Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread Timothy Mullican via PacketFence-users
I just saw Fabrice’s response. Funny this is the second time we basically said the same thing within a few minutes of each other :) Good luck with you demo. Tim Sent from mobile phone > On Jan 3, 2018, at 20:36, Durand fabrice wrote: > > Hello Eugene, > > Even if you

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread Timothy Mullican via PacketFence-users
Interesting you had to change to plaintext. I was able to use NTLM and just uncomment the first instance of the “packetfence-local-auth” line. Perhaps something else was modified in the radius config. Anyways, you can use the following command to restart mariadb (at least for CentOS/RHEL 7):

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread Durand fabrice via PacketFence-users
Hello Eugene, Even if you will integrate PacketFence with AD you can use local users for another purpose (like guest source with create local account enable in order to use this account on a 802.1x ssid) For mariadb, there are few services that are not managed by packetfence, like

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread E.P. via PacketFence-users
The year started with boring and hectic problems, only now had time to get back to PF. Well, I knew that I’m getting closer ;) First of all I did uncomment “packefence-local-auth” sometime ago but when both Fabrice and you mentioned it again I went through the file and found a second line

Re: [PacketFence-users] PKI installation

2018-01-03 Thread E.P. via PacketFence-users
Great, will try to do it a bit later Thanks, Fabrice From: Fabrice Durand [mailto:fdur...@inverse.ca] Sent: Wednesday, January 03, 2018 12:26 PM To: E.P. Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] PKI installation Just for information, i uploaded a new

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread Timothy Mullican via PacketFence-users
André, The message “Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)” is thrown because your deauthentication method for the Switch (in PacketFence) is set to SNMP (see

Re: [PacketFence-users] packetfence 7.3 configuration wizard - radius?

2018-01-03 Thread Auger, Ivan (ITS) via PacketFence-users
Here you go: [root@esppkfence ~]# /usr/local/pf/bin/pfcmd service radiusd generateconfig service|command radiusd-acct|config generated radiusd-auth|config generated [root@esppkfence ~]# /usr/sbin/radiusd -d /usr/local/pf/raddb -n auth -fxx -l stdout FreeRADIUS Version 3.1.0 Copyright (C)

Re: [PacketFence-users] Aruba Switch Network Configuration

2018-01-03 Thread Jeremy Plumley via PacketFence-users
I have been working off guides I am finding online. Been finding lots of information about configuring from the guide below. Would I be able to see this VSA in a debug or log? https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05365313 Jeremy Plumley ITS Network Administrator Ext

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread André Scrivener via PacketFence-users
Fabrice, I used the configuration sent, still gave an error. I saw some new logs: Jan 3 18:41:44 packetfence pfqueue: pfqueue(25669) WARN: [mac:84:7b:eb:e3:84:42] Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth

Re: [PacketFence-users] PKI installation

2018-01-03 Thread Fabrice Durand via PacketFence-users
Just for information, i uploaded a new version of the packetfence-pki for centos7 who fix all the install issues. Regards Fabrice Le 2017-12-12 à 23:58, E.P. a écrit : > > Well, I’m taking my hat off in front of you, no kidding and pun > intended ;) > > Do you need traceback from the error

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hello André, yes i did that a long time ago: https://github.com/inverse-inc/packetfence/commit/9d47649dd8d133b233d313d2c80e94421c38caaa#diff-53248f7bb6c533be6a5b55ec361b3238 Also the note i took: 1 Enter global configuration mode and define the RADIUS server. console#configure

Re: [PacketFence-users] Aruba Switch Network Configuration

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hello Jeremy, do you have any documentation related to the support of the VoIP on the Aruba switch ? There is probably a vsa attribute to return when PacketFence detect that a phone is plugged on a switch port. If the vsa exist then it will be easy to add the VoIP support for the Aruba

Re: [PacketFence-users] Packetfence-pki restore/ovewrite admin password

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hello, what you can do is to connect in the sqlite db and update the password. sqlite3 db.sqlite3 UPDATE "auth_user" set password='pbkdf2_sha256$2$Z2Lhr1cW8QM0$mN9PtNhxneIDzApqFa4uG8V44IXqHe+r7yootSoSzJQ=' where username='admin'; the password is p@ck3tf3nc3 Regards Fabrice Le

Re: [PacketFence-users] Aruba Switch Network Configuration

2018-01-03 Thread Jeremy Plumley via PacketFence-users
I have my demo HPE Aruba 2930M switch now. So far data vlan seems ok but I'm having issues with my Cisco VOIP Phones. The Packetfence log is throwing this error over my phones. Jan 3 13:21:48 pf1 packetfence_httpd.aaa: httpd.aaa(3637) WARN: [mac:64:00:f1:ab:11:35] RADIUS Authentication of IP

[PacketFence-users] Packetfence-pki restore/ovewrite admin password

2018-01-03 Thread Rokkhan via PacketFence-users
Hi, I am unable to login to packetfence-pki web interface with the admin password neither with another user I created after installation. Is there anyway to restore or overwirte the admin password? I am using Packetfence-pki 1.0.5 in centos 7 Greetings

Re: [PacketFence-users] packetfence 7.3 configuration wizard - radius?

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hello Ivan, what you can do is the following: /usr/local/pf/bin/pfcmd service radiusd generateconfig /usr/sbin/radiusd -d /usr/local/pf/raddb  -n auth -fxx -l stdout And paste the debug if the service is not able to start. Regards Fabrice Le 2018-01-03 à 09:31, Auger, Ivan (ITS) via

[PacketFence-users] packetfence 7.3 configuration wizard - radius?

2018-01-03 Thread Auger, Ivan (ITS) via PacketFence-users
Selected radius enforcement in configuration wizard - radius does not start in last step - everything else starts. Is there something additional that needs to be defined in /usr/local/pf/conf/pf.conf or in /usr/local/pf/conf/raddb template directory? Thanks

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread André Scrivener via PacketFence-users
Hey, I configured interface 15 manually to use only vlan 2 (registry), and I was assigned registry address addressing (192.168.2.0/24) Following config switch: interface Gi1/0/15 switchport access vlan 2 dot1x port-control force-authorized exit Following logs packetfence: Jan 3 12:14:41

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread E.P. via PacketFence-users
I applied the patch, Tim, and it was successful, I mean the patch installation. Then I restarted RADIUS daemon and tried the local user authentication. As I described it in the other email to Fabrice it was rejected due to MSCHAPv2. For me it is a sign that I’m getting closer ;) And yes, Unifi

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread Timothy Mullican via PacketFence-users
Eugene, Did you uncomment the “packetfence-local-auth” line in /usr/local/pf/conf/radiusd/packetfence-tunnel ? Also you will have to change the database password encryption type to plain or NTLM under Configuration->System Configuration->Main Configuration->Database passwords hashing

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread Timothy Mullican via PacketFence-users
To answer your question “Am I getting close to the point by reading that if I really want a user authenticated using PEAP (with MSCHAPv2 as an inner method) it has to be NOT a local user but a user from an external identity store (AD) ?”, I would recommend you switch to AD (see

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread André Scrivener via PacketFence-users
Opss, Fabrice! I forgot an information, the MAC addresses on the switch. By the logs, it is in VLAN 2, the correct vlan. Right now I do not understand, because it does not assign the correct address console#show mac address-table Aging time is 300 Sec Vlan Mac Address Type

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hello Eugene, First did you uncomment packetfence-local-auth in /usr/local/pf/conf/radiusd/packetfence-tunnel ? Also what type of hashing password did you choose ? (Configuration -> System configuration -> Advanced ) only ntlm and plaintext are supported by local auth. Regards Fabrice Le

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hum strange. What you can try is to define an interface in the vlan 2 (manually on an switch port) and plug your test machine in it. (you must receive an ip from PacketFence). If you receive an ip from the 172.16.0.0/24 then it mean that you have a switch configuration issue. (any layer 3

Re: [PacketFence-users] Need an advice and maybe assistance with FreeRADIUS

2018-01-03 Thread Fabrice Durand via PacketFence-users
I tried to add the DAS parameter directly in the configuration file of the AP and it works (CoA), but the limitation is that you can enable it only on one ssid. https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf Regards Fabrice Le 2017-12-29 à 16:18, Timothy Mullican via PacketFence-users