Re: [PacketFence-users] port-security and snmptrap not working

Hello, if the snmptrapd and the pfqueue snmp processes are running then it can be the community that is wrong. Also i have already seen this kind of issue because of /etc/host.deny. Last thing, you can use strace to see why the snmp trap is not received. Regards Fabrice Le 19-07-11 à 09

Re: [PacketFence-users] WMI problem， pf9.0.1 not trigger any security events

Hello Cheung, can you share your wmi.conf file ? (remove sensible information) Regards Fabrice Le 19-07-10 à 22 h 06, Cheung Paul via PacketFence-users a écrit : Problem 1:  Packetfence not show wmi tab on noed wmi rules , it is a windows os device

Re: [PacketFence-users] Errors with radius from packetfence-multi-domain.pm on 9.0.1

Hello Davis, can you post your realm.conf and can you try pfcmd configreload hard Regards Fabrice Le 19-07-08 à 04 h 39, David Ford via PacketFence-users a écrit : Hello, We’ve recently upgraded our packetfence setup from 8.0 on Debian Jessie to 9.0.1 on Debian Stretch, and have applied

Re: [PacketFence-users] 802.1x Max nodes per user...

Hello, it's probably because in your authentication source no rules match and it doesn't return any role and access duration. use bin/pftest to be sure that your username match with a rule. Regards Fabrice Le 19-07-08 à 23 h 58, esouzabh--- via PacketFence-users a écrit : I’m facing the

Re: [PacketFence-users] HP switches and Avaya Phones

Hello Mike, you need to enable lldp on the switch and probably enable lldp-med on the phone too. Last think enable voip on the switch configuration (pf side). Regards Fabrice Le 19-07-09 à 03 h 57, Mike McGeer via PacketFence-users a écrit : Hi all. We have Packetfence 9.01 implemented

Re: [PacketFence-users] Fingerbank Node Info Refresh

Hello Shirley, what you can try is to configure a security event with a trigger based on fingerbank and it's suppose to do the lookup for each devices. Regards Fabrice Le 19-07-09 à 06 h 24, Shirley, Benjamin via PacketFence-users a écrit : Hi, it’s not clear to us when Packetfence

Re: [PacketFence-users] Manage AD password expiration

Hello Enrico, under mac osx you can have a 'system' wireless profile which is a kind of machine authentication. https://gist.github.com/bruienne/fa2360146d8cb046ffde Regards Fabrice Le 19-07-09 à 13 h 08, Enrico Pasqualotto via PacketFence-users a écrit : Hello, I'm searching a solution

Re: [PacketFence-users] Using Captive Portal to Detect AV

Hello Chadwick, you will need to use wmi if it's windows laptop or a MDM for the other devices. Regards Fabrice Le 19-07-09 à 23 h 55, Chadwick Boseman via PacketFence-users a écrit : Please help me, I am stuck on this part On Mon, Jul 8, 2019 at 3:57 PM Chadwick Boseman

Re: [PacketFence-users] Radius Integrations with Packetfence

Hello Alina, if the user type his username and password on the portal then you need to create a radius source. Regards Fabrice Le 19-07-11 à 05 h 10, Alina Haider via PacketFence-users a écrit : Hi all, Actually I wanted to integerate external Radius Server with packetfence. Basically

Re: [PacketFence-users] Orthographic Error - Web Portal

Hello Rodrigues, can you check in the db to see if the encoding is correct ? (table pf.person) Regards Fabrice Le 19-07-11 à 08 h 03, Felipe Rodrigues via PacketFence-users a écrit : Any ideia? Sent from my iPhone On 8 Jul 2019, at 14:52, Felipe Rodrigues

Re: [PacketFence-users] Captive Portal Load Balancing with F5

Hello Domingos, you just need to configure on the f5 the 2 portals (like http://10.0.0.1 and http://10.0.0.2) and terminate the ssl tunnel on the F5. Be sure to add the X-Forwarder-For attribute in the f5. Regards Fabrice Le 19-07-11 à 12 h 10, Domingos Varela via PacketFence-users a

Re: [PacketFence-users] Server logs error

Hello BR, it looks to be slow disk. Regards Fabrice Le 19-07-11 à 12 h 11, Domingos Varela via PacketFence-users a écrit : Hi, Please, Can anyone help me understand these events? Thanks BR Cumprimentos,* Domingos Varela* Tel. +244 923 229 330 | Luanda - Angola Domingos Varela

Re: [PacketFence-users] [PF 9.0.1] Clustering Active/Active Issue

Hello, Try that: systemctl set-default packetfence-cluster and check you cluster.conf file if there is no error. Regards Fabrice Le 19-07-03 à 06 h 07, pro fence via PacketFence-users a écrit : Hi, i am configuring an active/active 3 mariadb servers cluster. The proble is that i can't

Re: [PacketFence-users] [packetfence 8.3] Active/Passive cluster

Hello Pro, are you using packetfence-mariadb service in pcs or just mariadb ? Regards Fabrice Le 19-06-13 à 05 h 23, pro fence via PacketFence-users a écrit : Hello, does somebody know why when mariadb is started with pcs cluster it becomes impossible to connect to mysql directly on the

Re: [PacketFence-users] How to configure vlan VMware esxi - web auth Captive porta

Hello Roberto, Le 19-06-12 à 23 h 53, Casagrande Roberto, SEDE CENTRALE - GUBBIO, Colacem S.p.A. via PacketFence-users a écrit : Sorry but I don’t find how to create a trunk port to VMware or I don’t know if I configured well the server PF for work with vlan. Please can I have a support?

Re: [PacketFence-users] Device not terminated after email registration failed.

Disconnect-Request: No answer from 10.20.21.51 on port 3799 at /usr/local/pf/lib/pf/util/radius.pm <http://radius.pm> line 147. (pf::Switch::Ruckus::SmartZone::catch {...} ) On Wed, Jun 12, 2019 at 11:20 AM Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourcefor

Re: [PacketFence-users] Node Manager Lockdown

Hello Stuart, we still working on it: https://github.com/inverse-inc/packetfence/pull/4558 Regards Fabrice Le 19-06-12 à 12 h 10, Stuart Gendron via PacketFence-users a écrit : Playing around with the Node Manager Admin Role to try and lock things down so the user can only change nodes to

Re: [PacketFence-users] Device not terminated after email registration failed.

Hello Scott, i will need to see the content of packetfence.log to see what happen. Regards Fabrice Le 19-06-12 à 12 h 59, Lu, Scott via PacketFence-users a écrit : Hi, I have configured PF9 captive-portal for Guest registration and send email for "Network access activation", 1. Guest

Re: [PacketFence-users] Is RADIUS account from packet fence deployed inline possible?

Hello Steve, it's already suppose to send the ip address of the device in the radius accounting packet: https://github.com/inverse-inc/packetfence/blob/devel/go/firewallsso/checkpoint.go#L45 Regards Fabrice Le 19-06-12 à 05 h 06, AOL a écrit : Thanks Fabrice. that started the RADIUS

Re: [PacketFence-users] Issues with PacketFence Captive Portal configuration

Hello Felipe, Le 19-06-11 à 13 h 08, Felipe Rodrigues via PacketFence-users a écrit : Hi guys, Just help me to clarify one thing: - The registration interface is isolated in packetfence right? Does this interface need internet access or need to access the ip adress configured on the

Re: [PacketFence-users] Reject node with MAC Authentication

Mac Auth requests in my source or on the portal and then send a reject. Or just disable MAB on the switch ;) Tobias Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> schrieb am Di., 11. Juni 2019, 16:25: Le 19-06-11 à 10 h 03, Adrian Dess

Re: [PacketFence-users] Reject node with MAC Authentication

Le 19-06-11 à 10 h 03, Adrian Dessaigne via PacketFence-users a écrit : Is it in the "Role" tab in the switch configuration ? I only see the REJECT Role. And in my role list, I don't see the "unreg" one. Do I have to create it or it is somewhere else ? Regards, Adrian

Re: [PacketFence-users] Reject node with MAC Authentication

Hello Adrian, just set the vlan id for the unreg role to -1. Regards Fabrice Le 19-06-11 à 08 h 00, Adrian Dessaigne via PacketFence-users a écrit : Hello everyone, PacketFence native configuration always accept MAC Authentication. If the device is unreg, it's put in Registration VLAN, or

Re: [PacketFence-users] DHCP Errors on Packetfence and Debian 9

Hello Thomas, i see what is the issue. i will patch it and the new binary will be available tomorrow from the maintenance (pf-maint.pl). Regards Fabrice Le 19-05-23 à 09 h 51, Thomas OLIVIER via PacketFence-users a écrit : Hi All, I've got an issue on my PacketFence fresh install on

Re: [PacketFence-users] SG300 port showing up wrong

Hello Stuart, yes it's possible but when you plug in the port 2 is it the port 50 who appear in the log ? Regards Fabrice Le 19-05-21 à 11 h 42, Stuart Gendron a écrit : Logs below: May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing connection (106): Hit

Re: [PacketFence-users] Cisco ASA VPN Configuration in PF 9.0

Hello Cristian, first you need to fix your authentication source apra-user-auth-dc01 and add a authentication rule that return a role and an access duration. (use:  /usr/local/pf/bin/pftest authentication c.mammoli bob  apra-user-auth-dc01) After that you should be able to see a role

Re: [PacketFence-users] Captive Portal-Computer not found in database

What you can try, even if it's an aruba controller is to use the Aruba Instant access module instead(we did it because the CoA changed on this equipment) curl https://patch-diff.githubusercontent.com/raw/inverse-inc/packetfence/pull/4211.diff | patch -p1 Also is it a Aruba COntroller in

Re: [PacketFence-users] OS Update breaks Captive Portal

Hello Kalcho, it looks to be the static content that is not working. Can you check if httpd.dispatcher is running correctly ? Regards Fabrice Le 19-05-15 à 03 h 16, Kalcho via PacketFence-users a écrit : Hello, I have packetfence 8.1 running on CentOS 7, after last CentOS update, captive

Re: [PacketFence-users] JSON error Go Struct - Inline mode

It will be in 9. Le 19-04-29 à 11 h 04, Thomas OLIVIER via PacketFence-users a écrit : Will PF support Debian 9 in the next minor release or in the next major 9.0 ? Thomas. On 29/04/2019 15:10, Fabrice Durand via PacketFence-users wrote: Hello Thomas, i just pushed the patch in devel

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

ff.service loaded active running PacketFence radsniff Service packetfence-redis-cache.service loaded active running PacketFence Redis Cache Service   packetfence-redis_queue.service thanks in advance, regards On Mon, 29 Apr 2019 at 15:15, Fabrice Durand via PacketFence-users <mailto:

Re: [PacketFence-users] Blank captive portal with cisco wlc 5508

Hello pro, you just need to add and additional listening daemon on the management interface: https://@mgmt_ip:1443/admin/configuration#configuration/networks/interfaces Then restart packetfence. Regards Fabrice Le 19-04-29 à 08 h 49, pro fence via PacketFence-users a écrit : Hi,  thanks

Re: [PacketFence-users] JSON error Go Struct - Inline mode

"ip"  => $src_ip }); } else { call_ipsetd("/ipset/mark_ip_layer2?local=0",{                  "network" => $network, -    "role_id" => "&

Re: [PacketFence-users] JSON error Go Struct - Inline mode

Hello Thomas, can you try that: diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm index 63273f6c45..fcdb41872a 100644 --- a/lib/pf/ipset.pm +++ b/lib/pf/ipset.pm @@ -410,13 +410,13 @@ sub update_node {   if ($ConfigNetworks{$network}{'type'} =~ /^$NET_TYPE_INLINE_L3$/i) {

Re: [PacketFence-users] Network detection issue

Hello Leandro, can you report the bug on github and we will take care of that. https://github.com/inverse-inc/packetfence/issues/new Thanks Fabrice Le 19-04-24 à 15 h 05, Leandro Ude via PacketFence-users a écrit : I think i fixed , and it's a bug

Re: [PacketFence-users] Dashboard charts

Hello Barry, you have the choice to disable epel repo. Regards Fabrice Le 19-04-24 à 19 h 31, Barry Quiel via PacketFence-users a écrit : Unfortunately I don't have much of a choice.  Because of our patch policy I disable the PF repo.  The manual steps generally required in a PF update

Re: [PacketFence-users] New user here - A few questions

Hello Jason, Le 19-04-15 à 23 h 28, Jason Salmans via PacketFence-users a écrit : Hi all, I’ve got a Packetfence server set up to evaluate and I’ve got a few questions.  First, a bit about my environment… I’m working with Cisco WLC with mostly 2700 series APs with a few 702w or 1810w

Re: [PacketFence-users] ?==?utf-8?q? Captive portal issue with multiple SSIDs and multiple connection profiles

Hello Craig, For the connection profile the first match win. So you need to verify the filter you set for each connection profile. Also be sure that packetfence is able to extract the ssid and you can also test with pftest binary. Regards Fabrice Le Jeudi, Avril 11, 2019 03:02 EDT, Craig Strydom

Re: [PacketFence-users] ?==?utf-8?q? Node status triggering disauthentication

Hello Bram, You probably have unregister on accounting stop enable on your setup. It's in radius configuration in packetfence admin Gui. (Sorry I don't have the admin Gui in front of me right now) Regards Fabrice Le Jeudi, Avril 11, 2019 06:29 EDT, Bram Wittendorp via PacketFence-users a

Re: [PacketFence-users] Issue with 802.1x and MAC authentication

to do 802.1x authentication, it then fallsback to MAC address authentication. This may not be possible with my current setup... Is there something on the PacketFence side that will wait a bit before sending the request to put the switchport in the registration VLAN? On Thu, Apr 4, 2019 a

Re: [PacketFence-users] Issue with 802.1x and MAC authentication

Hello Stuart, Le 19-04-04 à 13 h 38, Stuart Gendron via PacketFence-users a écrit : Just getting started with PacketFence and am struggling with something. So I'm using a Cisco SG300 as my test switch, and it does both 802.1x and MAC address authentication (MAB). I'm finding that once I

Re: [PacketFence-users] EAP Authentication + LDAP

Hello Felipe, Le 19-03-25 à 09 h 38, Felipe Rodrigues via PacketFence-users a écrit : Hi guys! Can anyone help me to configure EAP Authentication (802.1x) with OpenLDAP server? I looked the PacketFence manual, chapter 16, about Advanced Radius Configuration and found the information about

Re: [PacketFence-users] DHCP Issues

Hello Sean, can you try that: curl http://127.0.0.1:2/api/v1/dhcp/stats/eth0.3 | python -m json.tool and paste the result. Regards Fabrice Le 19-03-21 à 11 h 32, Seán Mac Lochlainn via PacketFence-users a écrit : Hi Nicolas, I created an external DHCP server in Windows Server and

Re: [PacketFence-users] How to determine the IP addresses without dhcp

Hello Piotr, you can try with the accounting, maybe the ip is in the attribute Framed-IP-Address Regards Fabrice Le 19-03-17 à 08 h 36, Piotr Maczek via PacketFence-users a écrit : Hi all, I have running instance of PacketFence with 802.1x protocol (Out-of-band). I also configured "IP

Re: [PacketFence-users] option 82 not working

Hello saskatooner, you need to send the dhcp traffic to PacketFence. https://github.com/inverse-inc/packetfence/blob/devel/docs/PacketFence_Installation_Guide.asciidoc#dhcp-remote-sensor Regards Fabrice Le 19-03-17 à 01 h 58, saskatooner Canada via PacketFence-users a écrit : Hi everyone

Re: [PacketFence-users] Password Of The Day

Hello John, yes it's possible, you just have to select mandatory fields in the portal module. Regards Fabrice Le 19-03-12 à 07 h 59, John Sayce via PacketFence-users a écrit : Is it possible to use password of the day, but also capture names, emails, phone numbers, etc? Thanks John

Re: [PacketFence-users] Confirm that PF can be used to do 802.1x with VLAN and in-line

Hello Tony, you can do that with inline network but there is a limitation. When a device is in the inline network then it mean that the locationlog changed to inline and after that there is no way to disconnect the device from the equipment because PacketFence think that it's inline. What

Re: [PacketFence-users] [External] Re: VOIP Troubles with Dell Switches

Ok just the docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc file whish is docimentation. So go ahead. Le 19-02-28 à 13 h 23, Truax, Peter via PacketFence-users a écrit : I tried the dry-run and this was the result.  Looks like it failed, but I am not sure how to fix.

Re: [PacketFence-users] Make PF function as NAT/Firewall with Radius and VLAN enforcement

nd NAME from the ifcfg-eth0 file? I have not been able to find anywhere in the GUI to add a MAC address. Is there somewhere I can make a mod to fix this? Not sure if many people use the "old" way but there are a few benefits in doing so in certain circumstances. Maybe this could be added i

Re: [PacketFence-users] Make PF function as NAT/Firewall with Radius and VLAN enforcement

Hello Tony, Le 19-02-17 à 23 h 22, Tony W via PacketFence-users a écrit : Hi Fabrice, Thank you for that. So for PF, set 1 external interface (WAN) with Internet access (Inline) No a management one with internet access Then set at least 1 internal interface (LAN) with VLAN's, say 10 for

Re: [PacketFence-users] LDAP Authentication Source Base DN and Scope are not followed.

Hello Benjamin, can you try that: https://github.com/inverse-inc/packetfence/compare/fix/unset_role_on_autoreg.diff Regards Fabrice Le 19-01-22 à 09 h 05, Fabrice Durand via PacketFence-users a écrit : Hello Benjamin, what i can do is to add an connection profile option that will unset

Re: [PacketFence-users] LDAP Authentication Source Base DN and Scope are not followed.

e that can be applied so that this does not happen in production, or is there another solution that can be used? It is not desirable for us to have users potentially be able to login with out-of-scope accounts. Thank you, Ben -Original Message----- From: Fabrice Durand via PacketFence-users Sent:

Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration

the DEBUG is on now Thanks Will *From:*Fabrice Durand via PacketFence-users *Sent:* 17 January 2019 15:45 *To:* packetfence-users@lists.sourceforge.net *Cc:* Fabrice Durand *Subject:* Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration No

Re: [PacketFence-users] Packet Fence email activation not working.

Hello Justin, do you have the source code of the email ? Regards Fabrice Le 19-01-17 à 12 h 29, Justin Hartman via PacketFence-users a écrit : Hello everyone, This is my first time posting here and I am hoping someone can shed some light on an issue I am having. After spending what I

Re: [PacketFence-users] PF 8.3 configurator loop in first page

Hello Medhi, if it's on Centos then you need to run pf-maint.pl to fix it (restart httpd.admin of course) or set you browser in english. Regards Fabrice Le 19-01-17 à 10 h 42, Mehdi-Gabriel Mjahad via PacketFence-users a écrit : Hello, I installed Packetfence 8.3 on a fresh CentOS

Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration

No, the logs are not in debug. You can restart httpd.aaa to force it. Le 19-01-17 à 10 h 11, Will Halsall via PacketFence-users a écrit : I hope this is correct Thanks WillH *From:*Fabrice Durand via PacketFence-users *Sent:* 17 January 2019 13:50 *To:* packetfence-users

Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration

included the radius debug logs and packetfence.log Thanks WillH *From:*Fabrice Durand via PacketFence-users *Sent:* 16 January 2019 14:40 *To:* packetfence-users@lists.sourceforge.net *Cc:* Fabrice Durand *Subject:* Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role

Re: [PacketFence-users] active directory authentication to web interface

Hello Matteo, check in the file httpd.admin.log, the answer is probably here. Regards Fabrice Le 19-01-16 à 07 h 16, Matteo De Lazzari via PacketFence-users a écrit : Uhm... Fabrice, I'm sorry again; I can't make it works. I joined the domain, I created a realm and finally I created an

Re: [PacketFence-users] fields in nodes view

You can add column or if you want to change the default then you need to edit the code for that: https://github.com/inverse-inc/packetfence/blob/devel/html/pfappserver/lib/pfappserver/PacketFence/Controller/Node.pm#L52 Regards Fabrice Le 19-01-16 à 05 h 14, Matteo De Lazzari via

Re: [PacketFence-users] LDAP Authentication Source Base DN and Scope are not followed.

Hello Benjamin, so i think i know what happen, you are using the ldap source just for authorization and if there is no rules that match then packetfence will use the role of the device. Can you try to remove the role of the device and make another try ? Thanks Fabrice Le 19-01-15 à 21 h

Re: [PacketFence-users] Packetfence 8.3.0 + Eduroma cannot set the Role or the Access Duration

Hello Will, i have pushed something in the maintenance branch. Can you run /usr/local/pf/addons/pf-maint.pl then restart packetfence and make another try. Btw let me know if it fix the issue. Thanks Fabrice Le 19-01-16 à 06 h 38, Will Halsall via PacketFence-users a écrit : Hi Fabrice

Re: [PacketFence-users] Inline Routed Network - Traffic Dropped by IPtables

Hello Lindsay, can you send the file /usr/local/pf/var/conf/iptables.conf and the result of the command "ip route" Thanks Regards Fabrice Le 19-01-14 à 10 h 03, Lindsay, Ross M via PacketFence-users a écrit : Greetings, All! We’re working on a pilot of PacketFence to replace a

Re: [PacketFence-users] SSL Certificate for portal

/usr/local/pf/conf/ssl/server.pem is for haproxy and /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf is for the admin gui and usr/local/pf/conf/radiusd/eap is for radius. It's 3 different things and not related, so to fix the portal fix server.pem. Regards Fabrice Le 18-12-21 à 13

Re: [PacketFence-users] Wireless Mac Authentication Connection Profile Settings

Hello Kalcho, first take a look in the radius audit log and see what is the radius request sent by the WLC. Also mac filtering is mandatory to do mac auth on an openssid. So enable it and go back in the radius audit log to see the radius request and what packetfence answered. Regards

Re: [PacketFence-users] 802.1X TTLS PAP ... does it works ?

al/pf/raddb/modules/ldap following this guide: 16.3 EAP Authentication. but tell more about because this file /usr/local/pf/raddb/sites-available/packetfence-tunnel shows nothing about pap. Is it normal that in this file there are only ldap and eap authorize module ? Thanks a lot again !

Re: [PacketFence-users] CoA with Cisco WLC 2500 not working

Hello Kalcho, first redefine your switch config it's not [10.20.0.10/24] but it should be [10.20.0.0/24] or [10.20.0.10]. Then retry. Regards Fabrice Le 18-12-21 à 03 h 24, Kalcho via PacketFence-users a écrit : Hello all, I have problem using CoA with Cisco WLC 2500. When I try to

Re: [PacketFence-users] 802.1X TTLS PAP ... does it works ?

Hello Enrico, you need to add manually the ldap server in the freeradius configuration. (https://packetfence.org/doc/PacketFence_Installation_Guide.html#_eap_authentication_against_openldap) Regards Fabrice Le 18-12-20 à 10 h 15, Enrico Becchetti via PacketFence-users a écrit :   Hi

Re: [PacketFence-users] PF8.2 Cluster dashboard problem

Hello, in fact it's an issue with the netdata package, you need to do yum update netdata Regards Fabrice Le 18-11-29 à 10 h 08, Ludovic Zammit via PacketFence-users a écrit : Hello, It’s normal, you will to have some data first to display them. Try connecting some device and check

Re: [PacketFence-users] PF UniFi OOB, not using UniFi-controller?

I also did some test and it's possible to configure CoA on the AP itself by editing the hostapd config: radius_das_port=3799 radius_das_client=192.168.1.123 bob but when the configuration is updated from the controller then the config is removed. Regards Fabrice Le 18-11-30 à 06 h 32,

Re: [PacketFence-users] Different SNAT interfaces for different inline layer 2 interfaces

Hello Murilo, it depend of the routing table in the PacketFence server. Also you can use iproute2 to create dynamic routing based on the source interface. Regards Fabrice Le 18-11-30 à 07 h 29, Murilo Calegari via PacketFence-users a écrit : Hi, We've got two Inline Layers in our

Re: [PacketFence-users] Using eduroam as an authentication source for switch access?

Hello, in fact it work but you need to define another radius port for that and in the switch config it's not possible. So yes Murilo is true, you need to wait for the 8.3 release where you will be able to configure PacketFence as a proxy to the eduroam radius server. Regards Fabrice Le

Re: [PacketFence-users] EAP-TLS Computer and User Auth

Hello Wifi, Le 18-12-03 à 09 h 18, Wifi Guy via PacketFence-users a écrit : Hi All, I seem to now have this working to a degree. I have two authentication sources setup. One for servicePrincipalName and one for sAMAccountName. So if a windows machine is booted up, pre any login/sign in,

Re: [PacketFence-users] Inline enforcement and unauthenticated user's access

Le 18-12-04 à 11 h 30, Eric Rolleman via PacketFence-users a écrit : Does packetfence block all outside access to devices behind an inline configuration until the user has authenticated? Yes except if you defined passthrough in the configuration. I know it won’t resolve DNS for anything,

Re: [PacketFence-users] Portal Captive

Yes or you will finish like Claude Francois. Le 18-11-23 à 09 h 06, Ludovic Marcotte via PacketFence-users a écrit : On 2018-11-23 8:30 AM, G PL via PacketFence-users wrote: I dry a little bit. Better not use PacketFence when you're all wet. -- Ludovic Marcotte lmarco...@inverse.ca ::

Re: [PacketFence-users] Eduroam local login

ks if I use the @farn-ct.ac.uk <mailto:samaccountn...@farn-ct.ac.uk> Can I modify this to use the userPrincipalName (mail address) w.hals...@farn-ct.ac.uk <mailto:w.hals...@farn-ct.ac.uk> by either using ldap or using ldap with a filter to retrieve the sAMAccountName Tha

Re: [PacketFence-users] pfdhcp providing duplicates IP.

Hello DIego, i am working on it and found the issue. I test the code and it will be soon available in the maintenance branch (pf-maint.pl). Regards Fabrice Le 18-11-07 à 11 h 20, Diego Lopes da Cruz via PacketFence-users a écrit : Hi! Some clients are complaining about browsing problems,

Re: [PacketFence-users] Eduroam local login

Hello Will, i think it's because the username is not stripped on the ntlm_auth call. Can you strip it in the farn-ct-ac-uk realm config ? It's like that right now: realm farn-ct.ac.uk { nostrip } Regards Fabrice Le 18-11-14 à 11 h 34, Will Halsall via PacketFence-users a écrit :

Re: [PacketFence-users] Internal Radius config basics

Le 18-11-14 à 02 h 42, Amjad Ali a écrit : Thank you Fabrice, that clears a lot many things, I just confirmed as you explained and it works great. Just to further understand the above config, the PacketFence still uses the internal radius to communicate all the stuff with switch. That is,

Re: [PacketFence-users] CoA reply packet not detected by packetfence

Hello Ali, in fact /usr/local/pf/html/pfappserver/lib/pfappserver/Model/Node.pm bouncePort is made to shut/no shut the port and it use snmp. What you will need to do is to implement the function wiredeauthTechniques (for wire) or deauthTechniques (for wireless) in order to launch the

Re: [PacketFence-users] dhcp domain-search option

In PacketFence 8 there is a way to do it with the API. cf: https://github.com/inverse-inc/packetfence/tree/devel/go/dhcp Le 2018-09-28 à 12:58, mj via PacketFence-users a écrit : For the archives: we're still o 7.1, and the only way of doing that there, is by editing *

Re: [PacketFence-users] Expiration time after first login

Hello František, no it's not possible right now in PacketFence. Regards Fabrice Le 2018-08-16 à 07:42, František Gössel via PacketFence-users a écrit : Hi, I'm wondering if it is possible to setup expiration time after first login for user accounts. Thank you in advance. Best regards,

Re: [PacketFence-users] Feedback

Hello Richard, it's what PacketFence does by default. You just need to enable mac-auth on the switch, create registration and isolation vlan and span them on all your switches. After that add the radius server in all your switches and you should be good. Regards Fabrice Le 2018-08-16

Re: [PacketFence-users] Hi Fabrice

Pf is running under lxc ? Le 2018-08-15 à 21:51, Maile Halatuituia via PacketFence-users a écrit : I try to restart my server and now I got this after finding that I no longer access to it through the web interface root@LXCPF:/usr/local/pf/logs# systemctl status

Re: [PacketFence-users] cisco WLC

Hi, yes Regards Fabrice Le 2018-07-23 à 01:54, Advancedata Network via PacketFence-users a écrit : Hi, Do packetfence support cisco WLC? Sent from Mail for Windows 10

Re: [PacketFence-users] auto-registration of node failed max nodes per pid met or exceeded

So this is your issue , you need to have a rule that return a role for this username (a sort of catch all rule if you don't have any). Regards Fabrice Le 2018-07-23 à 03:18, Pizu a écrit : Hi, Thanks for your reply and sorry for not sending before. The role that is assigned to the users

Re: [PacketFence-users] Problem with WMI

Hello Xavier, first you need to forward a copy of the production dhcp traffic to the PacketFence management interface (it's mandatory and this will trigger the scan). After if it still doesn't work then create a connection profile with a filter based on the network (cird format

Re: [PacketFence-users] Zombie home_server

Hello Bebbet, you can disable the eduroam test by unchecking monitor in the authentication source. Also you can ask for sponsored development to have the way to define username to use to test eduroam. (https://packetfence.org/support.html#/commercial) Regards Fabrice Le 2018-07-23 à

Re: [PacketFence-users] Radius authentication failing

Hello Ali, you need to paste the raddebug output. raddebug /usr/local/pf/var/run/radiusd.sock -t 3000 Regards Fabrice Le 2018-07-19 à 02:43, Amjad Ali via PacketFence-users a écrit : Hi everyone, I have setup a packetfence server in lab environment with just one switch from edge core

Re: [PacketFence-users] local user not unregistering

Hello Franklin, is there any devices associated to this username ? Regards Fabrice Le 2018-06-28 à 06:00, Franklin, Adam via PacketFence-users a écrit : Hello Can anyone tell me why when I use the PacketFence GUI to manually create a user and set an “unregistration date” – the

Re: [PacketFence-users] Haproxy will always crash after a few hours

Hello, sorry a typo, this is: curl https://github.com/inverse-inc/packetfence/pull/3209.diff | patch -p1 --dry-run curl https://github.com/inverse-inc/packetfence/pull/3209.diff | patch -p1 Regards Fabrice Le 2018-06-22 à 13:57, Gerllys Speroto Calvi a écrit : HI, The command you

Re: [PacketFence-users] 802.1x auth and local auth too?

Hello Steve, packetfence-local-auth {     packetfence-set-tenant-id     # Disable ntlm_auth (Active DIrectory)     update control {     := No     }     # Check password table for local user     pflocal     if (fail || notfound || noop) {     # Check password table with email and

Re: [PacketFence-users] Trying to join AD.... routing is having major issue

; -o eth0 -j SNAT --to-source 10.99.19.240 This rule is mandatory to join the domain. On Fri, Jun 15, 2018 at 10:12 AM, Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> wrote: Hello Steven, var/conf/iptables.conf is a file generated f

Re: [PacketFence-users] Trying to join AD.... routing is having major issue

ade to iptables.conf didn't work, so I changed it back. Now, with iptables started, I can't get to the web interface until I stop iptables. On Fri, Jun 15, 2018 at 9:45 AM, Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>> wrote: Ok so if

Re: [PacketFence-users] Trying to join AD.... routing is having major issue

It looks that you have 2 ip on the interface eth0 and packetfence use the first one to nat the chroot traffic (10.99.19.240/21) You will probably need to remove the second one (10.99.21.1/21) Can you try the following (replace 10.0.0.1 by the AD ip address): ip netns exec dpsad ping 10.0.0.1

Re: [PacketFence-users] Google authentication options

In PacketFence we do a person lookup (fetch info from ldap) when a 802.1x user connect on the network so indirectly you can have the google information from the AD. Le 2018-06-14 à 10:05, Steve Pfister via PacketFence-users a écrit : I've heard that you can sync accounts between your Active

Re: [PacketFence-users] Wifi Registration without using CP

Fabrice Durand via PacketFence-users <mailto:packetfence-users@lists.sourceforge.net>>: Hello Geert, since wpa2-entreprise already authenticate the user (AD credential) then you can auto register device in this case and no need to have the captive portal. Regards

Re: [PacketFence-users] EAP and Local

#         eap } } # inner-tunnel server block Joshua Nathan *IT Supervisor* Black Forest Academy p: +49 (0) 7626 9161 630 m: +49 (0) 152 3452 0056 a: w: Hammersteiner Straße 50, 79400 Kandern bfacademy.de <http://bfacademy.de/> On Wed, Jun 13, 2018 at 4:5

Re: [PacketFence-users] Network access monitoring

Btw the new pfdns in go provide this information in the log. Le 2018-06-14 à 03:15, mj via PacketFence-users a écrit : Hi, We have (kind of) solved this by logging dns requests done by the inline clients, plus their mac address. We are using this: https://github.com/gamelinux/passivedns

Re: [PacketFence-users] Wifi Registration without using CP

Hello Geert, since wpa2-entreprise already authenticate the user (AD credential) then you can auto register device in this case and no need to have the captive portal. Regards Fabrice Le 2018-06-14 à 02:52, Geert Heremans via PacketFence-users a écrit : Hello everyone, I'm wondering if

Re: [PacketFence-users] Network access monitoring

So since PacketFence is used as a gateway you can log the dns request but you can't log the http request. (you need to use a proxy). Le 2018-06-13 à 11:10, Murilo Calegari a écrit : Yes, I am! Em qua, 13 de jun de 2018 11:57, Fabrice Durand via PacketFence-users <mailto:packetfence-us

Re: [PacketFence-users] Network access monitoring

Hello Murilo, are you using PacketFence in inline mode ? Regards Fabrice Le 2018-06-13 à 09:52, Murilo Calegari via PacketFence-users a écrit : Hello, I'm currently implementing PacketFence as our NAC in a institution for guests. One of the features we are required by the federal

<    1   2   3   4   5   6   7   >