Jul 20 20:01:09 controller auth[139176]: (6582) Login OK:
>> [b6:da:e2:07:07:84] (from client 10.2.0.6/32 port 0 cli
>> b6:da:e2:07:07:84)
>
>
> Is there a way I could check what's happening on the Unifi controller or
> AP stack?
>
>
> Warm regards,
> Rexford A. Nyarko.
>
> However, this unknown client is 10.2.0.6 is my Unifi AP added by Mac
> Address.
> Do I need to remove it and add it via the controller using IP?
>
>
> Warm regards,
> Rexford A. Nyarko.
>
>
> On Fri, Jul 19, 2024 at 6:12 AM Enrique Gross via PacketFence-users <
nything happening when I try to
> connect a client to the open SSID. I can't figure out what I am missing.
>
> Warm regards,
> Rexford A. Nyarko.
>
>
> On Thu, Jul 18, 2024 at 4:07 PM Enrique Gross via PacketFence-users <
> packetfence-users@lists.sourceforge.net&
the client devices are unable to get an IP. so they just disconnect
>>> once you try to connect.
>>>
>>> I have also checked the logs, there isn't anything happening when I try
>>> to connect a client to the open SSID. I can't figure out what I am missing.
>>
portal.
> Do I need to make the registration VLAN 20 the default /untagged VLAN on
> the trunk ports? In that case, the AP can directly communicate with PF on
> the default network. Thanks in advance.
>
> Warm regards,
> Rexford A. Nyarko.
>
>
> On Wed, Jul 17, 2024 at 8
Hi Rexford
Hope you are doing well
When configuring SSID on the Unifi side with Radius, it is ok that you can
not set VLAN 20 as registration. On the PF side, it's in the roles (Role
mapping by VLAN ID) when configuring APs that you will set up your VLAN for
registration, prod or other vlan.
Hi Josep
What do you see on the mikrotik log side when you debug radius? it
would help to see if you are getting radius messages from the PF
server.
Also, packetfence.log will also provide some info regarding the user
authentication.
What CAPSMAN version are you using?
Enrique
El mar, 25 jun
Hi Elia
I enabled CoA on Unifi Controller and on PacketFence "Switches" section I
> added the AP through his IP, then I configured: SNMP strings, WebServices
> (https), RADIUS secret password, associated VLAN IDs with Roles, specified
> Unifi Controller IP address, enabled deauth wih CoA,
gt; Enrique
>>
>> El vie, 16 feb 2024 a las 23:44, Lucas Guimaraes
>> () escribió:
>>>
>>> Hi Enrique,
>>>
>>> Yes, switching to the legacy interface, we can see the Radius CoA (Beta for
>>> ages hehehe) in the SSID as soon as you en
> auth enabled as we know Radius works in Unifi but it still shows the same
> error yet.
>
> It's kind frustrating tbh :/
>
> I hope someday any dev from pf / unifi could help us with that.
>
> I think many people are looking forward to that ^^
>
> On Fri, 16 Feb 2024, 08:17 Enr
Hi Mike, Hi Lucas
I have read somewhere that there were issues with web authentication
and Unifi appliances like UDM. I remember configuring web auth but I
now use RADIUS CoA and it works well. I admit I'm a few versions
behind on my Unifi controller, and this double UI issue is kind of a
Hi Reese
You can use certbot to generate your certificate for packetfence, when
using --preferred-challenge dns you will be prompted to create a dns
challenge, as a TXT record on your DNS zone, after validation you will
have a valid cert for that domain name. Then, just paste the
certificate and
Hi PF users
When Google Chrome browser is set up as default on Windows 11 I'm getting
no network detection after successful registration.
I know that the banner is quite self explanatory and users can open a new
tab and get network access, that works ok. But sometimes users are stuck on
this and
javascript implementation. We just need to get the iPhones fixed
>>> until RFC8908 is supported. I can see it has been discussed
>>> <https://github.com/inverse-inc/packetfence/issues/7040> but it seems
>>> what used to work in IOS 13/14 using the RFC7710bis
>&
till trapped
> based on reachability to the captive portal URL.
>
> I believe if we can somehow separate the ConfNet.PortalFQDN used by the
> captive portal redirect from the one used in email activation, we can use
> our Default network local DNS to make the current RFC7710bis
023 a las 19:59, Ian MacDonald () escribió:
>
> Quick inline response to your questions; Thank you for having a peek.
>
> On Tue, Jan 24, 2023 at 5:45 PM Enrique Gross via PacketFence-users
> wrote:
>>
>> Regarding DNS, domain resolves to your public address? is that
>>
Hi Ian
Regarding DNS, domain resolves to your public address? is that
correct? And that is the same domain as captive portal?
On your topology, port 80/443 redirected to “PF redirection URL”?
Enrique
El mar, 24 ene 2023 a las 8:19, James Andrewartha via
PacketFence-users ()
escribió:
>
> Hi
Hi Jorge
As long routing is in place you can reach PF management interface, have a
look here
https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_routed_networks
There is good info a considerations on routed networks
Have a nice day, Enrique.
El jue, 5 ene 2023 a las 13:36,
Hi
I'm using PF with Unifi APs for VLAN Enforcement on routed networks, works
really well, but I have not tried Web auth, i can run a lab with the last
PF version and UAPs firmware and controller version.
I will set up the lab and configure it with web auth following the wiki
I will post the
Hi Rob
I use certbot with dns challenge, then you can copy the keys via web page
Enrique
El jue, 13 oct 2022 a las 12:58, Rob Kenny via PacketFence-users (<
packetfence-users@lists.sourceforge.net>) escribió:
> Hi,
>
> I'm currently trying to use the lets Encrypt option in the SSL
>
Hi John
Have you followed the documentation regarding Unifi? Are you using MAB and
VLAN enforcement? or portal redirection?
Enrique.
El jue, 13 oct 2022 a las 13:00, John Vreeland via PacketFence-users (<
packetfence-users@lists.sourceforge.net>) escribió:
> Can someone assist with this I
Hi Adrián
I have a group of unifi APs doing radius packetfence magic vía L2TP/IPSEC
tunnel. No issues so far.
Maybe I can help you, it's your routing ok? any NAT between your APs and
packetfence management address? Where is your UNIFI controller located? I'm
not really a fragmentation/MTU
Hi kassindye
Have you double checked if the portal redirection settings on the new
UNIFI controller are OK? I remember having issues when importing
settings within controllers
What's the additional information regarding that certificate on the
screenshot you sent? your new Unifi controller can
Federico,
Your config seems to be ok, and you follow the docs accordingly. I have
tested erasing APs by MAC as switches, and only the controller seems to
work for webauth, which is great and you are right, it is not necessary to
add the APs.
First, try to get working the unifi external portal
Hi Federico
We don't use webauth with Unifi, but i remember there was a post about this
issue
After adding the Unifi Controller to PF, have you tried to add the unifi
APs as a switch (by mac address)? Also, have you got a valid certificate on
PF?
On the unifi side i use "use secure portal
er is DHCP server, configuring DHCP relay informs PF of new devices IP
> addresses
> >
> >
> >
> > Enrique.
> >
> >
> > El mié, 6 oct 2021 a las 17:16, David Moore ()
> escribió:
> >
> > Hi Enrique,
> > I'm using ubiquiti unifi switch
t interface have the DHCP listener
> daemon turned on?
>
> Thanks
> Dave
>
>
> From: Enrique Gross via PacketFence-users
>
> Sent: Wednesday, October 6, 2021 9:40 AM
> To: packetfence-users@lists.sourceforge.net
>
> Cc: Enr
Hi PF users,
I'm running CAPSMAN with Mikrotik, CAPSMAN is still not working with
RADIUS disconnect, i have contacted Mikrotik support and they have
confirmed this is still not supported when running CAPSMAN
I'm running PF 11 on CentOS 8, when i change de-auth default back to
SSH on Mikrotik
alla gold, which also the dhcp server. I'm not sure where to
> include the ip helpers? Should the PF management interface have the DHCP
> listener daemon turned on?
>
> Thanks
> Dave
>
> --------------
> *From:* Enrique Gross via PacketFence-users <
>
Hi Dave, hope you're doing well
Are you using ip helpers on those production vlans? look at the docs
for "27.2. Production DHCP access"
Enrique
El mié, 6 oct 2021 a las 2:33, David Moore via PacketFence-users
() escribió:
>
> I'm running the latest version of Packetfence ZEN. I have pretty
1:d6:fd] controllerIp is set,
>>> we will use controller 10.2.2.1 to perform deauth
>>> (pf::Switch::Mikrotik::radiusDisconnect)
>>> Dec 14 20:58:18 radius packetfence_httpd.webservices:
>>> httpd.webservices() WARN: [mac:5c:e0:c5:c1:d6:fd] Unable to perform
>>
Unable to perform
>> RADIUS Disconnect-Request. Disconnect-NAK received with Error-Cause:
>> Unsupported-Extension. (pf::Switch::Mikrotik::radiusDisconnect)
>>
>>
>>
>> On Fri, Dec 11, 2020 at 5:43 PM Durand fabrice via PacketFence-users <
>> packetfence-users@li
Hi PF users! Hope you all doing well
Hi Fabrice,
I have read the mail Adrian sent you regarding COA and Mikrotik. I
have been using SSH to disconnect CAPSMAN devices, but I was
interested in using Radius COA.
This is the output of radsniff after successful registration at the
captive-portal,
Uzzi,
Hi!
I'm doing some testing with Mikrotik and packetfence, I'm interested in PPP
authentication, CAPSMAN and MAB authentication with VLAN assignment, and
Mikrotik has also implemented dot1x on their last RouterOS versions so i
would like to test that too.
On what stage are you on your
Hi Uzzi
Are you using CAPSMAN, on Mikrotik?
Enrique
El lun., 9 nov. 2020 a las 3:27, Andrea Lenarduzzi via PacketFence-users (<
packetfence-users@lists.sourceforge.net>) escribió:
> Hi I've this issue:
>
> one miktrotick controller with SSID
> vlan isolation
> vlan registration
> vlan
Hi Mickael
Have you tried to enable "Automatically register devices" on your
connection profile?
Have a nice day, Enrique
El lun., 9 nov. 2020 a las 3:28, Mickael BOUBALA via PacketFence-users
() escribió:
>
> Hi,
>
> I'm trying to do a Wireless 802.1X and MAC authentication without using
>
'N/A', '0', '0',
> '', '', 'NAS-Port-Type =3D Virtual, Acct-Session-Id =3D =2281d00cdf=22,
> PacketFence-Radius-Ip =3D =22X.X.X.X=22, Service-Type =3D Framed-User,
> Called-Station-Id =3D =22X.X.X.X=22, Realm =3D =22null=22, NAS-IP-Address
> =3D X.X.X.X, PacketFence-NTLMv2-Only =3
gt; (727) Mon Oct 26 15:54:22 2020: Debug: attr_filter.access_reject:--> coyo
> (727) Mon Oct 26 15:54:22 2020: Debug: attr_filter.access_reject: Matched
> entry DEFAULT at line 11
> (727) Mon Oct 26 15:54:22 2020: Debug: [attr_filter.access_reject] =
> updated
> (72
: MS-CHAP-Error = "\001E=691 R=0
C=c86ce57de86611d248ddad2f2eb690ab V=3 M=Authentication failed"
(727) Mon Oct 26 15:54:27 2020: Debug: Cleaning up request packet ID 132
with timestamp +10785
(728) Mon Oct 26 15:54:30 2020: Debug: Received Status-Server Id 199 from
127.0.0.1:
Hi Packetfence Users,
Hope you are doing fine
I am struggling to authenticate PPP users via MSCHAP with local PF
authentication, my switch is a Mikrotik device, I am forwarding
authentication via Radius to packetfence server.
I am getting error
(144) Login incorrect (mschap: Program returned
Hi,
Hope you can help me.
I'm having problems to set up registration interface and captive portal.
Nodes are sent to registration VLAN after Radius VLAN assignment. DHCP
configuration is ok on PF and devices are getting correct IP, gateway
and DNS config. But portal access y not working.
I can
41 matches
Mail list logo