Re: [PacketFence-users] How to use username rewriting in v11?

Borderline thread hijack, but as it's on topic: Is it possible to use the radius username rewrite functionality in combination with "Dot1x recompute role from portal" Thanks, David On Tue, Sep 7, 2021 at 9:50 AM Cristian Mammoli via PacketFence-users < packetfence-users@lists.sourceforge.net>

Re: [PacketFence-users] Recomputing the role of existing nodes without portal interaction

re all those users are already created before the import or use >>> “default”. >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders be

Re: [PacketFence-users] Recomputing the role of existing nodes without portal interaction

gt;> >> Thanks again for your help, >> David >> >> On Mon, Mar 8, 2021 at 8:02 PM Ludovic Zammit wrote: >> >>> Hello David, >>> >>> Make sure all those users are already created before the import or use >>> “default”. >>> >

Re: [PacketFence-users] Distributed clusters and topologies

ogs.akamai.com> > <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> > <http://www.linkedin.com/company/akamai-technologies> > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > On Apr 22, 2021, at 1:16 PM, David Harvey via P

[PacketFence-users] Distributed clusters and topologies

I'm starting to wonder if I dreamed this now... I thought I recalled seeing a diagram or guide to a distributed topology featuring clustering and some kind of local caching, but I can't locate it anywhere, so thinking I may have confused it with something else now.. We're looking to refresh our pa

Re: [PacketFence-users] Recomputing the role of existing nodes without portal interaction

sers are already created before the import or use >> “default”. >> >> Thanks, >> >> >> Ludovic Zammit >> lzam...@inverse.ca :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >&

Re: [PacketFence-users] Recomputing the role of existing nodes without portal interaction

.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > > > > On Feb 26, 2021, at 12:31 PM, David Harvey via PacketFence-users < > packetfence-users@lists.source

Re: [PacketFence-users] Recomputing the role of existing nodes without portal interaction

Hi again, Just checking if anyone had any ideas on this one: TL;DR - Is there a mechanism for firing a "recompute node role from owner" task against existing auth sources without users logging in through the portal? Thanks, David On Fri, Feb 26, 2021 at 2:59 PM David Harvey wrote: > Dear Packet

Re: [PacketFence-users] Recomputing the role of existing nodes without portal interaction

Experimenting on the same topic I have also found inconsistent behaviour with "./pfcmd import nodes /tmp/testimport.csv columns=mac,pid,category" 00:54:E8:61:32:00,auser,developer 00:F0:5D:18:93:00,anotheruser,developer 00:9a:4c:51:b7:00,andanotherone,developer 00:d8:00:e8:a5:00,opsuser,ops It

[PacketFence-users] Recomputing the role of existing nodes without portal interaction

Dear Packetfence users, I'm looking for advice on updating my node owners whilst preserving or recalculating roles. With many new users working from home, their nodes have been registered as a default owner, with the role being manually set. Although I have a configured LDAP source which applies r

Re: [PacketFence-users] Debian 10 support?

Hey folks, couldn't find anything to easily track this with, just curious as to if there's an ETA on this? On Sat, 18 Apr 2020, 01:11 Durand fabrice via PacketFence-users, < packetfence-users@lists.sourceforge.net> wrote: > Hello Sam, > > it's in the road map, Centos 8 too. > > Regards > > Fabric

Re: [PacketFence-users] Allowing different access levels for MAB vs EAP-TLS clients

Hi all, any pointers at all? On Thu, Jan 30, 2020 at 10:54 PM David Harvey wrote: > Dear Packetfencers, > > I've been struggling with this logic for a while, so I'm going to admit > defeat and defer to the wisdom of the list. > > Aim: > Allow a maximum or predefined VLAN allocation for MAB users

[PacketFence-users] Allowing different access levels for MAB vs EAP-TLS clients

Dear Packetfencers, I've been struggling with this logic for a while, so I'm going to admit defeat and defer to the wisdom of the list. Aim: Allow a maximum or predefined VLAN allocation for MAB users. So those with expired certs or otherwise broken 802.1x profiles can get to a useful remediation

Re: [PacketFence-users] Mandatory element ip or netmask on interface

Anybody else had to deal with a similar situation? On Wed, Sep 11, 2019 at 4:06 PM David Harvey wrote: > Dear Packetfencers, > > I've finally taken the plunge on version 9 and it's looking great! > Hoping you may be able to advise on the following. > > Previously I followed some advice for 8.3 f

[PacketFence-users] Mandatory element ip or netmask on interface

Dear Packetfencers, I've finally taken the plunge on version 9 and it's looking great! Hoping you may be able to advise on the following. Previously I followed some advice for 8.3 for dhcp sniffing which was largely: Make a promiscuous or static interface for relevant vlans with no iP set (settin

Re: [PacketFence-users] Hi IPv4 socket usage to LDAP and pfstats

errors. > Is it ldaps ? > > Also pfstats crashed when it tried to fetch the eduroam config and i am > not sure that it's related. > > Regards > Fabrice > > > Le 2018-08-10 à 10:16, David Harvey via PacketFence-users a écrit : > > Detail I should have includ

Re: [PacketFence-users] Hi IPv4 socket usage to LDAP and pfstats

er runs beyond 40% utilization with > average being around 10% and ram holds steady at around 19GB used. We have > 2800 registered devices. > > > > Peter Truax > > St. Martin’s University > > Lacey, WA > > > > *From:* David Harvey via PacketFence-user

Re: [PacketFence-users] Hi IPv4 socket usage to LDAP and pfstats

Detail I should have included: pf 8.1.0 on Debian Detail I have since seen (IPs remove/swapped out for IPSCRUBBED): Aug 10 12:23:37 pf pfstats[26534]: t=2018-08-10T12:23:37+0100 lvl=info msg="Calling Unified API on uri: https://127.0.0.1:/api/v1/dhcp/stats/eth1/IPSCRUBBED"; pid=26534 Aug 10 1

[PacketFence-users] Hi IPv4 socket usage to LDAP and pfstats

Hi again! I'm investigating some latency issues with RADIUS being a bit lumpy and noticed that the number of open IPv4 sockets was incredibly high. Checking on netstat -anp showed a vast number of pfstats -> LDAP:636 conencitnos (and yes I use LDAP as a portal auth source). The drop off is afte

Re: [PacketFence-users] Captive portal 400 Bad Request 'json' or 'msgpack' parameter is required

, 2018 at 3:16 AM, Durand fabrice via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello David, > > it looks that you are hitting the api, can you take a capture and check > the destination port ? > > Regards > > Fabrice > > > &g

[PacketFence-users] Captive portal 400 Bad Request 'json' or 'msgpack' parameter is required

How embarrassing, I'm stuck again.. I can't identify exactly when this occurred, but somewhere between the upgrade to 8.1 and fixing the portal content as mentioned in previous threads (largely reverting to default HTML files) I have found myself unable to load the portal. It loads OK in the admi

Re: [PacketFence-users] portal accept terms button

PEBCAK... A couple of edits I had made (one adding text to signin.html, and one that predated me made to challenge.html) had blocked pages from being upgraded and in doing so confused the button schema and workflow of AUP being before and now not on the same page as signin. Thanks to the as ever

Re: [PacketFence-users] portal accept terms button

Has anyone else observed this, or can anyone offer advice on what I could check further? On Mon, Jul 16, 2018 at 4:31 PM, David Harvey wrote: > Dear Packetfence users, > > Since the 8.0 update (and I'm now on 8.1.0) I've been having problems with > the portal and AUP/accept button state (used to

[PacketFence-users] portal accept terms button

Dear Packetfence users, Since the 8.0 update (and I'm now on 8.1.0) I've been having problems with the portal and AUP/accept button state (used to be a tick box IIRC or certainly made it clear when it was selected). I believe is relates to /usr/local/pf/html/common/scss/_components.buttons.scss

Re: [PacketFence-users] LDAP

Not sure how much the standalone 389 directory lets you do from it's admin interface, but a simple FreeIPA install (which includes 389) is also pretty quick and easy to setup, and has a very comprehensive interface. It may contain way more features than you want though! Alternatively, I know QNAP

Re: [PacketFence-users] Dot1x fails on the switch but packetfence claims success!

eloper role mean that you have a developer acl on the switch. > > So in the switch config (pf side) remove the developer role by switch role > attribute and retry. > > Regards > > Fabrice > > > > Le 2018-03-14 à 14:37, David Harvey via PacketFence-users a écrit : &

[PacketFence-users] Dot1x fails on the switch but packetfence claims success!

Dear list, I've been fighting with this all day, so excuse the brain fart.. Recently added another cisco 3750x to my fleet. The only difference is that it's on IOS 15.2(4), where the others which work are on 15.0. I've cloned the config of a functioning install, and cross referenced it against th

Re: [PacketFence-users] Role Assignment (G Suite/SAML)

I switched from GSuite Auth to LDAP for almost exactly this reason.. using LDAP groups makes it very easy. I didn't find a way of making it work with GSuite, but someone else here may have been more adventurous or creative! It "should" be technically possible with enough hacking, as the federated A

Re: [PacketFence-users] Restarting swicthports errors

gt; Hi, see my post "[PacketFence-users] pfappserver::Controller::Node broken > after update to 7.4" of 01-29 > > Il 02/02/2018 16:43, David Harvey via PacketFence-users ha scritto: > >> Sorry for all the mailing list spam. I've been having a bit of a >>

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

is in pull request #2735 on >> github. See https://patch-diff.githubusercontent.com/raw/inverse- >> inc/packetfence/pull/2735.patch >> >> You can apply that patch to get it working. Also see >> https://github.com/inverse-inc/packetfence/blob/ae18f50b >> 4879cc

[PacketFence-users] Restarting swicthports errors

Sorry for all the mailing list spam. I've been having a bit of a packetfence tinkering week! Since upgrading to packetfence 7.4 followed by applying the Unifi patch 2735.patch (the latter probably unrelated give

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

u can read though my earlier thread to see the > steps I took to get it working. > > > > Tim > > Sent from mobile phone > > > On Feb 1, 2018, at 10:15, David Harvey via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > This has be

Re: [PacketFence-users] Unifi APs and CoA

acketfence-users@lists.sourceforge.net> wrote: > > Hello David, > > the unifi AP is not yet correctly supported, there is some code about that > but you have to do some custom config on the Unifi controller. > Have a look at the mailing list archive about unifi. > > Regar

Re: [PacketFence-users] Packetfence RADIUS and Unifi Out of Band

This has been a fantastic resource for the thread I recently started (sorry for the repetition in it) I would add: I've added kick-sta to replace both the authorize and unauthorize guest commands in Unifi.pm It transpired my in house cert was upsetting things until I updated ca certs on the debian

Re: [PacketFence-users] Unifi APs and CoA

I should also note. I've just changed our APs from switch type hostapd to ubiquity::unify, added the controller IP (a docker image in my case), and also attempted to add the webservices field as details in the documentation: wsTransport=HTTPS wsUser=admin wsPwd=admin On Wed, Jan 31, 2018 at 6:00

[PacketFence-users] Unifi APs and CoA

Hi packetfence users, I just wanted to confirm a feature (or my undertsnading of). I'm using unifi access points with great success for portal login paired with EAP-TLS. Unregistered clients with certs land on the registration VLAN, and then have their proper vlans assigned by the portal login.

Re: [PacketFence-users] packetfence-pki on Debian Jessie

I feel like there are clues here which almost have me there: [wsgi:warn] [pid 31927] mod_wsgi: Compiled for Python/2.7.8. [Thu Jun 22 16:32:35.008061 2017] [wsgi:warn] [pid 31927] mod_wsgi: Runtime using Python/2.7.9. [Thu Jun 22 16:32:35.008275 2017] [wsgi:alert] [pid 31927] (2)No such file or di

[PacketFence-users] packetfence-pki on Debian Jessie

Hi packetfence users, I've been attmepting to experiment with packetfence-pki, but have fallen at the first hurdle. Namely there doesn't seem to be a Debian Jessie package avialable as advertised at https://packetfence.org/doc/PacketFence_PKI_Quick_Install_Guide.html (section 3.1) http://inverse.c

Re: [PacketFence-users] packetfence-pki on Debian Jessie

FWIW, I also get the same bad request error after forcing apt with: dpkg -i --ignore-depends=python-django-bootstrap3 packetfence-pki_1.0.4_all.deb On Thu, Jun 22, 2017 at 4:06 PM, David Harvey wrote: > Hi packetfence users, > > I've been attmepting to experiment with packetfence-pki, but have f