users 
Hello there,

The reject in post auth means that it’s PF that rejects you.

Check into the /usr/local/pf/logs/packetfence.log to see the exact error.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 2, 2022, at 4:31 AM, z3r0byt3 via PacketFence-users 
>  wrote:
> 
> Hi all,
> 
> I tried to setup 802.1x  with Azure AD using this guide 
> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration
>  
> 
> I did user authentication test using  /usr/local/pf/bin/pftest. The auth test 
> succeeded.
> 
> But when I tried to test using eapol_test using this config file
> network={
> ssid="Test"
> key_mgmt=WPA-EAP
> eap=TTLS
> identity="testing.netw...@domain.edu 
> "
> anonymous_identity="anonymous"
> password="hLVrK8bWt6QseUfF"
> phase2="auth=PAP"
> #
> #  Uncomment the following to perform server certificate
> #  validation.
> #   ca_cert="/etc/raddb/certs/ca.der"
> }
> 
> eapol_test -c ttls-pap.conf -s MTg3ODIzNTc2MGM0MTg3Mzc4MmYzZjhj -A 
> 172.30.172.87 -a 172.30.172.87
> 
> It failed.
> 
> The radius log output is like this
> 
> EAP-Type = TTLS
> PacketFence-NTLMv2-Only = ""
> Service-Type = Framed-User
> PacketFence-KeyBalanced = "7b5e66fcfb47d73ddafbadd1eb0ddb70"
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 11Mbps 802.11b"
> User-Name = "testing.netw...@domain.edu "
> PacketFence-Outer-User = "anonymous"
> PacketFence-Radius-Ip = "172.30.172.87"
> Calling-Station-Id = "02:00:00:00:00:01"
> FreeRADIUS-Proxied-To = 127.0.0.1
> Framed-MTU = 1400
> NAS-IP-Address = 127.0.0.1
> Event-Timestamp = "Apr  2 2022 08:28:17 UTC"
> Realm = "domain.edu 
> "
> User-Password = "**"
> Stripped-User-Name = "testing.network"
> Module-Failure-Message = "No Auth-Type found: rejecting the user via 
> Post-Auth-Type = Reject" 
> SQL-User-Name = "testing.netw...@domain.edu 
> " 
> 
> Any idea what did I miss?
> 
> Regards,
> Irvan
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!F8kp8NqJgkQN7_IOHHkpwk5HPOPBNwBFZ6V2ny1F3nYVjp9CAcv6AHbNm_Zwwepq$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Packetfence config related fallback plan

2022-04-08 Thread Zammit, Ludovic via PacketFence-users 
Hello Misbah,

I highly doubt that you would cap a cluster capacity with only 250 devices 
registered.

You have an ongoing issue that need to be fixed.

What’s the spec on the PF servers? Are you doing 802.1x or Mac authentication ? 
Wired ? Wireless?

We have cluster of 3 running 10 000 unique radius authentication without 
choking.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users 
>  wrote:
> 
> Hello,
> 
> Firstly, I'm happy with the way Packetfence is working in the environment. A 
> big thanks to the team for the project and awesome documentation. I have 
> configured Packetfence in a 3 node cluster and registered 250+ devices so far.
> 
> I faced a problem with the radius server reaching the max connections limit 
> and most of the users were disconnected while I fixed the problem (had to 
> increase the max spare servers to a high value in radius.conf). I was 
> optimistic with the cluster setup, thinking I should not be facing downtime 
> issues but didn't realize that a config issue could lead to a blackout. 
> 
> Now, this leads me to wonder if there is a way in which I could have 
> decreased the downtime for the end users while we fixed the problem in the 
> config. Also, I would appreciate highlighting any other Production related 
> settings that need to be fine tuned to avoid such instances in future..
> 
> 
> Regards
> Misbah
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] RADIUS Debugging

2022-04-08 Thread Zammit, Ludovic via PacketFence-users 
Hello there,

How did you manage to do that? Did you change the radius config on the system 
and not the web admin ?

Radius says that you have already a process listening on the 1812.

It’s either a stale process or bad configuration.

Do:

/usr/local/pf/bin/pfcmd service pf stop 

netstat -nlp | grep 1812

Do you have a process that listen still ? If yes, kill it.

You can double check the radius config with:

cd /usr/local/pf

freeradius -d raddb/ -n auth -CX

Or 

radiusd -d raddb/ -n auth -CX

You should see something like:

Configuration appears to be OK

Thanks,


Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 4, 2022, at 4:08 AM, P.Thirunavukkarasu via PacketFence-users 
>  wrote:
> 
> Hi Team,
> Greetings of the day
> Linux packetfence 5.10.0-11-amd64 #1 SMP Debian 5.10.92-1 (2022-01-18) x86_64 
> (ZEN)
> I don't know how to debug the RADIUS in packetfence. As given in the 
> Installation guide I tried the debugging 
> I don't know what system is monitoring FreeRADIUS in packetfence, how to 
> figure it out? 
> 
> Herewith I am sending the RADIUS log
> Apr  4 00:00:02 packetfence auth[1288515]: /usr/local/pf/raddb/auth.conf[19]: 
> Error binding to port for 172.16.11.10 port 1812
> Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window = 
> 20.00", forcing to "response_window = 10.00"
> Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window = 
> 30.00", forcing to "response_window = 10.00"
> Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window = 
> 30.00", forcing to "response_window = 10.00"
> Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window = 
> 30.00", forcing to "response_window = 10.00"
> Apr  4 00:00:06 packetfence auth[1288559]: Debugger not attached
> Apr  4 00:00:06 packetfence auth[1288559]: systemd watchdog interval is 5.00 
> secs
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql): Driver 
> rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfguest): Driver 
> rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsponsor): Driver 
> rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsms): Driver 
> rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pflocal): Driver 
> rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject): Driver 
> rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_degraded): Driver 
> rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
> Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
> Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
> Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
> Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
> Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_redis: libhiredis version: 
> 0.14.1
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_redis: libhiredis version: 
> 0.14.1
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_rest: libcurl version: 
> libcurl/7.74.0 OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 
> libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.43.0 librtmp/2.3
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql_mysql: libmysql version: 
> 10.5.15
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql): Attempting to 
> connect to database "pf"
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfguest): Attempting to 
> connect to database "pf"
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsponsor): Attempting to 
> connect to database "pf"
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsms): Attempting to 
> connect to database "pf"
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pflocal): Attempting to 
> connect to database "pf"
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject): 
> groupmemb_query is empty.  Please delete it from the configuration
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject): 
> authorize_check_query is empty.  Please delete it from the configuration
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject): Attempting 
> to connect to database "pf"
> Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_degraded): 
> groupmemb_query is empty.

Re: [PacketFence-users] Captive portal authentication

2022-04-08 Thread Zammit, Ludovic via PacketFence-users 
Hello Baptiste,

Whiteout 802.1x ? Do you mean can you use Mac authentication ?

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 5, 2022, at 5:45 AM, Baptiste Leroy via PacketFence-users 
>  wrote:
> 
> Hello. I 'm trying to configure captive portal but I noticed on my switch 
> that when we authenticate on the portal it uses 802.1x. Why is that ?Why not 
> transmit credentials through the L3 connectivity we have with PacketFence in 
> registration vlan? I thought that 802.1x was for layer 2 authentication. I'm 
> a bit lost.
> 
> So my question is 
> Is it possible to authenticate through this portal and get dynamic vlan 
> without 802.1x enabled ?
> and how ? :)
> 
> Thanks
> Baptiste
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!A_1FVWCjXFb1aO-IqzLvw3YxnZyHdhJesXN1G1NEoAohp2vMA-RhOiJkBRfkhtxH$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Routed VLAN DHCP

2022-04-08 Thread Baptiste Leroy via PacketFence-users 
Hello. I have read the mailing list a lot to solve my problem but the
resolution I found did not work for me (sysctl.conf edit, enabling dhcp
detector and pf-maint.update).

I have the exact same topology than here :
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_routed_networks

My problem is that PF does not deliver an address to my vlan 20
(registration) client.
I have configured dhcp helper on the router. When i add static IP in the
vlan 20 pc I can ping PF.

I did wireshark on the PF-1st switch link (gns3) and the dhcp requests
reache PF but it never got any response. I know that the dhcp service is
working because when I try to get vlan2 address it works.

Can you help me pls :)
Thank you
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] 802.1x EAP-TTLS PAP with Azure AD not working

2022-04-08 Thread z3r0byt3 via PacketFence-users 
Hi all,

I tried to setup 802.1x  with Azure AD using this guide
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_azure_ad_integration
I did user authentication test using  /usr/local/pf/bin/pftest. The auth
test succeeded.

But when I tried to test using eapol_test using this config file
network={
ssid="Test"
key_mgmt=WPA-EAP
eap=TTLS
identity="testing.netw...@domain.edu"
anonymous_identity="anonymous"
password="hLVrK8bWt6QseUfF"
phase2="auth=PAP"
#
#  Uncomment the following to perform server certificate
#  validation.
#   ca_cert="/etc/raddb/certs/ca.der"
}

eapol_test -c ttls-pap.conf -s MTg3ODIzNTc2MGM0MTg3Mzc4MmYzZjhj -A
172.30.172.87 -a 172.30.172.87

It failed.

The radius log output is like this

EAP-Type = TTLS PacketFence-NTLMv2-Only = "" Service-Type = Framed-User
PacketFence-KeyBalanced = "7b5e66fcfb47d73ddafbadd1eb0ddb70" NAS-Port-Type
= Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" User-Name = "
testing.netw...@domain.edu" PacketFence-Outer-User = "anonymous"
PacketFence-Radius-Ip = "172.30.172.87" Calling-Station-Id =
"02:00:00:00:00:01" FreeRADIUS-Proxied-To = 127.0.0.1 Framed-MTU = 1400
NAS-IP-Address = 127.0.0.1 Event-Timestamp = "Apr 2 2022 08:28:17 UTC"
Realm = "domain.edu" User-Password = "**" Stripped-User-Name =
"testing.network" Module-Failure-Message = "No Auth-Type found: rejecting
the user via Post-Auth-Type = Reject"
SQL-User-Name = "testing.netw...@domain.edu"

Any idea what did I miss?

Regards,
Irvan
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Blank Page on Dashboard

2022-04-08 Thread Misbah Hussaini via PacketFence-users 
Hello,

When I try to access the netdata URL (https://mgmt_ip:1443/netdata/) I
receive a 404 "Chart is not found: mysql_PacketFence_Database.queries"
response.

Any idea how to fix this? Other charts on the dashboard are working fine.


Regards
Misbah


On Fri, 14 Jan 2022 at 19:19, Misbah Hussaini  wrote:

> Hello Fabrice,
>
> The issue was fixed when I restarted the netdata daemon on Node3. However,
> a couple of charts are not getting generated, below are the URLs.
>
> mysql_PacketFence_Database.queries: chart not found on url
> "/api/v1/chart?chart=mysql_PacketFence_Database.queries"
>
> mysql_PacketFence_Database.handlers: chart not found on url
> "/api/v1/chart?chart=mysql_PacketFence_Database.handlers"
>
> I don't find any folder in /var/cache/netdata with the name starting
> "mysql".
>
>
> Regards
> Syed Hussaini
>
>
> On Fri, 14 Jan 2022 at 01:19, Fabrice Durand  wrote:
>
>> Hello Syed,
>>
>> you have to use dev mode in the browser to see if you have any error
>> (like 404) related to netdata (https://mgmt_ip:1443/netdata/)
>>
>> Once found can you post the url ?
>>
>> Regards
>> Fabrice
>>
>>
>> Le jeu. 13 janv. 2022 à 09:53, Misbah Hussaini via PacketFence-users <
>> packetfence-users@lists.sourceforge.net> a écrit :
>>
>>> Hello,
>>>
>>> I have clustered my PF servers running version 11.2 and post activity,
>>> the charts are not visible on the Dashboard. Sometimes I get the* error
>>> "The charts of the dashboard are currently not available"*. I have
>>> cleared the cache in /var/cache/netdata and restarted all the services but
>>> the problem remains. I have tried accessing the dashboard using the VIP or
>>> node IP but the behaviour is still the same.
>>>
>>> Any clue on how to troubleshoot this?
>>>
>>>
>>> Regards
>>> Syed Hussaini
>>> ___
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Wrong Network View in Packetfence 11.2.0

2022-04-08 Thread Hubert Kupper via PacketFence-users 

Hello,

sometimes the message " netdata request failed with status code 404" on 
the monitoring dashboard appears.



Am 31.03.22 um 07:25 schrieb Hubert Kupper via PacketFence-users:

Hello,


we have setup Packetfence 11.2 on Debian 11 and it works but the 
network view in the GUI shows only unreg nodes. The dashboard shows 
110 registered devices.



Best regards,

Hubert




smime.p7s
Description: S/MIME Cryptographic Signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] RADIUS Debugging

2022-04-08 Thread P.Thirunavukkarasu via PacketFence-users 
Hi Team,
Greetings of the day
*Linux packetfence 5.10.0-11-amd64 #1 SMP Debian 5.10.92-1 (2022-01-18)
x86_64 (ZEN)*
I don't know how to debug the RADIUS in packetfence. As given in the
Installation guide I tried the debugging
I don't know what system is monitoring FreeRADIUS in packetfence, how to
figure it out?

Herewith I am sending the RADIUS log
Apr  4 00:00:02 packetfence auth[1288515]:
/usr/local/pf/raddb/auth.conf[19]: Error binding to port for 172.16.11.10
port 1812
Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window =
20.00", forcing to "response_window = 10.00"
Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window =
30.00", forcing to "response_window = 10.00"
Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window =
30.00", forcing to "response_window = 10.00"
Apr  4 00:00:06 packetfence auth[1288559]: Ignoring "response_window =
30.00", forcing to "response_window = 10.00"
Apr  4 00:00:06 packetfence auth[1288559]: Debugger not attached
Apr  4 00:00:06 packetfence auth[1288559]: systemd watchdog interval is
5.00 secs
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfguest): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsponsor): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsms): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pflocal): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_degraded): Driver
rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
Apr  4 00:00:06 packetfence auth[1288559]: Perl version: 5.32.0
Apr  4 00:00:06 packetfence auth[1288559]: rlm_redis: libhiredis version:
0.14.1
Apr  4 00:00:06 packetfence auth[1288559]: rlm_redis: libhiredis version:
0.14.1
Apr  4 00:00:06 packetfence auth[1288559]: rlm_rest: libcurl version:
libcurl/7.74.0 OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0
libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.43.0 librtmp/2.3
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql_mysql: libmysql version:
10.5.15
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql): Attempting to
connect to database "pf"
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfguest): Attempting to
connect to database "pf"
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsponsor): Attempting
to connect to database "pf"
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pfsms): Attempting to
connect to database "pf"
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (pflocal): Attempting to
connect to database "pf"
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject):
groupmemb_query is empty.  Please delete it from the configuration
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject):
authorize_check_query is empty.  Please delete it from the configuration
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_reject): Attempting
to connect to database "pf"
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_degraded):
groupmemb_query is empty.  Please delete it from the configuration
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_degraded): Ignoring
read_groups as group_membership_query is not configured
Apr  4 00:00:06 packetfence auth[1288559]: rlm_sql (sql_degraded):
Attempting to connect to database "pf"
Apr  4 00:00:07 packetfence auth[1288559]: rlm_ldap: libldap vendor:
OpenLDAP, version: 20457
Apr  4 00:00:07 packetfence auth[1288559]:
[/usr/local/pf/raddb/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay" found in filter list for realm "DEFAULT".
Apr  4 00:00:07 packetfence auth[1288559]:
[/usr/local/pf/raddb/mods-config/attr_filter/access_reject]:11 Check item
"FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
Apr  4 00:00:07 packetfence auth[1288559]: Loaded virtual server 
Apr  4 00:00:07 packetfence auth[1288559]: Loaded virtual server status
Apr  4 00:00:07 packetfence auth[1288559]: Loaded virtual server
packetfence-tunnel
Apr  4 00:00:07 packetfence auth[1288559]: Loaded virtual server
packetfence-tunnel-fast
Apr  4 00:00:07 packetfence auth[1288559]: Loaded virtual server packetfence
Apr  4 00:00:07 packetfence auth[1288559]: Loaded virtual server pf-remote
Apr  4 00:00:07 packetfence auth[1288559]:

[PacketFence-users] Captive portal authentication

2022-04-08 Thread Baptiste Leroy via PacketFence-users 
Hello. I 'm trying to configure captive portal but I noticed on my switch
that when we authenticate on the portal it uses 802.1x. Why is that ?Why
not transmit credentials through the L3 connectivity we have with
PacketFence in registration vlan? I thought that 802.1x was for layer 2
authentication. I'm a bit lost.

So my question is
Is it possible to authenticate through this portal and get dynamic vlan
without 802.1x enabled ?
and how ? :)

Thanks
Baptiste
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Packetfence config related fallback plan

2022-04-08 Thread Misbah Hussaini via PacketFence-users 
Hello,

Firstly, I'm happy with the way Packetfence is working in the environment.
A big thanks to the team for the project and awesome documentation. I have
configured Packetfence in a 3 node cluster and registered 250+ devices so
far.

I faced a problem with the radius server reaching the max connections limit
and most of the users were disconnected while I fixed the problem (had to
increase the max spare servers to a high value in radius.conf). I was
optimistic with the cluster setup, thinking I should not be facing downtime
issues but didn't realize that a config issue could lead to a blackout.

Now, this leads me to wonder if there is a way in which I could have
decreased the downtime for the end users while we fixed the problem in the
config. Also, I would appreciate highlighting any other Production related
settings that need to be fine tuned to avoid such instances in future..


Regards
Misbah
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users