Hi,
I'm hoping someone could point me at some documentation which may provide
necessary steps to extend the MikroTik module to additionally support 802.1x
for ethernet.
I tried adding 'WiredDot1x' and 'WiredMacAuth' to
/usr/local/pf/lib/pf/Switch/Mikrotik.pm in the pf::SwitchSupports stansa bu
net
Cc: David Herselman
Subject: Re: [PacketFence-users] MikroTik dot1x (Ethernet not WiFi)
Hello David,
you are in the good tracks.
First you need to append that:
use pf::SwitchSupports qw(
WiredMacAuth
WiredDot1x
...
);
Then retry.
Also can you provide a raddebug output when you connect ?
radde
Hi Nicolas,
MikroTik have at least 3 integration options with their products. Most people
appear to want to integrate their centrally managed WiFi solutions called
CAPsMAN, but most of my integration to Packet Fence has been with individual
MikroTik routers with wireless interfaces. We have RAD
Hi again,
Enabling debugging on the router appears to reveal my problem:
22:18:30 radius,debug,packet received Access-Accept with id 128 from
192.168.55.55:1812
22:18:30 radius,debug,packet Signature = 0x
22:18:30 radius,debug,packet User-Name = "REDACTED\d
Hi Fabrice,
Even better! 😊
Herewith my minimal modifications, I’ll submit a patch after doing some more
testing but everything looks good so far:
--- Mikrotik.pm.orig2021-05-08 07:38:14.976719201
+0200
+++ /usr/local/pf/lib/pf/Switch/Mikrotik.pm 2021-05-19 23:05:
t the same between wifi and wired , you
can add the function wiredeauthTechniques in the switch module.
(https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L450)
Regards
Fabrice
Le mer. 19 mai 2021 Ã 22:04, David Herselman via PacketFence-
Hi,
I'm having problems registering devices, either via the portal (eg MAC based
authentication) or 802.1x.
I had originally logged an issue on Github
https://github.com/inverse-inc/packetfence/issues/6361 but closed it after the
issue disappeared for a while. Perhaps I have something wrong so
Hi Nicolas,
Selecting the profile 'Wireless_MAC', opening the preview, clicking through to
username/password and then entering the credentials for a user account that
does not exist in Packet Fence works perfectly. I get the message that access
was granted and the user account is created as ex
Everything also works when I disable both 'autoregister' and
'reuse_dot1x_credentials'. In that case I have to manually fill in the
credentials though...
Regards
David Herselman
From: David Herselman
Sent: Friday, 25 June 2021 4:45 PM
To: Quiniou-Briand, Nicolas ;
packetfence-users@lists.sour
Hi,
I would like to use SAML authentication on the captive portal to allow staff to
register via MFA. From my understanding I need to obtain the username in a
format that I can look up in the AD user authentication source.
The default username attribute in Packet Fence is
'urn:oid:0.9.2342.192
Hi,
So Lasso doesn't appear to parse the 'Name ID' from Azure. I added the
following rudimentary debugging to SAMLSource.pm:
[admin@packetfence2 logs]# diff -uNr
/usr/local/pf/lib/pf/Authentication/Source/SAMLSource.pm.backup
/usr/local/pf/lib/pf/Authentication/Source/SAMLSource.pm
--- /usr/loc
Hi Nicolas,
That's correct. I'm able to authenticate and the node gets registered together
with the user being created/updated via the portal, when using MAC based
authentication. 802.1x also works when I disable 'reuse_dot1x_credentials' and
enable 'autoregister'.
We would really like to get
Hi,
We are attempting to enforce LDAP signing or TLS encryption and have started by
auditing insecure LDAP binds in AD. An example how-to detailing steps to do:
https://azurecloudai.blog/2019/08/03/step-by-step-enforce-require-ldap-signing-on-domain-controllers-part-1/
We are using an 'Active Di
Hi,
We are having problems with PF 10.3 (Debian 9) not being able to de-associate
clients from UniFi controlled APs, with the following being logged in
packetfence.log:
Aug 9 08:42:51 packetfence pfqueue: pfqueue(14988) INFO:
[mac:c8:3d:d4:ac:e3:11] [c8:3d:d4:ac:e3:11] DesAssociating mac on sw
Hi,
We would like to be able to have an empty splash page, whereby aup_text.html is
completely empty and the 'I accept the terms' is replaced with 'Connect'.
I've managed to rename the button:
perl -i -pe 's/I accept the terms/Connect/g'
/usr/local/pf/html/captive-portal/lib/captiveportal/Packe
Hi,
We have a CheckPoint firewall which has been configured to replace DNS queries
to known malicious destinations with a bogus DNS trap IP, when devices then
subsequently attempt to connect to that DNS trap IP a reaction script can be
triggered. We are essentially looking for guidance on a web
": [\n {\n
"field": "ipv4",\n"op": "equals",\n"value": "'$USERIP'"\n
}\n]\n }\n}';
[davidh@linux-test ~]$ curl -X POST
https://packetfence.redacted.com:1443/api/v1/ip4logs/search -H "a
Hi Darren,
I appear to have a working solution but would love some comments on any
dangerous assumptions I’m making. Namely, that searching by IP will show the
most recent entry in the ip4log for a given IP’s node MAC address.
The following attempts to:
* Sanitize the input from CheckPoint
ecember 2022 15:55
To: packetfence-users@lists.sourceforge.net
Cc: David Herselman
Subject: Re: [PacketFence-users] Unregistering user's devices via API call?
Hi David,
The API can be used to manage nodes externally.
To get the list of nodes for a user:
curl 'https://localhost:1443/api/v1/no
Hi,
I have a connection profile setup to auto register nodes as a staffbyod role
when certain conditions are met. This however then overwrites manual role
assignments, for example when I manually update a node to have a role REJECT it
gets reset as having a staffbyod role when it reconnects.
I
20 matches
Mail list logo
