I just saw Fabrice’s response. Funny this is the second time we basically said
the same thing within a few minutes of each other :) Good luck with you demo.
Tim
Sent from mobile phone
> On Jan 3, 2018, at 20:36, Durand fabrice wrote:
>
> Hello Eugene,
>
> Even if you
Interesting you had to change to plaintext. I was able to use NTLM and just
uncomment the first instance of the “packetfence-local-auth” line. Perhaps
something else was modified in the radius config. Anyways, you can use the
following command to restart mariadb (at least for CentOS/RHEL 7):
Hello Eugene,
Even if you will integrate PacketFence with AD you can use local users
for another purpose (like guest source with create local account enable
in order to use this account on a 802.1x ssid)
For mariadb, there are few services that are not managed by packetfence,
like
The year started with boring and hectic problems, only now had time to get back
to PF.
Well, I knew that I’m getting closer ;)
First of all I did uncomment “packefence-local-auth” sometime ago but when both
Fabrice and you mentioned it again I went through the file and found a second
line
Great, will try to do it a bit later
Thanks, Fabrice
From: Fabrice Durand [mailto:fdur...@inverse.ca]
Sent: Wednesday, January 03, 2018 12:26 PM
To: E.P.
Cc: packetfence-users@lists.sourceforge.net
Subject: Re: [PacketFence-users] PKI installation
Just for information, i uploaded a new
André,
The message “Until CoA is implemented we will bounce the port on VLAN
re-assignment traps for MAC-Auth
(pf::Switch::handleReAssignVlanTrapForWiredMacAuth)” is thrown because your
deauthentication method for the Switch (in PacketFence) is set to SNMP (see
Here you go:
[root@esppkfence ~]# /usr/local/pf/bin/pfcmd service radiusd generateconfig
service|command
radiusd-acct|config generated
radiusd-auth|config generated
[root@esppkfence ~]# /usr/sbin/radiusd -d /usr/local/pf/raddb -n auth -fxx -l
stdout
FreeRADIUS Version 3.1.0
Copyright (C)
I have been working off guides I am finding online. Been finding lots of
information about configuring from the guide below. Would I be able to see this
VSA in a debug or log?
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05365313
Jeremy Plumley
ITS Network Administrator
Ext
Fabrice,
I used the configuration sent, still gave an error.
I saw some new logs:
Jan 3 18:41:44 packetfence pfqueue: pfqueue(25669) WARN:
[mac:84:7b:eb:e3:84:42] Until CoA is implemented we will bounce the port on
VLAN re-assignment traps for MAC-Auth
Just for information, i uploaded a new version of the packetfence-pki
for centos7 who fix all the install issues.
Regards
Fabrice
Le 2017-12-12 à 23:58, E.P. a écrit :
>
> Well, I’m taking my hat off in front of you, no kidding and pun
> intended ;)
>
> Do you need traceback from the error
Hello André,
yes i did that a long time ago:
https://github.com/inverse-inc/packetfence/commit/9d47649dd8d133b233d313d2c80e94421c38caaa#diff-53248f7bb6c533be6a5b55ec361b3238
Also the note i took:
1 Enter global configuration mode and define the RADIUS server.
console#configure
Hello Jeremy,
do you have any documentation related to the support of the VoIP on the
Aruba switch ?
There is probably a vsa attribute to return when PacketFence detect that
a phone is plugged on a switch port.
If the vsa exist then it will be easy to add the VoIP support for the
Aruba
Hello,
what you can do is to connect in the sqlite db and update the password.
sqlite3 db.sqlite3
UPDATE "auth_user" set
password='pbkdf2_sha256$2$Z2Lhr1cW8QM0$mN9PtNhxneIDzApqFa4uG8V44IXqHe+r7yootSoSzJQ='
where username='admin';
the password is p@ck3tf3nc3
Regards
Fabrice
Le
I have my demo HPE Aruba 2930M switch now. So far data vlan seems ok but I'm
having issues with my Cisco VOIP Phones. The Packetfence log is throwing this
error over my phones.
Jan 3 13:21:48 pf1 packetfence_httpd.aaa: httpd.aaa(3637) WARN:
[mac:64:00:f1:ab:11:35] RADIUS Authentication of IP
Hi,
I am unable to login to packetfence-pki web interface with the admin
password neither with another user I created after installation.
Is there anyway to restore or overwirte the admin password?
I am using Packetfence-pki 1.0.5 in centos 7
Greetings
Hello Ivan,
what you can do is the following:
/usr/local/pf/bin/pfcmd service radiusd generateconfig
/usr/sbin/radiusd -d /usr/local/pf/raddb -n auth -fxx -l stdout
And paste the debug if the service is not able to start.
Regards
Fabrice
Le 2018-01-03 à 09:31, Auger, Ivan (ITS) via
Selected radius enforcement in configuration wizard - radius does not start in
last step - everything else starts. Is there something additional that needs
to be defined in /usr/local/pf/conf/pf.conf or in /usr/local/pf/conf/raddb
template directory?
Thanks
Hey,
I configured interface 15 manually to use only vlan 2 (registry), and I was
assigned registry address addressing (192.168.2.0/24)
Following config switch:
interface Gi1/0/15
switchport access vlan 2
dot1x port-control force-authorized
exit
Following logs packetfence:
Jan 3 12:14:41
I applied the patch, Tim, and it was successful, I mean the patch installation.
Then I restarted RADIUS daemon and tried the local user authentication. As I
described it in the other email to Fabrice it was rejected due to MSCHAPv2. For
me it is a sign that I’m getting closer ;)
And yes, Unifi
Eugene,
Did you uncomment the “packetfence-local-auth” line in
/usr/local/pf/conf/radiusd/packetfence-tunnel ?
Also you will have to change the database password encryption type to plain or
NTLM under Configuration->System Configuration->Main Configuration->Database
passwords hashing
To answer your question “Am I getting close to the point by reading that if I
really want a user authenticated using PEAP (with MSCHAPv2 as an inner method)
it has to be NOT a local user but a user from an external identity store (AD)
?”, I would recommend you switch to AD (see
Opss, Fabrice!
I forgot an information, the MAC addresses on the switch.
By the logs, it is in VLAN 2, the correct vlan.
Right now I do not understand, because it does not assign the correct
address
console#show mac address-table
Aging time is 300 Sec
Vlan Mac Address Type
Hello Eugene,
First did you uncomment packetfence-local-auth in
/usr/local/pf/conf/radiusd/packetfence-tunnel ?
Also what type of hashing password did you choose ? (Configuration ->
System configuration -> Advanced ) only ntlm and plaintext are supported
by local auth.
Regards
Fabrice
Le
Hum strange.
What you can try is to define an interface in the vlan 2 (manually on an
switch port) and plug your test machine in it. (you must receive an ip
from PacketFence).
If you receive an ip from the 172.16.0.0/24 then it mean that you have a
switch configuration issue. (any layer 3
I tried to add the DAS parameter directly in the configuration file of
the AP and it works (CoA), but the limitation is that you can enable it
only on one ssid.
https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
Regards
Fabrice
Le 2017-12-29 à 16:18, Timothy Mullican via PacketFence-users
25 matches
Mail list logo